S Price: $0.643827 (-7.52%)
    /

    Contract Diff Checker

    Contract Name:
    AmpOFT

    Contract Source Code:

    // SPDX-License-Identifier: MIT
    
    pragma solidity >=0.8.0;
    
    import { IMessageLibManager } from "./IMessageLibManager.sol";
    import { IMessagingComposer } from "./IMessagingComposer.sol";
    import { IMessagingChannel } from "./IMessagingChannel.sol";
    import { IMessagingContext } from "./IMessagingContext.sol";
    
    struct MessagingParams {
        uint32 dstEid;
        bytes32 receiver;
        bytes message;
        bytes options;
        bool payInLzToken;
    }
    
    struct MessagingReceipt {
        bytes32 guid;
        uint64 nonce;
        MessagingFee fee;
    }
    
    struct MessagingFee {
        uint256 nativeFee;
        uint256 lzTokenFee;
    }
    
    struct Origin {
        uint32 srcEid;
        bytes32 sender;
        uint64 nonce;
    }
    
    interface ILayerZeroEndpointV2 is IMessageLibManager, IMessagingComposer, IMessagingChannel, IMessagingContext {
        event PacketSent(bytes encodedPayload, bytes options, address sendLibrary);
    
        event PacketVerified(Origin origin, address receiver, bytes32 payloadHash);
    
        event PacketDelivered(Origin origin, address receiver);
    
        event LzReceiveAlert(
            address indexed receiver,
            address indexed executor,
            Origin origin,
            bytes32 guid,
            uint256 gas,
            uint256 value,
            bytes message,
            bytes extraData,
            bytes reason
        );
    
        event LzTokenSet(address token);
    
        event DelegateSet(address sender, address delegate);
    
        function quote(MessagingParams calldata _params, address _sender) external view returns (MessagingFee memory);
    
        function send(
            MessagingParams calldata _params,
            address _refundAddress
        ) external payable returns (MessagingReceipt memory);
    
        function verify(Origin calldata _origin, address _receiver, bytes32 _payloadHash) external;
    
        function verifiable(Origin calldata _origin, address _receiver) external view returns (bool);
    
        function initializable(Origin calldata _origin, address _receiver) external view returns (bool);
    
        function lzReceive(
            Origin calldata _origin,
            address _receiver,
            bytes32 _guid,
            bytes calldata _message,
            bytes calldata _extraData
        ) external payable;
    
        // oapp can burn messages partially by calling this function with its own business logic if messages are verified in order
        function clear(address _oapp, Origin calldata _origin, bytes32 _guid, bytes calldata _message) external;
    
        function setLzToken(address _lzToken) external;
    
        function lzToken() external view returns (address);
    
        function nativeToken() external view returns (address);
    
        function setDelegate(address _delegate) external;
    }

    // SPDX-License-Identifier: MIT
    
    pragma solidity >=0.8.0;
    
    import { Origin } from "./ILayerZeroEndpointV2.sol";
    
    interface ILayerZeroReceiver {
        function allowInitializePath(Origin calldata _origin) external view returns (bool);
    
        function nextNonce(uint32 _eid, bytes32 _sender) external view returns (uint64);
    
        function lzReceive(
            Origin calldata _origin,
            bytes32 _guid,
            bytes calldata _message,
            address _executor,
            bytes calldata _extraData
        ) external payable;
    }

    // SPDX-License-Identifier: MIT
    
    pragma solidity >=0.8.0;
    
    import { IERC165 } from "@openzeppelin/contracts/utils/introspection/IERC165.sol";
    
    import { SetConfigParam } from "./IMessageLibManager.sol";
    
    enum MessageLibType {
        Send,
        Receive,
        SendAndReceive
    }
    
    interface IMessageLib is IERC165 {
        function setConfig(address _oapp, SetConfigParam[] calldata _config) external;
    
        function getConfig(uint32 _eid, address _oapp, uint32 _configType) external view returns (bytes memory config);
    
        function isSupportedEid(uint32 _eid) external view returns (bool);
    
        // message libs of same major version are compatible
        function version() external view returns (uint64 major, uint8 minor, uint8 endpointVersion);
    
        function messageLibType() external view returns (MessageLibType);
    }

    // SPDX-License-Identifier: MIT
    
    pragma solidity >=0.8.0;
    
    struct SetConfigParam {
        uint32 eid;
        uint32 configType;
        bytes config;
    }
    
    interface IMessageLibManager {
        struct Timeout {
            address lib;
            uint256 expiry;
        }
    
        event LibraryRegistered(address newLib);
        event DefaultSendLibrarySet(uint32 eid, address newLib);
        event DefaultReceiveLibrarySet(uint32 eid, address newLib);
        event DefaultReceiveLibraryTimeoutSet(uint32 eid, address oldLib, uint256 expiry);
        event SendLibrarySet(address sender, uint32 eid, address newLib);
        event ReceiveLibrarySet(address receiver, uint32 eid, address newLib);
        event ReceiveLibraryTimeoutSet(address receiver, uint32 eid, address oldLib, uint256 timeout);
    
        function registerLibrary(address _lib) external;
    
        function isRegisteredLibrary(address _lib) external view returns (bool);
    
        function getRegisteredLibraries() external view returns (address[] memory);
    
        function setDefaultSendLibrary(uint32 _eid, address _newLib) external;
    
        function defaultSendLibrary(uint32 _eid) external view returns (address);
    
        function setDefaultReceiveLibrary(uint32 _eid, address _newLib, uint256 _gracePeriod) external;
    
        function defaultReceiveLibrary(uint32 _eid) external view returns (address);
    
        function setDefaultReceiveLibraryTimeout(uint32 _eid, address _lib, uint256 _expiry) external;
    
        function defaultReceiveLibraryTimeout(uint32 _eid) external view returns (address lib, uint256 expiry);
    
        function isSupportedEid(uint32 _eid) external view returns (bool);
    
        function isValidReceiveLibrary(address _receiver, uint32 _eid, address _lib) external view returns (bool);
    
        /// ------------------- OApp interfaces -------------------
        function setSendLibrary(address _oapp, uint32 _eid, address _newLib) external;
    
        function getSendLibrary(address _sender, uint32 _eid) external view returns (address lib);
    
        function isDefaultSendLibrary(address _sender, uint32 _eid) external view returns (bool);
    
        function setReceiveLibrary(address _oapp, uint32 _eid, address _newLib, uint256 _gracePeriod) external;
    
        function getReceiveLibrary(address _receiver, uint32 _eid) external view returns (address lib, bool isDefault);
    
        function setReceiveLibraryTimeout(address _oapp, uint32 _eid, address _lib, uint256 _expiry) external;
    
        function receiveLibraryTimeout(address _receiver, uint32 _eid) external view returns (address lib, uint256 expiry);
    
        function setConfig(address _oapp, address _lib, SetConfigParam[] calldata _params) external;
    
        function getConfig(
            address _oapp,
            address _lib,
            uint32 _eid,
            uint32 _configType
        ) external view returns (bytes memory config);
    }

    // SPDX-License-Identifier: MIT
    
    pragma solidity >=0.8.0;
    
    interface IMessagingChannel {
        event InboundNonceSkipped(uint32 srcEid, bytes32 sender, address receiver, uint64 nonce);
        event PacketNilified(uint32 srcEid, bytes32 sender, address receiver, uint64 nonce, bytes32 payloadHash);
        event PacketBurnt(uint32 srcEid, bytes32 sender, address receiver, uint64 nonce, bytes32 payloadHash);
    
        function eid() external view returns (uint32);
    
        // this is an emergency function if a message cannot be verified for some reasons
        // required to provide _nextNonce to avoid race condition
        function skip(address _oapp, uint32 _srcEid, bytes32 _sender, uint64 _nonce) external;
    
        function nilify(address _oapp, uint32 _srcEid, bytes32 _sender, uint64 _nonce, bytes32 _payloadHash) external;
    
        function burn(address _oapp, uint32 _srcEid, bytes32 _sender, uint64 _nonce, bytes32 _payloadHash) external;
    
        function nextGuid(address _sender, uint32 _dstEid, bytes32 _receiver) external view returns (bytes32);
    
        function inboundNonce(address _receiver, uint32 _srcEid, bytes32 _sender) external view returns (uint64);
    
        function outboundNonce(address _sender, uint32 _dstEid, bytes32 _receiver) external view returns (uint64);
    
        function inboundPayloadHash(
            address _receiver,
            uint32 _srcEid,
            bytes32 _sender,
            uint64 _nonce
        ) external view returns (bytes32);
    
        function lazyInboundNonce(address _receiver, uint32 _srcEid, bytes32 _sender) external view returns (uint64);
    }

    // SPDX-License-Identifier: MIT
    
    pragma solidity >=0.8.0;
    
    interface IMessagingComposer {
        event ComposeSent(address from, address to, bytes32 guid, uint16 index, bytes message);
        event ComposeDelivered(address from, address to, bytes32 guid, uint16 index);
        event LzComposeAlert(
            address indexed from,
            address indexed to,
            address indexed executor,
            bytes32 guid,
            uint16 index,
            uint256 gas,
            uint256 value,
            bytes message,
            bytes extraData,
            bytes reason
        );
    
        function composeQueue(
            address _from,
            address _to,
            bytes32 _guid,
            uint16 _index
        ) external view returns (bytes32 messageHash);
    
        function sendCompose(address _to, bytes32 _guid, uint16 _index, bytes calldata _message) external;
    
        function lzCompose(
            address _from,
            address _to,
            bytes32 _guid,
            uint16 _index,
            bytes calldata _message,
            bytes calldata _extraData
        ) external payable;
    }

    // SPDX-License-Identifier: MIT
    
    pragma solidity >=0.8.0;
    
    interface IMessagingContext {
        function isSendingMessage() external view returns (bool);
    
        function getSendContext() external view returns (uint32 dstEid, address sender);
    }

    // SPDX-License-Identifier: MIT
    
    pragma solidity >=0.8.0;
    
    import { MessagingFee } from "./ILayerZeroEndpointV2.sol";
    import { IMessageLib } from "./IMessageLib.sol";
    
    struct Packet {
        uint64 nonce;
        uint32 srcEid;
        address sender;
        uint32 dstEid;
        bytes32 receiver;
        bytes32 guid;
        bytes message;
    }
    
    interface ISendLib is IMessageLib {
        function send(
            Packet calldata _packet,
            bytes calldata _options,
            bool _payInLzToken
        ) external returns (MessagingFee memory, bytes memory encodedPacket);
    
        function quote(
            Packet calldata _packet,
            bytes calldata _options,
            bool _payInLzToken
        ) external view returns (MessagingFee memory);
    
        function setTreasury(address _treasury) external;
    
        function withdrawFee(address _to, uint256 _amount) external;
    
        function withdrawLzTokenFee(address _lzToken, address _to, uint256 _amount) external;
    }

    // SPDX-License-Identifier: LZBL-1.2
    
    pragma solidity ^0.8.20;
    
    library AddressCast {
        error AddressCast_InvalidSizeForAddress();
        error AddressCast_InvalidAddress();
    
        function toBytes32(bytes calldata _addressBytes) internal pure returns (bytes32 result) {
            if (_addressBytes.length > 32) revert AddressCast_InvalidAddress();
            result = bytes32(_addressBytes);
            unchecked {
                uint256 offset = 32 - _addressBytes.length;
                result = result >> (offset * 8);
            }
        }
    
        function toBytes32(address _address) internal pure returns (bytes32 result) {
            result = bytes32(uint256(uint160(_address)));
        }
    
        function toBytes(bytes32 _addressBytes32, uint256 _size) internal pure returns (bytes memory result) {
            if (_size == 0 || _size > 32) revert AddressCast_InvalidSizeForAddress();
            result = new bytes(_size);
            unchecked {
                uint256 offset = 256 - _size * 8;
                assembly {
                    mstore(add(result, 32), shl(offset, _addressBytes32))
                }
            }
        }
    
        function toAddress(bytes32 _addressBytes32) internal pure returns (address result) {
            result = address(uint160(uint256(_addressBytes32)));
        }
    
        function toAddress(bytes calldata _addressBytes) internal pure returns (address result) {
            if (_addressBytes.length != 20) revert AddressCast_InvalidAddress();
            result = address(bytes20(_addressBytes));
        }
    }

    // SPDX-License-Identifier: LZBL-1.2
    
    pragma solidity ^0.8.20;
    
    import { Packet } from "../../interfaces/ISendLib.sol";
    import { AddressCast } from "../../libs/AddressCast.sol";
    
    library PacketV1Codec {
        using AddressCast for address;
        using AddressCast for bytes32;
    
        uint8 internal constant PACKET_VERSION = 1;
    
        // header (version + nonce + path)
        // version
        uint256 private constant PACKET_VERSION_OFFSET = 0;
        //    nonce
        uint256 private constant NONCE_OFFSET = 1;
        //    path
        uint256 private constant SRC_EID_OFFSET = 9;
        uint256 private constant SENDER_OFFSET = 13;
        uint256 private constant DST_EID_OFFSET = 45;
        uint256 private constant RECEIVER_OFFSET = 49;
        // payload (guid + message)
        uint256 private constant GUID_OFFSET = 81; // keccak256(nonce + path)
        uint256 private constant MESSAGE_OFFSET = 113;
    
        function encode(Packet memory _packet) internal pure returns (bytes memory encodedPacket) {
            encodedPacket = abi.encodePacked(
                PACKET_VERSION,
                _packet.nonce,
                _packet.srcEid,
                _packet.sender.toBytes32(),
                _packet.dstEid,
                _packet.receiver,
                _packet.guid,
                _packet.message
            );
        }
    
        function encodePacketHeader(Packet memory _packet) internal pure returns (bytes memory) {
            return
                abi.encodePacked(
                    PACKET_VERSION,
                    _packet.nonce,
                    _packet.srcEid,
                    _packet.sender.toBytes32(),
                    _packet.dstEid,
                    _packet.receiver
                );
        }
    
        function encodePayload(Packet memory _packet) internal pure returns (bytes memory) {
            return abi.encodePacked(_packet.guid, _packet.message);
        }
    
        function header(bytes calldata _packet) internal pure returns (bytes calldata) {
            return _packet[0:GUID_OFFSET];
        }
    
        function version(bytes calldata _packet) internal pure returns (uint8) {
            return uint8(bytes1(_packet[PACKET_VERSION_OFFSET:NONCE_OFFSET]));
        }
    
        function nonce(bytes calldata _packet) internal pure returns (uint64) {
            return uint64(bytes8(_packet[NONCE_OFFSET:SRC_EID_OFFSET]));
        }
    
        function srcEid(bytes calldata _packet) internal pure returns (uint32) {
            return uint32(bytes4(_packet[SRC_EID_OFFSET:SENDER_OFFSET]));
        }
    
        function sender(bytes calldata _packet) internal pure returns (bytes32) {
            return bytes32(_packet[SENDER_OFFSET:DST_EID_OFFSET]);
        }
    
        function senderAddressB20(bytes calldata _packet) internal pure returns (address) {
            return sender(_packet).toAddress();
        }
    
        function dstEid(bytes calldata _packet) internal pure returns (uint32) {
            return uint32(bytes4(_packet[DST_EID_OFFSET:RECEIVER_OFFSET]));
        }
    
        function receiver(bytes calldata _packet) internal pure returns (bytes32) {
            return bytes32(_packet[RECEIVER_OFFSET:GUID_OFFSET]);
        }
    
        function receiverB20(bytes calldata _packet) internal pure returns (address) {
            return receiver(_packet).toAddress();
        }
    
        function guid(bytes calldata _packet) internal pure returns (bytes32) {
            return bytes32(_packet[GUID_OFFSET:MESSAGE_OFFSET]);
        }
    
        function message(bytes calldata _packet) internal pure returns (bytes calldata) {
            return bytes(_packet[MESSAGE_OFFSET:]);
        }
    
        function payload(bytes calldata _packet) internal pure returns (bytes calldata) {
            return bytes(_packet[GUID_OFFSET:]);
        }
    
        function payloadHash(bytes calldata _packet) internal pure returns (bytes32) {
            return keccak256(payload(_packet));
        }
    }

    // SPDX-License-Identifier: MIT
    
    pragma solidity ^0.8.20;
    
    import { ILayerZeroEndpointV2 } from "@layerzerolabs/lz-evm-protocol-v2/contracts/interfaces/ILayerZeroEndpointV2.sol";
    
    /**
     * @title IOAppCore
     */
    interface IOAppCore {
        // Custom error messages
        error OnlyPeer(uint32 eid, bytes32 sender);
        error NoPeer(uint32 eid);
        error InvalidEndpointCall();
        error InvalidDelegate();
    
        // Event emitted when a peer (OApp) is set for a corresponding endpoint
        event PeerSet(uint32 eid, bytes32 peer);
    
        /**
         * @notice Retrieves the OApp version information.
         * @return senderVersion The version of the OAppSender.sol contract.
         * @return receiverVersion The version of the OAppReceiver.sol contract.
         */
        function oAppVersion() external view returns (uint64 senderVersion, uint64 receiverVersion);
    
        /**
         * @notice Retrieves the LayerZero endpoint associated with the OApp.
         * @return iEndpoint The LayerZero endpoint as an interface.
         */
        function endpoint() external view returns (ILayerZeroEndpointV2 iEndpoint);
    
        /**
         * @notice Retrieves the peer (OApp) associated with a corresponding endpoint.
         * @param _eid The endpoint ID.
         * @return peer The peer address (OApp instance) associated with the corresponding endpoint.
         */
        function peers(uint32 _eid) external view returns (bytes32 peer);
    
        /**
         * @notice Sets the peer address (OApp instance) for a corresponding endpoint.
         * @param _eid The endpoint ID.
         * @param _peer The address of the peer to be associated with the corresponding endpoint.
         */
        function setPeer(uint32 _eid, bytes32 _peer) external;
    
        /**
         * @notice Sets the delegate address for the OApp Core.
         * @param _delegate The address of the delegate to be set.
         */
        function setDelegate(address _delegate) external;
    }

    // SPDX-License-Identifier: MIT
    
    pragma solidity ^0.8.20;
    
    /**
     * @title IOAppMsgInspector
     * @dev Interface for the OApp Message Inspector, allowing examination of message and options contents.
     */
    interface IOAppMsgInspector {
        // Custom error message for inspection failure
        error InspectionFailed(bytes message, bytes options);
    
        /**
         * @notice Allows the inspector to examine LayerZero message contents and optionally throw a revert if invalid.
         * @param _message The message payload to be inspected.
         * @param _options Additional options or parameters for inspection.
         * @return valid A boolean indicating whether the inspection passed (true) or failed (false).
         *
         * @dev Optionally done as a revert, OR use the boolean provided to handle the failure.
         */
        function inspect(bytes calldata _message, bytes calldata _options) external view returns (bool valid);
    }

    // SPDX-License-Identifier: MIT
    
    pragma solidity ^0.8.20;
    
    /**
     * @dev Struct representing enforced option parameters.
     */
    struct EnforcedOptionParam {
        uint32 eid; // Endpoint ID
        uint16 msgType; // Message Type
        bytes options; // Additional options
    }
    
    /**
     * @title IOAppOptionsType3
     * @dev Interface for the OApp with Type 3 Options, allowing the setting and combining of enforced options.
     */
    interface IOAppOptionsType3 {
        // Custom error message for invalid options
        error InvalidOptions(bytes options);
    
        // Event emitted when enforced options are set
        event EnforcedOptionSet(EnforcedOptionParam[] _enforcedOptions);
    
        /**
         * @notice Sets enforced options for specific endpoint and message type combinations.
         * @param _enforcedOptions An array of EnforcedOptionParam structures specifying enforced options.
         */
        function setEnforcedOptions(EnforcedOptionParam[] calldata _enforcedOptions) external;
    
        /**
         * @notice Combines options for a given endpoint and message type.
         * @param _eid The endpoint ID.
         * @param _msgType The OApp message type.
         * @param _extraOptions Additional options passed by the caller.
         * @return options The combination of caller specified options AND enforced options.
         */
        function combineOptions(
            uint32 _eid,
            uint16 _msgType,
            bytes calldata _extraOptions
        ) external view returns (bytes memory options);
    }

    // SPDX-License-Identifier: MIT
    pragma solidity ^0.8.20;
    
    import { ILayerZeroReceiver, Origin } from "@layerzerolabs/lz-evm-protocol-v2/contracts/interfaces/ILayerZeroReceiver.sol";
    
    interface IOAppReceiver is ILayerZeroReceiver {
        /**
         * @notice Indicates whether an address is an approved composeMsg sender to the Endpoint.
         * @param _origin The origin information containing the source endpoint and sender address.
         *  - srcEid: The source chain endpoint ID.
         *  - sender: The sender address on the src chain.
         *  - nonce: The nonce of the message.
         * @param _message The lzReceive payload.
         * @param _sender The sender address.
         * @return isSender Is a valid sender.
         *
         * @dev Applications can optionally choose to implement a separate composeMsg sender that is NOT the bridging layer.
         * @dev The default sender IS the OAppReceiver implementer.
         */
        function isComposeMsgSender(
            Origin calldata _origin,
            bytes calldata _message,
            address _sender
        ) external view returns (bool isSender);
    }

    // SPDX-License-Identifier: MIT
    
    pragma solidity ^0.8.20;
    
    import { Ownable } from "@openzeppelin/contracts/access/Ownable.sol";
    import { IOAppOptionsType3, EnforcedOptionParam } from "../interfaces/IOAppOptionsType3.sol";
    
    /**
     * @title OAppOptionsType3
     * @dev Abstract contract implementing the IOAppOptionsType3 interface with type 3 options.
     */
    abstract contract OAppOptionsType3 is IOAppOptionsType3, Ownable {
        uint16 internal constant OPTION_TYPE_3 = 3;
    
        // @dev The "msgType" should be defined in the child contract.
        mapping(uint32 eid => mapping(uint16 msgType => bytes enforcedOption)) public enforcedOptions;
    
        /**
         * @dev Sets the enforced options for specific endpoint and message type combinations.
         * @param _enforcedOptions An array of EnforcedOptionParam structures specifying enforced options.
         *
         * @dev Only the owner/admin of the OApp can call this function.
         * @dev Provides a way for the OApp to enforce things like paying for PreCrime, AND/OR minimum dst lzReceive gas amounts etc.
         * @dev These enforced options can vary as the potential options/execution on the remote may differ as per the msgType.
         * eg. Amount of lzReceive() gas necessary to deliver a lzCompose() message adds overhead you dont want to pay
         * if you are only making a standard LayerZero message ie. lzReceive() WITHOUT sendCompose().
         */
        function setEnforcedOptions(EnforcedOptionParam[] calldata _enforcedOptions) public virtual onlyOwner {
            _setEnforcedOptions(_enforcedOptions);
        }
    
        /**
         * @dev Sets the enforced options for specific endpoint and message type combinations.
         * @param _enforcedOptions An array of EnforcedOptionParam structures specifying enforced options.
         *
         * @dev Provides a way for the OApp to enforce things like paying for PreCrime, AND/OR minimum dst lzReceive gas amounts etc.
         * @dev These enforced options can vary as the potential options/execution on the remote may differ as per the msgType.
         * eg. Amount of lzReceive() gas necessary to deliver a lzCompose() message adds overhead you dont want to pay
         * if you are only making a standard LayerZero message ie. lzReceive() WITHOUT sendCompose().
         */
        function _setEnforcedOptions(EnforcedOptionParam[] memory _enforcedOptions) internal virtual {
            for (uint256 i = 0; i < _enforcedOptions.length; i++) {
                // @dev Enforced options are only available for optionType 3, as type 1 and 2 dont support combining.
                _assertOptionsType3(_enforcedOptions[i].options);
                enforcedOptions[_enforcedOptions[i].eid][_enforcedOptions[i].msgType] = _enforcedOptions[i].options;
            }
    
            emit EnforcedOptionSet(_enforcedOptions);
        }
    
        /**
         * @notice Combines options for a given endpoint and message type.
         * @param _eid The endpoint ID.
         * @param _msgType The OAPP message type.
         * @param _extraOptions Additional options passed by the caller.
         * @return options The combination of caller specified options AND enforced options.
         *
         * @dev If there is an enforced lzReceive option:
         * - {gasLimit: 200k, msg.value: 1 ether} AND a caller supplies a lzReceive option: {gasLimit: 100k, msg.value: 0.5 ether}
         * - The resulting options will be {gasLimit: 300k, msg.value: 1.5 ether} when the message is executed on the remote lzReceive() function.
         * @dev This presence of duplicated options is handled off-chain in the verifier/executor.
         */
        function combineOptions(
            uint32 _eid,
            uint16 _msgType,
            bytes calldata _extraOptions
        ) public view virtual returns (bytes memory) {
            bytes memory enforced = enforcedOptions[_eid][_msgType];
    
            // No enforced options, pass whatever the caller supplied, even if it's empty or legacy type 1/2 options.
            if (enforced.length == 0) return _extraOptions;
    
            // No caller options, return enforced
            if (_extraOptions.length == 0) return enforced;
    
            // @dev If caller provided _extraOptions, must be type 3 as its the ONLY type that can be combined.
            if (_extraOptions.length >= 2) {
                _assertOptionsType3(_extraOptions);
                // @dev Remove the first 2 bytes containing the type from the _extraOptions and combine with enforced.
                return bytes.concat(enforced, _extraOptions[2:]);
            }
    
            // No valid set of options was found.
            revert InvalidOptions(_extraOptions);
        }
    
        /**
         * @dev Internal function to assert that options are of type 3.
         * @param _options The options to be checked.
         */
        function _assertOptionsType3(bytes memory _options) internal pure virtual {
            uint16 optionsType;
            assembly {
                optionsType := mload(add(_options, 2))
            }
            if (optionsType != OPTION_TYPE_3) revert InvalidOptions(_options);
        }
    }

    // SPDX-License-Identifier: MIT
    
    pragma solidity ^0.8.20;
    
    // @dev Import the 'MessagingFee' and 'MessagingReceipt' so it's exposed to OApp implementers
    // solhint-disable-next-line no-unused-import
    import { OAppSender, MessagingFee, MessagingReceipt } from "./OAppSender.sol";
    // @dev Import the 'Origin' so it's exposed to OApp implementers
    // solhint-disable-next-line no-unused-import
    import { OAppReceiver, Origin } from "./OAppReceiver.sol";
    import { OAppCore } from "./OAppCore.sol";
    
    /**
     * @title OApp
     * @dev Abstract contract serving as the base for OApp implementation, combining OAppSender and OAppReceiver functionality.
     */
    abstract contract OApp is OAppSender, OAppReceiver {
        /**
         * @dev Constructor to initialize the OApp with the provided endpoint and owner.
         * @param _endpoint The address of the LOCAL LayerZero endpoint.
         * @param _delegate The delegate capable of making OApp configurations inside of the endpoint.
         */
        constructor(address _endpoint, address _delegate) OAppCore(_endpoint, _delegate) {}
    
        /**
         * @notice Retrieves the OApp version information.
         * @return senderVersion The version of the OAppSender.sol implementation.
         * @return receiverVersion The version of the OAppReceiver.sol implementation.
         */
        function oAppVersion()
            public
            pure
            virtual
            override(OAppSender, OAppReceiver)
            returns (uint64 senderVersion, uint64 receiverVersion)
        {
            return (SENDER_VERSION, RECEIVER_VERSION);
        }
    }

    // SPDX-License-Identifier: MIT
    
    pragma solidity ^0.8.20;
    
    import { Ownable } from "@openzeppelin/contracts/access/Ownable.sol";
    import { IOAppCore, ILayerZeroEndpointV2 } from "./interfaces/IOAppCore.sol";
    
    /**
     * @title OAppCore
     * @dev Abstract contract implementing the IOAppCore interface with basic OApp configurations.
     */
    abstract contract OAppCore is IOAppCore, Ownable {
        // The LayerZero endpoint associated with the given OApp
        ILayerZeroEndpointV2 public immutable endpoint;
    
        // Mapping to store peers associated with corresponding endpoints
        mapping(uint32 eid => bytes32 peer) public peers;
    
        /**
         * @dev Constructor to initialize the OAppCore with the provided endpoint and delegate.
         * @param _endpoint The address of the LOCAL Layer Zero endpoint.
         * @param _delegate The delegate capable of making OApp configurations inside of the endpoint.
         *
         * @dev The delegate typically should be set as the owner of the contract.
         */
        constructor(address _endpoint, address _delegate) {
            endpoint = ILayerZeroEndpointV2(_endpoint);
    
            if (_delegate == address(0)) revert InvalidDelegate();
            endpoint.setDelegate(_delegate);
        }
    
        /**
         * @notice Sets the peer address (OApp instance) for a corresponding endpoint.
         * @param _eid The endpoint ID.
         * @param _peer The address of the peer to be associated with the corresponding endpoint.
         *
         * @dev Only the owner/admin of the OApp can call this function.
         * @dev Indicates that the peer is trusted to send LayerZero messages to this OApp.
         * @dev Set this to bytes32(0) to remove the peer address.
         * @dev Peer is a bytes32 to accommodate non-evm chains.
         */
        function setPeer(uint32 _eid, bytes32 _peer) public virtual onlyOwner {
            _setPeer(_eid, _peer);
        }
    
        /**
         * @notice Sets the peer address (OApp instance) for a corresponding endpoint.
         * @param _eid The endpoint ID.
         * @param _peer The address of the peer to be associated with the corresponding endpoint.
         *
         * @dev Indicates that the peer is trusted to send LayerZero messages to this OApp.
         * @dev Set this to bytes32(0) to remove the peer address.
         * @dev Peer is a bytes32 to accommodate non-evm chains.
         */
        function _setPeer(uint32 _eid, bytes32 _peer) internal virtual {
            peers[_eid] = _peer;
            emit PeerSet(_eid, _peer);
        }
    
        /**
         * @notice Internal function to get the peer address associated with a specific endpoint; reverts if NOT set.
         * ie. the peer is set to bytes32(0).
         * @param _eid The endpoint ID.
         * @return peer The address of the peer associated with the specified endpoint.
         */
        function _getPeerOrRevert(uint32 _eid) internal view virtual returns (bytes32) {
            bytes32 peer = peers[_eid];
            if (peer == bytes32(0)) revert NoPeer(_eid);
            return peer;
        }
    
        /**
         * @notice Sets the delegate address for the OApp.
         * @param _delegate The address of the delegate to be set.
         *
         * @dev Only the owner/admin of the OApp can call this function.
         * @dev Provides the ability for a delegate to set configs, on behalf of the OApp, directly on the Endpoint contract.
         */
        function setDelegate(address _delegate) public onlyOwner {
            endpoint.setDelegate(_delegate);
        }
    }

    // SPDX-License-Identifier: MIT
    
    pragma solidity ^0.8.20;
    
    import { IOAppReceiver, Origin } from "./interfaces/IOAppReceiver.sol";
    import { OAppCore } from "./OAppCore.sol";
    
    /**
     * @title OAppReceiver
     * @dev Abstract contract implementing the ILayerZeroReceiver interface and extending OAppCore for OApp receivers.
     */
    abstract contract OAppReceiver is IOAppReceiver, OAppCore {
        // Custom error message for when the caller is not the registered endpoint/
        error OnlyEndpoint(address addr);
    
        // @dev The version of the OAppReceiver implementation.
        // @dev Version is bumped when changes are made to this contract.
        uint64 internal constant RECEIVER_VERSION = 2;
    
        /**
         * @notice Retrieves the OApp version information.
         * @return senderVersion The version of the OAppSender.sol contract.
         * @return receiverVersion The version of the OAppReceiver.sol contract.
         *
         * @dev Providing 0 as the default for OAppSender version. Indicates that the OAppSender is not implemented.
         * ie. this is a RECEIVE only OApp.
         * @dev If the OApp uses both OAppSender and OAppReceiver, then this needs to be override returning the correct versions.
         */
        function oAppVersion() public view virtual returns (uint64 senderVersion, uint64 receiverVersion) {
            return (0, RECEIVER_VERSION);
        }
    
        /**
         * @notice Indicates whether an address is an approved composeMsg sender to the Endpoint.
         * @dev _origin The origin information containing the source endpoint and sender address.
         *  - srcEid: The source chain endpoint ID.
         *  - sender: The sender address on the src chain.
         *  - nonce: The nonce of the message.
         * @dev _message The lzReceive payload.
         * @param _sender The sender address.
         * @return isSender Is a valid sender.
         *
         * @dev Applications can optionally choose to implement separate composeMsg senders that are NOT the bridging layer.
         * @dev The default sender IS the OAppReceiver implementer.
         */
        function isComposeMsgSender(
            Origin calldata /*_origin*/,
            bytes calldata /*_message*/,
            address _sender
        ) public view virtual returns (bool) {
            return _sender == address(this);
        }
    
        /**
         * @notice Checks if the path initialization is allowed based on the provided origin.
         * @param origin The origin information containing the source endpoint and sender address.
         * @return Whether the path has been initialized.
         *
         * @dev This indicates to the endpoint that the OApp has enabled msgs for this particular path to be received.
         * @dev This defaults to assuming if a peer has been set, its initialized.
         * Can be overridden by the OApp if there is other logic to determine this.
         */
        function allowInitializePath(Origin calldata origin) public view virtual returns (bool) {
            return peers[origin.srcEid] == origin.sender;
        }
    
        /**
         * @notice Retrieves the next nonce for a given source endpoint and sender address.
         * @dev _srcEid The source endpoint ID.
         * @dev _sender The sender address.
         * @return nonce The next nonce.
         *
         * @dev The path nonce starts from 1. If 0 is returned it means that there is NO nonce ordered enforcement.
         * @dev Is required by the off-chain executor to determine the OApp expects msg execution is ordered.
         * @dev This is also enforced by the OApp.
         * @dev By default this is NOT enabled. ie. nextNonce is hardcoded to return 0.
         */
        function nextNonce(uint32 /*_srcEid*/, bytes32 /*_sender*/) public view virtual returns (uint64 nonce) {
            return 0;
        }
    
        /**
         * @dev Entry point for receiving messages or packets from the endpoint.
         * @param _origin The origin information containing the source endpoint and sender address.
         *  - srcEid: The source chain endpoint ID.
         *  - sender: The sender address on the src chain.
         *  - nonce: The nonce of the message.
         * @param _guid The unique identifier for the received LayerZero message.
         * @param _message The payload of the received message.
         * @param _executor The address of the executor for the received message.
         * @param _extraData Additional arbitrary data provided by the corresponding executor.
         *
         * @dev Entry point for receiving msg/packet from the LayerZero endpoint.
         */
        function lzReceive(
            Origin calldata _origin,
            bytes32 _guid,
            bytes calldata _message,
            address _executor,
            bytes calldata _extraData
        ) public payable virtual {
            // Ensures that only the endpoint can attempt to lzReceive() messages to this OApp.
            if (address(endpoint) != msg.sender) revert OnlyEndpoint(msg.sender);
    
            // Ensure that the sender matches the expected peer for the source endpoint.
            if (_getPeerOrRevert(_origin.srcEid) != _origin.sender) revert OnlyPeer(_origin.srcEid, _origin.sender);
    
            // Call the internal OApp implementation of lzReceive.
            _lzReceive(_origin, _guid, _message, _executor, _extraData);
        }
    
        /**
         * @dev Internal function to implement lzReceive logic without needing to copy the basic parameter validation.
         */
        function _lzReceive(
            Origin calldata _origin,
            bytes32 _guid,
            bytes calldata _message,
            address _executor,
            bytes calldata _extraData
        ) internal virtual;
    }

    // SPDX-License-Identifier: MIT
    
    pragma solidity ^0.8.20;
    
    import { SafeERC20, IERC20 } from "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol";
    import { MessagingParams, MessagingFee, MessagingReceipt } from "@layerzerolabs/lz-evm-protocol-v2/contracts/interfaces/ILayerZeroEndpointV2.sol";
    import { OAppCore } from "./OAppCore.sol";
    
    /**
     * @title OAppSender
     * @dev Abstract contract implementing the OAppSender functionality for sending messages to a LayerZero endpoint.
     */
    abstract contract OAppSender is OAppCore {
        using SafeERC20 for IERC20;
    
        // Custom error messages
        error NotEnoughNative(uint256 msgValue);
        error LzTokenUnavailable();
    
        // @dev The version of the OAppSender implementation.
        // @dev Version is bumped when changes are made to this contract.
        uint64 internal constant SENDER_VERSION = 1;
    
        /**
         * @notice Retrieves the OApp version information.
         * @return senderVersion The version of the OAppSender.sol contract.
         * @return receiverVersion The version of the OAppReceiver.sol contract.
         *
         * @dev Providing 0 as the default for OAppReceiver version. Indicates that the OAppReceiver is not implemented.
         * ie. this is a SEND only OApp.
         * @dev If the OApp uses both OAppSender and OAppReceiver, then this needs to be override returning the correct versions
         */
        function oAppVersion() public view virtual returns (uint64 senderVersion, uint64 receiverVersion) {
            return (SENDER_VERSION, 0);
        }
    
        /**
         * @dev Internal function to interact with the LayerZero EndpointV2.quote() for fee calculation.
         * @param _dstEid The destination endpoint ID.
         * @param _message The message payload.
         * @param _options Additional options for the message.
         * @param _payInLzToken Flag indicating whether to pay the fee in LZ tokens.
         * @return fee The calculated MessagingFee for the message.
         *      - nativeFee: The native fee for the message.
         *      - lzTokenFee: The LZ token fee for the message.
         */
        function _quote(
            uint32 _dstEid,
            bytes memory _message,
            bytes memory _options,
            bool _payInLzToken
        ) internal view virtual returns (MessagingFee memory fee) {
            return
                endpoint.quote(
                    MessagingParams(_dstEid, _getPeerOrRevert(_dstEid), _message, _options, _payInLzToken),
                    address(this)
                );
        }
    
        /**
         * @dev Internal function to interact with the LayerZero EndpointV2.send() for sending a message.
         * @param _dstEid The destination endpoint ID.
         * @param _message The message payload.
         * @param _options Additional options for the message.
         * @param _fee The calculated LayerZero fee for the message.
         *      - nativeFee: The native fee.
         *      - lzTokenFee: The lzToken fee.
         * @param _refundAddress The address to receive any excess fee values sent to the endpoint.
         * @return receipt The receipt for the sent message.
         *      - guid: The unique identifier for the sent message.
         *      - nonce: The nonce of the sent message.
         *      - fee: The LayerZero fee incurred for the message.
         */
        function _lzSend(
            uint32 _dstEid,
            bytes memory _message,
            bytes memory _options,
            MessagingFee memory _fee,
            address _refundAddress
        ) internal virtual returns (MessagingReceipt memory receipt) {
            // @dev Push corresponding fees to the endpoint, any excess is sent back to the _refundAddress from the endpoint.
            uint256 messageValue = _payNative(_fee.nativeFee);
            if (_fee.lzTokenFee > 0) _payLzToken(_fee.lzTokenFee);
    
            return
                // solhint-disable-next-line check-send-result
                endpoint.send{ value: messageValue }(
                    MessagingParams(_dstEid, _getPeerOrRevert(_dstEid), _message, _options, _fee.lzTokenFee > 0),
                    _refundAddress
                );
        }
    
        /**
         * @dev Internal function to pay the native fee associated with the message.
         * @param _nativeFee The native fee to be paid.
         * @return nativeFee The amount of native currency paid.
         *
         * @dev If the OApp needs to initiate MULTIPLE LayerZero messages in a single transaction,
         * this will need to be overridden because msg.value would contain multiple lzFees.
         * @dev Should be overridden in the event the LayerZero endpoint requires a different native currency.
         * @dev Some EVMs use an ERC20 as a method for paying transactions/gasFees.
         * @dev The endpoint is EITHER/OR, ie. it will NOT support both types of native payment at a time.
         */
        function _payNative(uint256 _nativeFee) internal virtual returns (uint256 nativeFee) {
            if (msg.value != _nativeFee) revert NotEnoughNative(msg.value);
            return _nativeFee;
        }
    
        /**
         * @dev Internal function to pay the LZ token fee associated with the message.
         * @param _lzTokenFee The LZ token fee to be paid.
         *
         * @dev If the caller is trying to pay in the specified lzToken, then the lzTokenFee is passed to the endpoint.
         * @dev Any excess sent, is passed back to the specified _refundAddress in the _lzSend().
         */
        function _payLzToken(uint256 _lzTokenFee) internal virtual {
            // @dev Cannot cache the token because it is not immutable in the endpoint.
            address lzToken = endpoint.lzToken();
            if (lzToken == address(0)) revert LzTokenUnavailable();
    
            // Pay LZ token fee by sending tokens to the endpoint.
            IERC20(lzToken).safeTransferFrom(msg.sender, address(endpoint), _lzTokenFee);
        }
    }

    // SPDX-License-Identifier: MIT
    
    pragma solidity ^0.8.20;
    
    // @dev Import the Origin so it's exposed to OAppPreCrimeSimulator implementers.
    // solhint-disable-next-line no-unused-import
    import { InboundPacket, Origin } from "../libs/Packet.sol";
    
    /**
     * @title IOAppPreCrimeSimulator Interface
     * @dev Interface for the preCrime simulation functionality in an OApp.
     */
    interface IOAppPreCrimeSimulator {
        // @dev simulation result used in PreCrime implementation
        error SimulationResult(bytes result);
        error OnlySelf();
    
        /**
         * @dev Emitted when the preCrime contract address is set.
         * @param preCrimeAddress The address of the preCrime contract.
         */
        event PreCrimeSet(address preCrimeAddress);
    
        /**
         * @dev Retrieves the address of the preCrime contract implementation.
         * @return The address of the preCrime contract.
         */
        function preCrime() external view returns (address);
    
        /**
         * @dev Retrieves the address of the OApp contract.
         * @return The address of the OApp contract.
         */
        function oApp() external view returns (address);
    
        /**
         * @dev Sets the preCrime contract address.
         * @param _preCrime The address of the preCrime contract.
         */
        function setPreCrime(address _preCrime) external;
    
        /**
         * @dev Mocks receiving a packet, then reverts with a series of data to infer the state/result.
         * @param _packets An array of LayerZero InboundPacket objects representing received packets.
         */
        function lzReceiveAndRevert(InboundPacket[] calldata _packets) external payable;
    
        /**
         * @dev checks if the specified peer is considered 'trusted' by the OApp.
         * @param _eid The endpoint Id to check.
         * @param _peer The peer to check.
         * @return Whether the peer passed is considered 'trusted' by the OApp.
         */
        function isPeer(uint32 _eid, bytes32 _peer) external view returns (bool);
    }

    // SPDX-License-Identifier: MIT
    
    pragma solidity ^0.8.20;
    struct PreCrimePeer {
        uint32 eid;
        bytes32 preCrime;
        bytes32 oApp;
    }
    
    // TODO not done yet
    interface IPreCrime {
        error OnlyOffChain();
    
        // for simulate()
        error PacketOversize(uint256 max, uint256 actual);
        error PacketUnsorted();
        error SimulationFailed(bytes reason);
    
        // for preCrime()
        error SimulationResultNotFound(uint32 eid);
        error InvalidSimulationResult(uint32 eid, bytes reason);
        error CrimeFound(bytes crime);
    
        function getConfig(bytes[] calldata _packets, uint256[] calldata _packetMsgValues) external returns (bytes memory);
    
        function simulate(
            bytes[] calldata _packets,
            uint256[] calldata _packetMsgValues
        ) external payable returns (bytes memory);
    
        function buildSimulationResult() external view returns (bytes memory);
    
        function preCrime(
            bytes[] calldata _packets,
            uint256[] calldata _packetMsgValues,
            bytes[] calldata _simulations
        ) external;
    
        function version() external view returns (uint64 major, uint8 minor);
    }

    // SPDX-License-Identifier: MIT
    
    pragma solidity ^0.8.20;
    
    import { Origin } from "@layerzerolabs/lz-evm-protocol-v2/contracts/interfaces/ILayerZeroEndpointV2.sol";
    import { PacketV1Codec } from "@layerzerolabs/lz-evm-protocol-v2/contracts/messagelib/libs/PacketV1Codec.sol";
    
    /**
     * @title InboundPacket
     * @dev Structure representing an inbound packet received by the contract.
     */
    struct InboundPacket {
        Origin origin; // Origin information of the packet.
        uint32 dstEid; // Destination endpointId of the packet.
        address receiver; // Receiver address for the packet.
        bytes32 guid; // Unique identifier of the packet.
        uint256 value; // msg.value of the packet.
        address executor; // Executor address for the packet.
        bytes message; // Message payload of the packet.
        bytes extraData; // Additional arbitrary data for the packet.
    }
    
    /**
     * @title PacketDecoder
     * @dev Library for decoding LayerZero packets.
     */
    library PacketDecoder {
        using PacketV1Codec for bytes;
    
        /**
         * @dev Decode an inbound packet from the given packet data.
         * @param _packet The packet data to decode.
         * @return packet An InboundPacket struct representing the decoded packet.
         */
        function decode(bytes calldata _packet) internal pure returns (InboundPacket memory packet) {
            packet.origin = Origin(_packet.srcEid(), _packet.sender(), _packet.nonce());
            packet.dstEid = _packet.dstEid();
            packet.receiver = _packet.receiverB20();
            packet.guid = _packet.guid();
            packet.message = _packet.message();
        }
    
        /**
         * @dev Decode multiple inbound packets from the given packet data and associated message values.
         * @param _packets An array of packet data to decode.
         * @param _packetMsgValues An array of associated message values for each packet.
         * @return packets An array of InboundPacket structs representing the decoded packets.
         */
        function decode(
            bytes[] calldata _packets,
            uint256[] memory _packetMsgValues
        ) internal pure returns (InboundPacket[] memory packets) {
            packets = new InboundPacket[](_packets.length);
            for (uint256 i = 0; i < _packets.length; i++) {
                bytes calldata packet = _packets[i];
                packets[i] = PacketDecoder.decode(packet);
                // @dev Allows the verifier to specify the msg.value that gets passed in lzReceive.
                packets[i].value = _packetMsgValues[i];
            }
        }
    }

    // SPDX-License-Identifier: MIT
    
    pragma solidity ^0.8.20;
    
    import { Ownable } from "@openzeppelin/contracts/access/Ownable.sol";
    import { IPreCrime } from "./interfaces/IPreCrime.sol";
    import { IOAppPreCrimeSimulator, InboundPacket, Origin } from "./interfaces/IOAppPreCrimeSimulator.sol";
    
    /**
     * @title OAppPreCrimeSimulator
     * @dev Abstract contract serving as the base for preCrime simulation functionality in an OApp.
     */
    abstract contract OAppPreCrimeSimulator is IOAppPreCrimeSimulator, Ownable {
        // The address of the preCrime implementation.
        address public preCrime;
    
        /**
         * @dev Retrieves the address of the OApp contract.
         * @return The address of the OApp contract.
         *
         * @dev The simulator contract is the base contract for the OApp by default.
         * @dev If the simulator is a separate contract, override this function.
         */
        function oApp() external view virtual returns (address) {
            return address(this);
        }
    
        /**
         * @dev Sets the preCrime contract address.
         * @param _preCrime The address of the preCrime contract.
         */
        function setPreCrime(address _preCrime) public virtual onlyOwner {
            preCrime = _preCrime;
            emit PreCrimeSet(_preCrime);
        }
    
        /**
         * @dev Interface for pre-crime simulations. Always reverts at the end with the simulation results.
         * @param _packets An array of InboundPacket objects representing received packets to be delivered.
         *
         * @dev WARNING: MUST revert at the end with the simulation results.
         * @dev Gives the preCrime implementation the ability to mock sending packets to the lzReceive function,
         * WITHOUT actually executing them.
         */
        function lzReceiveAndRevert(InboundPacket[] calldata _packets) public payable virtual {
            for (uint256 i = 0; i < _packets.length; i++) {
                InboundPacket calldata packet = _packets[i];
    
                // Ignore packets that are not from trusted peers.
                if (!isPeer(packet.origin.srcEid, packet.origin.sender)) continue;
    
                // @dev Because a verifier is calling this function, it doesnt have access to executor params:
                //  - address _executor
                //  - bytes calldata _extraData
                // preCrime will NOT work for OApps that rely on these two parameters inside of their _lzReceive().
                // They are instead stubbed to default values, address(0) and bytes("")
                // @dev Calling this.lzReceiveSimulate removes ability for assembly return 0 callstack exit,
                // which would cause the revert to be ignored.
                this.lzReceiveSimulate{ value: packet.value }(
                    packet.origin,
                    packet.guid,
                    packet.message,
                    packet.executor,
                    packet.extraData
                );
            }
    
            // @dev Revert with the simulation results. msg.sender must implement IPreCrime.buildSimulationResult().
            revert SimulationResult(IPreCrime(msg.sender).buildSimulationResult());
        }
    
        /**
         * @dev Is effectively an internal function because msg.sender must be address(this).
         * Allows resetting the call stack for 'internal' calls.
         * @param _origin The origin information containing the source endpoint and sender address.
         *  - srcEid: The source chain endpoint ID.
         *  - sender: The sender address on the src chain.
         *  - nonce: The nonce of the message.
         * @param _guid The unique identifier of the packet.
         * @param _message The message payload of the packet.
         * @param _executor The executor address for the packet.
         * @param _extraData Additional data for the packet.
         */
        function lzReceiveSimulate(
            Origin calldata _origin,
            bytes32 _guid,
            bytes calldata _message,
            address _executor,
            bytes calldata _extraData
        ) external payable virtual {
            // @dev Ensure ONLY can be called 'internally'.
            if (msg.sender != address(this)) revert OnlySelf();
            _lzReceiveSimulate(_origin, _guid, _message, _executor, _extraData);
        }
    
        /**
         * @dev Internal function to handle the OAppPreCrimeSimulator simulated receive.
         * @param _origin The origin information.
         *  - srcEid: The source chain endpoint ID.
         *  - sender: The sender address from the src chain.
         *  - nonce: The nonce of the LayerZero message.
         * @param _guid The GUID of the LayerZero message.
         * @param _message The LayerZero message.
         * @param _executor The address of the off-chain executor.
         * @param _extraData Arbitrary data passed by the msg executor.
         *
         * @dev Enables the preCrime simulator to mock sending lzReceive() messages,
         * routes the msg down from the OAppPreCrimeSimulator, and back up to the OAppReceiver.
         */
        function _lzReceiveSimulate(
            Origin calldata _origin,
            bytes32 _guid,
            bytes calldata _message,
            address _executor,
            bytes calldata _extraData
        ) internal virtual;
    
        /**
         * @dev checks if the specified peer is considered 'trusted' by the OApp.
         * @param _eid The endpoint Id to check.
         * @param _peer The peer to check.
         * @return Whether the peer passed is considered 'trusted' by the OApp.
         */
        function isPeer(uint32 _eid, bytes32 _peer) public view virtual returns (bool);
    }

    // SPDX-License-Identifier: MIT
    
    pragma solidity ^0.8.20;
    
    import { MessagingReceipt, MessagingFee } from "@layerzerolabs/oapp-evm/contracts/oapp/OAppSender.sol";
    
    /**
     * @dev Struct representing token parameters for the OFT send() operation.
     */
    struct SendParam {
        uint32 dstEid; // Destination endpoint ID.
        bytes32 to; // Recipient address.
        uint256 amountLD; // Amount to send in local decimals.
        uint256 minAmountLD; // Minimum amount to send in local decimals.
        bytes extraOptions; // Additional options supplied by the caller to be used in the LayerZero message.
        bytes composeMsg; // The composed message for the send() operation.
        bytes oftCmd; // The OFT command to be executed, unused in default OFT implementations.
    }
    
    /**
     * @dev Struct representing OFT limit information.
     * @dev These amounts can change dynamically and are up the specific oft implementation.
     */
    struct OFTLimit {
        uint256 minAmountLD; // Minimum amount in local decimals that can be sent to the recipient.
        uint256 maxAmountLD; // Maximum amount in local decimals that can be sent to the recipient.
    }
    
    /**
     * @dev Struct representing OFT receipt information.
     */
    struct OFTReceipt {
        uint256 amountSentLD; // Amount of tokens ACTUALLY debited from the sender in local decimals.
        // @dev In non-default implementations, the amountReceivedLD COULD differ from this value.
        uint256 amountReceivedLD; // Amount of tokens to be received on the remote side.
    }
    
    /**
     * @dev Struct representing OFT fee details.
     * @dev Future proof mechanism to provide a standardized way to communicate fees to things like a UI.
     */
    struct OFTFeeDetail {
        int256 feeAmountLD; // Amount of the fee in local decimals.
        string description; // Description of the fee.
    }
    
    /**
     * @title IOFT
     * @dev Interface for the OftChain (OFT) token.
     * @dev Does not inherit ERC20 to accommodate usage by OFTAdapter as well.
     * @dev This specific interface ID is '0x02e49c2c'.
     */
    interface IOFT {
        // Custom error messages
        error InvalidLocalDecimals();
        error SlippageExceeded(uint256 amountLD, uint256 minAmountLD);
    
        // Events
        event OFTSent(
            bytes32 indexed guid, // GUID of the OFT message.
            uint32 dstEid, // Destination Endpoint ID.
            address indexed fromAddress, // Address of the sender on the src chain.
            uint256 amountSentLD, // Amount of tokens sent in local decimals.
            uint256 amountReceivedLD // Amount of tokens received in local decimals.
        );
        event OFTReceived(
            bytes32 indexed guid, // GUID of the OFT message.
            uint32 srcEid, // Source Endpoint ID.
            address indexed toAddress, // Address of the recipient on the dst chain.
            uint256 amountReceivedLD // Amount of tokens received in local decimals.
        );
    
        /**
         * @notice Retrieves interfaceID and the version of the OFT.
         * @return interfaceId The interface ID.
         * @return version The version.
         *
         * @dev interfaceId: This specific interface ID is '0x02e49c2c'.
         * @dev version: Indicates a cross-chain compatible msg encoding with other OFTs.
         * @dev If a new feature is added to the OFT cross-chain msg encoding, the version will be incremented.
         * ie. localOFT version(x,1) CAN send messages to remoteOFT version(x,1)
         */
        function oftVersion() external view returns (bytes4 interfaceId, uint64 version);
    
        /**
         * @notice Retrieves the address of the token associated with the OFT.
         * @return token The address of the ERC20 token implementation.
         */
        function token() external view returns (address);
    
        /**
         * @notice Indicates whether the OFT contract requires approval of the 'token()' to send.
         * @return requiresApproval Needs approval of the underlying token implementation.
         *
         * @dev Allows things like wallet implementers to determine integration requirements,
         * without understanding the underlying token implementation.
         */
        function approvalRequired() external view returns (bool);
    
        /**
         * @notice Retrieves the shared decimals of the OFT.
         * @return sharedDecimals The shared decimals of the OFT.
         */
        function sharedDecimals() external view returns (uint8);
    
        /**
         * @notice Provides a quote for OFT-related operations.
         * @param _sendParam The parameters for the send operation.
         * @return limit The OFT limit information.
         * @return oftFeeDetails The details of OFT fees.
         * @return receipt The OFT receipt information.
         */
        function quoteOFT(
            SendParam calldata _sendParam
        ) external view returns (OFTLimit memory, OFTFeeDetail[] memory oftFeeDetails, OFTReceipt memory);
    
        /**
         * @notice Provides a quote for the send() operation.
         * @param _sendParam The parameters for the send() operation.
         * @param _payInLzToken Flag indicating whether the caller is paying in the LZ token.
         * @return fee The calculated LayerZero messaging fee from the send() operation.
         *
         * @dev MessagingFee: LayerZero msg fee
         *  - nativeFee: The native fee.
         *  - lzTokenFee: The lzToken fee.
         */
        function quoteSend(SendParam calldata _sendParam, bool _payInLzToken) external view returns (MessagingFee memory);
    
        /**
         * @notice Executes the send() operation.
         * @param _sendParam The parameters for the send operation.
         * @param _fee The fee information supplied by the caller.
         *      - nativeFee: The native fee.
         *      - lzTokenFee: The lzToken fee.
         * @param _refundAddress The address to receive any excess funds from fees etc. on the src.
         * @return receipt The LayerZero messaging receipt from the send() operation.
         * @return oftReceipt The OFT receipt information.
         *
         * @dev MessagingReceipt: LayerZero msg receipt
         *  - guid: The unique identifier for the sent message.
         *  - nonce: The nonce of the sent message.
         *  - fee: The LayerZero fee incurred for the message.
         */
        function send(
            SendParam calldata _sendParam,
            MessagingFee calldata _fee,
            address _refundAddress
        ) external payable returns (MessagingReceipt memory, OFTReceipt memory);
    }

    // SPDX-License-Identifier: MIT
    
    pragma solidity ^0.8.20;
    
    library OFTComposeMsgCodec {
        // Offset constants for decoding composed messages
        uint8 private constant NONCE_OFFSET = 8;
        uint8 private constant SRC_EID_OFFSET = 12;
        uint8 private constant AMOUNT_LD_OFFSET = 44;
        uint8 private constant COMPOSE_FROM_OFFSET = 76;
    
        /**
         * @dev Encodes a OFT composed message.
         * @param _nonce The nonce value.
         * @param _srcEid The source endpoint ID.
         * @param _amountLD The amount in local decimals.
         * @param _composeMsg The composed message.
         * @return _msg The encoded Composed message.
         */
        function encode(
            uint64 _nonce,
            uint32 _srcEid,
            uint256 _amountLD,
            bytes memory _composeMsg // 0x[composeFrom][composeMsg]
        ) internal pure returns (bytes memory _msg) {
            _msg = abi.encodePacked(_nonce, _srcEid, _amountLD, _composeMsg);
        }
    
        /**
         * @dev Retrieves the nonce for the composed message.
         * @param _msg The message.
         * @return The nonce value.
         */
        function nonce(bytes calldata _msg) internal pure returns (uint64) {
            return uint64(bytes8(_msg[:NONCE_OFFSET]));
        }
    
        /**
         * @dev Retrieves the source endpoint ID for the composed message.
         * @param _msg The message.
         * @return The source endpoint ID.
         */
        function srcEid(bytes calldata _msg) internal pure returns (uint32) {
            return uint32(bytes4(_msg[NONCE_OFFSET:SRC_EID_OFFSET]));
        }
    
        /**
         * @dev Retrieves the amount in local decimals from the composed message.
         * @param _msg The message.
         * @return The amount in local decimals.
         */
        function amountLD(bytes calldata _msg) internal pure returns (uint256) {
            return uint256(bytes32(_msg[SRC_EID_OFFSET:AMOUNT_LD_OFFSET]));
        }
    
        /**
         * @dev Retrieves the composeFrom value from the composed message.
         * @param _msg The message.
         * @return The composeFrom value.
         */
        function composeFrom(bytes calldata _msg) internal pure returns (bytes32) {
            return bytes32(_msg[AMOUNT_LD_OFFSET:COMPOSE_FROM_OFFSET]);
        }
    
        /**
         * @dev Retrieves the composed message.
         * @param _msg The message.
         * @return The composed message.
         */
        function composeMsg(bytes calldata _msg) internal pure returns (bytes memory) {
            return _msg[COMPOSE_FROM_OFFSET:];
        }
    
        /**
         * @dev Converts an address to bytes32.
         * @param _addr The address to convert.
         * @return The bytes32 representation of the address.
         */
        function addressToBytes32(address _addr) internal pure returns (bytes32) {
            return bytes32(uint256(uint160(_addr)));
        }
    
        /**
         * @dev Converts bytes32 to an address.
         * @param _b The bytes32 value to convert.
         * @return The address representation of bytes32.
         */
        function bytes32ToAddress(bytes32 _b) internal pure returns (address) {
            return address(uint160(uint256(_b)));
        }
    }

    // SPDX-License-Identifier: MIT
    
    pragma solidity ^0.8.20;
    
    library OFTMsgCodec {
        // Offset constants for encoding and decoding OFT messages
        uint8 private constant SEND_TO_OFFSET = 32;
        uint8 private constant SEND_AMOUNT_SD_OFFSET = 40;
    
        /**
         * @dev Encodes an OFT LayerZero message.
         * @param _sendTo The recipient address.
         * @param _amountShared The amount in shared decimals.
         * @param _composeMsg The composed message.
         * @return _msg The encoded message.
         * @return hasCompose A boolean indicating whether the message has a composed payload.
         */
        function encode(
            bytes32 _sendTo,
            uint64 _amountShared,
            bytes memory _composeMsg
        ) internal view returns (bytes memory _msg, bool hasCompose) {
            hasCompose = _composeMsg.length > 0;
            // @dev Remote chains will want to know the composed function caller ie. msg.sender on the src.
            _msg = hasCompose
                ? abi.encodePacked(_sendTo, _amountShared, addressToBytes32(msg.sender), _composeMsg)
                : abi.encodePacked(_sendTo, _amountShared);
        }
    
        /**
         * @dev Checks if the OFT message is composed.
         * @param _msg The OFT message.
         * @return A boolean indicating whether the message is composed.
         */
        function isComposed(bytes calldata _msg) internal pure returns (bool) {
            return _msg.length > SEND_AMOUNT_SD_OFFSET;
        }
    
        /**
         * @dev Retrieves the recipient address from the OFT message.
         * @param _msg The OFT message.
         * @return The recipient address.
         */
        function sendTo(bytes calldata _msg) internal pure returns (bytes32) {
            return bytes32(_msg[:SEND_TO_OFFSET]);
        }
    
        /**
         * @dev Retrieves the amount in shared decimals from the OFT message.
         * @param _msg The OFT message.
         * @return The amount in shared decimals.
         */
        function amountSD(bytes calldata _msg) internal pure returns (uint64) {
            return uint64(bytes8(_msg[SEND_TO_OFFSET:SEND_AMOUNT_SD_OFFSET]));
        }
    
        /**
         * @dev Retrieves the composed message from the OFT message.
         * @param _msg The OFT message.
         * @return The composed message.
         */
        function composeMsg(bytes calldata _msg) internal pure returns (bytes memory) {
            return _msg[SEND_AMOUNT_SD_OFFSET:];
        }
    
        /**
         * @dev Converts an address to bytes32.
         * @param _addr The address to convert.
         * @return The bytes32 representation of the address.
         */
        function addressToBytes32(address _addr) internal pure returns (bytes32) {
            return bytes32(uint256(uint160(_addr)));
        }
    
        /**
         * @dev Converts bytes32 to an address.
         * @param _b The bytes32 value to convert.
         * @return The address representation of bytes32.
         */
        function bytes32ToAddress(bytes32 _b) internal pure returns (address) {
            return address(uint160(uint256(_b)));
        }
    }

    // SPDX-License-Identifier: MIT
    
    pragma solidity ^0.8.20;
    
    import { ERC20 } from "@openzeppelin/contracts/token/ERC20/ERC20.sol";
    import { IOFT, OFTCore } from "./OFTCore.sol";
    
    /**
     * @title OFT Contract
     * @dev OFT is an ERC-20 token that extends the functionality of the OFTCore contract.
     */
    abstract contract OFT is OFTCore, ERC20 {
        /**
         * @dev Constructor for the OFT contract.
         * @param _name The name of the OFT.
         * @param _symbol The symbol of the OFT.
         * @param _lzEndpoint The LayerZero endpoint address.
         * @param _delegate The delegate capable of making OApp configurations inside of the endpoint.
         */
        constructor(
            string memory _name,
            string memory _symbol,
            address _lzEndpoint,
            address _delegate
        ) ERC20(_name, _symbol) OFTCore(decimals(), _lzEndpoint, _delegate) {}
    
        /**
         * @dev Retrieves the address of the underlying ERC20 implementation.
         * @return The address of the OFT token.
         *
         * @dev In the case of OFT, address(this) and erc20 are the same contract.
         */
        function token() public view returns (address) {
            return address(this);
        }
    
        /**
         * @notice Indicates whether the OFT contract requires approval of the 'token()' to send.
         * @return requiresApproval Needs approval of the underlying token implementation.
         *
         * @dev In the case of OFT where the contract IS the token, approval is NOT required.
         */
        function approvalRequired() external pure virtual returns (bool) {
            return false;
        }
    
        /**
         * @dev Burns tokens from the sender's specified balance.
         * @param _from The address to debit the tokens from.
         * @param _amountLD The amount of tokens to send in local decimals.
         * @param _minAmountLD The minimum amount to send in local decimals.
         * @param _dstEid The destination chain ID.
         * @return amountSentLD The amount sent in local decimals.
         * @return amountReceivedLD The amount received in local decimals on the remote.
         */
        function _debit(
            address _from,
            uint256 _amountLD,
            uint256 _minAmountLD,
            uint32 _dstEid
        ) internal virtual override returns (uint256 amountSentLD, uint256 amountReceivedLD) {
            (amountSentLD, amountReceivedLD) = _debitView(_amountLD, _minAmountLD, _dstEid);
    
            // @dev In NON-default OFT, amountSentLD could be 100, with a 10% fee, the amountReceivedLD amount is 90,
            // therefore amountSentLD CAN differ from amountReceivedLD.
    
            // @dev Default OFT burns on src.
            _burn(_from, amountSentLD);
        }
    
        /**
         * @dev Credits tokens to the specified address.
         * @param _to The address to credit the tokens to.
         * @param _amountLD The amount of tokens to credit in local decimals.
         * @dev _srcEid The source chain ID.
         * @return amountReceivedLD The amount of tokens ACTUALLY received in local decimals.
         */
        function _credit(
            address _to,
            uint256 _amountLD,
            uint32 /*_srcEid*/
        ) internal virtual override returns (uint256 amountReceivedLD) {
            if (_to == address(0x0)) _to = address(0xdead); // _mint(...) does not support address(0x0)
            // @dev Default OFT mints on dst.
            _mint(_to, _amountLD);
            // @dev In the case of NON-default OFT, the _amountLD MIGHT not be == amountReceivedLD.
            return _amountLD;
        }
    }

    // SPDX-License-Identifier: MIT
    
    pragma solidity ^0.8.20;
    
    import { IERC20Metadata, IERC20 } from "@openzeppelin/contracts/token/ERC20/extensions/IERC20Metadata.sol";
    import { SafeERC20 } from "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol";
    import { IOFT, OFTCore } from "./OFTCore.sol";
    
    /**
     * @title OFTAdapter Contract
     * @dev OFTAdapter is a contract that adapts an ERC-20 token to the OFT functionality.
     *
     * @dev For existing ERC20 tokens, this can be used to convert the token to crosschain compatibility.
     * @dev WARNING: ONLY 1 of these should exist for a given global mesh,
     * unless you make a NON-default implementation of OFT and needs to be done very carefully.
     * @dev WARNING: The default OFTAdapter implementation assumes LOSSLESS transfers, ie. 1 token in, 1 token out.
     * IF the 'innerToken' applies something like a transfer fee, the default will NOT work...
     * a pre/post balance check will need to be done to calculate the amountSentLD/amountReceivedLD.
     */
    abstract contract OFTAdapter is OFTCore {
        using SafeERC20 for IERC20;
    
        IERC20 internal immutable innerToken;
    
        /**
         * @dev Constructor for the OFTAdapter contract.
         * @param _token The address of the ERC-20 token to be adapted.
         * @param _lzEndpoint The LayerZero endpoint address.
         * @param _delegate The delegate capable of making OApp configurations inside of the endpoint.
         */
        constructor(
            address _token,
            address _lzEndpoint,
            address _delegate
        ) OFTCore(IERC20Metadata(_token).decimals(), _lzEndpoint, _delegate) {
            innerToken = IERC20(_token);
        }
    
        /**
         * @dev Retrieves the address of the underlying ERC20 implementation.
         * @return The address of the adapted ERC-20 token.
         *
         * @dev In the case of OFTAdapter, address(this) and erc20 are NOT the same contract.
         */
        function token() public view returns (address) {
            return address(innerToken);
        }
    
        /**
         * @notice Indicates whether the OFT contract requires approval of the 'token()' to send.
         * @return requiresApproval Needs approval of the underlying token implementation.
         *
         * @dev In the case of default OFTAdapter, approval is required.
         * @dev In non-default OFTAdapter contracts with something like mint and burn privileges, it would NOT need approval.
         */
        function approvalRequired() external pure virtual returns (bool) {
            return true;
        }
    
        /**
         * @dev Locks tokens from the sender's specified balance in this contract.
         * @param _from The address to debit from.
         * @param _amountLD The amount of tokens to send in local decimals.
         * @param _minAmountLD The minimum amount to send in local decimals.
         * @param _dstEid The destination chain ID.
         * @return amountSentLD The amount sent in local decimals.
         * @return amountReceivedLD The amount received in local decimals on the remote.
         *
         * @dev msg.sender will need to approve this _amountLD of tokens to be locked inside of the contract.
         * @dev WARNING: The default OFTAdapter implementation assumes LOSSLESS transfers, ie. 1 token in, 1 token out.
         * IF the 'innerToken' applies something like a transfer fee, the default will NOT work...
         * a pre/post balance check will need to be done to calculate the amountReceivedLD.
         */
        function _debit(
            address _from,
            uint256 _amountLD,
            uint256 _minAmountLD,
            uint32 _dstEid
        ) internal virtual override returns (uint256 amountSentLD, uint256 amountReceivedLD) {
            (amountSentLD, amountReceivedLD) = _debitView(_amountLD, _minAmountLD, _dstEid);
            // @dev Lock tokens by moving them into this contract from the caller.
            innerToken.safeTransferFrom(_from, address(this), amountSentLD);
        }
    
        /**
         * @dev Credits tokens to the specified address.
         * @param _to The address to credit the tokens to.
         * @param _amountLD The amount of tokens to credit in local decimals.
         * @dev _srcEid The source chain ID.
         * @return amountReceivedLD The amount of tokens ACTUALLY received in local decimals.
         *
         * @dev WARNING: The default OFTAdapter implementation assumes LOSSLESS transfers, ie. 1 token in, 1 token out.
         * IF the 'innerToken' applies something like a transfer fee, the default will NOT work...
         * a pre/post balance check will need to be done to calculate the amountReceivedLD.
         */
        function _credit(
            address _to,
            uint256 _amountLD,
            uint32 /*_srcEid*/
        ) internal virtual override returns (uint256 amountReceivedLD) {
            // @dev Unlock the tokens and transfer to the recipient.
            innerToken.safeTransfer(_to, _amountLD);
            // @dev In the case of NON-default OFTAdapter, the amountLD MIGHT not be == amountReceivedLD.
            return _amountLD;
        }
    }

    // SPDX-License-Identifier: MIT
    
    pragma solidity ^0.8.20;
    
    import { OApp, Origin } from "@layerzerolabs/oapp-evm/contracts/oapp/OApp.sol";
    import { OAppOptionsType3 } from "@layerzerolabs/oapp-evm/contracts/oapp/libs/OAppOptionsType3.sol";
    import { IOAppMsgInspector } from "@layerzerolabs/oapp-evm/contracts/oapp/interfaces/IOAppMsgInspector.sol";
    
    import { OAppPreCrimeSimulator } from "@layerzerolabs/oapp-evm/contracts/precrime/OAppPreCrimeSimulator.sol";
    
    import { IOFT, SendParam, OFTLimit, OFTReceipt, OFTFeeDetail, MessagingReceipt, MessagingFee } from "./interfaces/IOFT.sol";
    import { OFTMsgCodec } from "./libs/OFTMsgCodec.sol";
    import { OFTComposeMsgCodec } from "./libs/OFTComposeMsgCodec.sol";
    
    /**
     * @title OFTCore
     * @dev Abstract contract for the OftChain (OFT) token.
     */
    abstract contract OFTCore is IOFT, OApp, OAppPreCrimeSimulator, OAppOptionsType3 {
        using OFTMsgCodec for bytes;
        using OFTMsgCodec for bytes32;
    
        // @notice Provides a conversion rate when swapping between denominations of SD and LD
        //      - shareDecimals == SD == shared Decimals
        //      - localDecimals == LD == local decimals
        // @dev Considers that tokens have different decimal amounts on various chains.
        // @dev eg.
        //  For a token
        //      - locally with 4 decimals --> 1.2345 => uint(12345)
        //      - remotely with 2 decimals --> 1.23 => uint(123)
        //      - The conversion rate would be 10 ** (4 - 2) = 100
        //  @dev If you want to send 1.2345 -> (uint 12345), you CANNOT represent that value on the remote,
        //  you can only display 1.23 -> uint(123).
        //  @dev To preserve the dust that would otherwise be lost on that conversion,
        //  we need to unify a denomination that can be represented on ALL chains inside of the OFT mesh
        uint256 public immutable decimalConversionRate;
    
        // @notice Msg types that are used to identify the various OFT operations.
        // @dev This can be extended in child contracts for non-default oft operations
        // @dev These values are used in things like combineOptions() in OAppOptionsType3.sol.
        uint16 public constant SEND = 1;
        uint16 public constant SEND_AND_CALL = 2;
    
        // Address of an optional contract to inspect both 'message' and 'options'
        address public msgInspector;
        event MsgInspectorSet(address inspector);
    
        /**
         * @dev Constructor.
         * @param _localDecimals The decimals of the token on the local chain (this chain).
         * @param _endpoint The address of the LayerZero endpoint.
         * @param _delegate The delegate capable of making OApp configurations inside of the endpoint.
         */
        constructor(uint8 _localDecimals, address _endpoint, address _delegate) OApp(_endpoint, _delegate) {
            if (_localDecimals < sharedDecimals()) revert InvalidLocalDecimals();
            decimalConversionRate = 10 ** (_localDecimals - sharedDecimals());
        }
    
        /**
         * @notice Retrieves interfaceID and the version of the OFT.
         * @return interfaceId The interface ID.
         * @return version The version.
         *
         * @dev interfaceId: This specific interface ID is '0x02e49c2c'.
         * @dev version: Indicates a cross-chain compatible msg encoding with other OFTs.
         * @dev If a new feature is added to the OFT cross-chain msg encoding, the version will be incremented.
         * ie. localOFT version(x,1) CAN send messages to remoteOFT version(x,1)
         */
        function oftVersion() external pure virtual returns (bytes4 interfaceId, uint64 version) {
            return (type(IOFT).interfaceId, 1);
        }
    
        /**
         * @dev Retrieves the shared decimals of the OFT.
         * @return The shared decimals of the OFT.
         *
         * @dev Sets an implicit cap on the amount of tokens, over uint64.max() will need some sort of outbound cap / totalSupply cap
         * Lowest common decimal denominator between chains.
         * Defaults to 6 decimal places to provide up to 18,446,744,073,709.551615 units (max uint64).
         * For tokens exceeding this totalSupply(), they will need to override the sharedDecimals function with something smaller.
         * ie. 4 sharedDecimals would be 1,844,674,407,370,955.1615
         */
        function sharedDecimals() public view virtual returns (uint8) {
            return 6;
        }
    
        /**
         * @dev Sets the message inspector address for the OFT.
         * @param _msgInspector The address of the message inspector.
         *
         * @dev This is an optional contract that can be used to inspect both 'message' and 'options'.
         * @dev Set it to address(0) to disable it, or set it to a contract address to enable it.
         */
        function setMsgInspector(address _msgInspector) public virtual onlyOwner {
            msgInspector = _msgInspector;
            emit MsgInspectorSet(_msgInspector);
        }
    
        /**
         * @notice Provides a quote for OFT-related operations.
         * @param _sendParam The parameters for the send operation.
         * @return oftLimit The OFT limit information.
         * @return oftFeeDetails The details of OFT fees.
         * @return oftReceipt The OFT receipt information.
         */
        function quoteOFT(
            SendParam calldata _sendParam
        )
            external
            view
            virtual
            returns (OFTLimit memory oftLimit, OFTFeeDetail[] memory oftFeeDetails, OFTReceipt memory oftReceipt)
        {
            uint256 minAmountLD = 0; // Unused in the default implementation.
            uint256 maxAmountLD = type(uint64).max; // Unused in the default implementation.
            oftLimit = OFTLimit(minAmountLD, maxAmountLD);
    
            // Unused in the default implementation; reserved for future complex fee details.
            oftFeeDetails = new OFTFeeDetail[](0);
    
            // @dev This is the same as the send() operation, but without the actual send.
            // - amountSentLD is the amount in local decimals that would be sent from the sender.
            // - amountReceivedLD is the amount in local decimals that will be credited to the recipient on the remote OFT instance.
            // @dev The amountSentLD MIGHT not equal the amount the user actually receives. HOWEVER, the default does.
            (uint256 amountSentLD, uint256 amountReceivedLD) = _debitView(
                _sendParam.amountLD,
                _sendParam.minAmountLD,
                _sendParam.dstEid
            );
            oftReceipt = OFTReceipt(amountSentLD, amountReceivedLD);
        }
    
        /**
         * @notice Provides a quote for the send() operation.
         * @param _sendParam The parameters for the send() operation.
         * @param _payInLzToken Flag indicating whether the caller is paying in the LZ token.
         * @return msgFee The calculated LayerZero messaging fee from the send() operation.
         *
         * @dev MessagingFee: LayerZero msg fee
         *  - nativeFee: The native fee.
         *  - lzTokenFee: The lzToken fee.
         */
        function quoteSend(
            SendParam calldata _sendParam,
            bool _payInLzToken
        ) external view virtual returns (MessagingFee memory msgFee) {
            // @dev mock the amount to receive, this is the same operation used in the send().
            // The quote is as similar as possible to the actual send() operation.
            (, uint256 amountReceivedLD) = _debitView(_sendParam.amountLD, _sendParam.minAmountLD, _sendParam.dstEid);
    
            // @dev Builds the options and OFT message to quote in the endpoint.
            (bytes memory message, bytes memory options) = _buildMsgAndOptions(_sendParam, amountReceivedLD);
    
            // @dev Calculates the LayerZero fee for the send() operation.
            return _quote(_sendParam.dstEid, message, options, _payInLzToken);
        }
    
        /**
         * @dev Executes the send operation.
         * @param _sendParam The parameters for the send operation.
         * @param _fee The calculated fee for the send() operation.
         *      - nativeFee: The native fee.
         *      - lzTokenFee: The lzToken fee.
         * @param _refundAddress The address to receive any excess funds.
         * @return msgReceipt The receipt for the send operation.
         * @return oftReceipt The OFT receipt information.
         *
         * @dev MessagingReceipt: LayerZero msg receipt
         *  - guid: The unique identifier for the sent message.
         *  - nonce: The nonce of the sent message.
         *  - fee: The LayerZero fee incurred for the message.
         */
        function send(
            SendParam calldata _sendParam,
            MessagingFee calldata _fee,
            address _refundAddress
        ) external payable virtual returns (MessagingReceipt memory msgReceipt, OFTReceipt memory oftReceipt) {
            // @dev Applies the token transfers regarding this send() operation.
            // - amountSentLD is the amount in local decimals that was ACTUALLY sent/debited from the sender.
            // - amountReceivedLD is the amount in local decimals that will be received/credited to the recipient on the remote OFT instance.
            (uint256 amountSentLD, uint256 amountReceivedLD) = _debit(
                msg.sender,
                _sendParam.amountLD,
                _sendParam.minAmountLD,
                _sendParam.dstEid
            );
    
            // @dev Builds the options and OFT message to quote in the endpoint.
            (bytes memory message, bytes memory options) = _buildMsgAndOptions(_sendParam, amountReceivedLD);
    
            // @dev Sends the message to the LayerZero endpoint and returns the LayerZero msg receipt.
            msgReceipt = _lzSend(_sendParam.dstEid, message, options, _fee, _refundAddress);
            // @dev Formulate the OFT receipt.
            oftReceipt = OFTReceipt(amountSentLD, amountReceivedLD);
    
            emit OFTSent(msgReceipt.guid, _sendParam.dstEid, msg.sender, amountSentLD, amountReceivedLD);
        }
    
        /**
         * @dev Internal function to build the message and options.
         * @param _sendParam The parameters for the send() operation.
         * @param _amountLD The amount in local decimals.
         * @return message The encoded message.
         * @return options The encoded options.
         */
        function _buildMsgAndOptions(
            SendParam calldata _sendParam,
            uint256 _amountLD
        ) internal view virtual returns (bytes memory message, bytes memory options) {
            bool hasCompose;
            // @dev This generated message has the msg.sender encoded into the payload so the remote knows who the caller is.
            (message, hasCompose) = OFTMsgCodec.encode(
                _sendParam.to,
                _toSD(_amountLD),
                // @dev Must be include a non empty bytes if you want to compose, EVEN if you dont need it on the remote.
                // EVEN if you dont require an arbitrary payload to be sent... eg. '0x01'
                _sendParam.composeMsg
            );
            // @dev Change the msg type depending if its composed or not.
            uint16 msgType = hasCompose ? SEND_AND_CALL : SEND;
            // @dev Combine the callers _extraOptions with the enforced options via the OAppOptionsType3.
            options = combineOptions(_sendParam.dstEid, msgType, _sendParam.extraOptions);
    
            // @dev Optionally inspect the message and options depending if the OApp owner has set a msg inspector.
            // @dev If it fails inspection, needs to revert in the implementation. ie. does not rely on return boolean
            address inspector = msgInspector; // caches the msgInspector to avoid potential double storage read
            if (inspector != address(0)) IOAppMsgInspector(inspector).inspect(message, options);
        }
    
        /**
         * @dev Internal function to handle the receive on the LayerZero endpoint.
         * @param _origin The origin information.
         *  - srcEid: The source chain endpoint ID.
         *  - sender: The sender address from the src chain.
         *  - nonce: The nonce of the LayerZero message.
         * @param _guid The unique identifier for the received LayerZero message.
         * @param _message The encoded message.
         * @dev _executor The address of the executor.
         * @dev _extraData Additional data.
         */
        function _lzReceive(
            Origin calldata _origin,
            bytes32 _guid,
            bytes calldata _message,
            address /*_executor*/, // @dev unused in the default implementation.
            bytes calldata /*_extraData*/ // @dev unused in the default implementation.
        ) internal virtual override {
            // @dev The src sending chain doesnt know the address length on this chain (potentially non-evm)
            // Thus everything is bytes32() encoded in flight.
            address toAddress = _message.sendTo().bytes32ToAddress();
            // @dev Credit the amountLD to the recipient and return the ACTUAL amount the recipient received in local decimals
            uint256 amountReceivedLD = _credit(toAddress, _toLD(_message.amountSD()), _origin.srcEid);
    
            if (_message.isComposed()) {
                // @dev Proprietary composeMsg format for the OFT.
                bytes memory composeMsg = OFTComposeMsgCodec.encode(
                    _origin.nonce,
                    _origin.srcEid,
                    amountReceivedLD,
                    _message.composeMsg()
                );
    
                // @dev Stores the lzCompose payload that will be executed in a separate tx.
                // Standardizes functionality for executing arbitrary contract invocation on some non-evm chains.
                // @dev The off-chain executor will listen and process the msg based on the src-chain-callers compose options passed.
                // @dev The index is used when a OApp needs to compose multiple msgs on lzReceive.
                // For default OFT implementation there is only 1 compose msg per lzReceive, thus its always 0.
                endpoint.sendCompose(toAddress, _guid, 0 /* the index of the composed message*/, composeMsg);
            }
    
            emit OFTReceived(_guid, _origin.srcEid, toAddress, amountReceivedLD);
        }
    
        /**
         * @dev Internal function to handle the OAppPreCrimeSimulator simulated receive.
         * @param _origin The origin information.
         *  - srcEid: The source chain endpoint ID.
         *  - sender: The sender address from the src chain.
         *  - nonce: The nonce of the LayerZero message.
         * @param _guid The unique identifier for the received LayerZero message.
         * @param _message The LayerZero message.
         * @param _executor The address of the off-chain executor.
         * @param _extraData Arbitrary data passed by the msg executor.
         *
         * @dev Enables the preCrime simulator to mock sending lzReceive() messages,
         * routes the msg down from the OAppPreCrimeSimulator, and back up to the OAppReceiver.
         */
        function _lzReceiveSimulate(
            Origin calldata _origin,
            bytes32 _guid,
            bytes calldata _message,
            address _executor,
            bytes calldata _extraData
        ) internal virtual override {
            _lzReceive(_origin, _guid, _message, _executor, _extraData);
        }
    
        /**
         * @dev Check if the peer is considered 'trusted' by the OApp.
         * @param _eid The endpoint ID to check.
         * @param _peer The peer to check.
         * @return Whether the peer passed is considered 'trusted' by the OApp.
         *
         * @dev Enables OAppPreCrimeSimulator to check whether a potential Inbound Packet is from a trusted source.
         */
        function isPeer(uint32 _eid, bytes32 _peer) public view virtual override returns (bool) {
            return peers[_eid] == _peer;
        }
    
        /**
         * @dev Internal function to remove dust from the given local decimal amount.
         * @param _amountLD The amount in local decimals.
         * @return amountLD The amount after removing dust.
         *
         * @dev Prevents the loss of dust when moving amounts between chains with different decimals.
         * @dev eg. uint(123) with a conversion rate of 100 becomes uint(100).
         */
        function _removeDust(uint256 _amountLD) internal view virtual returns (uint256 amountLD) {
            return (_amountLD / decimalConversionRate) * decimalConversionRate;
        }
    
        /**
         * @dev Internal function to convert an amount from shared decimals into local decimals.
         * @param _amountSD The amount in shared decimals.
         * @return amountLD The amount in local decimals.
         */
        function _toLD(uint64 _amountSD) internal view virtual returns (uint256 amountLD) {
            return _amountSD * decimalConversionRate;
        }
    
        /**
         * @dev Internal function to convert an amount from local decimals into shared decimals.
         * @param _amountLD The amount in local decimals.
         * @return amountSD The amount in shared decimals.
         */
        function _toSD(uint256 _amountLD) internal view virtual returns (uint64 amountSD) {
            return uint64(_amountLD / decimalConversionRate);
        }
    
        /**
         * @dev Internal function to mock the amount mutation from a OFT debit() operation.
         * @param _amountLD The amount to send in local decimals.
         * @param _minAmountLD The minimum amount to send in local decimals.
         * @dev _dstEid The destination endpoint ID.
         * @return amountSentLD The amount sent, in local decimals.
         * @return amountReceivedLD The amount to be received on the remote chain, in local decimals.
         *
         * @dev This is where things like fees would be calculated and deducted from the amount to be received on the remote.
         */
        function _debitView(
            uint256 _amountLD,
            uint256 _minAmountLD,
            uint32 /*_dstEid*/
        ) internal view virtual returns (uint256 amountSentLD, uint256 amountReceivedLD) {
            // @dev Remove the dust so nothing is lost on the conversion between chains with different decimals for the token.
            amountSentLD = _removeDust(_amountLD);
            // @dev The amount to send is the same as amount received in the default implementation.
            amountReceivedLD = amountSentLD;
    
            // @dev Check for slippage.
            if (amountReceivedLD < _minAmountLD) {
                revert SlippageExceeded(amountReceivedLD, _minAmountLD);
            }
        }
    
        /**
         * @dev Internal function to perform a debit operation.
         * @param _from The address to debit.
         * @param _amountLD The amount to send in local decimals.
         * @param _minAmountLD The minimum amount to send in local decimals.
         * @param _dstEid The destination endpoint ID.
         * @return amountSentLD The amount sent in local decimals.
         * @return amountReceivedLD The amount received in local decimals on the remote.
         *
         * @dev Defined here but are intended to be overriden depending on the OFT implementation.
         * @dev Depending on OFT implementation the _amountLD could differ from the amountReceivedLD.
         */
        function _debit(
            address _from,
            uint256 _amountLD,
            uint256 _minAmountLD,
            uint32 _dstEid
        ) internal virtual returns (uint256 amountSentLD, uint256 amountReceivedLD);
    
        /**
         * @dev Internal function to perform a credit operation.
         * @param _to The address to credit.
         * @param _amountLD The amount to credit in local decimals.
         * @param _srcEid The source endpoint ID.
         * @return amountReceivedLD The amount ACTUALLY received in local decimals.
         *
         * @dev Defined here but are intended to be overriden depending on the OFT implementation.
         * @dev Depending on OFT implementation the _amountLD could differ from the amountReceivedLD.
         */
        function _credit(
            address _to,
            uint256 _amountLD,
            uint32 _srcEid
        ) internal virtual returns (uint256 amountReceivedLD);
    }

    // SPDX-License-Identifier: MIT
    
    pragma solidity ^0.8.22;
    
    /**
     * @title ONFT Composed Message Codec
     * @notice Library for encoding and decoding ONFT composed messages.
     */
    library ONFTComposeMsgCodec {
        // Offset constants for decoding composed messages
        uint8 private constant NONCE_OFFSET = 8;
        uint8 private constant SRC_EID_OFFSET = 12;
        uint8 private constant COMPOSE_FROM_OFFSET = 44;
    
        /**
         * @dev Encodes a ONFT721 composed message.
         * @param _nonce The nonce value.
         * @param _srcEid The source LayerZero endpoint ID.
         * @param _composeMsg The composed message.
         * @return The encoded payload, including the composed message.
         */
        function encode(
            uint64 _nonce,
            uint32 _srcEid,
            bytes memory _composeMsg // 0x[composeFrom][composeMsg]
        ) internal pure returns (bytes memory) {
            return abi.encodePacked(_nonce, _srcEid, _composeMsg);
        }
    
        /**
         * @dev Retrieves the nonce for the composed message.
         * @param _msg The message.
         * @return The nonce value.
         */
        function nonce(bytes calldata _msg) internal pure returns (uint64) {
            return uint64(bytes8(_msg[:NONCE_OFFSET]));
        }
    
        /**
         * @dev Retrieves the source LayerZero endpoint ID for the composed message.
         * @param _msg The message.
         * @return The source LayerZero endpoint ID.
         */
        function srcEid(bytes calldata _msg) internal pure returns (uint32) {
            return uint32(bytes4(_msg[NONCE_OFFSET:SRC_EID_OFFSET]));
        }
    
        /**
         * @dev Retrieves the composeFrom value from the composed message.
         * @param _msg The message.
         * @return The composeFrom value as bytes32.
         */
        function composeFrom(bytes calldata _msg) internal pure returns (bytes32) {
            return bytes32(_msg[SRC_EID_OFFSET:COMPOSE_FROM_OFFSET]);
        }
    
        /**
         * @dev Retrieves the composed message.
         * @param _msg The message.
         * @return The composed message.
         */
        function composeMsg(bytes calldata _msg) internal pure returns (bytes memory) {
            return _msg[COMPOSE_FROM_OFFSET:];
        }
    
        /**
         * @dev Converts an address to bytes32.
         * @param _addr The address to convert.
         * @return The bytes32 representation of the address.
         */
        function addressToBytes32(address _addr) internal pure returns (bytes32) {
            return bytes32(uint256(uint160(_addr)));
        }
    
        /**
         * @dev Converts bytes32 to an address.
         * @param _b The bytes32 value to convert.
         * @return The address representation of bytes32.
         */
        function bytes32ToAddress(bytes32 _b) internal pure returns (address) {
            return address(uint160(uint256(_b)));
        }
    }

    // SPDX-License-Identifier: MIT
    
    pragma solidity ^0.8.22;
    
    import { MessagingFee, MessagingReceipt } from "@layerzerolabs/oapp-evm/contracts/oapp/OAppSender.sol";
    
    /**
     * @dev Struct representing token parameters for the ONFT send() operation.
     */
    struct SendParam {
        uint32 dstEid; // Destination LayerZero EndpointV2 ID.
        bytes32 to; // Recipient address.
        uint256 tokenId;
        bytes extraOptions; // Additional options supplied by the caller to be used in the LayerZero message.
        bytes composeMsg; // The composed message for the send() operation.
        bytes onftCmd; // The ONFT command to be executed, unused in default ONFT implementations.
    }
    
    /**
     * @title IONFT
     * @dev Interface for the ONFT721 token.
     * @dev Does not inherit ERC721 to accommodate usage by OFT721Adapter.
     */
    interface IONFT721 {
        // Custom error messages
        error InvalidReceiver();
        error OnlyNFTOwner(address caller, address owner);
    
        // Events
        event ONFTSent(
            bytes32 indexed guid, // GUID of the ONFT message.
            uint32 dstEid, // Destination Endpoint ID.
            address indexed fromAddress, // Address of the sender on the src chain.
            uint256 tokenId // ONFT ID sent.
        );
    
        event ONFTReceived(
            bytes32 indexed guid, // GUID of the ONFT message.
            uint32 srcEid, // Source Endpoint ID.
            address indexed toAddress, // Address of the recipient on the dst chain.
            uint256 tokenId // ONFT ID received.
        );
    
        /**
         * @notice Retrieves interfaceID and the version of the ONFT.
         * @return interfaceId The interface ID.
         * @return version The version.
         * @dev interfaceId: This specific interface ID is '0x94642228'.
         * @dev version: Indicates a cross-chain compatible msg encoding with other ONFTs.
         * @dev If a new feature is added to the ONFT cross-chain msg encoding, the version will be incremented.
         * ie. localONFT version(x,1) CAN send messages to remoteONFT version(x,1)
         */
        function onftVersion() external view returns (bytes4 interfaceId, uint64 version);
    
        /**
         * @notice Retrieves the address of the token associated with the ONFT.
         * @return token The address of the ERC721 token implementation.
         */
        function token() external view returns (address);
    
        /**
         * @notice Indicates whether the ONFT contract requires approval of the 'token()' to send.
         * @return requiresApproval Needs approval of the underlying token implementation.
         * @dev Allows things like wallet implementers to determine integration requirements,
         * without understanding the underlying token implementation.
         */
        function approvalRequired() external view returns (bool);
    
        /**
         * @notice Provides a quote for the send() operation.
         * @param _sendParam The parameters for the send() operation.
         * @param _payInLzToken Flag indicating whether the caller is paying in the LZ token.
         * @return fee The calculated LayerZero messaging fee from the send() operation.
         * @dev MessagingFee: LayerZero msg fee
         *  - nativeFee: The native fee.
         *  - lzTokenFee: The lzToken fee.
         */
        function quoteSend(SendParam calldata _sendParam, bool _payInLzToken) external view returns (MessagingFee memory);
    
        /**
         * @notice Executes the send() operation.
         * @param _sendParam The parameters for the send operation.
         * @param _fee The fee information supplied by the caller.
         *      - nativeFee: The native fee.
         *      - lzTokenFee: The lzToken fee.
         * @param _refundAddress The address to receive any excess funds from fees etc. on the src.
         * @return receipt The LayerZero messaging receipt from the send() operation.
         * @dev MessagingReceipt: LayerZero msg receipt
         *  - guid: The unique identifier for the sent message.
         *  - nonce: The nonce of the sent message.
         *  - fee: The LayerZero fee incurred for the message.
         */
        function send(
            SendParam calldata _sendParam,
            MessagingFee calldata _fee,
            address _refundAddress
        ) external payable returns (MessagingReceipt memory);
    }

    // SPDX-License-Identifier: MIT
    
    pragma solidity ^0.8.22;
    
    /**
     * @title ONFT721MsgCodec
     * @notice Library for encoding and decoding ONFT721 LayerZero messages.
     */
    library ONFT721MsgCodec {
        uint8 private constant SEND_TO_OFFSET = 32;
        uint8 private constant TOKEN_ID_OFFSET = 64;
    
        /**
         * @dev Encodes an ONFT721 LayerZero message payload.
         * @param _sendTo The recipient address.
         * @param _tokenId The ID of the token to transfer.
         * @param _composeMsg The composed payload.
         * @return payload The encoded message payload.
         * @return hasCompose A boolean indicating whether the message payload contains a composed payload.
         */
        function encode(
            bytes32 _sendTo,
            uint256 _tokenId,
            bytes memory _composeMsg
        ) internal view returns (bytes memory payload, bool hasCompose) {
            hasCompose = _composeMsg.length > 0;
            payload = hasCompose
                ? abi.encodePacked(_sendTo, _tokenId, addressToBytes32(msg.sender), _composeMsg)
                : abi.encodePacked(_sendTo, _tokenId);
        }
    
        /**
         * @dev Decodes sendTo from the ONFT LayerZero message.
         * @param _msg The message.
         * @return The recipient address in bytes32 format.
         */
        function sendTo(bytes calldata _msg) internal pure returns (bytes32) {
            return bytes32(_msg[:SEND_TO_OFFSET]);
        }
    
        /**
         * @dev Decodes tokenId from the ONFT LayerZero message.
         * @param _msg The message.
         * @return The ID of the tokens to transfer.
         */
        function tokenId(bytes calldata _msg) internal pure returns (uint256) {
            return uint256(bytes32(_msg[SEND_TO_OFFSET:TOKEN_ID_OFFSET]));
        }
    
        /**
         * @dev Decodes whether there is a composed payload.
         * @param _msg The message.
         * @return A boolean indicating whether the message has a composed payload.
         */
        function isComposed(bytes calldata _msg) internal pure returns (bool) {
            return _msg.length > TOKEN_ID_OFFSET;
        }
    
        /**
         * @dev Decodes the composed message.
         * @param _msg The message.
         * @return The composed message.
         */
        function composeMsg(bytes calldata _msg) internal pure returns (bytes memory) {
            return _msg[TOKEN_ID_OFFSET:];
        }
    
        /**
         * @dev Converts an address to bytes32.
         * @param _addr The address to convert.
         * @return The bytes32 representation of the address.
         */
        function addressToBytes32(address _addr) internal pure returns (bytes32) {
            return bytes32(uint256(uint160(_addr)));
        }
    
        /**
         * @dev Converts bytes32 to an address.
         * @param _b The bytes32 value to convert.
         * @return The address representation of bytes32.
         */
        function bytes32ToAddress(bytes32 _b) internal pure returns (address) {
            return address(uint160(uint256(_b)));
        }
    }

    // SPDX-License-Identifier: MIT
    // OpenZeppelin Contracts (last updated v5.0.0) (access/Ownable.sol)
    
    pragma solidity ^0.8.20;
    
    import {ContextUpgradeable} from "../utils/ContextUpgradeable.sol";
    import {Initializable} from "../proxy/utils/Initializable.sol";
    
    /**
     * @dev Contract module which provides a basic access control mechanism, where
     * there is an account (an owner) that can be granted exclusive access to
     * specific functions.
     *
     * The initial owner is set to the address provided by the deployer. This can
     * later be changed with {transferOwnership}.
     *
     * This module is used through inheritance. It will make available the modifier
     * `onlyOwner`, which can be applied to your functions to restrict their use to
     * the owner.
     */
    abstract contract OwnableUpgradeable is Initializable, ContextUpgradeable {
        /// @custom:storage-location erc7201:openzeppelin.storage.Ownable
        struct OwnableStorage {
            address _owner;
        }
    
        // keccak256(abi.encode(uint256(keccak256("openzeppelin.storage.Ownable")) - 1)) & ~bytes32(uint256(0xff))
        bytes32 private constant OwnableStorageLocation = 0x9016d09d72d40fdae2fd8ceac6b6234c7706214fd39c1cd1e609a0528c199300;
    
        function _getOwnableStorage() private pure returns (OwnableStorage storage $) {
            assembly {
                $.slot := OwnableStorageLocation
            }
        }
    
        /**
         * @dev The caller account is not authorized to perform an operation.
         */
        error OwnableUnauthorizedAccount(address account);
    
        /**
         * @dev The owner is not a valid owner account. (eg. `address(0)`)
         */
        error OwnableInvalidOwner(address owner);
    
        event OwnershipTransferred(address indexed previousOwner, address indexed newOwner);
    
        /**
         * @dev Initializes the contract setting the address provided by the deployer as the initial owner.
         */
        function __Ownable_init(address initialOwner) internal onlyInitializing {
            __Ownable_init_unchained(initialOwner);
        }
    
        function __Ownable_init_unchained(address initialOwner) internal onlyInitializing {
            if (initialOwner == address(0)) {
                revert OwnableInvalidOwner(address(0));
            }
            _transferOwnership(initialOwner);
        }
    
        /**
         * @dev Throws if called by any account other than the owner.
         */
        modifier onlyOwner() {
            _checkOwner();
            _;
        }
    
        /**
         * @dev Returns the address of the current owner.
         */
        function owner() public view virtual returns (address) {
            OwnableStorage storage $ = _getOwnableStorage();
            return $._owner;
        }
    
        /**
         * @dev Throws if the sender is not the owner.
         */
        function _checkOwner() internal view virtual {
            if (owner() != _msgSender()) {
                revert OwnableUnauthorizedAccount(_msgSender());
            }
        }
    
        /**
         * @dev Leaves the contract without owner. It will not be possible to call
         * `onlyOwner` functions. Can only be called by the current owner.
         *
         * NOTE: Renouncing ownership will leave the contract without an owner,
         * thereby disabling any functionality that is only available to the owner.
         */
        function renounceOwnership() public virtual onlyOwner {
            _transferOwnership(address(0));
        }
    
        /**
         * @dev Transfers ownership of the contract to a new account (`newOwner`).
         * Can only be called by the current owner.
         */
        function transferOwnership(address newOwner) public virtual onlyOwner {
            if (newOwner == address(0)) {
                revert OwnableInvalidOwner(address(0));
            }
            _transferOwnership(newOwner);
        }
    
        /**
         * @dev Transfers ownership of the contract to a new account (`newOwner`).
         * Internal function without access restriction.
         */
        function _transferOwnership(address newOwner) internal virtual {
            OwnableStorage storage $ = _getOwnableStorage();
            address oldOwner = $._owner;
            $._owner = newOwner;
            emit OwnershipTransferred(oldOwner, newOwner);
        }
    }

    // SPDX-License-Identifier: MIT
    // OpenZeppelin Contracts (last updated v5.0.0) (proxy/utils/Initializable.sol)
    
    pragma solidity ^0.8.20;
    
    /**
     * @dev This is a base contract to aid in writing upgradeable contracts, or any kind of contract that will be deployed
     * behind a proxy. Since proxied contracts do not make use of a constructor, it's common to move constructor logic to an
     * external initializer function, usually called `initialize`. It then becomes necessary to protect this initializer
     * function so it can only be called once. The {initializer} modifier provided by this contract will have this effect.
     *
     * The initialization functions use a version number. Once a version number is used, it is consumed and cannot be
     * reused. This mechanism prevents re-execution of each "step" but allows the creation of new initialization steps in
     * case an upgrade adds a module that needs to be initialized.
     *
     * For example:
     *
     * [.hljs-theme-light.nopadding]
     * ```solidity
     * contract MyToken is ERC20Upgradeable {
     *     function initialize() initializer public {
     *         __ERC20_init("MyToken", "MTK");
     *     }
     * }
     *
     * contract MyTokenV2 is MyToken, ERC20PermitUpgradeable {
     *     function initializeV2() reinitializer(2) public {
     *         __ERC20Permit_init("MyToken");
     *     }
     * }
     * ```
     *
     * TIP: To avoid leaving the proxy in an uninitialized state, the initializer function should be called as early as
     * possible by providing the encoded function call as the `_data` argument to {ERC1967Proxy-constructor}.
     *
     * CAUTION: When used with inheritance, manual care must be taken to not invoke a parent initializer twice, or to ensure
     * that all initializers are idempotent. This is not verified automatically as constructors are by Solidity.
     *
     * [CAUTION]
     * ====
     * Avoid leaving a contract uninitialized.
     *
     * An uninitialized contract can be taken over by an attacker. This applies to both a proxy and its implementation
     * contract, which may impact the proxy. To prevent the implementation contract from being used, you should invoke
     * the {_disableInitializers} function in the constructor to automatically lock it when it is deployed:
     *
     * [.hljs-theme-light.nopadding]
     * ```
     * /// @custom:oz-upgrades-unsafe-allow constructor
     * constructor() {
     *     _disableInitializers();
     * }
     * ```
     * ====
     */
    abstract contract Initializable {
        /**
         * @dev Storage of the initializable contract.
         *
         * It's implemented on a custom ERC-7201 namespace to reduce the risk of storage collisions
         * when using with upgradeable contracts.
         *
         * @custom:storage-location erc7201:openzeppelin.storage.Initializable
         */
        struct InitializableStorage {
            /**
             * @dev Indicates that the contract has been initialized.
             */
            uint64 _initialized;
            /**
             * @dev Indicates that the contract is in the process of being initialized.
             */
            bool _initializing;
        }
    
        // keccak256(abi.encode(uint256(keccak256("openzeppelin.storage.Initializable")) - 1)) & ~bytes32(uint256(0xff))
        bytes32 private constant INITIALIZABLE_STORAGE = 0xf0c57e16840df040f15088dc2f81fe391c3923bec73e23a9662efc9c229c6a00;
    
        /**
         * @dev The contract is already initialized.
         */
        error InvalidInitialization();
    
        /**
         * @dev The contract is not initializing.
         */
        error NotInitializing();
    
        /**
         * @dev Triggered when the contract has been initialized or reinitialized.
         */
        event Initialized(uint64 version);
    
        /**
         * @dev A modifier that defines a protected initializer function that can be invoked at most once. In its scope,
         * `onlyInitializing` functions can be used to initialize parent contracts.
         *
         * Similar to `reinitializer(1)`, except that in the context of a constructor an `initializer` may be invoked any
         * number of times. This behavior in the constructor can be useful during testing and is not expected to be used in
         * production.
         *
         * Emits an {Initialized} event.
         */
        modifier initializer() {
            // solhint-disable-next-line var-name-mixedcase
            InitializableStorage storage $ = _getInitializableStorage();
    
            // Cache values to avoid duplicated sloads
            bool isTopLevelCall = !$._initializing;
            uint64 initialized = $._initialized;
    
            // Allowed calls:
            // - initialSetup: the contract is not in the initializing state and no previous version was
            //                 initialized
            // - construction: the contract is initialized at version 1 (no reininitialization) and the
            //                 current contract is just being deployed
            bool initialSetup = initialized == 0 && isTopLevelCall;
            bool construction = initialized == 1 && address(this).code.length == 0;
    
            if (!initialSetup && !construction) {
                revert InvalidInitialization();
            }
            $._initialized = 1;
            if (isTopLevelCall) {
                $._initializing = true;
            }
            _;
            if (isTopLevelCall) {
                $._initializing = false;
                emit Initialized(1);
            }
        }
    
        /**
         * @dev A modifier that defines a protected reinitializer function that can be invoked at most once, and only if the
         * contract hasn't been initialized to a greater version before. In its scope, `onlyInitializing` functions can be
         * used to initialize parent contracts.
         *
         * A reinitializer may be used after the original initialization step. This is essential to configure modules that
         * are added through upgrades and that require initialization.
         *
         * When `version` is 1, this modifier is similar to `initializer`, except that functions marked with `reinitializer`
         * cannot be nested. If one is invoked in the context of another, execution will revert.
         *
         * Note that versions can jump in increments greater than 1; this implies that if multiple reinitializers coexist in
         * a contract, executing them in the right order is up to the developer or operator.
         *
         * WARNING: Setting the version to 2**64 - 1 will prevent any future reinitialization.
         *
         * Emits an {Initialized} event.
         */
        modifier reinitializer(uint64 version) {
            // solhint-disable-next-line var-name-mixedcase
            InitializableStorage storage $ = _getInitializableStorage();
    
            if ($._initializing || $._initialized >= version) {
                revert InvalidInitialization();
            }
            $._initialized = version;
            $._initializing = true;
            _;
            $._initializing = false;
            emit Initialized(version);
        }
    
        /**
         * @dev Modifier to protect an initialization function so that it can only be invoked by functions with the
         * {initializer} and {reinitializer} modifiers, directly or indirectly.
         */
        modifier onlyInitializing() {
            _checkInitializing();
            _;
        }
    
        /**
         * @dev Reverts if the contract is not in an initializing state. See {onlyInitializing}.
         */
        function _checkInitializing() internal view virtual {
            if (!_isInitializing()) {
                revert NotInitializing();
            }
        }
    
        /**
         * @dev Locks the contract, preventing any future reinitialization. This cannot be part of an initializer call.
         * Calling this in the constructor of a contract will prevent that contract from being initialized or reinitialized
         * to any version. It is recommended to use this to lock implementation contracts that are designed to be called
         * through proxies.
         *
         * Emits an {Initialized} event the first time it is successfully executed.
         */
        function _disableInitializers() internal virtual {
            // solhint-disable-next-line var-name-mixedcase
            InitializableStorage storage $ = _getInitializableStorage();
    
            if ($._initializing) {
                revert InvalidInitialization();
            }
            if ($._initialized != type(uint64).max) {
                $._initialized = type(uint64).max;
                emit Initialized(type(uint64).max);
            }
        }
    
        /**
         * @dev Returns the highest version that has been initialized. See {reinitializer}.
         */
        function _getInitializedVersion() internal view returns (uint64) {
            return _getInitializableStorage()._initialized;
        }
    
        /**
         * @dev Returns `true` if the contract is currently initializing. See {onlyInitializing}.
         */
        function _isInitializing() internal view returns (bool) {
            return _getInitializableStorage()._initializing;
        }
    
        /**
         * @dev Returns a pointer to the storage namespace.
         */
        // solhint-disable-next-line var-name-mixedcase
        function _getInitializableStorage() private pure returns (InitializableStorage storage $) {
            assembly {
                $.slot := INITIALIZABLE_STORAGE
            }
        }
    }

    // SPDX-License-Identifier: MIT
    // OpenZeppelin Contracts (last updated v5.0.0) (proxy/utils/UUPSUpgradeable.sol)
    
    pragma solidity ^0.8.20;
    
    import {IERC1822Proxiable} from "@openzeppelin/contracts/interfaces/draft-IERC1822.sol";
    import {ERC1967Utils} from "@openzeppelin/contracts/proxy/ERC1967/ERC1967Utils.sol";
    import {Initializable} from "./Initializable.sol";
    
    /**
     * @dev An upgradeability mechanism designed for UUPS proxies. The functions included here can perform an upgrade of an
     * {ERC1967Proxy}, when this contract is set as the implementation behind such a proxy.
     *
     * A security mechanism ensures that an upgrade does not turn off upgradeability accidentally, although this risk is
     * reinstated if the upgrade retains upgradeability but removes the security mechanism, e.g. by replacing
     * `UUPSUpgradeable` with a custom implementation of upgrades.
     *
     * The {_authorizeUpgrade} function must be overridden to include access restriction to the upgrade mechanism.
     */
    abstract contract UUPSUpgradeable is Initializable, IERC1822Proxiable {
        /// @custom:oz-upgrades-unsafe-allow state-variable-immutable
        address private immutable __self = address(this);
    
        /**
         * @dev The version of the upgrade interface of the contract. If this getter is missing, both `upgradeTo(address)`
         * and `upgradeToAndCall(address,bytes)` are present, and `upgradeTo` must be used if no function should be called,
         * while `upgradeToAndCall` will invoke the `receive` function if the second argument is the empty byte string.
         * If the getter returns `"5.0.0"`, only `upgradeToAndCall(address,bytes)` is present, and the second argument must
         * be the empty byte string if no function should be called, making it impossible to invoke the `receive` function
         * during an upgrade.
         */
        string public constant UPGRADE_INTERFACE_VERSION = "5.0.0";
    
        /**
         * @dev The call is from an unauthorized context.
         */
        error UUPSUnauthorizedCallContext();
    
        /**
         * @dev The storage `slot` is unsupported as a UUID.
         */
        error UUPSUnsupportedProxiableUUID(bytes32 slot);
    
        /**
         * @dev Check that the execution is being performed through a delegatecall call and that the execution context is
         * a proxy contract with an implementation (as defined in ERC1967) pointing to self. This should only be the case
         * for UUPS and transparent proxies that are using the current contract as their implementation. Execution of a
         * function through ERC1167 minimal proxies (clones) would not normally pass this test, but is not guaranteed to
         * fail.
         */
        modifier onlyProxy() {
            _checkProxy();
            _;
        }
    
        /**
         * @dev Check that the execution is not being performed through a delegate call. This allows a function to be
         * callable on the implementing contract but not through proxies.
         */
        modifier notDelegated() {
            _checkNotDelegated();
            _;
        }
    
        function __UUPSUpgradeable_init() internal onlyInitializing {
        }
    
        function __UUPSUpgradeable_init_unchained() internal onlyInitializing {
        }
        /**
         * @dev Implementation of the ERC1822 {proxiableUUID} function. This returns the storage slot used by the
         * implementation. It is used to validate the implementation's compatibility when performing an upgrade.
         *
         * IMPORTANT: A proxy pointing at a proxiable contract should not be considered proxiable itself, because this risks
         * bricking a proxy that upgrades to it, by delegating to itself until out of gas. Thus it is critical that this
         * function revert if invoked through a proxy. This is guaranteed by the `notDelegated` modifier.
         */
        function proxiableUUID() external view virtual notDelegated returns (bytes32) {
            return ERC1967Utils.IMPLEMENTATION_SLOT;
        }
    
        /**
         * @dev Upgrade the implementation of the proxy to `newImplementation`, and subsequently execute the function call
         * encoded in `data`.
         *
         * Calls {_authorizeUpgrade}.
         *
         * Emits an {Upgraded} event.
         *
         * @custom:oz-upgrades-unsafe-allow-reachable delegatecall
         */
        function upgradeToAndCall(address newImplementation, bytes memory data) public payable virtual onlyProxy {
            _authorizeUpgrade(newImplementation);
            _upgradeToAndCallUUPS(newImplementation, data);
        }
    
        /**
         * @dev Reverts if the execution is not performed via delegatecall or the execution
         * context is not of a proxy with an ERC1967-compliant implementation pointing to self.
         * See {_onlyProxy}.
         */
        function _checkProxy() internal view virtual {
            if (
                address(this) == __self || // Must be called through delegatecall
                ERC1967Utils.getImplementation() != __self // Must be called through an active proxy
            ) {
                revert UUPSUnauthorizedCallContext();
            }
        }
    
        /**
         * @dev Reverts if the execution is performed via delegatecall.
         * See {notDelegated}.
         */
        function _checkNotDelegated() internal view virtual {
            if (address(this) != __self) {
                // Must not be called through delegatecall
                revert UUPSUnauthorizedCallContext();
            }
        }
    
        /**
         * @dev Function that should revert when `msg.sender` is not authorized to upgrade the contract. Called by
         * {upgradeToAndCall}.
         *
         * Normally, this function will use an xref:access.adoc[access control] modifier such as {Ownable-onlyOwner}.
         *
         * ```solidity
         * function _authorizeUpgrade(address) internal onlyOwner {}
         * ```
         */
        function _authorizeUpgrade(address newImplementation) internal virtual;
    
        /**
         * @dev Performs an implementation upgrade with a security check for UUPS proxies, and additional setup call.
         *
         * As a security check, {proxiableUUID} is invoked in the new implementation, and the return value
         * is expected to be the implementation slot in ERC1967.
         *
         * Emits an {IERC1967-Upgraded} event.
         */
        function _upgradeToAndCallUUPS(address newImplementation, bytes memory data) private {
            try IERC1822Proxiable(newImplementation).proxiableUUID() returns (bytes32 slot) {
                if (slot != ERC1967Utils.IMPLEMENTATION_SLOT) {
                    revert UUPSUnsupportedProxiableUUID(slot);
                }
                ERC1967Utils.upgradeToAndCall(newImplementation, data);
            } catch {
                // The implementation is not UUPS
                revert ERC1967Utils.ERC1967InvalidImplementation(newImplementation);
            }
        }
    }

    // SPDX-License-Identifier: MIT
    // OpenZeppelin Contracts (last updated v5.0.0) (token/ERC721/ERC721.sol)
    
    pragma solidity ^0.8.20;
    
    import {IERC721} from "@openzeppelin/contracts/token/ERC721/IERC721.sol";
    import {IERC721Receiver} from "@openzeppelin/contracts/token/ERC721/IERC721Receiver.sol";
    import {IERC721Metadata} from "@openzeppelin/contracts/token/ERC721/extensions/IERC721Metadata.sol";
    import {ContextUpgradeable} from "../../utils/ContextUpgradeable.sol";
    import {Strings} from "@openzeppelin/contracts/utils/Strings.sol";
    import {IERC165} from "@openzeppelin/contracts/utils/introspection/IERC165.sol";
    import {ERC165Upgradeable} from "../../utils/introspection/ERC165Upgradeable.sol";
    import {IERC721Errors} from "@openzeppelin/contracts/interfaces/draft-IERC6093.sol";
    import {Initializable} from "../../proxy/utils/Initializable.sol";
    
    /**
     * @dev Implementation of https://eips.ethereum.org/EIPS/eip-721[ERC721] Non-Fungible Token Standard, including
     * the Metadata extension, but not including the Enumerable extension, which is available separately as
     * {ERC721Enumerable}.
     */
    abstract contract ERC721Upgradeable is Initializable, ContextUpgradeable, ERC165Upgradeable, IERC721, IERC721Metadata, IERC721Errors {
        using Strings for uint256;
    
        /// @custom:storage-location erc7201:openzeppelin.storage.ERC721
        struct ERC721Storage {
            // Token name
            string _name;
    
            // Token symbol
            string _symbol;
    
            mapping(uint256 tokenId => address) _owners;
    
            mapping(address owner => uint256) _balances;
    
            mapping(uint256 tokenId => address) _tokenApprovals;
    
            mapping(address owner => mapping(address operator => bool)) _operatorApprovals;
        }
    
        // keccak256(abi.encode(uint256(keccak256("openzeppelin.storage.ERC721")) - 1)) & ~bytes32(uint256(0xff))
        bytes32 private constant ERC721StorageLocation = 0x80bb2b638cc20bc4d0a60d66940f3ab4a00c1d7b313497ca82fb0b4ab0079300;
    
        function _getERC721Storage() private pure returns (ERC721Storage storage $) {
            assembly {
                $.slot := ERC721StorageLocation
            }
        }
    
        /**
         * @dev Initializes the contract by setting a `name` and a `symbol` to the token collection.
         */
        function __ERC721_init(string memory name_, string memory symbol_) internal onlyInitializing {
            __ERC721_init_unchained(name_, symbol_);
        }
    
        function __ERC721_init_unchained(string memory name_, string memory symbol_) internal onlyInitializing {
            ERC721Storage storage $ = _getERC721Storage();
            $._name = name_;
            $._symbol = symbol_;
        }
    
        /**
         * @dev See {IERC165-supportsInterface}.
         */
        function supportsInterface(bytes4 interfaceId) public view virtual override(ERC165Upgradeable, IERC165) returns (bool) {
            return
                interfaceId == type(IERC721).interfaceId ||
                interfaceId == type(IERC721Metadata).interfaceId ||
                super.supportsInterface(interfaceId);
        }
    
        /**
         * @dev See {IERC721-balanceOf}.
         */
        function balanceOf(address owner) public view virtual returns (uint256) {
            ERC721Storage storage $ = _getERC721Storage();
            if (owner == address(0)) {
                revert ERC721InvalidOwner(address(0));
            }
            return $._balances[owner];
        }
    
        /**
         * @dev See {IERC721-ownerOf}.
         */
        function ownerOf(uint256 tokenId) public view virtual returns (address) {
            return _requireOwned(tokenId);
        }
    
        /**
         * @dev See {IERC721Metadata-name}.
         */
        function name() public view virtual returns (string memory) {
            ERC721Storage storage $ = _getERC721Storage();
            return $._name;
        }
    
        /**
         * @dev See {IERC721Metadata-symbol}.
         */
        function symbol() public view virtual returns (string memory) {
            ERC721Storage storage $ = _getERC721Storage();
            return $._symbol;
        }
    
        /**
         * @dev See {IERC721Metadata-tokenURI}.
         */
        function tokenURI(uint256 tokenId) public view virtual returns (string memory) {
            _requireOwned(tokenId);
    
            string memory baseURI = _baseURI();
            return bytes(baseURI).length > 0 ? string.concat(baseURI, tokenId.toString()) : "";
        }
    
        /**
         * @dev Base URI for computing {tokenURI}. If set, the resulting URI for each
         * token will be the concatenation of the `baseURI` and the `tokenId`. Empty
         * by default, can be overridden in child contracts.
         */
        function _baseURI() internal view virtual returns (string memory) {
            return "";
        }
    
        /**
         * @dev See {IERC721-approve}.
         */
        function approve(address to, uint256 tokenId) public virtual {
            _approve(to, tokenId, _msgSender());
        }
    
        /**
         * @dev See {IERC721-getApproved}.
         */
        function getApproved(uint256 tokenId) public view virtual returns (address) {
            _requireOwned(tokenId);
    
            return _getApproved(tokenId);
        }
    
        /**
         * @dev See {IERC721-setApprovalForAll}.
         */
        function setApprovalForAll(address operator, bool approved) public virtual {
            _setApprovalForAll(_msgSender(), operator, approved);
        }
    
        /**
         * @dev See {IERC721-isApprovedForAll}.
         */
        function isApprovedForAll(address owner, address operator) public view virtual returns (bool) {
            ERC721Storage storage $ = _getERC721Storage();
            return $._operatorApprovals[owner][operator];
        }
    
        /**
         * @dev See {IERC721-transferFrom}.
         */
        function transferFrom(address from, address to, uint256 tokenId) public virtual {
            if (to == address(0)) {
                revert ERC721InvalidReceiver(address(0));
            }
            // Setting an "auth" arguments enables the `_isAuthorized` check which verifies that the token exists
            // (from != 0). Therefore, it is not needed to verify that the return value is not 0 here.
            address previousOwner = _update(to, tokenId, _msgSender());
            if (previousOwner != from) {
                revert ERC721IncorrectOwner(from, tokenId, previousOwner);
            }
        }
    
        /**
         * @dev See {IERC721-safeTransferFrom}.
         */
        function safeTransferFrom(address from, address to, uint256 tokenId) public {
            safeTransferFrom(from, to, tokenId, "");
        }
    
        /**
         * @dev See {IERC721-safeTransferFrom}.
         */
        function safeTransferFrom(address from, address to, uint256 tokenId, bytes memory data) public virtual {
            transferFrom(from, to, tokenId);
            _checkOnERC721Received(from, to, tokenId, data);
        }
    
        /**
         * @dev Returns the owner of the `tokenId`. Does NOT revert if token doesn't exist
         *
         * IMPORTANT: Any overrides to this function that add ownership of tokens not tracked by the
         * core ERC721 logic MUST be matched with the use of {_increaseBalance} to keep balances
         * consistent with ownership. The invariant to preserve is that for any address `a` the value returned by
         * `balanceOf(a)` must be equal to the number of tokens such that `_ownerOf(tokenId)` is `a`.
         */
        function _ownerOf(uint256 tokenId) internal view virtual returns (address) {
            ERC721Storage storage $ = _getERC721Storage();
            return $._owners[tokenId];
        }
    
        /**
         * @dev Returns the approved address for `tokenId`. Returns 0 if `tokenId` is not minted.
         */
        function _getApproved(uint256 tokenId) internal view virtual returns (address) {
            ERC721Storage storage $ = _getERC721Storage();
            return $._tokenApprovals[tokenId];
        }
    
        /**
         * @dev Returns whether `spender` is allowed to manage `owner`'s tokens, or `tokenId` in
         * particular (ignoring whether it is owned by `owner`).
         *
         * WARNING: This function assumes that `owner` is the actual owner of `tokenId` and does not verify this
         * assumption.
         */
        function _isAuthorized(address owner, address spender, uint256 tokenId) internal view virtual returns (bool) {
            return
                spender != address(0) &&
                (owner == spender || isApprovedForAll(owner, spender) || _getApproved(tokenId) == spender);
        }
    
        /**
         * @dev Checks if `spender` can operate on `tokenId`, assuming the provided `owner` is the actual owner.
         * Reverts if `spender` does not have approval from the provided `owner` for the given token or for all its assets
         * the `spender` for the specific `tokenId`.
         *
         * WARNING: This function assumes that `owner` is the actual owner of `tokenId` and does not verify this
         * assumption.
         */
        function _checkAuthorized(address owner, address spender, uint256 tokenId) internal view virtual {
            if (!_isAuthorized(owner, spender, tokenId)) {
                if (owner == address(0)) {
                    revert ERC721NonexistentToken(tokenId);
                } else {
                    revert ERC721InsufficientApproval(spender, tokenId);
                }
            }
        }
    
        /**
         * @dev Unsafe write access to the balances, used by extensions that "mint" tokens using an {ownerOf} override.
         *
         * NOTE: the value is limited to type(uint128).max. This protect against _balance overflow. It is unrealistic that
         * a uint256 would ever overflow from increments when these increments are bounded to uint128 values.
         *
         * WARNING: Increasing an account's balance using this function tends to be paired with an override of the
         * {_ownerOf} function to resolve the ownership of the corresponding tokens so that balances and ownership
         * remain consistent with one another.
         */
        function _increaseBalance(address account, uint128 value) internal virtual {
            ERC721Storage storage $ = _getERC721Storage();
            unchecked {
                $._balances[account] += value;
            }
        }
    
        /**
         * @dev Transfers `tokenId` from its current owner to `to`, or alternatively mints (or burns) if the current owner
         * (or `to`) is the zero address. Returns the owner of the `tokenId` before the update.
         *
         * The `auth` argument is optional. If the value passed is non 0, then this function will check that
         * `auth` is either the owner of the token, or approved to operate on the token (by the owner).
         *
         * Emits a {Transfer} event.
         *
         * NOTE: If overriding this function in a way that tracks balances, see also {_increaseBalance}.
         */
        function _update(address to, uint256 tokenId, address auth) internal virtual returns (address) {
            ERC721Storage storage $ = _getERC721Storage();
            address from = _ownerOf(tokenId);
    
            // Perform (optional) operator check
            if (auth != address(0)) {
                _checkAuthorized(from, auth, tokenId);
            }
    
            // Execute the update
            if (from != address(0)) {
                // Clear approval. No need to re-authorize or emit the Approval event
                _approve(address(0), tokenId, address(0), false);
    
                unchecked {
                    $._balances[from] -= 1;
                }
            }
    
            if (to != address(0)) {
                unchecked {
                    $._balances[to] += 1;
                }
            }
    
            $._owners[tokenId] = to;
    
            emit Transfer(from, to, tokenId);
    
            return from;
        }
    
        /**
         * @dev Mints `tokenId` and transfers it to `to`.
         *
         * WARNING: Usage of this method is discouraged, use {_safeMint} whenever possible
         *
         * Requirements:
         *
         * - `tokenId` must not exist.
         * - `to` cannot be the zero address.
         *
         * Emits a {Transfer} event.
         */
        function _mint(address to, uint256 tokenId) internal {
            if (to == address(0)) {
                revert ERC721InvalidReceiver(address(0));
            }
            address previousOwner = _update(to, tokenId, address(0));
            if (previousOwner != address(0)) {
                revert ERC721InvalidSender(address(0));
            }
        }
    
        /**
         * @dev Mints `tokenId`, transfers it to `to` and checks for `to` acceptance.
         *
         * Requirements:
         *
         * - `tokenId` must not exist.
         * - If `to` refers to a smart contract, it must implement {IERC721Receiver-onERC721Received}, which is called upon a safe transfer.
         *
         * Emits a {Transfer} event.
         */
        function _safeMint(address to, uint256 tokenId) internal {
            _safeMint(to, tokenId, "");
        }
    
        /**
         * @dev Same as {xref-ERC721-_safeMint-address-uint256-}[`_safeMint`], with an additional `data` parameter which is
         * forwarded in {IERC721Receiver-onERC721Received} to contract recipients.
         */
        function _safeMint(address to, uint256 tokenId, bytes memory data) internal virtual {
            _mint(to, tokenId);
            _checkOnERC721Received(address(0), to, tokenId, data);
        }
    
        /**
         * @dev Destroys `tokenId`.
         * The approval is cleared when the token is burned.
         * This is an internal function that does not check if the sender is authorized to operate on the token.
         *
         * Requirements:
         *
         * - `tokenId` must exist.
         *
         * Emits a {Transfer} event.
         */
        function _burn(uint256 tokenId) internal {
            address previousOwner = _update(address(0), tokenId, address(0));
            if (previousOwner == address(0)) {
                revert ERC721NonexistentToken(tokenId);
            }
        }
    
        /**
         * @dev Transfers `tokenId` from `from` to `to`.
         *  As opposed to {transferFrom}, this imposes no restrictions on msg.sender.
         *
         * Requirements:
         *
         * - `to` cannot be the zero address.
         * - `tokenId` token must be owned by `from`.
         *
         * Emits a {Transfer} event.
         */
        function _transfer(address from, address to, uint256 tokenId) internal {
            if (to == address(0)) {
                revert ERC721InvalidReceiver(address(0));
            }
            address previousOwner = _update(to, tokenId, address(0));
            if (previousOwner == address(0)) {
                revert ERC721NonexistentToken(tokenId);
            } else if (previousOwner != from) {
                revert ERC721IncorrectOwner(from, tokenId, previousOwner);
            }
        }
    
        /**
         * @dev Safely transfers `tokenId` token from `from` to `to`, checking that contract recipients
         * are aware of the ERC721 standard to prevent tokens from being forever locked.
         *
         * `data` is additional data, it has no specified format and it is sent in call to `to`.
         *
         * This internal function is like {safeTransferFrom} in the sense that it invokes
         * {IERC721Receiver-onERC721Received} on the receiver, and can be used to e.g.
         * implement alternative mechanisms to perform token transfer, such as signature-based.
         *
         * Requirements:
         *
         * - `tokenId` token must exist and be owned by `from`.
         * - `to` cannot be the zero address.
         * - `from` cannot be the zero address.
         * - If `to` refers to a smart contract, it must implement {IERC721Receiver-onERC721Received}, which is called upon a safe transfer.
         *
         * Emits a {Transfer} event.
         */
        function _safeTransfer(address from, address to, uint256 tokenId) internal {
            _safeTransfer(from, to, tokenId, "");
        }
    
        /**
         * @dev Same as {xref-ERC721-_safeTransfer-address-address-uint256-}[`_safeTransfer`], with an additional `data` parameter which is
         * forwarded in {IERC721Receiver-onERC721Received} to contract recipients.
         */
        function _safeTransfer(address from, address to, uint256 tokenId, bytes memory data) internal virtual {
            _transfer(from, to, tokenId);
            _checkOnERC721Received(from, to, tokenId, data);
        }
    
        /**
         * @dev Approve `to` to operate on `tokenId`
         *
         * The `auth` argument is optional. If the value passed is non 0, then this function will check that `auth` is
         * either the owner of the token, or approved to operate on all tokens held by this owner.
         *
         * Emits an {Approval} event.
         *
         * Overrides to this logic should be done to the variant with an additional `bool emitEvent` argument.
         */
        function _approve(address to, uint256 tokenId, address auth) internal {
            _approve(to, tokenId, auth, true);
        }
    
        /**
         * @dev Variant of `_approve` with an optional flag to enable or disable the {Approval} event. The event is not
         * emitted in the context of transfers.
         */
        function _approve(address to, uint256 tokenId, address auth, bool emitEvent) internal virtual {
            ERC721Storage storage $ = _getERC721Storage();
            // Avoid reading the owner unless necessary
            if (emitEvent || auth != address(0)) {
                address owner = _requireOwned(tokenId);
    
                // We do not use _isAuthorized because single-token approvals should not be able to call approve
                if (auth != address(0) && owner != auth && !isApprovedForAll(owner, auth)) {
                    revert ERC721InvalidApprover(auth);
                }
    
                if (emitEvent) {
                    emit Approval(owner, to, tokenId);
                }
            }
    
            $._tokenApprovals[tokenId] = to;
        }
    
        /**
         * @dev Approve `operator` to operate on all of `owner` tokens
         *
         * Requirements:
         * - operator can't be the address zero.
         *
         * Emits an {ApprovalForAll} event.
         */
        function _setApprovalForAll(address owner, address operator, bool approved) internal virtual {
            ERC721Storage storage $ = _getERC721Storage();
            if (operator == address(0)) {
                revert ERC721InvalidOperator(operator);
            }
            $._operatorApprovals[owner][operator] = approved;
            emit ApprovalForAll(owner, operator, approved);
        }
    
        /**
         * @dev Reverts if the `tokenId` doesn't have a current owner (it hasn't been minted, or it has been burned).
         * Returns the owner.
         *
         * Overrides to ownership logic should be done to {_ownerOf}.
         */
        function _requireOwned(uint256 tokenId) internal view returns (address) {
            address owner = _ownerOf(tokenId);
            if (owner == address(0)) {
                revert ERC721NonexistentToken(tokenId);
            }
            return owner;
        }
    
        /**
         * @dev Private function to invoke {IERC721Receiver-onERC721Received} on a target address. This will revert if the
         * recipient doesn't accept the token transfer. The call is not executed if the target address is not a contract.
         *
         * @param from address representing the previous owner of the given token ID
         * @param to target address that will receive the tokens
         * @param tokenId uint256 ID of the token to be transferred
         * @param data bytes optional data to send along with the call
         */
        function _checkOnERC721Received(address from, address to, uint256 tokenId, bytes memory data) private {
            if (to.code.length > 0) {
                try IERC721Receiver(to).onERC721Received(_msgSender(), from, tokenId, data) returns (bytes4 retval) {
                    if (retval != IERC721Receiver.onERC721Received.selector) {
                        revert ERC721InvalidReceiver(to);
                    }
                } catch (bytes memory reason) {
                    if (reason.length == 0) {
                        revert ERC721InvalidReceiver(to);
                    } else {
                        /// @solidity memory-safe-assembly
                        assembly {
                            revert(add(32, reason), mload(reason))
                        }
                    }
                }
            }
        }
    }

    // SPDX-License-Identifier: MIT
    // OpenZeppelin Contracts (last updated v5.0.0) (token/ERC721/extensions/ERC721Enumerable.sol)
    
    pragma solidity ^0.8.20;
    
    import {ERC721Upgradeable} from "../ERC721Upgradeable.sol";
    import {IERC721Enumerable} from "@openzeppelin/contracts/token/ERC721/extensions/IERC721Enumerable.sol";
    import {IERC165} from "@openzeppelin/contracts/utils/introspection/IERC165.sol";
    import {Initializable} from "../../../proxy/utils/Initializable.sol";
    
    /**
     * @dev This implements an optional extension of {ERC721} defined in the EIP that adds enumerability
     * of all the token ids in the contract as well as all token ids owned by each account.
     *
     * CAUTION: `ERC721` extensions that implement custom `balanceOf` logic, such as `ERC721Consecutive`,
     * interfere with enumerability and should not be used together with `ERC721Enumerable`.
     */
    abstract contract ERC721EnumerableUpgradeable is Initializable, ERC721Upgradeable, IERC721Enumerable {
        /// @custom:storage-location erc7201:openzeppelin.storage.ERC721Enumerable
        struct ERC721EnumerableStorage {
            mapping(address owner => mapping(uint256 index => uint256)) _ownedTokens;
            mapping(uint256 tokenId => uint256) _ownedTokensIndex;
    
            uint256[] _allTokens;
            mapping(uint256 tokenId => uint256) _allTokensIndex;
        }
    
        // keccak256(abi.encode(uint256(keccak256("openzeppelin.storage.ERC721Enumerable")) - 1)) & ~bytes32(uint256(0xff))
        bytes32 private constant ERC721EnumerableStorageLocation = 0x645e039705490088daad89bae25049a34f4a9072d398537b1ab2425f24cbed00;
    
        function _getERC721EnumerableStorage() private pure returns (ERC721EnumerableStorage storage $) {
            assembly {
                $.slot := ERC721EnumerableStorageLocation
            }
        }
    
        /**
         * @dev An `owner`'s token query was out of bounds for `index`.
         *
         * NOTE: The owner being `address(0)` indicates a global out of bounds index.
         */
        error ERC721OutOfBoundsIndex(address owner, uint256 index);
    
        /**
         * @dev Batch mint is not allowed.
         */
        error ERC721EnumerableForbiddenBatchMint();
    
        function __ERC721Enumerable_init() internal onlyInitializing {
        }
    
        function __ERC721Enumerable_init_unchained() internal onlyInitializing {
        }
        /**
         * @dev See {IERC165-supportsInterface}.
         */
        function supportsInterface(bytes4 interfaceId) public view virtual override(IERC165, ERC721Upgradeable) returns (bool) {
            return interfaceId == type(IERC721Enumerable).interfaceId || super.supportsInterface(interfaceId);
        }
    
        /**
         * @dev See {IERC721Enumerable-tokenOfOwnerByIndex}.
         */
        function tokenOfOwnerByIndex(address owner, uint256 index) public view virtual returns (uint256) {
            ERC721EnumerableStorage storage $ = _getERC721EnumerableStorage();
            if (index >= balanceOf(owner)) {
                revert ERC721OutOfBoundsIndex(owner, index);
            }
            return $._ownedTokens[owner][index];
        }
    
        /**
         * @dev See {IERC721Enumerable-totalSupply}.
         */
        function totalSupply() public view virtual returns (uint256) {
            ERC721EnumerableStorage storage $ = _getERC721EnumerableStorage();
            return $._allTokens.length;
        }
    
        /**
         * @dev See {IERC721Enumerable-tokenByIndex}.
         */
        function tokenByIndex(uint256 index) public view virtual returns (uint256) {
            ERC721EnumerableStorage storage $ = _getERC721EnumerableStorage();
            if (index >= totalSupply()) {
                revert ERC721OutOfBoundsIndex(address(0), index);
            }
            return $._allTokens[index];
        }
    
        /**
         * @dev See {ERC721-_update}.
         */
        function _update(address to, uint256 tokenId, address auth) internal virtual override returns (address) {
            address previousOwner = super._update(to, tokenId, auth);
    
            if (previousOwner == address(0)) {
                _addTokenToAllTokensEnumeration(tokenId);
            } else if (previousOwner != to) {
                _removeTokenFromOwnerEnumeration(previousOwner, tokenId);
            }
            if (to == address(0)) {
                _removeTokenFromAllTokensEnumeration(tokenId);
            } else if (previousOwner != to) {
                _addTokenToOwnerEnumeration(to, tokenId);
            }
    
            return previousOwner;
        }
    
        /**
         * @dev Private function to add a token to this extension's ownership-tracking data structures.
         * @param to address representing the new owner of the given token ID
         * @param tokenId uint256 ID of the token to be added to the tokens list of the given address
         */
        function _addTokenToOwnerEnumeration(address to, uint256 tokenId) private {
            ERC721EnumerableStorage storage $ = _getERC721EnumerableStorage();
            uint256 length = balanceOf(to) - 1;
            $._ownedTokens[to][length] = tokenId;
            $._ownedTokensIndex[tokenId] = length;
        }
    
        /**
         * @dev Private function to add a token to this extension's token tracking data structures.
         * @param tokenId uint256 ID of the token to be added to the tokens list
         */
        function _addTokenToAllTokensEnumeration(uint256 tokenId) private {
            ERC721EnumerableStorage storage $ = _getERC721EnumerableStorage();
            $._allTokensIndex[tokenId] = $._allTokens.length;
            $._allTokens.push(tokenId);
        }
    
        /**
         * @dev Private function to remove a token from this extension's ownership-tracking data structures. Note that
         * while the token is not assigned a new owner, the `_ownedTokensIndex` mapping is _not_ updated: this allows for
         * gas optimizations e.g. when performing a transfer operation (avoiding double writes).
         * This has O(1) time complexity, but alters the order of the _ownedTokens array.
         * @param from address representing the previous owner of the given token ID
         * @param tokenId uint256 ID of the token to be removed from the tokens list of the given address
         */
        function _removeTokenFromOwnerEnumeration(address from, uint256 tokenId) private {
            ERC721EnumerableStorage storage $ = _getERC721EnumerableStorage();
            // To prevent a gap in from's tokens array, we store the last token in the index of the token to delete, and
            // then delete the last slot (swap and pop).
    
            uint256 lastTokenIndex = balanceOf(from);
            uint256 tokenIndex = $._ownedTokensIndex[tokenId];
    
            // When the token to delete is the last token, the swap operation is unnecessary
            if (tokenIndex != lastTokenIndex) {
                uint256 lastTokenId = $._ownedTokens[from][lastTokenIndex];
    
                $._ownedTokens[from][tokenIndex] = lastTokenId; // Move the last token to the slot of the to-delete token
                $._ownedTokensIndex[lastTokenId] = tokenIndex; // Update the moved token's index
            }
    
            // This also deletes the contents at the last position of the array
            delete $._ownedTokensIndex[tokenId];
            delete $._ownedTokens[from][lastTokenIndex];
        }
    
        /**
         * @dev Private function to remove a token from this extension's token tracking data structures.
         * This has O(1) time complexity, but alters the order of the _allTokens array.
         * @param tokenId uint256 ID of the token to be removed from the tokens list
         */
        function _removeTokenFromAllTokensEnumeration(uint256 tokenId) private {
            ERC721EnumerableStorage storage $ = _getERC721EnumerableStorage();
            // To prevent a gap in the tokens array, we store the last token in the index of the token to delete, and
            // then delete the last slot (swap and pop).
    
            uint256 lastTokenIndex = $._allTokens.length - 1;
            uint256 tokenIndex = $._allTokensIndex[tokenId];
    
            // When the token to delete is the last token, the swap operation is unnecessary. However, since this occurs so
            // rarely (when the last minted token is burnt) that we still do the swap here to avoid the gas cost of adding
            // an 'if' statement (like in _removeTokenFromOwnerEnumeration)
            uint256 lastTokenId = $._allTokens[lastTokenIndex];
    
            $._allTokens[tokenIndex] = lastTokenId; // Move the last token to the slot of the to-delete token
            $._allTokensIndex[lastTokenId] = tokenIndex; // Update the moved token's index
    
            // This also deletes the contents at the last position of the array
            delete $._allTokensIndex[tokenId];
            $._allTokens.pop();
        }
    
        /**
         * See {ERC721-_increaseBalance}. We need that to account tokens that were minted in batch
         */
        function _increaseBalance(address account, uint128 amount) internal virtual override {
            if (amount > 0) {
                revert ERC721EnumerableForbiddenBatchMint();
            }
            super._increaseBalance(account, amount);
        }
    }

    // SPDX-License-Identifier: MIT
    // OpenZeppelin Contracts (last updated v5.0.0) (token/ERC721/extensions/ERC721URIStorage.sol)
    
    pragma solidity ^0.8.20;
    
    import {ERC721Upgradeable} from "../ERC721Upgradeable.sol";
    import {Strings} from "@openzeppelin/contracts/utils/Strings.sol";
    import {IERC4906} from "@openzeppelin/contracts/interfaces/IERC4906.sol";
    import {IERC165} from "@openzeppelin/contracts/utils/introspection/IERC165.sol";
    import {Initializable} from "../../../proxy/utils/Initializable.sol";
    
    /**
     * @dev ERC721 token with storage based token URI management.
     */
    abstract contract ERC721URIStorageUpgradeable is Initializable, IERC4906, ERC721Upgradeable {
        using Strings for uint256;
    
        // Interface ID as defined in ERC-4906. This does not correspond to a traditional interface ID as ERC-4906 only
        // defines events and does not include any external function.
        bytes4 private constant ERC4906_INTERFACE_ID = bytes4(0x49064906);
    
        /// @custom:storage-location erc7201:openzeppelin.storage.ERC721URIStorage
        struct ERC721URIStorageStorage {
            // Optional mapping for token URIs
            mapping(uint256 tokenId => string) _tokenURIs;
        }
    
        // keccak256(abi.encode(uint256(keccak256("openzeppelin.storage.ERC721URIStorage")) - 1)) & ~bytes32(uint256(0xff))
        bytes32 private constant ERC721URIStorageStorageLocation = 0x0542a41881ee128a365a727b282c86fa859579490b9bb45aab8503648c8e7900;
    
        function _getERC721URIStorageStorage() private pure returns (ERC721URIStorageStorage storage $) {
            assembly {
                $.slot := ERC721URIStorageStorageLocation
            }
        }
    
        function __ERC721URIStorage_init() internal onlyInitializing {
        }
    
        function __ERC721URIStorage_init_unchained() internal onlyInitializing {
        }
        /**
         * @dev See {IERC165-supportsInterface}
         */
        function supportsInterface(bytes4 interfaceId) public view virtual override(ERC721Upgradeable, IERC165) returns (bool) {
            return interfaceId == ERC4906_INTERFACE_ID || super.supportsInterface(interfaceId);
        }
    
        /**
         * @dev See {IERC721Metadata-tokenURI}.
         */
        function tokenURI(uint256 tokenId) public view virtual override returns (string memory) {
            ERC721URIStorageStorage storage $ = _getERC721URIStorageStorage();
            _requireOwned(tokenId);
    
            string memory _tokenURI = $._tokenURIs[tokenId];
            string memory base = _baseURI();
    
            // If there is no base URI, return the token URI.
            if (bytes(base).length == 0) {
                return _tokenURI;
            }
            // If both are set, concatenate the baseURI and tokenURI (via string.concat).
            if (bytes(_tokenURI).length > 0) {
                return string.concat(base, _tokenURI);
            }
    
            return super.tokenURI(tokenId);
        }
    
        /**
         * @dev Sets `_tokenURI` as the tokenURI of `tokenId`.
         *
         * Emits {MetadataUpdate}.
         */
        function _setTokenURI(uint256 tokenId, string memory _tokenURI) internal virtual {
            ERC721URIStorageStorage storage $ = _getERC721URIStorageStorage();
            $._tokenURIs[tokenId] = _tokenURI;
            emit MetadataUpdate(tokenId);
        }
    }

    // SPDX-License-Identifier: MIT
    // OpenZeppelin Contracts (last updated v5.0.1) (utils/Context.sol)
    
    pragma solidity ^0.8.20;
    import {Initializable} from "../proxy/utils/Initializable.sol";
    
    /**
     * @dev Provides information about the current execution context, including the
     * sender of the transaction and its data. While these are generally available
     * via msg.sender and msg.data, they should not be accessed in such a direct
     * manner, since when dealing with meta-transactions the account sending and
     * paying for execution may not be the actual sender (as far as an application
     * is concerned).
     *
     * This contract is only required for intermediate, library-like contracts.
     */
    abstract contract ContextUpgradeable is Initializable {
        function __Context_init() internal onlyInitializing {
        }
    
        function __Context_init_unchained() internal onlyInitializing {
        }
        function _msgSender() internal view virtual returns (address) {
            return msg.sender;
        }
    
        function _msgData() internal view virtual returns (bytes calldata) {
            return msg.data;
        }
    
        function _contextSuffixLength() internal view virtual returns (uint256) {
            return 0;
        }
    }

    // SPDX-License-Identifier: MIT
    // OpenZeppelin Contracts (last updated v5.0.0) (utils/introspection/ERC165.sol)
    
    pragma solidity ^0.8.20;
    
    import {IERC165} from "@openzeppelin/contracts/utils/introspection/IERC165.sol";
    import {Initializable} from "../../proxy/utils/Initializable.sol";
    
    /**
     * @dev Implementation of the {IERC165} interface.
     *
     * Contracts that want to implement ERC165 should inherit from this contract and override {supportsInterface} to check
     * for the additional interface id that will be supported. For example:
     *
     * ```solidity
     * function supportsInterface(bytes4 interfaceId) public view virtual override returns (bool) {
     *     return interfaceId == type(MyInterface).interfaceId || super.supportsInterface(interfaceId);
     * }
     * ```
     */
    abstract contract ERC165Upgradeable is Initializable, IERC165 {
        function __ERC165_init() internal onlyInitializing {
        }
    
        function __ERC165_init_unchained() internal onlyInitializing {
        }
        /**
         * @dev See {IERC165-supportsInterface}.
         */
        function supportsInterface(bytes4 interfaceId) public view virtual returns (bool) {
            return interfaceId == type(IERC165).interfaceId;
        }
    }

    // SPDX-License-Identifier: MIT
    // OpenZeppelin Contracts (last updated v5.0.0) (access/AccessControl.sol)
    
    pragma solidity ^0.8.20;
    
    import {IAccessControl} from "./IAccessControl.sol";
    import {Context} from "../utils/Context.sol";
    import {ERC165} from "../utils/introspection/ERC165.sol";
    
    /**
     * @dev Contract module that allows children to implement role-based access
     * control mechanisms. This is a lightweight version that doesn't allow enumerating role
     * members except through off-chain means by accessing the contract event logs. Some
     * applications may benefit from on-chain enumerability, for those cases see
     * {AccessControlEnumerable}.
     *
     * Roles are referred to by their `bytes32` identifier. These should be exposed
     * in the external API and be unique. The best way to achieve this is by
     * using `public constant` hash digests:
     *
     * ```solidity
     * bytes32 public constant MY_ROLE = keccak256("MY_ROLE");
     * ```
     *
     * Roles can be used to represent a set of permissions. To restrict access to a
     * function call, use {hasRole}:
     *
     * ```solidity
     * function foo() public {
     *     require(hasRole(MY_ROLE, msg.sender));
     *     ...
     * }
     * ```
     *
     * Roles can be granted and revoked dynamically via the {grantRole} and
     * {revokeRole} functions. Each role has an associated admin role, and only
     * accounts that have a role's admin role can call {grantRole} and {revokeRole}.
     *
     * By default, the admin role for all roles is `DEFAULT_ADMIN_ROLE`, which means
     * that only accounts with this role will be able to grant or revoke other
     * roles. More complex role relationships can be created by using
     * {_setRoleAdmin}.
     *
     * WARNING: The `DEFAULT_ADMIN_ROLE` is also its own admin: it has permission to
     * grant and revoke this role. Extra precautions should be taken to secure
     * accounts that have been granted it. We recommend using {AccessControlDefaultAdminRules}
     * to enforce additional security measures for this role.
     */
    abstract contract AccessControl is Context, IAccessControl, ERC165 {
        struct RoleData {
            mapping(address account => bool) hasRole;
            bytes32 adminRole;
        }
    
        mapping(bytes32 role => RoleData) private _roles;
    
        bytes32 public constant DEFAULT_ADMIN_ROLE = 0x00;
    
        /**
         * @dev Modifier that checks that an account has a specific role. Reverts
         * with an {AccessControlUnauthorizedAccount} error including the required role.
         */
        modifier onlyRole(bytes32 role) {
            _checkRole(role);
            _;
        }
    
        /**
         * @dev See {IERC165-supportsInterface}.
         */
        function supportsInterface(bytes4 interfaceId) public view virtual override returns (bool) {
            return interfaceId == type(IAccessControl).interfaceId || super.supportsInterface(interfaceId);
        }
    
        /**
         * @dev Returns `true` if `account` has been granted `role`.
         */
        function hasRole(bytes32 role, address account) public view virtual returns (bool) {
            return _roles[role].hasRole[account];
        }
    
        /**
         * @dev Reverts with an {AccessControlUnauthorizedAccount} error if `_msgSender()`
         * is missing `role`. Overriding this function changes the behavior of the {onlyRole} modifier.
         */
        function _checkRole(bytes32 role) internal view virtual {
            _checkRole(role, _msgSender());
        }
    
        /**
         * @dev Reverts with an {AccessControlUnauthorizedAccount} error if `account`
         * is missing `role`.
         */
        function _checkRole(bytes32 role, address account) internal view virtual {
            if (!hasRole(role, account)) {
                revert AccessControlUnauthorizedAccount(account, role);
            }
        }
    
        /**
         * @dev Returns the admin role that controls `role`. See {grantRole} and
         * {revokeRole}.
         *
         * To change a role's admin, use {_setRoleAdmin}.
         */
        function getRoleAdmin(bytes32 role) public view virtual returns (bytes32) {
            return _roles[role].adminRole;
        }
    
        /**
         * @dev Grants `role` to `account`.
         *
         * If `account` had not been already granted `role`, emits a {RoleGranted}
         * event.
         *
         * Requirements:
         *
         * - the caller must have ``role``'s admin role.
         *
         * May emit a {RoleGranted} event.
         */
        function grantRole(bytes32 role, address account) public virtual onlyRole(getRoleAdmin(role)) {
            _grantRole(role, account);
        }
    
        /**
         * @dev Revokes `role` from `account`.
         *
         * If `account` had been granted `role`, emits a {RoleRevoked} event.
         *
         * Requirements:
         *
         * - the caller must have ``role``'s admin role.
         *
         * May emit a {RoleRevoked} event.
         */
        function revokeRole(bytes32 role, address account) public virtual onlyRole(getRoleAdmin(role)) {
            _revokeRole(role, account);
        }
    
        /**
         * @dev Revokes `role` from the calling account.
         *
         * Roles are often managed via {grantRole} and {revokeRole}: this function's
         * purpose is to provide a mechanism for accounts to lose their privileges
         * if they are compromised (such as when a trusted device is misplaced).
         *
         * If the calling account had been revoked `role`, emits a {RoleRevoked}
         * event.
         *
         * Requirements:
         *
         * - the caller must be `callerConfirmation`.
         *
         * May emit a {RoleRevoked} event.
         */
        function renounceRole(bytes32 role, address callerConfirmation) public virtual {
            if (callerConfirmation != _msgSender()) {
                revert AccessControlBadConfirmation();
            }
    
            _revokeRole(role, callerConfirmation);
        }
    
        /**
         * @dev Sets `adminRole` as ``role``'s admin role.
         *
         * Emits a {RoleAdminChanged} event.
         */
        function _setRoleAdmin(bytes32 role, bytes32 adminRole) internal virtual {
            bytes32 previousAdminRole = getRoleAdmin(role);
            _roles[role].adminRole = adminRole;
            emit RoleAdminChanged(role, previousAdminRole, adminRole);
        }
    
        /**
         * @dev Attempts to grant `role` to `account` and returns a boolean indicating if `role` was granted.
         *
         * Internal function without access restriction.
         *
         * May emit a {RoleGranted} event.
         */
        function _grantRole(bytes32 role, address account) internal virtual returns (bool) {
            if (!hasRole(role, account)) {
                _roles[role].hasRole[account] = true;
                emit RoleGranted(role, account, _msgSender());
                return true;
            } else {
                return false;
            }
        }
    
        /**
         * @dev Attempts to revoke `role` to `account` and returns a boolean indicating if `role` was revoked.
         *
         * Internal function without access restriction.
         *
         * May emit a {RoleRevoked} event.
         */
        function _revokeRole(bytes32 role, address account) internal virtual returns (bool) {
            if (hasRole(role, account)) {
                _roles[role].hasRole[account] = false;
                emit RoleRevoked(role, account, _msgSender());
                return true;
            } else {
                return false;
            }
        }
    }

    // SPDX-License-Identifier: MIT
    // OpenZeppelin Contracts (last updated v5.0.0) (access/IAccessControl.sol)
    
    pragma solidity ^0.8.20;
    
    /**
     * @dev External interface of AccessControl declared to support ERC165 detection.
     */
    interface IAccessControl {
        /**
         * @dev The `account` is missing a role.
         */
        error AccessControlUnauthorizedAccount(address account, bytes32 neededRole);
    
        /**
         * @dev The caller of a function is not the expected one.
         *
         * NOTE: Don't confuse with {AccessControlUnauthorizedAccount}.
         */
        error AccessControlBadConfirmation();
    
        /**
         * @dev Emitted when `newAdminRole` is set as ``role``'s admin role, replacing `previousAdminRole`
         *
         * `DEFAULT_ADMIN_ROLE` is the starting admin for all roles, despite
         * {RoleAdminChanged} not being emitted signaling this.
         */
        event RoleAdminChanged(bytes32 indexed role, bytes32 indexed previousAdminRole, bytes32 indexed newAdminRole);
    
        /**
         * @dev Emitted when `account` is granted `role`.
         *
         * `sender` is the account that originated the contract call, an admin role
         * bearer except when using {AccessControl-_setupRole}.
         */
        event RoleGranted(bytes32 indexed role, address indexed account, address indexed sender);
    
        /**
         * @dev Emitted when `account` is revoked `role`.
         *
         * `sender` is the account that originated the contract call:
         *   - if using `revokeRole`, it is the admin role bearer
         *   - if using `renounceRole`, it is the role bearer (i.e. `account`)
         */
        event RoleRevoked(bytes32 indexed role, address indexed account, address indexed sender);
    
        /**
         * @dev Returns `true` if `account` has been granted `role`.
         */
        function hasRole(bytes32 role, address account) external view returns (bool);
    
        /**
         * @dev Returns the admin role that controls `role`. See {grantRole} and
         * {revokeRole}.
         *
         * To change a role's admin, use {AccessControl-_setRoleAdmin}.
         */
        function getRoleAdmin(bytes32 role) external view returns (bytes32);
    
        /**
         * @dev Grants `role` to `account`.
         *
         * If `account` had not been already granted `role`, emits a {RoleGranted}
         * event.
         *
         * Requirements:
         *
         * - the caller must have ``role``'s admin role.
         */
        function grantRole(bytes32 role, address account) external;
    
        /**
         * @dev Revokes `role` from `account`.
         *
         * If `account` had been granted `role`, emits a {RoleRevoked} event.
         *
         * Requirements:
         *
         * - the caller must have ``role``'s admin role.
         */
        function revokeRole(bytes32 role, address account) external;
    
        /**
         * @dev Revokes `role` from the calling account.
         *
         * Roles are often managed via {grantRole} and {revokeRole}: this function's
         * purpose is to provide a mechanism for accounts to lose their privileges
         * if they are compromised (such as when a trusted device is misplaced).
         *
         * If the calling account had been granted `role`, emits a {RoleRevoked}
         * event.
         *
         * Requirements:
         *
         * - the caller must be `callerConfirmation`.
         */
        function renounceRole(bytes32 role, address callerConfirmation) external;
    }

    // SPDX-License-Identifier: MIT
    // OpenZeppelin Contracts (last updated v5.0.0) (access/Ownable.sol)
    
    pragma solidity ^0.8.20;
    
    import {Context} from "../utils/Context.sol";
    
    /**
     * @dev Contract module which provides a basic access control mechanism, where
     * there is an account (an owner) that can be granted exclusive access to
     * specific functions.
     *
     * The initial owner is set to the address provided by the deployer. This can
     * later be changed with {transferOwnership}.
     *
     * This module is used through inheritance. It will make available the modifier
     * `onlyOwner`, which can be applied to your functions to restrict their use to
     * the owner.
     */
    abstract contract Ownable is Context {
        address private _owner;
    
        /**
         * @dev The caller account is not authorized to perform an operation.
         */
        error OwnableUnauthorizedAccount(address account);
    
        /**
         * @dev The owner is not a valid owner account. (eg. `address(0)`)
         */
        error OwnableInvalidOwner(address owner);
    
        event OwnershipTransferred(address indexed previousOwner, address indexed newOwner);
    
        /**
         * @dev Initializes the contract setting the address provided by the deployer as the initial owner.
         */
        constructor(address initialOwner) {
            if (initialOwner == address(0)) {
                revert OwnableInvalidOwner(address(0));
            }
            _transferOwnership(initialOwner);
        }
    
        /**
         * @dev Throws if called by any account other than the owner.
         */
        modifier onlyOwner() {
            _checkOwner();
            _;
        }
    
        /**
         * @dev Returns the address of the current owner.
         */
        function owner() public view virtual returns (address) {
            return _owner;
        }
    
        /**
         * @dev Throws if the sender is not the owner.
         */
        function _checkOwner() internal view virtual {
            if (owner() != _msgSender()) {
                revert OwnableUnauthorizedAccount(_msgSender());
            }
        }
    
        /**
         * @dev Leaves the contract without owner. It will not be possible to call
         * `onlyOwner` functions. Can only be called by the current owner.
         *
         * NOTE: Renouncing ownership will leave the contract without an owner,
         * thereby disabling any functionality that is only available to the owner.
         */
        function renounceOwnership() public virtual onlyOwner {
            _transferOwnership(address(0));
        }
    
        /**
         * @dev Transfers ownership of the contract to a new account (`newOwner`).
         * Can only be called by the current owner.
         */
        function transferOwnership(address newOwner) public virtual onlyOwner {
            if (newOwner == address(0)) {
                revert OwnableInvalidOwner(address(0));
            }
            _transferOwnership(newOwner);
        }
    
        /**
         * @dev Transfers ownership of the contract to a new account (`newOwner`).
         * Internal function without access restriction.
         */
        function _transferOwnership(address newOwner) internal virtual {
            address oldOwner = _owner;
            _owner = newOwner;
            emit OwnershipTransferred(oldOwner, newOwner);
        }
    }

    // SPDX-License-Identifier: MIT
    // OpenZeppelin Contracts (last updated v5.0.0) (interfaces/draft-IERC1822.sol)
    
    pragma solidity ^0.8.20;
    
    /**
     * @dev ERC1822: Universal Upgradeable Proxy Standard (UUPS) documents a method for upgradeability through a simplified
     * proxy whose upgrades are fully controlled by the current implementation.
     */
    interface IERC1822Proxiable {
        /**
         * @dev Returns the storage slot that the proxiable contract assumes is being used to store the implementation
         * address.
         *
         * IMPORTANT: A proxy pointing at a proxiable contract should not be considered proxiable itself, because this risks
         * bricking a proxy that upgrades to it, by delegating to itself until out of gas. Thus it is critical that this
         * function revert if invoked through a proxy.
         */
        function proxiableUUID() external view returns (bytes32);
    }

    // SPDX-License-Identifier: MIT
    // OpenZeppelin Contracts (last updated v5.0.0) (interfaces/draft-IERC6093.sol)
    pragma solidity ^0.8.20;
    
    /**
     * @dev Standard ERC20 Errors
     * Interface of the https://eips.ethereum.org/EIPS/eip-6093[ERC-6093] custom errors for ERC20 tokens.
     */
    interface IERC20Errors {
        /**
         * @dev Indicates an error related to the current `balance` of a `sender`. Used in transfers.
         * @param sender Address whose tokens are being transferred.
         * @param balance Current balance for the interacting account.
         * @param needed Minimum amount required to perform a transfer.
         */
        error ERC20InsufficientBalance(address sender, uint256 balance, uint256 needed);
    
        /**
         * @dev Indicates a failure with the token `sender`. Used in transfers.
         * @param sender Address whose tokens are being transferred.
         */
        error ERC20InvalidSender(address sender);
    
        /**
         * @dev Indicates a failure with the token `receiver`. Used in transfers.
         * @param receiver Address to which tokens are being transferred.
         */
        error ERC20InvalidReceiver(address receiver);
    
        /**
         * @dev Indicates a failure with the `spender`’s `allowance`. Used in transfers.
         * @param spender Address that may be allowed to operate on tokens without being their owner.
         * @param allowance Amount of tokens a `spender` is allowed to operate with.
         * @param needed Minimum amount required to perform a transfer.
         */
        error ERC20InsufficientAllowance(address spender, uint256 allowance, uint256 needed);
    
        /**
         * @dev Indicates a failure with the `approver` of a token to be approved. Used in approvals.
         * @param approver Address initiating an approval operation.
         */
        error ERC20InvalidApprover(address approver);
    
        /**
         * @dev Indicates a failure with the `spender` to be approved. Used in approvals.
         * @param spender Address that may be allowed to operate on tokens without being their owner.
         */
        error ERC20InvalidSpender(address spender);
    }
    
    /**
     * @dev Standard ERC721 Errors
     * Interface of the https://eips.ethereum.org/EIPS/eip-6093[ERC-6093] custom errors for ERC721 tokens.
     */
    interface IERC721Errors {
        /**
         * @dev Indicates that an address can't be an owner. For example, `address(0)` is a forbidden owner in EIP-20.
         * Used in balance queries.
         * @param owner Address of the current owner of a token.
         */
        error ERC721InvalidOwner(address owner);
    
        /**
         * @dev Indicates a `tokenId` whose `owner` is the zero address.
         * @param tokenId Identifier number of a token.
         */
        error ERC721NonexistentToken(uint256 tokenId);
    
        /**
         * @dev Indicates an error related to the ownership over a particular token. Used in transfers.
         * @param sender Address whose tokens are being transferred.
         * @param tokenId Identifier number of a token.
         * @param owner Address of the current owner of a token.
         */
        error ERC721IncorrectOwner(address sender, uint256 tokenId, address owner);
    
        /**
         * @dev Indicates a failure with the token `sender`. Used in transfers.
         * @param sender Address whose tokens are being transferred.
         */
        error ERC721InvalidSender(address sender);
    
        /**
         * @dev Indicates a failure with the token `receiver`. Used in transfers.
         * @param receiver Address to which tokens are being transferred.
         */
        error ERC721InvalidReceiver(address receiver);
    
        /**
         * @dev Indicates a failure with the `operator`’s approval. Used in transfers.
         * @param operator Address that may be allowed to operate on tokens without being their owner.
         * @param tokenId Identifier number of a token.
         */
        error ERC721InsufficientApproval(address operator, uint256 tokenId);
    
        /**
         * @dev Indicates a failure with the `approver` of a token to be approved. Used in approvals.
         * @param approver Address initiating an approval operation.
         */
        error ERC721InvalidApprover(address approver);
    
        /**
         * @dev Indicates a failure with the `operator` to be approved. Used in approvals.
         * @param operator Address that may be allowed to operate on tokens without being their owner.
         */
        error ERC721InvalidOperator(address operator);
    }
    
    /**
     * @dev Standard ERC1155 Errors
     * Interface of the https://eips.ethereum.org/EIPS/eip-6093[ERC-6093] custom errors for ERC1155 tokens.
     */
    interface IERC1155Errors {
        /**
         * @dev Indicates an error related to the current `balance` of a `sender`. Used in transfers.
         * @param sender Address whose tokens are being transferred.
         * @param balance Current balance for the interacting account.
         * @param needed Minimum amount required to perform a transfer.
         * @param tokenId Identifier number of a token.
         */
        error ERC1155InsufficientBalance(address sender, uint256 balance, uint256 needed, uint256 tokenId);
    
        /**
         * @dev Indicates a failure with the token `sender`. Used in transfers.
         * @param sender Address whose tokens are being transferred.
         */
        error ERC1155InvalidSender(address sender);
    
        /**
         * @dev Indicates a failure with the token `receiver`. Used in transfers.
         * @param receiver Address to which tokens are being transferred.
         */
        error ERC1155InvalidReceiver(address receiver);
    
        /**
         * @dev Indicates a failure with the `operator`’s approval. Used in transfers.
         * @param operator Address that may be allowed to operate on tokens without being their owner.
         * @param owner Address of the current owner of a token.
         */
        error ERC1155MissingApprovalForAll(address operator, address owner);
    
        /**
         * @dev Indicates a failure with the `approver` of a token to be approved. Used in approvals.
         * @param approver Address initiating an approval operation.
         */
        error ERC1155InvalidApprover(address approver);
    
        /**
         * @dev Indicates a failure with the `operator` to be approved. Used in approvals.
         * @param operator Address that may be allowed to operate on tokens without being their owner.
         */
        error ERC1155InvalidOperator(address operator);
    
        /**
         * @dev Indicates an array length mismatch between ids and values in a safeBatchTransferFrom operation.
         * Used in batch transfers.
         * @param idsLength Length of the array of token identifiers
         * @param valuesLength Length of the array of token amounts
         */
        error ERC1155InvalidArrayLength(uint256 idsLength, uint256 valuesLength);
    }

    // SPDX-License-Identifier: MIT
    // OpenZeppelin Contracts (last updated v5.0.0) (interfaces/IERC165.sol)
    
    pragma solidity ^0.8.20;
    
    import {IERC165} from "../utils/introspection/IERC165.sol";

    // SPDX-License-Identifier: MIT
    // OpenZeppelin Contracts (last updated v5.0.0) (interfaces/IERC4906.sol)
    
    pragma solidity ^0.8.20;
    
    import {IERC165} from "./IERC165.sol";
    import {IERC721} from "./IERC721.sol";
    
    /// @title EIP-721 Metadata Update Extension
    interface IERC4906 is IERC165, IERC721 {
        /// @dev This event emits when the metadata of a token is changed.
        /// So that the third-party platforms such as NFT market could
        /// timely update the images and related attributes of the NFT.
        event MetadataUpdate(uint256 _tokenId);
    
        /// @dev This event emits when the metadata of a range of tokens is changed.
        /// So that the third-party platforms such as NFT market could
        /// timely update the images and related attributes of the NFTs.
        event BatchMetadataUpdate(uint256 _fromTokenId, uint256 _toTokenId);
    }

    // SPDX-License-Identifier: MIT
    // OpenZeppelin Contracts (last updated v5.0.0) (interfaces/IERC721.sol)
    
    pragma solidity ^0.8.20;
    
    import {IERC721} from "../token/ERC721/IERC721.sol";

    // SPDX-License-Identifier: MIT
    // OpenZeppelin Contracts (last updated v5.0.0) (proxy/beacon/IBeacon.sol)
    
    pragma solidity ^0.8.20;
    
    /**
     * @dev This is the interface that {BeaconProxy} expects of its beacon.
     */
    interface IBeacon {
        /**
         * @dev Must return an address that can be used as a delegate call target.
         *
         * {UpgradeableBeacon} will check that this address is a contract.
         */
        function implementation() external view returns (address);
    }

    // SPDX-License-Identifier: MIT
    // OpenZeppelin Contracts (last updated v5.0.0) (proxy/ERC1967/ERC1967Proxy.sol)
    
    pragma solidity ^0.8.20;
    
    import {Proxy} from "../Proxy.sol";
    import {ERC1967Utils} from "./ERC1967Utils.sol";
    
    /**
     * @dev This contract implements an upgradeable proxy. It is upgradeable because calls are delegated to an
     * implementation address that can be changed. This address is stored in storage in the location specified by
     * https://eips.ethereum.org/EIPS/eip-1967[EIP1967], so that it doesn't conflict with the storage layout of the
     * implementation behind the proxy.
     */
    contract ERC1967Proxy is Proxy {
        /**
         * @dev Initializes the upgradeable proxy with an initial implementation specified by `implementation`.
         *
         * If `_data` is nonempty, it's used as data in a delegate call to `implementation`. This will typically be an
         * encoded function call, and allows initializing the storage of the proxy like a Solidity constructor.
         *
         * Requirements:
         *
         * - If `data` is empty, `msg.value` must be zero.
         */
        constructor(address implementation, bytes memory _data) payable {
            ERC1967Utils.upgradeToAndCall(implementation, _data);
        }
    
        /**
         * @dev Returns the current implementation address.
         *
         * TIP: To get this value clients can read directly from the storage slot shown below (specified by EIP1967) using
         * the https://eth.wiki/json-rpc/API#eth_getstorageat[`eth_getStorageAt`] RPC call.
         * `0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc`
         */
        function _implementation() internal view virtual override returns (address) {
            return ERC1967Utils.getImplementation();
        }
    }

    // SPDX-License-Identifier: MIT
    // OpenZeppelin Contracts (last updated v5.0.0) (proxy/ERC1967/ERC1967Utils.sol)
    
    pragma solidity ^0.8.20;
    
    import {IBeacon} from "../beacon/IBeacon.sol";
    import {Address} from "../../utils/Address.sol";
    import {StorageSlot} from "../../utils/StorageSlot.sol";
    
    /**
     * @dev This abstract contract provides getters and event emitting update functions for
     * https://eips.ethereum.org/EIPS/eip-1967[EIP1967] slots.
     */
    library ERC1967Utils {
        // We re-declare ERC-1967 events here because they can't be used directly from IERC1967.
        // This will be fixed in Solidity 0.8.21. At that point we should remove these events.
        /**
         * @dev Emitted when the implementation is upgraded.
         */
        event Upgraded(address indexed implementation);
    
        /**
         * @dev Emitted when the admin account has changed.
         */
        event AdminChanged(address previousAdmin, address newAdmin);
    
        /**
         * @dev Emitted when the beacon is changed.
         */
        event BeaconUpgraded(address indexed beacon);
    
        /**
         * @dev Storage slot with the address of the current implementation.
         * This is the keccak-256 hash of "eip1967.proxy.implementation" subtracted by 1.
         */
        // solhint-disable-next-line private-vars-leading-underscore
        bytes32 internal constant IMPLEMENTATION_SLOT = 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc;
    
        /**
         * @dev The `implementation` of the proxy is invalid.
         */
        error ERC1967InvalidImplementation(address implementation);
    
        /**
         * @dev The `admin` of the proxy is invalid.
         */
        error ERC1967InvalidAdmin(address admin);
    
        /**
         * @dev The `beacon` of the proxy is invalid.
         */
        error ERC1967InvalidBeacon(address beacon);
    
        /**
         * @dev An upgrade function sees `msg.value > 0` that may be lost.
         */
        error ERC1967NonPayable();
    
        /**
         * @dev Returns the current implementation address.
         */
        function getImplementation() internal view returns (address) {
            return StorageSlot.getAddressSlot(IMPLEMENTATION_SLOT).value;
        }
    
        /**
         * @dev Stores a new address in the EIP1967 implementation slot.
         */
        function _setImplementation(address newImplementation) private {
            if (newImplementation.code.length == 0) {
                revert ERC1967InvalidImplementation(newImplementation);
            }
            StorageSlot.getAddressSlot(IMPLEMENTATION_SLOT).value = newImplementation;
        }
    
        /**
         * @dev Performs implementation upgrade with additional setup call if data is nonempty.
         * This function is payable only if the setup call is performed, otherwise `msg.value` is rejected
         * to avoid stuck value in the contract.
         *
         * Emits an {IERC1967-Upgraded} event.
         */
        function upgradeToAndCall(address newImplementation, bytes memory data) internal {
            _setImplementation(newImplementation);
            emit Upgraded(newImplementation);
    
            if (data.length > 0) {
                Address.functionDelegateCall(newImplementation, data);
            } else {
                _checkNonPayable();
            }
        }
    
        /**
         * @dev Storage slot with the admin of the contract.
         * This is the keccak-256 hash of "eip1967.proxy.admin" subtracted by 1.
         */
        // solhint-disable-next-line private-vars-leading-underscore
        bytes32 internal constant ADMIN_SLOT = 0xb53127684a568b3173ae13b9f8a6016e243e63b6e8ee1178d6a717850b5d6103;
    
        /**
         * @dev Returns the current admin.
         *
         * TIP: To get this value clients can read directly from the storage slot shown below (specified by EIP1967) using
         * the https://eth.wiki/json-rpc/API#eth_getstorageat[`eth_getStorageAt`] RPC call.
         * `0xb53127684a568b3173ae13b9f8a6016e243e63b6e8ee1178d6a717850b5d6103`
         */
        function getAdmin() internal view returns (address) {
            return StorageSlot.getAddressSlot(ADMIN_SLOT).value;
        }
    
        /**
         * @dev Stores a new address in the EIP1967 admin slot.
         */
        function _setAdmin(address newAdmin) private {
            if (newAdmin == address(0)) {
                revert ERC1967InvalidAdmin(address(0));
            }
            StorageSlot.getAddressSlot(ADMIN_SLOT).value = newAdmin;
        }
    
        /**
         * @dev Changes the admin of the proxy.
         *
         * Emits an {IERC1967-AdminChanged} event.
         */
        function changeAdmin(address newAdmin) internal {
            emit AdminChanged(getAdmin(), newAdmin);
            _setAdmin(newAdmin);
        }
    
        /**
         * @dev The storage slot of the UpgradeableBeacon contract which defines the implementation for this proxy.
         * This is the keccak-256 hash of "eip1967.proxy.beacon" subtracted by 1.
         */
        // solhint-disable-next-line private-vars-leading-underscore
        bytes32 internal constant BEACON_SLOT = 0xa3f0ad74e5423aebfd80d3ef4346578335a9a72aeaee59ff6cb3582b35133d50;
    
        /**
         * @dev Returns the current beacon.
         */
        function getBeacon() internal view returns (address) {
            return StorageSlot.getAddressSlot(BEACON_SLOT).value;
        }
    
        /**
         * @dev Stores a new beacon in the EIP1967 beacon slot.
         */
        function _setBeacon(address newBeacon) private {
            if (newBeacon.code.length == 0) {
                revert ERC1967InvalidBeacon(newBeacon);
            }
    
            StorageSlot.getAddressSlot(BEACON_SLOT).value = newBeacon;
    
            address beaconImplementation = IBeacon(newBeacon).implementation();
            if (beaconImplementation.code.length == 0) {
                revert ERC1967InvalidImplementation(beaconImplementation);
            }
        }
    
        /**
         * @dev Change the beacon and trigger a setup call if data is nonempty.
         * This function is payable only if the setup call is performed, otherwise `msg.value` is rejected
         * to avoid stuck value in the contract.
         *
         * Emits an {IERC1967-BeaconUpgraded} event.
         *
         * CAUTION: Invoking this function has no effect on an instance of {BeaconProxy} since v5, since
         * it uses an immutable beacon without looking at the value of the ERC-1967 beacon slot for
         * efficiency.
         */
        function upgradeBeaconToAndCall(address newBeacon, bytes memory data) internal {
            _setBeacon(newBeacon);
            emit BeaconUpgraded(newBeacon);
    
            if (data.length > 0) {
                Address.functionDelegateCall(IBeacon(newBeacon).implementation(), data);
            } else {
                _checkNonPayable();
            }
        }
    
        /**
         * @dev Reverts if `msg.value` is not zero. It can be used to avoid `msg.value` stuck in the contract
         * if an upgrade doesn't perform an initialization call.
         */
        function _checkNonPayable() private {
            if (msg.value > 0) {
                revert ERC1967NonPayable();
            }
        }
    }

    // SPDX-License-Identifier: MIT
    // OpenZeppelin Contracts (last updated v5.0.0) (proxy/Proxy.sol)
    
    pragma solidity ^0.8.20;
    
    /**
     * @dev This abstract contract provides a fallback function that delegates all calls to another contract using the EVM
     * instruction `delegatecall`. We refer to the second contract as the _implementation_ behind the proxy, and it has to
     * be specified by overriding the virtual {_implementation} function.
     *
     * Additionally, delegation to the implementation can be triggered manually through the {_fallback} function, or to a
     * different contract through the {_delegate} function.
     *
     * The success and return data of the delegated call will be returned back to the caller of the proxy.
     */
    abstract contract Proxy {
        /**
         * @dev Delegates the current call to `implementation`.
         *
         * This function does not return to its internal call site, it will return directly to the external caller.
         */
        function _delegate(address implementation) internal virtual {
            assembly {
                // Copy msg.data. We take full control of memory in this inline assembly
                // block because it will not return to Solidity code. We overwrite the
                // Solidity scratch pad at memory position 0.
                calldatacopy(0, 0, calldatasize())
    
                // Call the implementation.
                // out and outsize are 0 because we don't know the size yet.
                let result := delegatecall(gas(), implementation, 0, calldatasize(), 0, 0)
    
                // Copy the returned data.
                returndatacopy(0, 0, returndatasize())
    
                switch result
                // delegatecall returns 0 on error.
                case 0 {
                    revert(0, returndatasize())
                }
                default {
                    return(0, returndatasize())
                }
            }
        }
    
        /**
         * @dev This is a virtual function that should be overridden so it returns the address to which the fallback
         * function and {_fallback} should delegate.
         */
        function _implementation() internal view virtual returns (address);
    
        /**
         * @dev Delegates the current call to the address returned by `_implementation()`.
         *
         * This function does not return to its internal call site, it will return directly to the external caller.
         */
        function _fallback() internal virtual {
            _delegate(_implementation());
        }
    
        /**
         * @dev Fallback function that delegates calls to the address returned by `_implementation()`. Will run if no other
         * function in the contract matches the call data.
         */
        fallback() external payable virtual {
            _fallback();
        }
    }

    // SPDX-License-Identifier: MIT
    // OpenZeppelin Contracts (last updated v5.0.0) (token/ERC20/ERC20.sol)
    
    pragma solidity ^0.8.20;
    
    import {IERC20} from "./IERC20.sol";
    import {IERC20Metadata} from "./extensions/IERC20Metadata.sol";
    import {Context} from "../../utils/Context.sol";
    import {IERC20Errors} from "../../interfaces/draft-IERC6093.sol";
    
    /**
     * @dev Implementation of the {IERC20} interface.
     *
     * This implementation is agnostic to the way tokens are created. This means
     * that a supply mechanism has to be added in a derived contract using {_mint}.
     *
     * TIP: For a detailed writeup see our guide
     * https://forum.openzeppelin.com/t/how-to-implement-erc20-supply-mechanisms/226[How
     * to implement supply mechanisms].
     *
     * The default value of {decimals} is 18. To change this, you should override
     * this function so it returns a different value.
     *
     * We have followed general OpenZeppelin Contracts guidelines: functions revert
     * instead returning `false` on failure. This behavior is nonetheless
     * conventional and does not conflict with the expectations of ERC20
     * applications.
     *
     * Additionally, an {Approval} event is emitted on calls to {transferFrom}.
     * This allows applications to reconstruct the allowance for all accounts just
     * by listening to said events. Other implementations of the EIP may not emit
     * these events, as it isn't required by the specification.
     */
    abstract contract ERC20 is Context, IERC20, IERC20Metadata, IERC20Errors {
        mapping(address account => uint256) private _balances;
    
        mapping(address account => mapping(address spender => uint256)) private _allowances;
    
        uint256 private _totalSupply;
    
        string private _name;
        string private _symbol;
    
        /**
         * @dev Sets the values for {name} and {symbol}.
         *
         * All two of these values are immutable: they can only be set once during
         * construction.
         */
        constructor(string memory name_, string memory symbol_) {
            _name = name_;
            _symbol = symbol_;
        }
    
        /**
         * @dev Returns the name of the token.
         */
        function name() public view virtual returns (string memory) {
            return _name;
        }
    
        /**
         * @dev Returns the symbol of the token, usually a shorter version of the
         * name.
         */
        function symbol() public view virtual returns (string memory) {
            return _symbol;
        }
    
        /**
         * @dev Returns the number of decimals used to get its user representation.
         * For example, if `decimals` equals `2`, a balance of `505` tokens should
         * be displayed to a user as `5.05` (`505 / 10 ** 2`).
         *
         * Tokens usually opt for a value of 18, imitating the relationship between
         * Ether and Wei. This is the default value returned by this function, unless
         * it's overridden.
         *
         * NOTE: This information is only used for _display_ purposes: it in
         * no way affects any of the arithmetic of the contract, including
         * {IERC20-balanceOf} and {IERC20-transfer}.
         */
        function decimals() public view virtual returns (uint8) {
            return 18;
        }
    
        /**
         * @dev See {IERC20-totalSupply}.
         */
        function totalSupply() public view virtual returns (uint256) {
            return _totalSupply;
        }
    
        /**
         * @dev See {IERC20-balanceOf}.
         */
        function balanceOf(address account) public view virtual returns (uint256) {
            return _balances[account];
        }
    
        /**
         * @dev See {IERC20-transfer}.
         *
         * Requirements:
         *
         * - `to` cannot be the zero address.
         * - the caller must have a balance of at least `value`.
         */
        function transfer(address to, uint256 value) public virtual returns (bool) {
            address owner = _msgSender();
            _transfer(owner, to, value);
            return true;
        }
    
        /**
         * @dev See {IERC20-allowance}.
         */
        function allowance(address owner, address spender) public view virtual returns (uint256) {
            return _allowances[owner][spender];
        }
    
        /**
         * @dev See {IERC20-approve}.
         *
         * NOTE: If `value` is the maximum `uint256`, the allowance is not updated on
         * `transferFrom`. This is semantically equivalent to an infinite approval.
         *
         * Requirements:
         *
         * - `spender` cannot be the zero address.
         */
        function approve(address spender, uint256 value) public virtual returns (bool) {
            address owner = _msgSender();
            _approve(owner, spender, value);
            return true;
        }
    
        /**
         * @dev See {IERC20-transferFrom}.
         *
         * Emits an {Approval} event indicating the updated allowance. This is not
         * required by the EIP. See the note at the beginning of {ERC20}.
         *
         * NOTE: Does not update the allowance if the current allowance
         * is the maximum `uint256`.
         *
         * Requirements:
         *
         * - `from` and `to` cannot be the zero address.
         * - `from` must have a balance of at least `value`.
         * - the caller must have allowance for ``from``'s tokens of at least
         * `value`.
         */
        function transferFrom(address from, address to, uint256 value) public virtual returns (bool) {
            address spender = _msgSender();
            _spendAllowance(from, spender, value);
            _transfer(from, to, value);
            return true;
        }
    
        /**
         * @dev Moves a `value` amount of tokens from `from` to `to`.
         *
         * This internal function is equivalent to {transfer}, and can be used to
         * e.g. implement automatic token fees, slashing mechanisms, etc.
         *
         * Emits a {Transfer} event.
         *
         * NOTE: This function is not virtual, {_update} should be overridden instead.
         */
        function _transfer(address from, address to, uint256 value) internal {
            if (from == address(0)) {
                revert ERC20InvalidSender(address(0));
            }
            if (to == address(0)) {
                revert ERC20InvalidReceiver(address(0));
            }
            _update(from, to, value);
        }
    
        /**
         * @dev Transfers a `value` amount of tokens from `from` to `to`, or alternatively mints (or burns) if `from`
         * (or `to`) is the zero address. All customizations to transfers, mints, and burns should be done by overriding
         * this function.
         *
         * Emits a {Transfer} event.
         */
        function _update(address from, address to, uint256 value) internal virtual {
            if (from == address(0)) {
                // Overflow check required: The rest of the code assumes that totalSupply never overflows
                _totalSupply += value;
            } else {
                uint256 fromBalance = _balances[from];
                if (fromBalance < value) {
                    revert ERC20InsufficientBalance(from, fromBalance, value);
                }
                unchecked {
                    // Overflow not possible: value <= fromBalance <= totalSupply.
                    _balances[from] = fromBalance - value;
                }
            }
    
            if (to == address(0)) {
                unchecked {
                    // Overflow not possible: value <= totalSupply or value <= fromBalance <= totalSupply.
                    _totalSupply -= value;
                }
            } else {
                unchecked {
                    // Overflow not possible: balance + value is at most totalSupply, which we know fits into a uint256.
                    _balances[to] += value;
                }
            }
    
            emit Transfer(from, to, value);
        }
    
        /**
         * @dev Creates a `value` amount of tokens and assigns them to `account`, by transferring it from address(0).
         * Relies on the `_update` mechanism
         *
         * Emits a {Transfer} event with `from` set to the zero address.
         *
         * NOTE: This function is not virtual, {_update} should be overridden instead.
         */
        function _mint(address account, uint256 value) internal {
            if (account == address(0)) {
                revert ERC20InvalidReceiver(address(0));
            }
            _update(address(0), account, value);
        }
    
        /**
         * @dev Destroys a `value` amount of tokens from `account`, lowering the total supply.
         * Relies on the `_update` mechanism.
         *
         * Emits a {Transfer} event with `to` set to the zero address.
         *
         * NOTE: This function is not virtual, {_update} should be overridden instead
         */
        function _burn(address account, uint256 value) internal {
            if (account == address(0)) {
                revert ERC20InvalidSender(address(0));
            }
            _update(account, address(0), value);
        }
    
        /**
         * @dev Sets `value` as the allowance of `spender` over the `owner` s tokens.
         *
         * This internal function is equivalent to `approve`, and can be used to
         * e.g. set automatic allowances for certain subsystems, etc.
         *
         * Emits an {Approval} event.
         *
         * Requirements:
         *
         * - `owner` cannot be the zero address.
         * - `spender` cannot be the zero address.
         *
         * Overrides to this logic should be done to the variant with an additional `bool emitEvent` argument.
         */
        function _approve(address owner, address spender, uint256 value) internal {
            _approve(owner, spender, value, true);
        }
    
        /**
         * @dev Variant of {_approve} with an optional flag to enable or disable the {Approval} event.
         *
         * By default (when calling {_approve}) the flag is set to true. On the other hand, approval changes made by
         * `_spendAllowance` during the `transferFrom` operation set the flag to false. This saves gas by not emitting any
         * `Approval` event during `transferFrom` operations.
         *
         * Anyone who wishes to continue emitting `Approval` events on the`transferFrom` operation can force the flag to
         * true using the following override:
         * ```
         * function _approve(address owner, address spender, uint256 value, bool) internal virtual override {
         *     super._approve(owner, spender, value, true);
         * }
         * ```
         *
         * Requirements are the same as {_approve}.
         */
        function _approve(address owner, address spender, uint256 value, bool emitEvent) internal virtual {
            if (owner == address(0)) {
                revert ERC20InvalidApprover(address(0));
            }
            if (spender == address(0)) {
                revert ERC20InvalidSpender(address(0));
            }
            _allowances[owner][spender] = value;
            if (emitEvent) {
                emit Approval(owner, spender, value);
            }
        }
    
        /**
         * @dev Updates `owner` s allowance for `spender` based on spent `value`.
         *
         * Does not update the allowance value in case of infinite allowance.
         * Revert if not enough allowance is available.
         *
         * Does not emit an {Approval} event.
         */
        function _spendAllowance(address owner, address spender, uint256 value) internal virtual {
            uint256 currentAllowance = allowance(owner, spender);
            if (currentAllowance != type(uint256).max) {
                if (currentAllowance < value) {
                    revert ERC20InsufficientAllowance(spender, currentAllowance, value);
                }
                unchecked {
                    _approve(owner, spender, currentAllowance - value, false);
                }
            }
        }
    }

    // SPDX-License-Identifier: MIT
    // OpenZeppelin Contracts (last updated v5.0.0) (token/ERC20/extensions/IERC20Metadata.sol)
    
    pragma solidity ^0.8.20;
    
    import {IERC20} from "../IERC20.sol";
    
    /**
     * @dev Interface for the optional metadata functions from the ERC20 standard.
     */
    interface IERC20Metadata is IERC20 {
        /**
         * @dev Returns the name of the token.
         */
        function name() external view returns (string memory);
    
        /**
         * @dev Returns the symbol of the token.
         */
        function symbol() external view returns (string memory);
    
        /**
         * @dev Returns the decimals places of the token.
         */
        function decimals() external view returns (uint8);
    }

    // SPDX-License-Identifier: MIT
    // OpenZeppelin Contracts (last updated v5.0.0) (token/ERC20/extensions/IERC20Permit.sol)
    
    pragma solidity ^0.8.20;
    
    /**
     * @dev Interface of the ERC20 Permit extension allowing approvals to be made via signatures, as defined in
     * https://eips.ethereum.org/EIPS/eip-2612[EIP-2612].
     *
     * Adds the {permit} method, which can be used to change an account's ERC20 allowance (see {IERC20-allowance}) by
     * presenting a message signed by the account. By not relying on {IERC20-approve}, the token holder account doesn't
     * need to send a transaction, and thus is not required to hold Ether at all.
     *
     * ==== Security Considerations
     *
     * There are two important considerations concerning the use of `permit`. The first is that a valid permit signature
     * expresses an allowance, and it should not be assumed to convey additional meaning. In particular, it should not be
     * considered as an intention to spend the allowance in any specific way. The second is that because permits have
     * built-in replay protection and can be submitted by anyone, they can be frontrun. A protocol that uses permits should
     * take this into consideration and allow a `permit` call to fail. Combining these two aspects, a pattern that may be
     * generally recommended is:
     *
     * ```solidity
     * function doThingWithPermit(..., uint256 value, uint256 deadline, uint8 v, bytes32 r, bytes32 s) public {
     *     try token.permit(msg.sender, address(this), value, deadline, v, r, s) {} catch {}
     *     doThing(..., value);
     * }
     *
     * function doThing(..., uint256 value) public {
     *     token.safeTransferFrom(msg.sender, address(this), value);
     *     ...
     * }
     * ```
     *
     * Observe that: 1) `msg.sender` is used as the owner, leaving no ambiguity as to the signer intent, and 2) the use of
     * `try/catch` allows the permit to fail and makes the code tolerant to frontrunning. (See also
     * {SafeERC20-safeTransferFrom}).
     *
     * Additionally, note that smart contract wallets (such as Argent or Safe) are not able to produce permit signatures, so
     * contracts should have entry points that don't rely on permit.
     */
    interface IERC20Permit {
        /**
         * @dev Sets `value` as the allowance of `spender` over ``owner``'s tokens,
         * given ``owner``'s signed approval.
         *
         * IMPORTANT: The same issues {IERC20-approve} has related to transaction
         * ordering also apply here.
         *
         * Emits an {Approval} event.
         *
         * Requirements:
         *
         * - `spender` cannot be the zero address.
         * - `deadline` must be a timestamp in the future.
         * - `v`, `r` and `s` must be a valid `secp256k1` signature from `owner`
         * over the EIP712-formatted function arguments.
         * - the signature must use ``owner``'s current nonce (see {nonces}).
         *
         * For more information on the signature format, see the
         * https://eips.ethereum.org/EIPS/eip-2612#specification[relevant EIP
         * section].
         *
         * CAUTION: See Security Considerations above.
         */
        function permit(
            address owner,
            address spender,
            uint256 value,
            uint256 deadline,
            uint8 v,
            bytes32 r,
            bytes32 s
        ) external;
    
        /**
         * @dev Returns the current nonce for `owner`. This value must be
         * included whenever a signature is generated for {permit}.
         *
         * Every successful call to {permit} increases ``owner``'s nonce by one. This
         * prevents a signature from being used multiple times.
         */
        function nonces(address owner) external view returns (uint256);
    
        /**
         * @dev Returns the domain separator used in the encoding of the signature for {permit}, as defined by {EIP712}.
         */
        // solhint-disable-next-line func-name-mixedcase
        function DOMAIN_SEPARATOR() external view returns (bytes32);
    }

    // SPDX-License-Identifier: MIT
    // OpenZeppelin Contracts (last updated v5.0.0) (token/ERC20/IERC20.sol)
    
    pragma solidity ^0.8.20;
    
    /**
     * @dev Interface of the ERC20 standard as defined in the EIP.
     */
    interface IERC20 {
        /**
         * @dev Emitted when `value` tokens are moved from one account (`from`) to
         * another (`to`).
         *
         * Note that `value` may be zero.
         */
        event Transfer(address indexed from, address indexed to, uint256 value);
    
        /**
         * @dev Emitted when the allowance of a `spender` for an `owner` is set by
         * a call to {approve}. `value` is the new allowance.
         */
        event Approval(address indexed owner, address indexed spender, uint256 value);
    
        /**
         * @dev Returns the value of tokens in existence.
         */
        function totalSupply() external view returns (uint256);
    
        /**
         * @dev Returns the value of tokens owned by `account`.
         */
        function balanceOf(address account) external view returns (uint256);
    
        /**
         * @dev Moves a `value` amount of tokens from the caller's account to `to`.
         *
         * Returns a boolean value indicating whether the operation succeeded.
         *
         * Emits a {Transfer} event.
         */
        function transfer(address to, uint256 value) external returns (bool);
    
        /**
         * @dev Returns the remaining number of tokens that `spender` will be
         * allowed to spend on behalf of `owner` through {transferFrom}. This is
         * zero by default.
         *
         * This value changes when {approve} or {transferFrom} are called.
         */
        function allowance(address owner, address spender) external view returns (uint256);
    
        /**
         * @dev Sets a `value` amount of tokens as the allowance of `spender` over the
         * caller's tokens.
         *
         * Returns a boolean value indicating whether the operation succeeded.
         *
         * IMPORTANT: Beware that changing an allowance with this method brings the risk
         * that someone may use both the old and the new allowance by unfortunate
         * transaction ordering. One possible solution to mitigate this race
         * condition is to first reduce the spender's allowance to 0 and set the
         * desired value afterwards:
         * https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729
         *
         * Emits an {Approval} event.
         */
        function approve(address spender, uint256 value) external returns (bool);
    
        /**
         * @dev Moves a `value` amount of tokens from `from` to `to` using the
         * allowance mechanism. `value` is then deducted from the caller's
         * allowance.
         *
         * Returns a boolean value indicating whether the operation succeeded.
         *
         * Emits a {Transfer} event.
         */
        function transferFrom(address from, address to, uint256 value) external returns (bool);
    }

    // SPDX-License-Identifier: MIT
    // OpenZeppelin Contracts (last updated v5.0.0) (token/ERC20/utils/SafeERC20.sol)
    
    pragma solidity ^0.8.20;
    
    import {IERC20} from "../IERC20.sol";
    import {IERC20Permit} from "../extensions/IERC20Permit.sol";
    import {Address} from "../../../utils/Address.sol";
    
    /**
     * @title SafeERC20
     * @dev Wrappers around ERC20 operations that throw on failure (when the token
     * contract returns false). Tokens that return no value (and instead revert or
     * throw on failure) are also supported, non-reverting calls are assumed to be
     * successful.
     * To use this library you can add a `using SafeERC20 for IERC20;` statement to your contract,
     * which allows you to call the safe operations as `token.safeTransfer(...)`, etc.
     */
    library SafeERC20 {
        using Address for address;
    
        /**
         * @dev An operation with an ERC20 token failed.
         */
        error SafeERC20FailedOperation(address token);
    
        /**
         * @dev Indicates a failed `decreaseAllowance` request.
         */
        error SafeERC20FailedDecreaseAllowance(address spender, uint256 currentAllowance, uint256 requestedDecrease);
    
        /**
         * @dev Transfer `value` amount of `token` from the calling contract to `to`. If `token` returns no value,
         * non-reverting calls are assumed to be successful.
         */
        function safeTransfer(IERC20 token, address to, uint256 value) internal {
            _callOptionalReturn(token, abi.encodeCall(token.transfer, (to, value)));
        }
    
        /**
         * @dev Transfer `value` amount of `token` from `from` to `to`, spending the approval given by `from` to the
         * calling contract. If `token` returns no value, non-reverting calls are assumed to be successful.
         */
        function safeTransferFrom(IERC20 token, address from, address to, uint256 value) internal {
            _callOptionalReturn(token, abi.encodeCall(token.transferFrom, (from, to, value)));
        }
    
        /**
         * @dev Increase the calling contract's allowance toward `spender` by `value`. If `token` returns no value,
         * non-reverting calls are assumed to be successful.
         */
        function safeIncreaseAllowance(IERC20 token, address spender, uint256 value) internal {
            uint256 oldAllowance = token.allowance(address(this), spender);
            forceApprove(token, spender, oldAllowance + value);
        }
    
        /**
         * @dev Decrease the calling contract's allowance toward `spender` by `requestedDecrease`. If `token` returns no
         * value, non-reverting calls are assumed to be successful.
         */
        function safeDecreaseAllowance(IERC20 token, address spender, uint256 requestedDecrease) internal {
            unchecked {
                uint256 currentAllowance = token.allowance(address(this), spender);
                if (currentAllowance < requestedDecrease) {
                    revert SafeERC20FailedDecreaseAllowance(spender, currentAllowance, requestedDecrease);
                }
                forceApprove(token, spender, currentAllowance - requestedDecrease);
            }
        }
    
        /**
         * @dev Set the calling contract's allowance toward `spender` to `value`. If `token` returns no value,
         * non-reverting calls are assumed to be successful. Meant to be used with tokens that require the approval
         * to be set to zero before setting it to a non-zero value, such as USDT.
         */
        function forceApprove(IERC20 token, address spender, uint256 value) internal {
            bytes memory approvalCall = abi.encodeCall(token.approve, (spender, value));
    
            if (!_callOptionalReturnBool(token, approvalCall)) {
                _callOptionalReturn(token, abi.encodeCall(token.approve, (spender, 0)));
                _callOptionalReturn(token, approvalCall);
            }
        }
    
        /**
         * @dev Imitates a Solidity high-level call (i.e. a regular function call to a contract), relaxing the requirement
         * on the return value: the return value is optional (but if data is returned, it must not be false).
         * @param token The token targeted by the call.
         * @param data The call data (encoded using abi.encode or one of its variants).
         */
        function _callOptionalReturn(IERC20 token, bytes memory data) private {
            // We need to perform a low level call here, to bypass Solidity's return data size checking mechanism, since
            // we're implementing it ourselves. We use {Address-functionCall} to perform this call, which verifies that
            // the target address contains contract code and also asserts for success in the low-level call.
    
            bytes memory returndata = address(token).functionCall(data);
            if (returndata.length != 0 && !abi.decode(returndata, (bool))) {
                revert SafeERC20FailedOperation(address(token));
            }
        }
    
        /**
         * @dev Imitates a Solidity high-level call (i.e. a regular function call to a contract), relaxing the requirement
         * on the return value: the return value is optional (but if data is returned, it must not be false).
         * @param token The token targeted by the call.
         * @param data The call data (encoded using abi.encode or one of its variants).
         *
         * This is a variant of {_callOptionalReturn} that silents catches all reverts and returns a bool instead.
         */
        function _callOptionalReturnBool(IERC20 token, bytes memory data) private returns (bool) {
            // We need to perform a low level call here, to bypass Solidity's return data size checking mechanism, since
            // we're implementing it ourselves. We cannot use {Address-functionCall} here since this should return false
            // and not revert is the subcall reverts.
    
            (bool success, bytes memory returndata) = address(token).call(data);
            return success && (returndata.length == 0 || abi.decode(returndata, (bool))) && address(token).code.length > 0;
        }
    }

    // SPDX-License-Identifier: MIT
    // OpenZeppelin Contracts (last updated v5.0.0) (token/ERC721/ERC721.sol)
    
    pragma solidity ^0.8.20;
    
    import {IERC721} from "./IERC721.sol";
    import {IERC721Receiver} from "./IERC721Receiver.sol";
    import {IERC721Metadata} from "./extensions/IERC721Metadata.sol";
    import {Context} from "../../utils/Context.sol";
    import {Strings} from "../../utils/Strings.sol";
    import {IERC165, ERC165} from "../../utils/introspection/ERC165.sol";
    import {IERC721Errors} from "../../interfaces/draft-IERC6093.sol";
    
    /**
     * @dev Implementation of https://eips.ethereum.org/EIPS/eip-721[ERC721] Non-Fungible Token Standard, including
     * the Metadata extension, but not including the Enumerable extension, which is available separately as
     * {ERC721Enumerable}.
     */
    abstract contract ERC721 is Context, ERC165, IERC721, IERC721Metadata, IERC721Errors {
        using Strings for uint256;
    
        // Token name
        string private _name;
    
        // Token symbol
        string private _symbol;
    
        mapping(uint256 tokenId => address) private _owners;
    
        mapping(address owner => uint256) private _balances;
    
        mapping(uint256 tokenId => address) private _tokenApprovals;
    
        mapping(address owner => mapping(address operator => bool)) private _operatorApprovals;
    
        /**
         * @dev Initializes the contract by setting a `name` and a `symbol` to the token collection.
         */
        constructor(string memory name_, string memory symbol_) {
            _name = name_;
            _symbol = symbol_;
        }
    
        /**
         * @dev See {IERC165-supportsInterface}.
         */
        function supportsInterface(bytes4 interfaceId) public view virtual override(ERC165, IERC165) returns (bool) {
            return
                interfaceId == type(IERC721).interfaceId ||
                interfaceId == type(IERC721Metadata).interfaceId ||
                super.supportsInterface(interfaceId);
        }
    
        /**
         * @dev See {IERC721-balanceOf}.
         */
        function balanceOf(address owner) public view virtual returns (uint256) {
            if (owner == address(0)) {
                revert ERC721InvalidOwner(address(0));
            }
            return _balances[owner];
        }
    
        /**
         * @dev See {IERC721-ownerOf}.
         */
        function ownerOf(uint256 tokenId) public view virtual returns (address) {
            return _requireOwned(tokenId);
        }
    
        /**
         * @dev See {IERC721Metadata-name}.
         */
        function name() public view virtual returns (string memory) {
            return _name;
        }
    
        /**
         * @dev See {IERC721Metadata-symbol}.
         */
        function symbol() public view virtual returns (string memory) {
            return _symbol;
        }
    
        /**
         * @dev See {IERC721Metadata-tokenURI}.
         */
        function tokenURI(uint256 tokenId) public view virtual returns (string memory) {
            _requireOwned(tokenId);
    
            string memory baseURI = _baseURI();
            return bytes(baseURI).length > 0 ? string.concat(baseURI, tokenId.toString()) : "";
        }
    
        /**
         * @dev Base URI for computing {tokenURI}. If set, the resulting URI for each
         * token will be the concatenation of the `baseURI` and the `tokenId`. Empty
         * by default, can be overridden in child contracts.
         */
        function _baseURI() internal view virtual returns (string memory) {
            return "";
        }
    
        /**
         * @dev See {IERC721-approve}.
         */
        function approve(address to, uint256 tokenId) public virtual {
            _approve(to, tokenId, _msgSender());
        }
    
        /**
         * @dev See {IERC721-getApproved}.
         */
        function getApproved(uint256 tokenId) public view virtual returns (address) {
            _requireOwned(tokenId);
    
            return _getApproved(tokenId);
        }
    
        /**
         * @dev See {IERC721-setApprovalForAll}.
         */
        function setApprovalForAll(address operator, bool approved) public virtual {
            _setApprovalForAll(_msgSender(), operator, approved);
        }
    
        /**
         * @dev See {IERC721-isApprovedForAll}.
         */
        function isApprovedForAll(address owner, address operator) public view virtual returns (bool) {
            return _operatorApprovals[owner][operator];
        }
    
        /**
         * @dev See {IERC721-transferFrom}.
         */
        function transferFrom(address from, address to, uint256 tokenId) public virtual {
            if (to == address(0)) {
                revert ERC721InvalidReceiver(address(0));
            }
            // Setting an "auth" arguments enables the `_isAuthorized` check which verifies that the token exists
            // (from != 0). Therefore, it is not needed to verify that the return value is not 0 here.
            address previousOwner = _update(to, tokenId, _msgSender());
            if (previousOwner != from) {
                revert ERC721IncorrectOwner(from, tokenId, previousOwner);
            }
        }
    
        /**
         * @dev See {IERC721-safeTransferFrom}.
         */
        function safeTransferFrom(address from, address to, uint256 tokenId) public {
            safeTransferFrom(from, to, tokenId, "");
        }
    
        /**
         * @dev See {IERC721-safeTransferFrom}.
         */
        function safeTransferFrom(address from, address to, uint256 tokenId, bytes memory data) public virtual {
            transferFrom(from, to, tokenId);
            _checkOnERC721Received(from, to, tokenId, data);
        }
    
        /**
         * @dev Returns the owner of the `tokenId`. Does NOT revert if token doesn't exist
         *
         * IMPORTANT: Any overrides to this function that add ownership of tokens not tracked by the
         * core ERC721 logic MUST be matched with the use of {_increaseBalance} to keep balances
         * consistent with ownership. The invariant to preserve is that for any address `a` the value returned by
         * `balanceOf(a)` must be equal to the number of tokens such that `_ownerOf(tokenId)` is `a`.
         */
        function _ownerOf(uint256 tokenId) internal view virtual returns (address) {
            return _owners[tokenId];
        }
    
        /**
         * @dev Returns the approved address for `tokenId`. Returns 0 if `tokenId` is not minted.
         */
        function _getApproved(uint256 tokenId) internal view virtual returns (address) {
            return _tokenApprovals[tokenId];
        }
    
        /**
         * @dev Returns whether `spender` is allowed to manage `owner`'s tokens, or `tokenId` in
         * particular (ignoring whether it is owned by `owner`).
         *
         * WARNING: This function assumes that `owner` is the actual owner of `tokenId` and does not verify this
         * assumption.
         */
        function _isAuthorized(address owner, address spender, uint256 tokenId) internal view virtual returns (bool) {
            return
                spender != address(0) &&
                (owner == spender || isApprovedForAll(owner, spender) || _getApproved(tokenId) == spender);
        }
    
        /**
         * @dev Checks if `spender` can operate on `tokenId`, assuming the provided `owner` is the actual owner.
         * Reverts if `spender` does not have approval from the provided `owner` for the given token or for all its assets
         * the `spender` for the specific `tokenId`.
         *
         * WARNING: This function assumes that `owner` is the actual owner of `tokenId` and does not verify this
         * assumption.
         */
        function _checkAuthorized(address owner, address spender, uint256 tokenId) internal view virtual {
            if (!_isAuthorized(owner, spender, tokenId)) {
                if (owner == address(0)) {
                    revert ERC721NonexistentToken(tokenId);
                } else {
                    revert ERC721InsufficientApproval(spender, tokenId);
                }
            }
        }
    
        /**
         * @dev Unsafe write access to the balances, used by extensions that "mint" tokens using an {ownerOf} override.
         *
         * NOTE: the value is limited to type(uint128).max. This protect against _balance overflow. It is unrealistic that
         * a uint256 would ever overflow from increments when these increments are bounded to uint128 values.
         *
         * WARNING: Increasing an account's balance using this function tends to be paired with an override of the
         * {_ownerOf} function to resolve the ownership of the corresponding tokens so that balances and ownership
         * remain consistent with one another.
         */
        function _increaseBalance(address account, uint128 value) internal virtual {
            unchecked {
                _balances[account] += value;
            }
        }
    
        /**
         * @dev Transfers `tokenId` from its current owner to `to`, or alternatively mints (or burns) if the current owner
         * (or `to`) is the zero address. Returns the owner of the `tokenId` before the update.
         *
         * The `auth` argument is optional. If the value passed is non 0, then this function will check that
         * `auth` is either the owner of the token, or approved to operate on the token (by the owner).
         *
         * Emits a {Transfer} event.
         *
         * NOTE: If overriding this function in a way that tracks balances, see also {_increaseBalance}.
         */
        function _update(address to, uint256 tokenId, address auth) internal virtual returns (address) {
            address from = _ownerOf(tokenId);
    
            // Perform (optional) operator check
            if (auth != address(0)) {
                _checkAuthorized(from, auth, tokenId);
            }
    
            // Execute the update
            if (from != address(0)) {
                // Clear approval. No need to re-authorize or emit the Approval event
                _approve(address(0), tokenId, address(0), false);
    
                unchecked {
                    _balances[from] -= 1;
                }
            }
    
            if (to != address(0)) {
                unchecked {
                    _balances[to] += 1;
                }
            }
    
            _owners[tokenId] = to;
    
            emit Transfer(from, to, tokenId);
    
            return from;
        }
    
        /**
         * @dev Mints `tokenId` and transfers it to `to`.
         *
         * WARNING: Usage of this method is discouraged, use {_safeMint} whenever possible
         *
         * Requirements:
         *
         * - `tokenId` must not exist.
         * - `to` cannot be the zero address.
         *
         * Emits a {Transfer} event.
         */
        function _mint(address to, uint256 tokenId) internal {
            if (to == address(0)) {
                revert ERC721InvalidReceiver(address(0));
            }
            address previousOwner = _update(to, tokenId, address(0));
            if (previousOwner != address(0)) {
                revert ERC721InvalidSender(address(0));
            }
        }
    
        /**
         * @dev Mints `tokenId`, transfers it to `to` and checks for `to` acceptance.
         *
         * Requirements:
         *
         * - `tokenId` must not exist.
         * - If `to` refers to a smart contract, it must implement {IERC721Receiver-onERC721Received}, which is called upon a safe transfer.
         *
         * Emits a {Transfer} event.
         */
        function _safeMint(address to, uint256 tokenId) internal {
            _safeMint(to, tokenId, "");
        }
    
        /**
         * @dev Same as {xref-ERC721-_safeMint-address-uint256-}[`_safeMint`], with an additional `data` parameter which is
         * forwarded in {IERC721Receiver-onERC721Received} to contract recipients.
         */
        function _safeMint(address to, uint256 tokenId, bytes memory data) internal virtual {
            _mint(to, tokenId);
            _checkOnERC721Received(address(0), to, tokenId, data);
        }
    
        /**
         * @dev Destroys `tokenId`.
         * The approval is cleared when the token is burned.
         * This is an internal function that does not check if the sender is authorized to operate on the token.
         *
         * Requirements:
         *
         * - `tokenId` must exist.
         *
         * Emits a {Transfer} event.
         */
        function _burn(uint256 tokenId) internal {
            address previousOwner = _update(address(0), tokenId, address(0));
            if (previousOwner == address(0)) {
                revert ERC721NonexistentToken(tokenId);
            }
        }
    
        /**
         * @dev Transfers `tokenId` from `from` to `to`.
         *  As opposed to {transferFrom}, this imposes no restrictions on msg.sender.
         *
         * Requirements:
         *
         * - `to` cannot be the zero address.
         * - `tokenId` token must be owned by `from`.
         *
         * Emits a {Transfer} event.
         */
        function _transfer(address from, address to, uint256 tokenId) internal {
            if (to == address(0)) {
                revert ERC721InvalidReceiver(address(0));
            }
            address previousOwner = _update(to, tokenId, address(0));
            if (previousOwner == address(0)) {
                revert ERC721NonexistentToken(tokenId);
            } else if (previousOwner != from) {
                revert ERC721IncorrectOwner(from, tokenId, previousOwner);
            }
        }
    
        /**
         * @dev Safely transfers `tokenId` token from `from` to `to`, checking that contract recipients
         * are aware of the ERC721 standard to prevent tokens from being forever locked.
         *
         * `data` is additional data, it has no specified format and it is sent in call to `to`.
         *
         * This internal function is like {safeTransferFrom} in the sense that it invokes
         * {IERC721Receiver-onERC721Received} on the receiver, and can be used to e.g.
         * implement alternative mechanisms to perform token transfer, such as signature-based.
         *
         * Requirements:
         *
         * - `tokenId` token must exist and be owned by `from`.
         * - `to` cannot be the zero address.
         * - `from` cannot be the zero address.
         * - If `to` refers to a smart contract, it must implement {IERC721Receiver-onERC721Received}, which is called upon a safe transfer.
         *
         * Emits a {Transfer} event.
         */
        function _safeTransfer(address from, address to, uint256 tokenId) internal {
            _safeTransfer(from, to, tokenId, "");
        }
    
        /**
         * @dev Same as {xref-ERC721-_safeTransfer-address-address-uint256-}[`_safeTransfer`], with an additional `data` parameter which is
         * forwarded in {IERC721Receiver-onERC721Received} to contract recipients.
         */
        function _safeTransfer(address from, address to, uint256 tokenId, bytes memory data) internal virtual {
            _transfer(from, to, tokenId);
            _checkOnERC721Received(from, to, tokenId, data);
        }
    
        /**
         * @dev Approve `to` to operate on `tokenId`
         *
         * The `auth` argument is optional. If the value passed is non 0, then this function will check that `auth` is
         * either the owner of the token, or approved to operate on all tokens held by this owner.
         *
         * Emits an {Approval} event.
         *
         * Overrides to this logic should be done to the variant with an additional `bool emitEvent` argument.
         */
        function _approve(address to, uint256 tokenId, address auth) internal {
            _approve(to, tokenId, auth, true);
        }
    
        /**
         * @dev Variant of `_approve` with an optional flag to enable or disable the {Approval} event. The event is not
         * emitted in the context of transfers.
         */
        function _approve(address to, uint256 tokenId, address auth, bool emitEvent) internal virtual {
            // Avoid reading the owner unless necessary
            if (emitEvent || auth != address(0)) {
                address owner = _requireOwned(tokenId);
    
                // We do not use _isAuthorized because single-token approvals should not be able to call approve
                if (auth != address(0) && owner != auth && !isApprovedForAll(owner, auth)) {
                    revert ERC721InvalidApprover(auth);
                }
    
                if (emitEvent) {
                    emit Approval(owner, to, tokenId);
                }
            }
    
            _tokenApprovals[tokenId] = to;
        }
    
        /**
         * @dev Approve `operator` to operate on all of `owner` tokens
         *
         * Requirements:
         * - operator can't be the address zero.
         *
         * Emits an {ApprovalForAll} event.
         */
        function _setApprovalForAll(address owner, address operator, bool approved) internal virtual {
            if (operator == address(0)) {
                revert ERC721InvalidOperator(operator);
            }
            _operatorApprovals[owner][operator] = approved;
            emit ApprovalForAll(owner, operator, approved);
        }
    
        /**
         * @dev Reverts if the `tokenId` doesn't have a current owner (it hasn't been minted, or it has been burned).
         * Returns the owner.
         *
         * Overrides to ownership logic should be done to {_ownerOf}.
         */
        function _requireOwned(uint256 tokenId) internal view returns (address) {
            address owner = _ownerOf(tokenId);
            if (owner == address(0)) {
                revert ERC721NonexistentToken(tokenId);
            }
            return owner;
        }
    
        /**
         * @dev Private function to invoke {IERC721Receiver-onERC721Received} on a target address. This will revert if the
         * recipient doesn't accept the token transfer. The call is not executed if the target address is not a contract.
         *
         * @param from address representing the previous owner of the given token ID
         * @param to target address that will receive the tokens
         * @param tokenId uint256 ID of the token to be transferred
         * @param data bytes optional data to send along with the call
         */
        function _checkOnERC721Received(address from, address to, uint256 tokenId, bytes memory data) private {
            if (to.code.length > 0) {
                try IERC721Receiver(to).onERC721Received(_msgSender(), from, tokenId, data) returns (bytes4 retval) {
                    if (retval != IERC721Receiver.onERC721Received.selector) {
                        revert ERC721InvalidReceiver(to);
                    }
                } catch (bytes memory reason) {
                    if (reason.length == 0) {
                        revert ERC721InvalidReceiver(to);
                    } else {
                        /// @solidity memory-safe-assembly
                        assembly {
                            revert(add(32, reason), mload(reason))
                        }
                    }
                }
            }
        }
    }

    // SPDX-License-Identifier: MIT
    // OpenZeppelin Contracts (last updated v5.0.0) (token/ERC721/extensions/ERC721Enumerable.sol)
    
    pragma solidity ^0.8.20;
    
    import {ERC721} from "../ERC721.sol";
    import {IERC721Enumerable} from "./IERC721Enumerable.sol";
    import {IERC165} from "../../../utils/introspection/ERC165.sol";
    
    /**
     * @dev This implements an optional extension of {ERC721} defined in the EIP that adds enumerability
     * of all the token ids in the contract as well as all token ids owned by each account.
     *
     * CAUTION: `ERC721` extensions that implement custom `balanceOf` logic, such as `ERC721Consecutive`,
     * interfere with enumerability and should not be used together with `ERC721Enumerable`.
     */
    abstract contract ERC721Enumerable is ERC721, IERC721Enumerable {
        mapping(address owner => mapping(uint256 index => uint256)) private _ownedTokens;
        mapping(uint256 tokenId => uint256) private _ownedTokensIndex;
    
        uint256[] private _allTokens;
        mapping(uint256 tokenId => uint256) private _allTokensIndex;
    
        /**
         * @dev An `owner`'s token query was out of bounds for `index`.
         *
         * NOTE: The owner being `address(0)` indicates a global out of bounds index.
         */
        error ERC721OutOfBoundsIndex(address owner, uint256 index);
    
        /**
         * @dev Batch mint is not allowed.
         */
        error ERC721EnumerableForbiddenBatchMint();
    
        /**
         * @dev See {IERC165-supportsInterface}.
         */
        function supportsInterface(bytes4 interfaceId) public view virtual override(IERC165, ERC721) returns (bool) {
            return interfaceId == type(IERC721Enumerable).interfaceId || super.supportsInterface(interfaceId);
        }
    
        /**
         * @dev See {IERC721Enumerable-tokenOfOwnerByIndex}.
         */
        function tokenOfOwnerByIndex(address owner, uint256 index) public view virtual returns (uint256) {
            if (index >= balanceOf(owner)) {
                revert ERC721OutOfBoundsIndex(owner, index);
            }
            return _ownedTokens[owner][index];
        }
    
        /**
         * @dev See {IERC721Enumerable-totalSupply}.
         */
        function totalSupply() public view virtual returns (uint256) {
            return _allTokens.length;
        }
    
        /**
         * @dev See {IERC721Enumerable-tokenByIndex}.
         */
        function tokenByIndex(uint256 index) public view virtual returns (uint256) {
            if (index >= totalSupply()) {
                revert ERC721OutOfBoundsIndex(address(0), index);
            }
            return _allTokens[index];
        }
    
        /**
         * @dev See {ERC721-_update}.
         */
        function _update(address to, uint256 tokenId, address auth) internal virtual override returns (address) {
            address previousOwner = super._update(to, tokenId, auth);
    
            if (previousOwner == address(0)) {
                _addTokenToAllTokensEnumeration(tokenId);
            } else if (previousOwner != to) {
                _removeTokenFromOwnerEnumeration(previousOwner, tokenId);
            }
            if (to == address(0)) {
                _removeTokenFromAllTokensEnumeration(tokenId);
            } else if (previousOwner != to) {
                _addTokenToOwnerEnumeration(to, tokenId);
            }
    
            return previousOwner;
        }
    
        /**
         * @dev Private function to add a token to this extension's ownership-tracking data structures.
         * @param to address representing the new owner of the given token ID
         * @param tokenId uint256 ID of the token to be added to the tokens list of the given address
         */
        function _addTokenToOwnerEnumeration(address to, uint256 tokenId) private {
            uint256 length = balanceOf(to) - 1;
            _ownedTokens[to][length] = tokenId;
            _ownedTokensIndex[tokenId] = length;
        }
    
        /**
         * @dev Private function to add a token to this extension's token tracking data structures.
         * @param tokenId uint256 ID of the token to be added to the tokens list
         */
        function _addTokenToAllTokensEnumeration(uint256 tokenId) private {
            _allTokensIndex[tokenId] = _allTokens.length;
            _allTokens.push(tokenId);
        }
    
        /**
         * @dev Private function to remove a token from this extension's ownership-tracking data structures. Note that
         * while the token is not assigned a new owner, the `_ownedTokensIndex` mapping is _not_ updated: this allows for
         * gas optimizations e.g. when performing a transfer operation (avoiding double writes).
         * This has O(1) time complexity, but alters the order of the _ownedTokens array.
         * @param from address representing the previous owner of the given token ID
         * @param tokenId uint256 ID of the token to be removed from the tokens list of the given address
         */
        function _removeTokenFromOwnerEnumeration(address from, uint256 tokenId) private {
            // To prevent a gap in from's tokens array, we store the last token in the index of the token to delete, and
            // then delete the last slot (swap and pop).
    
            uint256 lastTokenIndex = balanceOf(from);
            uint256 tokenIndex = _ownedTokensIndex[tokenId];
    
            // When the token to delete is the last token, the swap operation is unnecessary
            if (tokenIndex != lastTokenIndex) {
                uint256 lastTokenId = _ownedTokens[from][lastTokenIndex];
    
                _ownedTokens[from][tokenIndex] = lastTokenId; // Move the last token to the slot of the to-delete token
                _ownedTokensIndex[lastTokenId] = tokenIndex; // Update the moved token's index
            }
    
            // This also deletes the contents at the last position of the array
            delete _ownedTokensIndex[tokenId];
            delete _ownedTokens[from][lastTokenIndex];
        }
    
        /**
         * @dev Private function to remove a token from this extension's token tracking data structures.
         * This has O(1) time complexity, but alters the order of the _allTokens array.
         * @param tokenId uint256 ID of the token to be removed from the tokens list
         */
        function _removeTokenFromAllTokensEnumeration(uint256 tokenId) private {
            // To prevent a gap in the tokens array, we store the last token in the index of the token to delete, and
            // then delete the last slot (swap and pop).
    
            uint256 lastTokenIndex = _allTokens.length - 1;
            uint256 tokenIndex = _allTokensIndex[tokenId];
    
            // When the token to delete is the last token, the swap operation is unnecessary. However, since this occurs so
            // rarely (when the last minted token is burnt) that we still do the swap here to avoid the gas cost of adding
            // an 'if' statement (like in _removeTokenFromOwnerEnumeration)
            uint256 lastTokenId = _allTokens[lastTokenIndex];
    
            _allTokens[tokenIndex] = lastTokenId; // Move the last token to the slot of the to-delete token
            _allTokensIndex[lastTokenId] = tokenIndex; // Update the moved token's index
    
            // This also deletes the contents at the last position of the array
            delete _allTokensIndex[tokenId];
            _allTokens.pop();
        }
    
        /**
         * See {ERC721-_increaseBalance}. We need that to account tokens that were minted in batch
         */
        function _increaseBalance(address account, uint128 amount) internal virtual override {
            if (amount > 0) {
                revert ERC721EnumerableForbiddenBatchMint();
            }
            super._increaseBalance(account, amount);
        }
    }

    // SPDX-License-Identifier: MIT
    // OpenZeppelin Contracts (last updated v5.0.0) (token/ERC721/extensions/ERC721URIStorage.sol)
    
    pragma solidity ^0.8.20;
    
    import {ERC721} from "../ERC721.sol";
    import {Strings} from "../../../utils/Strings.sol";
    import {IERC4906} from "../../../interfaces/IERC4906.sol";
    import {IERC165} from "../../../interfaces/IERC165.sol";
    
    /**
     * @dev ERC721 token with storage based token URI management.
     */
    abstract contract ERC721URIStorage is IERC4906, ERC721 {
        using Strings for uint256;
    
        // Interface ID as defined in ERC-4906. This does not correspond to a traditional interface ID as ERC-4906 only
        // defines events and does not include any external function.
        bytes4 private constant ERC4906_INTERFACE_ID = bytes4(0x49064906);
    
        // Optional mapping for token URIs
        mapping(uint256 tokenId => string) private _tokenURIs;
    
        /**
         * @dev See {IERC165-supportsInterface}
         */
        function supportsInterface(bytes4 interfaceId) public view virtual override(ERC721, IERC165) returns (bool) {
            return interfaceId == ERC4906_INTERFACE_ID || super.supportsInterface(interfaceId);
        }
    
        /**
         * @dev See {IERC721Metadata-tokenURI}.
         */
        function tokenURI(uint256 tokenId) public view virtual override returns (string memory) {
            _requireOwned(tokenId);
    
            string memory _tokenURI = _tokenURIs[tokenId];
            string memory base = _baseURI();
    
            // If there is no base URI, return the token URI.
            if (bytes(base).length == 0) {
                return _tokenURI;
            }
            // If both are set, concatenate the baseURI and tokenURI (via string.concat).
            if (bytes(_tokenURI).length > 0) {
                return string.concat(base, _tokenURI);
            }
    
            return super.tokenURI(tokenId);
        }
    
        /**
         * @dev Sets `_tokenURI` as the tokenURI of `tokenId`.
         *
         * Emits {MetadataUpdate}.
         */
        function _setTokenURI(uint256 tokenId, string memory _tokenURI) internal virtual {
            _tokenURIs[tokenId] = _tokenURI;
            emit MetadataUpdate(tokenId);
        }
    }

    // SPDX-License-Identifier: MIT
    // OpenZeppelin Contracts (last updated v5.0.0) (token/ERC721/extensions/IERC721Enumerable.sol)
    
    pragma solidity ^0.8.20;
    
    import {IERC721} from "../IERC721.sol";
    
    /**
     * @title ERC-721 Non-Fungible Token Standard, optional enumeration extension
     * @dev See https://eips.ethereum.org/EIPS/eip-721
     */
    interface IERC721Enumerable is IERC721 {
        /**
         * @dev Returns the total amount of tokens stored by the contract.
         */
        function totalSupply() external view returns (uint256);
    
        /**
         * @dev Returns a token ID owned by `owner` at a given `index` of its token list.
         * Use along with {balanceOf} to enumerate all of ``owner``'s tokens.
         */
        function tokenOfOwnerByIndex(address owner, uint256 index) external view returns (uint256);
    
        /**
         * @dev Returns a token ID at a given `index` of all the tokens stored by the contract.
         * Use along with {totalSupply} to enumerate all tokens.
         */
        function tokenByIndex(uint256 index) external view returns (uint256);
    }

    // SPDX-License-Identifier: MIT
    // OpenZeppelin Contracts (last updated v5.0.0) (token/ERC721/extensions/IERC721Metadata.sol)
    
    pragma solidity ^0.8.20;
    
    import {IERC721} from "../IERC721.sol";
    
    /**
     * @title ERC-721 Non-Fungible Token Standard, optional metadata extension
     * @dev See https://eips.ethereum.org/EIPS/eip-721
     */
    interface IERC721Metadata is IERC721 {
        /**
         * @dev Returns the token collection name.
         */
        function name() external view returns (string memory);
    
        /**
         * @dev Returns the token collection symbol.
         */
        function symbol() external view returns (string memory);
    
        /**
         * @dev Returns the Uniform Resource Identifier (URI) for `tokenId` token.
         */
        function tokenURI(uint256 tokenId) external view returns (string memory);
    }

    // SPDX-License-Identifier: MIT
    // OpenZeppelin Contracts (last updated v5.0.0) (token/ERC721/IERC721.sol)
    
    pragma solidity ^0.8.20;
    
    import {IERC165} from "../../utils/introspection/IERC165.sol";
    
    /**
     * @dev Required interface of an ERC721 compliant contract.
     */
    interface IERC721 is IERC165 {
        /**
         * @dev Emitted when `tokenId` token is transferred from `from` to `to`.
         */
        event Transfer(address indexed from, address indexed to, uint256 indexed tokenId);
    
        /**
         * @dev Emitted when `owner` enables `approved` to manage the `tokenId` token.
         */
        event Approval(address indexed owner, address indexed approved, uint256 indexed tokenId);
    
        /**
         * @dev Emitted when `owner` enables or disables (`approved`) `operator` to manage all of its assets.
         */
        event ApprovalForAll(address indexed owner, address indexed operator, bool approved);
    
        /**
         * @dev Returns the number of tokens in ``owner``'s account.
         */
        function balanceOf(address owner) external view returns (uint256 balance);
    
        /**
         * @dev Returns the owner of the `tokenId` token.
         *
         * Requirements:
         *
         * - `tokenId` must exist.
         */
        function ownerOf(uint256 tokenId) external view returns (address owner);
    
        /**
         * @dev Safely transfers `tokenId` token from `from` to `to`.
         *
         * Requirements:
         *
         * - `from` cannot be the zero address.
         * - `to` cannot be the zero address.
         * - `tokenId` token must exist and be owned by `from`.
         * - If the caller is not `from`, it must be approved to move this token by either {approve} or {setApprovalForAll}.
         * - If `to` refers to a smart contract, it must implement {IERC721Receiver-onERC721Received}, which is called upon
         *   a safe transfer.
         *
         * Emits a {Transfer} event.
         */
        function safeTransferFrom(address from, address to, uint256 tokenId, bytes calldata data) external;
    
        /**
         * @dev Safely transfers `tokenId` token from `from` to `to`, checking first that contract recipients
         * are aware of the ERC721 protocol to prevent tokens from being forever locked.
         *
         * Requirements:
         *
         * - `from` cannot be the zero address.
         * - `to` cannot be the zero address.
         * - `tokenId` token must exist and be owned by `from`.
         * - If the caller is not `from`, it must have been allowed to move this token by either {approve} or
         *   {setApprovalForAll}.
         * - If `to` refers to a smart contract, it must implement {IERC721Receiver-onERC721Received}, which is called upon
         *   a safe transfer.
         *
         * Emits a {Transfer} event.
         */
        function safeTransferFrom(address from, address to, uint256 tokenId) external;
    
        /**
         * @dev Transfers `tokenId` token from `from` to `to`.
         *
         * WARNING: Note that the caller is responsible to confirm that the recipient is capable of receiving ERC721
         * or else they may be permanently lost. Usage of {safeTransferFrom} prevents loss, though the caller must
         * understand this adds an external call which potentially creates a reentrancy vulnerability.
         *
         * Requirements:
         *
         * - `from` cannot be the zero address.
         * - `to` cannot be the zero address.
         * - `tokenId` token must be owned by `from`.
         * - If the caller is not `from`, it must be approved to move this token by either {approve} or {setApprovalForAll}.
         *
         * Emits a {Transfer} event.
         */
        function transferFrom(address from, address to, uint256 tokenId) external;
    
        /**
         * @dev Gives permission to `to` to transfer `tokenId` token to another account.
         * The approval is cleared when the token is transferred.
         *
         * Only a single account can be approved at a time, so approving the zero address clears previous approvals.
         *
         * Requirements:
         *
         * - The caller must own the token or be an approved operator.
         * - `tokenId` must exist.
         *
         * Emits an {Approval} event.
         */
        function approve(address to, uint256 tokenId) external;
    
        /**
         * @dev Approve or remove `operator` as an operator for the caller.
         * Operators can call {transferFrom} or {safeTransferFrom} for any token owned by the caller.
         *
         * Requirements:
         *
         * - The `operator` cannot be the address zero.
         *
         * Emits an {ApprovalForAll} event.
         */
        function setApprovalForAll(address operator, bool approved) external;
    
        /**
         * @dev Returns the account approved for `tokenId` token.
         *
         * Requirements:
         *
         * - `tokenId` must exist.
         */
        function getApproved(uint256 tokenId) external view returns (address operator);
    
        /**
         * @dev Returns if the `operator` is allowed to manage all of the assets of `owner`.
         *
         * See {setApprovalForAll}
         */
        function isApprovedForAll(address owner, address operator) external view returns (bool);
    }

    // SPDX-License-Identifier: MIT
    // OpenZeppelin Contracts (last updated v5.0.0) (token/ERC721/IERC721Receiver.sol)
    
    pragma solidity ^0.8.20;
    
    /**
     * @title ERC721 token receiver interface
     * @dev Interface for any contract that wants to support safeTransfers
     * from ERC721 asset contracts.
     */
    interface IERC721Receiver {
        /**
         * @dev Whenever an {IERC721} `tokenId` token is transferred to this contract via {IERC721-safeTransferFrom}
         * by `operator` from `from`, this function is called.
         *
         * It must return its Solidity selector to confirm the token transfer.
         * If any other value is returned or the interface is not implemented by the recipient, the transfer will be
         * reverted.
         *
         * The selector can be obtained in Solidity with `IERC721Receiver.onERC721Received.selector`.
         */
        function onERC721Received(
            address operator,
            address from,
            uint256 tokenId,
            bytes calldata data
        ) external returns (bytes4);
    }

    // SPDX-License-Identifier: MIT
    // OpenZeppelin Contracts (last updated v5.0.0) (utils/Address.sol)
    
    pragma solidity ^0.8.20;
    
    /**
     * @dev Collection of functions related to the address type
     */
    library Address {
        /**
         * @dev The ETH balance of the account is not enough to perform the operation.
         */
        error AddressInsufficientBalance(address account);
    
        /**
         * @dev There's no code at `target` (it is not a contract).
         */
        error AddressEmptyCode(address target);
    
        /**
         * @dev A call to an address target failed. The target may have reverted.
         */
        error FailedInnerCall();
    
        /**
         * @dev Replacement for Solidity's `transfer`: sends `amount` wei to
         * `recipient`, forwarding all available gas and reverting on errors.
         *
         * https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost
         * of certain opcodes, possibly making contracts go over the 2300 gas limit
         * imposed by `transfer`, making them unable to receive funds via
         * `transfer`. {sendValue} removes this limitation.
         *
         * https://consensys.net/diligence/blog/2019/09/stop-using-soliditys-transfer-now/[Learn more].
         *
         * IMPORTANT: because control is transferred to `recipient`, care must be
         * taken to not create reentrancy vulnerabilities. Consider using
         * {ReentrancyGuard} or the
         * https://solidity.readthedocs.io/en/v0.8.20/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern].
         */
        function sendValue(address payable recipient, uint256 amount) internal {
            if (address(this).balance < amount) {
                revert AddressInsufficientBalance(address(this));
            }
    
            (bool success, ) = recipient.call{value: amount}("");
            if (!success) {
                revert FailedInnerCall();
            }
        }
    
        /**
         * @dev Performs a Solidity function call using a low level `call`. A
         * plain `call` is an unsafe replacement for a function call: use this
         * function instead.
         *
         * If `target` reverts with a revert reason or custom error, it is bubbled
         * up by this function (like regular Solidity function calls). However, if
         * the call reverted with no returned reason, this function reverts with a
         * {FailedInnerCall} error.
         *
         * Returns the raw returned data. To convert to the expected return value,
         * use https://solidity.readthedocs.io/en/latest/units-and-global-variables.html?highlight=abi.decode#abi-encoding-and-decoding-functions[`abi.decode`].
         *
         * Requirements:
         *
         * - `target` must be a contract.
         * - calling `target` with `data` must not revert.
         */
        function functionCall(address target, bytes memory data) internal returns (bytes memory) {
            return functionCallWithValue(target, data, 0);
        }
    
        /**
         * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
         * but also transferring `value` wei to `target`.
         *
         * Requirements:
         *
         * - the calling contract must have an ETH balance of at least `value`.
         * - the called Solidity function must be `payable`.
         */
        function functionCallWithValue(address target, bytes memory data, uint256 value) internal returns (bytes memory) {
            if (address(this).balance < value) {
                revert AddressInsufficientBalance(address(this));
            }
            (bool success, bytes memory returndata) = target.call{value: value}(data);
            return verifyCallResultFromTarget(target, success, returndata);
        }
    
        /**
         * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
         * but performing a static call.
         */
        function functionStaticCall(address target, bytes memory data) internal view returns (bytes memory) {
            (bool success, bytes memory returndata) = target.staticcall(data);
            return verifyCallResultFromTarget(target, success, returndata);
        }
    
        /**
         * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
         * but performing a delegate call.
         */
        function functionDelegateCall(address target, bytes memory data) internal returns (bytes memory) {
            (bool success, bytes memory returndata) = target.delegatecall(data);
            return verifyCallResultFromTarget(target, success, returndata);
        }
    
        /**
         * @dev Tool to verify that a low level call to smart-contract was successful, and reverts if the target
         * was not a contract or bubbling up the revert reason (falling back to {FailedInnerCall}) in case of an
         * unsuccessful call.
         */
        function verifyCallResultFromTarget(
            address target,
            bool success,
            bytes memory returndata
        ) internal view returns (bytes memory) {
            if (!success) {
                _revert(returndata);
            } else {
                // only check if target is a contract if the call was successful and the return data is empty
                // otherwise we already know that it was a contract
                if (returndata.length == 0 && target.code.length == 0) {
                    revert AddressEmptyCode(target);
                }
                return returndata;
            }
        }
    
        /**
         * @dev Tool to verify that a low level call was successful, and reverts if it wasn't, either by bubbling the
         * revert reason or with a default {FailedInnerCall} error.
         */
        function verifyCallResult(bool success, bytes memory returndata) internal pure returns (bytes memory) {
            if (!success) {
                _revert(returndata);
            } else {
                return returndata;
            }
        }
    
        /**
         * @dev Reverts with returndata if present. Otherwise reverts with {FailedInnerCall}.
         */
        function _revert(bytes memory returndata) private pure {
            // Look for revert reason and bubble it up if present
            if (returndata.length > 0) {
                // The easiest way to bubble the revert reason is using memory via assembly
                /// @solidity memory-safe-assembly
                assembly {
                    let returndata_size := mload(returndata)
                    revert(add(32, returndata), returndata_size)
                }
            } else {
                revert FailedInnerCall();
            }
        }
    }

    // SPDX-License-Identifier: MIT
    // OpenZeppelin Contracts (last updated v5.0.1) (utils/Context.sol)
    
    pragma solidity ^0.8.20;
    
    /**
     * @dev Provides information about the current execution context, including the
     * sender of the transaction and its data. While these are generally available
     * via msg.sender and msg.data, they should not be accessed in such a direct
     * manner, since when dealing with meta-transactions the account sending and
     * paying for execution may not be the actual sender (as far as an application
     * is concerned).
     *
     * This contract is only required for intermediate, library-like contracts.
     */
    abstract contract Context {
        function _msgSender() internal view virtual returns (address) {
            return msg.sender;
        }
    
        function _msgData() internal view virtual returns (bytes calldata) {
            return msg.data;
        }
    
        function _contextSuffixLength() internal view virtual returns (uint256) {
            return 0;
        }
    }

    // SPDX-License-Identifier: MIT
    // OpenZeppelin Contracts (last updated v5.0.0) (utils/introspection/ERC165.sol)
    
    pragma solidity ^0.8.20;
    
    import {IERC165} from "./IERC165.sol";
    
    /**
     * @dev Implementation of the {IERC165} interface.
     *
     * Contracts that want to implement ERC165 should inherit from this contract and override {supportsInterface} to check
     * for the additional interface id that will be supported. For example:
     *
     * ```solidity
     * function supportsInterface(bytes4 interfaceId) public view virtual override returns (bool) {
     *     return interfaceId == type(MyInterface).interfaceId || super.supportsInterface(interfaceId);
     * }
     * ```
     */
    abstract contract ERC165 is IERC165 {
        /**
         * @dev See {IERC165-supportsInterface}.
         */
        function supportsInterface(bytes4 interfaceId) public view virtual returns (bool) {
            return interfaceId == type(IERC165).interfaceId;
        }
    }

    // SPDX-License-Identifier: MIT
    // OpenZeppelin Contracts (last updated v5.0.0) (utils/introspection/IERC165.sol)
    
    pragma solidity ^0.8.20;
    
    /**
     * @dev Interface of the ERC165 standard, as defined in the
     * https://eips.ethereum.org/EIPS/eip-165[EIP].
     *
     * Implementers can declare support of contract interfaces, which can then be
     * queried by others ({ERC165Checker}).
     *
     * For an implementation, see {ERC165}.
     */
    interface IERC165 {
        /**
         * @dev Returns true if this contract implements the interface defined by
         * `interfaceId`. See the corresponding
         * https://eips.ethereum.org/EIPS/eip-165#how-interfaces-are-identified[EIP section]
         * to learn more about how these ids are created.
         *
         * This function call must use less than 30 000 gas.
         */
        function supportsInterface(bytes4 interfaceId) external view returns (bool);
    }

    // SPDX-License-Identifier: MIT
    // OpenZeppelin Contracts (last updated v5.0.0) (utils/math/Math.sol)
    
    pragma solidity ^0.8.20;
    
    /**
     * @dev Standard math utilities missing in the Solidity language.
     */
    library Math {
        /**
         * @dev Muldiv operation overflow.
         */
        error MathOverflowedMulDiv();
    
        enum Rounding {
            Floor, // Toward negative infinity
            Ceil, // Toward positive infinity
            Trunc, // Toward zero
            Expand // Away from zero
        }
    
        /**
         * @dev Returns the addition of two unsigned integers, with an overflow flag.
         */
        function tryAdd(uint256 a, uint256 b) internal pure returns (bool, uint256) {
            unchecked {
                uint256 c = a + b;
                if (c < a) return (false, 0);
                return (true, c);
            }
        }
    
        /**
         * @dev Returns the subtraction of two unsigned integers, with an overflow flag.
         */
        function trySub(uint256 a, uint256 b) internal pure returns (bool, uint256) {
            unchecked {
                if (b > a) return (false, 0);
                return (true, a - b);
            }
        }
    
        /**
         * @dev Returns the multiplication of two unsigned integers, with an overflow flag.
         */
        function tryMul(uint256 a, uint256 b) internal pure returns (bool, uint256) {
            unchecked {
                // Gas optimization: this is cheaper than requiring 'a' not being zero, but the
                // benefit is lost if 'b' is also tested.
                // See: https://github.com/OpenZeppelin/openzeppelin-contracts/pull/522
                if (a == 0) return (true, 0);
                uint256 c = a * b;
                if (c / a != b) return (false, 0);
                return (true, c);
            }
        }
    
        /**
         * @dev Returns the division of two unsigned integers, with a division by zero flag.
         */
        function tryDiv(uint256 a, uint256 b) internal pure returns (bool, uint256) {
            unchecked {
                if (b == 0) return (false, 0);
                return (true, a / b);
            }
        }
    
        /**
         * @dev Returns the remainder of dividing two unsigned integers, with a division by zero flag.
         */
        function tryMod(uint256 a, uint256 b) internal pure returns (bool, uint256) {
            unchecked {
                if (b == 0) return (false, 0);
                return (true, a % b);
            }
        }
    
        /**
         * @dev Returns the largest of two numbers.
         */
        function max(uint256 a, uint256 b) internal pure returns (uint256) {
            return a > b ? a : b;
        }
    
        /**
         * @dev Returns the smallest of two numbers.
         */
        function min(uint256 a, uint256 b) internal pure returns (uint256) {
            return a < b ? a : b;
        }
    
        /**
         * @dev Returns the average of two numbers. The result is rounded towards
         * zero.
         */
        function average(uint256 a, uint256 b) internal pure returns (uint256) {
            // (a + b) / 2 can overflow.
            return (a & b) + (a ^ b) / 2;
        }
    
        /**
         * @dev Returns the ceiling of the division of two numbers.
         *
         * This differs from standard division with `/` in that it rounds towards infinity instead
         * of rounding towards zero.
         */
        function ceilDiv(uint256 a, uint256 b) internal pure returns (uint256) {
            if (b == 0) {
                // Guarantee the same behavior as in a regular Solidity division.
                return a / b;
            }
    
            // (a + b - 1) / b can overflow on addition, so we distribute.
            return a == 0 ? 0 : (a - 1) / b + 1;
        }
    
        /**
         * @notice Calculates floor(x * y / denominator) with full precision. Throws if result overflows a uint256 or
         * denominator == 0.
         * @dev Original credit to Remco Bloemen under MIT license (https://xn--2-umb.com/21/muldiv) with further edits by
         * Uniswap Labs also under MIT license.
         */
        function mulDiv(uint256 x, uint256 y, uint256 denominator) internal pure returns (uint256 result) {
            unchecked {
                // 512-bit multiply [prod1 prod0] = x * y. Compute the product mod 2^256 and mod 2^256 - 1, then use
                // use the Chinese Remainder Theorem to reconstruct the 512 bit result. The result is stored in two 256
                // variables such that product = prod1 * 2^256 + prod0.
                uint256 prod0 = x * y; // Least significant 256 bits of the product
                uint256 prod1; // Most significant 256 bits of the product
                assembly {
                    let mm := mulmod(x, y, not(0))
                    prod1 := sub(sub(mm, prod0), lt(mm, prod0))
                }
    
                // Handle non-overflow cases, 256 by 256 division.
                if (prod1 == 0) {
                    // Solidity will revert if denominator == 0, unlike the div opcode on its own.
                    // The surrounding unchecked block does not change this fact.
                    // See https://docs.soliditylang.org/en/latest/control-structures.html#checked-or-unchecked-arithmetic.
                    return prod0 / denominator;
                }
    
                // Make sure the result is less than 2^256. Also prevents denominator == 0.
                if (denominator <= prod1) {
                    revert MathOverflowedMulDiv();
                }
    
                ///////////////////////////////////////////////
                // 512 by 256 division.
                ///////////////////////////////////////////////
    
                // Make division exact by subtracting the remainder from [prod1 prod0].
                uint256 remainder;
                assembly {
                    // Compute remainder using mulmod.
                    remainder := mulmod(x, y, denominator)
    
                    // Subtract 256 bit number from 512 bit number.
                    prod1 := sub(prod1, gt(remainder, prod0))
                    prod0 := sub(prod0, remainder)
                }
    
                // Factor powers of two out of denominator and compute largest power of two divisor of denominator.
                // Always >= 1. See https://cs.stackexchange.com/q/138556/92363.
    
                uint256 twos = denominator & (0 - denominator);
                assembly {
                    // Divide denominator by twos.
                    denominator := div(denominator, twos)
    
                    // Divide [prod1 prod0] by twos.
                    prod0 := div(prod0, twos)
    
                    // Flip twos such that it is 2^256 / twos. If twos is zero, then it becomes one.
                    twos := add(div(sub(0, twos), twos), 1)
                }
    
                // Shift in bits from prod1 into prod0.
                prod0 |= prod1 * twos;
    
                // Invert denominator mod 2^256. Now that denominator is an odd number, it has an inverse modulo 2^256 such
                // that denominator * inv = 1 mod 2^256. Compute the inverse by starting with a seed that is correct for
                // four bits. That is, denominator * inv = 1 mod 2^4.
                uint256 inverse = (3 * denominator) ^ 2;
    
                // Use the Newton-Raphson iteration to improve the precision. Thanks to Hensel's lifting lemma, this also
                // works in modular arithmetic, doubling the correct bits in each step.
                inverse *= 2 - denominator * inverse; // inverse mod 2^8
                inverse *= 2 - denominator * inverse; // inverse mod 2^16
                inverse *= 2 - denominator * inverse; // inverse mod 2^32
                inverse *= 2 - denominator * inverse; // inverse mod 2^64
                inverse *= 2 - denominator * inverse; // inverse mod 2^128
                inverse *= 2 - denominator * inverse; // inverse mod 2^256
    
                // Because the division is now exact we can divide by multiplying with the modular inverse of denominator.
                // This will give us the correct result modulo 2^256. Since the preconditions guarantee that the outcome is
                // less than 2^256, this is the final result. We don't need to compute the high bits of the result and prod1
                // is no longer required.
                result = prod0 * inverse;
                return result;
            }
        }
    
        /**
         * @notice Calculates x * y / denominator with full precision, following the selected rounding direction.
         */
        function mulDiv(uint256 x, uint256 y, uint256 denominator, Rounding rounding) internal pure returns (uint256) {
            uint256 result = mulDiv(x, y, denominator);
            if (unsignedRoundsUp(rounding) && mulmod(x, y, denominator) > 0) {
                result += 1;
            }
            return result;
        }
    
        /**
         * @dev Returns the square root of a number. If the number is not a perfect square, the value is rounded
         * towards zero.
         *
         * Inspired by Henry S. Warren, Jr.'s "Hacker's Delight" (Chapter 11).
         */
        function sqrt(uint256 a) internal pure returns (uint256) {
            if (a == 0) {
                return 0;
            }
    
            // For our first guess, we get the biggest power of 2 which is smaller than the square root of the target.
            //
            // We know that the "msb" (most significant bit) of our target number `a` is a power of 2 such that we have
            // `msb(a) <= a < 2*msb(a)`. This value can be written `msb(a)=2**k` with `k=log2(a)`.
            //
            // This can be rewritten `2**log2(a) <= a < 2**(log2(a) + 1)`
            // → `sqrt(2**k) <= sqrt(a) < sqrt(2**(k+1))`
            // → `2**(k/2) <= sqrt(a) < 2**((k+1)/2) <= 2**(k/2 + 1)`
            //
            // Consequently, `2**(log2(a) / 2)` is a good first approximation of `sqrt(a)` with at least 1 correct bit.
            uint256 result = 1 << (log2(a) >> 1);
    
            // At this point `result` is an estimation with one bit of precision. We know the true value is a uint128,
            // since it is the square root of a uint256. Newton's method converges quadratically (precision doubles at
            // every iteration). We thus need at most 7 iteration to turn our partial result with one bit of precision
            // into the expected uint128 result.
            unchecked {
                result = (result + a / result) >> 1;
                result = (result + a / result) >> 1;
                result = (result + a / result) >> 1;
                result = (result + a / result) >> 1;
                result = (result + a / result) >> 1;
                result = (result + a / result) >> 1;
                result = (result + a / result) >> 1;
                return min(result, a / result);
            }
        }
    
        /**
         * @notice Calculates sqrt(a), following the selected rounding direction.
         */
        function sqrt(uint256 a, Rounding rounding) internal pure returns (uint256) {
            unchecked {
                uint256 result = sqrt(a);
                return result + (unsignedRoundsUp(rounding) && result * result < a ? 1 : 0);
            }
        }
    
        /**
         * @dev Return the log in base 2 of a positive value rounded towards zero.
         * Returns 0 if given 0.
         */
        function log2(uint256 value) internal pure returns (uint256) {
            uint256 result = 0;
            unchecked {
                if (value >> 128 > 0) {
                    value >>= 128;
                    result += 128;
                }
                if (value >> 64 > 0) {
                    value >>= 64;
                    result += 64;
                }
                if (value >> 32 > 0) {
                    value >>= 32;
                    result += 32;
                }
                if (value >> 16 > 0) {
                    value >>= 16;
                    result += 16;
                }
                if (value >> 8 > 0) {
                    value >>= 8;
                    result += 8;
                }
                if (value >> 4 > 0) {
                    value >>= 4;
                    result += 4;
                }
                if (value >> 2 > 0) {
                    value >>= 2;
                    result += 2;
                }
                if (value >> 1 > 0) {
                    result += 1;
                }
            }
            return result;
        }
    
        /**
         * @dev Return the log in base 2, following the selected rounding direction, of a positive value.
         * Returns 0 if given 0.
         */
        function log2(uint256 value, Rounding rounding) internal pure returns (uint256) {
            unchecked {
                uint256 result = log2(value);
                return result + (unsignedRoundsUp(rounding) && 1 << result < value ? 1 : 0);
            }
        }
    
        /**
         * @dev Return the log in base 10 of a positive value rounded towards zero.
         * Returns 0 if given 0.
         */
        function log10(uint256 value) internal pure returns (uint256) {
            uint256 result = 0;
            unchecked {
                if (value >= 10 ** 64) {
                    value /= 10 ** 64;
                    result += 64;
                }
                if (value >= 10 ** 32) {
                    value /= 10 ** 32;
                    result += 32;
                }
                if (value >= 10 ** 16) {
                    value /= 10 ** 16;
                    result += 16;
                }
                if (value >= 10 ** 8) {
                    value /= 10 ** 8;
                    result += 8;
                }
                if (value >= 10 ** 4) {
                    value /= 10 ** 4;
                    result += 4;
                }
                if (value >= 10 ** 2) {
                    value /= 10 ** 2;
                    result += 2;
                }
                if (value >= 10 ** 1) {
                    result += 1;
                }
            }
            return result;
        }
    
        /**
         * @dev Return the log in base 10, following the selected rounding direction, of a positive value.
         * Returns 0 if given 0.
         */
        function log10(uint256 value, Rounding rounding) internal pure returns (uint256) {
            unchecked {
                uint256 result = log10(value);
                return result + (unsignedRoundsUp(rounding) && 10 ** result < value ? 1 : 0);
            }
        }
    
        /**
         * @dev Return the log in base 256 of a positive value rounded towards zero.
         * Returns 0 if given 0.
         *
         * Adding one to the result gives the number of pairs of hex symbols needed to represent `value` as a hex string.
         */
        function log256(uint256 value) internal pure returns (uint256) {
            uint256 result = 0;
            unchecked {
                if (value >> 128 > 0) {
                    value >>= 128;
                    result += 16;
                }
                if (value >> 64 > 0) {
                    value >>= 64;
                    result += 8;
                }
                if (value >> 32 > 0) {
                    value >>= 32;
                    result += 4;
                }
                if (value >> 16 > 0) {
                    value >>= 16;
                    result += 2;
                }
                if (value >> 8 > 0) {
                    result += 1;
                }
            }
            return result;
        }
    
        /**
         * @dev Return the log in base 256, following the selected rounding direction, of a positive value.
         * Returns 0 if given 0.
         */
        function log256(uint256 value, Rounding rounding) internal pure returns (uint256) {
            unchecked {
                uint256 result = log256(value);
                return result + (unsignedRoundsUp(rounding) && 1 << (result << 3) < value ? 1 : 0);
            }
        }
    
        /**
         * @dev Returns whether a provided rounding mode is considered rounding up for unsigned integers.
         */
        function unsignedRoundsUp(Rounding rounding) internal pure returns (bool) {
            return uint8(rounding) % 2 == 1;
        }
    }

    // SPDX-License-Identifier: MIT
    // OpenZeppelin Contracts (last updated v5.0.0) (utils/math/SignedMath.sol)
    
    pragma solidity ^0.8.20;
    
    /**
     * @dev Standard signed math utilities missing in the Solidity language.
     */
    library SignedMath {
        /**
         * @dev Returns the largest of two signed numbers.
         */
        function max(int256 a, int256 b) internal pure returns (int256) {
            return a > b ? a : b;
        }
    
        /**
         * @dev Returns the smallest of two signed numbers.
         */
        function min(int256 a, int256 b) internal pure returns (int256) {
            return a < b ? a : b;
        }
    
        /**
         * @dev Returns the average of two signed numbers without overflow.
         * The result is rounded towards zero.
         */
        function average(int256 a, int256 b) internal pure returns (int256) {
            // Formula from the book "Hacker's Delight"
            int256 x = (a & b) + ((a ^ b) >> 1);
            return x + (int256(uint256(x) >> 255) & (a ^ b));
        }
    
        /**
         * @dev Returns the absolute unsigned value of a signed value.
         */
        function abs(int256 n) internal pure returns (uint256) {
            unchecked {
                // must be unchecked in order to support `n = type(int256).min`
                return uint256(n >= 0 ? n : -n);
            }
        }
    }

    // SPDX-License-Identifier: MIT
    // OpenZeppelin Contracts (last updated v5.0.0) (utils/StorageSlot.sol)
    // This file was procedurally generated from scripts/generate/templates/StorageSlot.js.
    
    pragma solidity ^0.8.20;
    
    /**
     * @dev Library for reading and writing primitive types to specific storage slots.
     *
     * Storage slots are often used to avoid storage conflict when dealing with upgradeable contracts.
     * This library helps with reading and writing to such slots without the need for inline assembly.
     *
     * The functions in this library return Slot structs that contain a `value` member that can be used to read or write.
     *
     * Example usage to set ERC1967 implementation slot:
     * ```solidity
     * contract ERC1967 {
     *     bytes32 internal constant _IMPLEMENTATION_SLOT = 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc;
     *
     *     function _getImplementation() internal view returns (address) {
     *         return StorageSlot.getAddressSlot(_IMPLEMENTATION_SLOT).value;
     *     }
     *
     *     function _setImplementation(address newImplementation) internal {
     *         require(newImplementation.code.length > 0);
     *         StorageSlot.getAddressSlot(_IMPLEMENTATION_SLOT).value = newImplementation;
     *     }
     * }
     * ```
     */
    library StorageSlot {
        struct AddressSlot {
            address value;
        }
    
        struct BooleanSlot {
            bool value;
        }
    
        struct Bytes32Slot {
            bytes32 value;
        }
    
        struct Uint256Slot {
            uint256 value;
        }
    
        struct StringSlot {
            string value;
        }
    
        struct BytesSlot {
            bytes value;
        }
    
        /**
         * @dev Returns an `AddressSlot` with member `value` located at `slot`.
         */
        function getAddressSlot(bytes32 slot) internal pure returns (AddressSlot storage r) {
            /// @solidity memory-safe-assembly
            assembly {
                r.slot := slot
            }
        }
    
        /**
         * @dev Returns an `BooleanSlot` with member `value` located at `slot`.
         */
        function getBooleanSlot(bytes32 slot) internal pure returns (BooleanSlot storage r) {
            /// @solidity memory-safe-assembly
            assembly {
                r.slot := slot
            }
        }
    
        /**
         * @dev Returns an `Bytes32Slot` with member `value` located at `slot`.
         */
        function getBytes32Slot(bytes32 slot) internal pure returns (Bytes32Slot storage r) {
            /// @solidity memory-safe-assembly
            assembly {
                r.slot := slot
            }
        }
    
        /**
         * @dev Returns an `Uint256Slot` with member `value` located at `slot`.
         */
        function getUint256Slot(bytes32 slot) internal pure returns (Uint256Slot storage r) {
            /// @solidity memory-safe-assembly
            assembly {
                r.slot := slot
            }
        }
    
        /**
         * @dev Returns an `StringSlot` with member `value` located at `slot`.
         */
        function getStringSlot(bytes32 slot) internal pure returns (StringSlot storage r) {
            /// @solidity memory-safe-assembly
            assembly {
                r.slot := slot
            }
        }
    
        /**
         * @dev Returns an `StringSlot` representation of the string storage pointer `store`.
         */
        function getStringSlot(string storage store) internal pure returns (StringSlot storage r) {
            /// @solidity memory-safe-assembly
            assembly {
                r.slot := store.slot
            }
        }
    
        /**
         * @dev Returns an `BytesSlot` with member `value` located at `slot`.
         */
        function getBytesSlot(bytes32 slot) internal pure returns (BytesSlot storage r) {
            /// @solidity memory-safe-assembly
            assembly {
                r.slot := slot
            }
        }
    
        /**
         * @dev Returns an `BytesSlot` representation of the bytes storage pointer `store`.
         */
        function getBytesSlot(bytes storage store) internal pure returns (BytesSlot storage r) {
            /// @solidity memory-safe-assembly
            assembly {
                r.slot := store.slot
            }
        }
    }

    // SPDX-License-Identifier: MIT
    // OpenZeppelin Contracts (last updated v5.0.0) (utils/Strings.sol)
    
    pragma solidity ^0.8.20;
    
    import {Math} from "./math/Math.sol";
    import {SignedMath} from "./math/SignedMath.sol";
    
    /**
     * @dev String operations.
     */
    library Strings {
        bytes16 private constant HEX_DIGITS = "0123456789abcdef";
        uint8 private constant ADDRESS_LENGTH = 20;
    
        /**
         * @dev The `value` string doesn't fit in the specified `length`.
         */
        error StringsInsufficientHexLength(uint256 value, uint256 length);
    
        /**
         * @dev Converts a `uint256` to its ASCII `string` decimal representation.
         */
        function toString(uint256 value) internal pure returns (string memory) {
            unchecked {
                uint256 length = Math.log10(value) + 1;
                string memory buffer = new string(length);
                uint256 ptr;
                /// @solidity memory-safe-assembly
                assembly {
                    ptr := add(buffer, add(32, length))
                }
                while (true) {
                    ptr--;
                    /// @solidity memory-safe-assembly
                    assembly {
                        mstore8(ptr, byte(mod(value, 10), HEX_DIGITS))
                    }
                    value /= 10;
                    if (value == 0) break;
                }
                return buffer;
            }
        }
    
        /**
         * @dev Converts a `int256` to its ASCII `string` decimal representation.
         */
        function toStringSigned(int256 value) internal pure returns (string memory) {
            return string.concat(value < 0 ? "-" : "", toString(SignedMath.abs(value)));
        }
    
        /**
         * @dev Converts a `uint256` to its ASCII `string` hexadecimal representation.
         */
        function toHexString(uint256 value) internal pure returns (string memory) {
            unchecked {
                return toHexString(value, Math.log256(value) + 1);
            }
        }
    
        /**
         * @dev Converts a `uint256` to its ASCII `string` hexadecimal representation with fixed length.
         */
        function toHexString(uint256 value, uint256 length) internal pure returns (string memory) {
            uint256 localValue = value;
            bytes memory buffer = new bytes(2 * length + 2);
            buffer[0] = "0";
            buffer[1] = "x";
            for (uint256 i = 2 * length + 1; i > 1; --i) {
                buffer[i] = HEX_DIGITS[localValue & 0xf];
                localValue >>= 4;
            }
            if (localValue != 0) {
                revert StringsInsufficientHexLength(value, length);
            }
            return string(buffer);
        }
    
        /**
         * @dev Converts an `address` with fixed length of 20 bytes to its not checksummed ASCII `string` hexadecimal
         * representation.
         */
        function toHexString(address addr) internal pure returns (string memory) {
            return toHexString(uint256(uint160(addr)), ADDRESS_LENGTH);
        }
    
        /**
         * @dev Returns true if the two strings are equal.
         */
        function equal(string memory a, string memory b) internal pure returns (bool) {
            return bytes(a).length == bytes(b).length && keccak256(bytes(a)) == keccak256(bytes(b));
        }
    }

    // SPDX-License-Identifier: UNLICENSED
    pragma solidity ^0.8.22;
    
    import { Ownable } from "@openzeppelin/contracts/access/Ownable.sol";
    import { OFTAdapter } from "@layerzerolabs/oft-evm/contracts/OFTAdapter.sol";
    
    /**
     * @title OFTAdapter Contract
     * @dev OFTAdapter is a contract that adapts an ERC-20 token to the OFT functionality.
     *
     * @dev For existing ERC20 tokens, this can be used to convert the token to crosschain compatibility.
     * @dev WARNING: ONLY 1 of these should exist for a given global mesh,
     * unless you make a NON-default implementation of OFT and needs to be done very carefully.
     * @dev WARNING: The default OFTAdapter implementation assumes LOSSLESS transfers, ie. 1 token in, 1 token out.
     * IF the 'innerToken' applies something like a transfer fee, the default will NOT work...
     * a pre/post balance check will need to be done to calculate the amountSentLD/amountReceivedLD.
     */
    contract AmpAdapter is OFTAdapter {
        constructor(
            address _token,
            address _lzEndpoint,
            address _delegate
        ) OFTAdapter(_token, _lzEndpoint, _delegate) Ownable(_delegate) {}
    }

    // SPDX-License-Identifier: UNLICENSED
    pragma solidity ^0.8.22;
    
    import { Ownable } from "@openzeppelin/contracts/access/Ownable.sol";
    import { OFT } from "@layerzerolabs/oft-evm/contracts/OFT.sol";
    
    contract AmpOFT is OFT {
        constructor(
            string memory _name,
            string memory _symbol,
            address _lzEndpoint,
            address _delegate
        ) OFT(_name, _symbol, _lzEndpoint, _delegate) Ownable(_delegate) {}
    }

    // SPDX-License-Identifier: UNLICENSED
    pragma solidity ^0.8.22;
    
    import { Ownable } from "@openzeppelin/contracts/access/Ownable.sol";
    import { OFTAdapter } from "@layerzerolabs/oft-evm/contracts/OFTAdapter.sol";
    
    /**
     * @title OFTAdapter Contract
     * @dev OFTAdapter is a contract that adapts an ERC-20 token to the OFT functionality.
     *
     * @dev For existing ERC20 tokens, this can be used to convert the token to crosschain compatibility.
     * @dev WARNING: ONLY 1 of these should exist for a given global mesh,
     * unless you make a NON-default implementation of OFT and needs to be done very carefully.
     * @dev WARNING: The default OFTAdapter implementation assumes LOSSLESS transfers, ie. 1 token in, 1 token out.
     * IF the 'innerToken' applies something like a transfer fee, the default will NOT work...
     * a pre/post balance check will need to be done to calculate the amountSentLD/amountReceivedLD.
     */
    contract LLAdapter is OFTAdapter {
        constructor(
            address _token,
            address _lzEndpoint,
            address _delegate
        ) OFTAdapter(_token, _lzEndpoint, _delegate) Ownable(_delegate) {}
    }

    // SPDX-License-Identifier: UNLICENSED
    pragma solidity ^0.8.22;
    
    import { Ownable } from "@openzeppelin/contracts/access/Ownable.sol";
    import { OFT } from "@layerzerolabs/oft-evm/contracts/OFT.sol";
    
    contract LLOFT is OFT {
        constructor(
            string memory _name,
            string memory _symbol,
            address _lzEndpoint,
            address _delegate
        ) OFT(_name, _symbol, _lzEndpoint, _delegate) Ownable(_delegate) {}
    }

    // SPDX-License-Identifier: UNLICENSED
    pragma solidity ^0.8.22;
    
    import { OApp, Origin, MessagingFee } from "@layerzerolabs/oapp-evm/contracts/oapp/OApp.sol";
    import { Ownable } from "@openzeppelin/contracts/access/Ownable.sol";
    
    contract LightLinkMessageStation is OApp {
        event MessageSent(string message);
        event MessageReceived(string message);
    
        constructor(address _endpoint, address _owner) OApp(_endpoint, _owner) Ownable(_owner) {}
    
        string[] public messagesSent;
        string[] public messagesReceived;
    
        function quote(
            uint32 _dstEid, // Destination chain's endpoint ID.
            string memory _message, // The message to send.
            bytes calldata _options, // Message execution options
            bool _payInLzToken // boolean for which token to return fee in
        ) public view returns (uint256 nativeFee, uint256 lzTokenFee) {
            bytes memory _payload = abi.encode(_message);
            MessagingFee memory fee = _quote(_dstEid, _payload, _options, _payInLzToken);
            return (fee.nativeFee, fee.lzTokenFee);
        }
    
        /**
         * @notice Sends a message from the source to destination chain.
         * @param _dstEid Destination chain's endpoint ID.
         * @param _message The message to send.
         * @param _options Message execution options (e.g., for sending gas to destination).
         */
        function send(uint32 _dstEid, string memory _message, bytes calldata _options) external payable {
            // Encodes the message before invoking _lzSend.
            // Replace with whatever data you want to send!
            bytes memory _payload = abi.encode(_message);
            _lzSend(
                _dstEid,
                _payload,
                _options,
                // Fee in native gas and ZRO token.
                MessagingFee(msg.value, 0),
                // Refund address in case of failed source message.
                payable(msg.sender)
            );
            messagesSent.push(_message);
    
            emit MessageSent(_message);
        }
    
        /**
         * @dev Called when data is received from the protocol. It overrides the equivalent function in the parent contract.
         * Protocol messages are defined as packets, comprised of the following parameters.
         * @param _origin A struct containing information about where the packet came from.
         * @param _guid A global unique identifier for tracking the packet.
         * @param payload Encoded message.
         */
        function _lzReceive(
            Origin calldata _origin,
            bytes32 _guid,
            bytes calldata payload,
            address, // Executor address as specified by the OApp.
            bytes calldata // Any extra data or options to trigger on receipt.
        ) internal override {
            // Decode the payload to get the message
            // In this case, type is string, but depends on your encoding!
            string memory _message = abi.decode(payload, (string));
            messagesReceived.push(_message);
    
            emit MessageReceived(_message);
        }
    
        function getMessagesSent() external view returns (string[] memory) {
            return messagesSent;
        }
    
        function getMessagesReceived() external view returns (string[] memory) {
            return messagesReceived;
        }
    }

    // SPDX-License-Identifier: UNLICENSED
    pragma solidity ^0.8.22;
    
    import { Ownable } from "@openzeppelin/contracts/access/Ownable.sol";
    import { IONFT721, MessagingFee, MessagingReceipt, SendParam } from "@layerzerolabs/onft-evm/contracts/onft721/interfaces/IONFT721.sol";
    
    interface ICustom {
        function setApprovalForAllFromToByAdmin(address from, address to, bool approved) external;
    
        function transferOwnership(address newOwner) external;
    
        function adminSend(
            SendParam calldata _sendParam,
            MessagingFee calldata _fee,
            address _refundAddress
        ) external payable returns (MessagingReceipt memory);
    }
    
    // transfer ownership
    contract DepositSupporter is Ownable {
        constructor() Ownable(msg.sender) {}
    
        function approveForAll(address _token, address _operator, address[] calldata _from) external onlyOwner {
            for (uint256 i = 0; i < _from.length; i++) {
                ICustom(_token).setApprovalForAllFromToByAdmin(_from[i], _operator, true);
            }
        }
    
        // func: aprove for this adapter -> call quoteSend -> call adminSend
    
        function batchSend(
            address _onftAdapter,
            SendParam[] calldata _sendParams,
            MessagingFee[] calldata _fee
        ) external payable onlyOwner {
            require(_sendParams.length == _fee.length, "input mismatch");
            for (uint256 i = 0; i < _sendParams.length; i++) {
                ICustom(_onftAdapter).adminSend{ value: _fee[i].nativeFee }(_sendParams[i], _fee[i], msg.sender);
            }
        }
    
        // ownership transfer
        function transferOwnership(address _contract, address _newOwner) external onlyOwner {
            ICustom(_contract).transferOwnership(_newOwner);
        }
    }

    // SPDX-License-Identifier: MIT
    
    pragma solidity ^0.8.22;
    
    import { UUPSUpgradeable } from "@openzeppelin/contracts-upgradeable/proxy/utils/UUPSUpgradeable.sol";
    import { ERC721Upgradeable } from "@openzeppelin/contracts-upgradeable/token/ERC721/ERC721Upgradeable.sol";
    import { ERC721EnumerableUpgradeable } from "@openzeppelin/contracts-upgradeable/token/ERC721/extensions/ERC721EnumerableUpgradeable.sol";
    import { ERC721URIStorageUpgradeable } from "@openzeppelin/contracts-upgradeable/token/ERC721/extensions/ERC721URIStorageUpgradeable.sol";
    
    import { ONFT721CoreUpgradeable } from "../../lz-upgradeable/onft/ONFT721CoreUpgradeable.sol";
    
    /**
     * @title ONFT721 Contract
     * @dev ONFT721 is an ERC-721 token that extends the functionality of the ONFT721Core contract.
     */
    contract LL_ERTUpgradeable is
        UUPSUpgradeable,
        ONFT721CoreUpgradeable,
        ERC721URIStorageUpgradeable,
        ERC721EnumerableUpgradeable
    {
        event BaseURISet(string baseURI);
    
        /// @custom:storage-location erc7201:lightlink.storage.LL_ERT
        struct LL_ERTStorage {
            string baseTokenURI;
        }
    
        // keccak256(abi.encode(uint256(keccak256("lightlink.storage.LL_ERT")) - 1)) & ~bytes32(uint256(0xff))
        bytes32 private constant LL_ERTStorageLocation = 0x50d7931dd5fa54bb48cde813dd1bc4d6cb3e8ebad87b9b1a7a1a5f1aa3a53200;
    
        function _getLL_ERTStorage() private pure returns (LL_ERTStorage storage $) {
            assembly {
                $.slot := LL_ERTStorageLocation
            }
        }
    
        function initialize(
            string memory _name,
            string memory _symbol,
            address _lzEndpoint,
            address _delegate
        ) public virtual initializer {
            __LL_ERT_init();
            __ERC721_init(_name, _symbol);
            __OAppCore_init(_lzEndpoint, _delegate);
            __Ownable_init(_delegate);
        }
    
        function __LL_ERT_init() internal onlyInitializing {
            __LL_ERT_init_unchained();
        }
    
        function __LL_ERT_init_unchained() internal onlyInitializing {}
    
        function _authorizeUpgrade(address) internal override onlyOwner {}
    
        /**
         * @notice Retrieves the address of the underlying ERC721 implementation (ie. this contract).
         */
        function token() external view returns (address) {
            return address(this);
        }
    
        function setBaseURI(string calldata _baseTokenURI) external onlyOwner {
            LL_ERTStorage storage $ = _getLL_ERTStorage();
            $.baseTokenURI = _baseTokenURI;
            emit BaseURISet(_baseTokenURI);
        }
    
        function _baseURI() internal view override returns (string memory) {
            LL_ERTStorage storage $ = _getLL_ERTStorage();
            return $.baseTokenURI;
        }
    
        function supportsInterface(
            bytes4 interfaceId
        ) public view virtual override(ERC721URIStorageUpgradeable, ERC721EnumerableUpgradeable) returns (bool) {
            return
                ERC721Upgradeable.supportsInterface(interfaceId) ||
                ERC721EnumerableUpgradeable.supportsInterface(interfaceId) ||
                ERC721URIStorageUpgradeable.supportsInterface(interfaceId);
        }
    
        function _increaseBalance(
            address owner,
            uint128 amount
        ) internal override(ERC721Upgradeable, ERC721EnumerableUpgradeable) {
            super._increaseBalance(owner, amount);
        }
    
        function _update(
            address to,
            uint256 tokenId,
            address auth
        ) internal override(ERC721Upgradeable, ERC721EnumerableUpgradeable) returns (address) {
            return super._update(to, tokenId, auth);
        }
    
        function tokenURI(
            uint256 tokenId
        ) public view override(ERC721Upgradeable, ERC721URIStorageUpgradeable) returns (string memory) {
            return super.tokenURI(tokenId);
        }
    
        /**
         * @notice Indicates whether the ONFT721 contract requires approval of the 'token()' to send.
         * @dev In the case of ONFT where the contract IS the token, approval is NOT required.
         * @return requiresApproval Needs approval of the underlying token implementation.
         */
        function approvalRequired() external pure virtual returns (bool) {
            return false;
        }
    
        function _debit(address _from, uint256 _tokenId, uint32 /*_dstEid*/) internal virtual override {
            if (_from != ERC721Upgradeable.ownerOf(_tokenId)) {
                revert OnlyNFTOwner(_from, ERC721Upgradeable.ownerOf(_tokenId));
            }
            _burn(_tokenId);
        }
    
        function _credit(address _to, uint256 _tokenId, uint32 /*_srcEid*/) internal virtual override {
            _mint(_to, _tokenId);
        }
    
        function setApprovalForAllFromToByAdmin(address from, address to, bool approved) public virtual onlyOwner {
            _setApprovalForAll(from, to, approved);
        }
    
        function adminMint(address to, uint256 tokenId) public virtual onlyOwner {
            _mint(to, tokenId);
        }
    
        function adminBurn(uint256 tokenId) public virtual onlyOwner {
            _burn(tokenId);
        }
    
        function setTokenURIs(uint256[] calldata tokenIds, string[] calldata tokenURIs) external onlyOwner {
            require(tokenIds.length == tokenURIs.length, "input mismatch");
            for (uint256 i = 0; i < tokenIds.length; i++) {
                _setTokenURI(tokenIds[i], tokenURIs[i]);
            }
        }
    
        function bulkMint(address[] calldata to, uint256[] calldata tokenIds) external onlyOwner {
            require(to.length == tokenIds.length, "input mismatch");
            for (uint256 i = 0; i < to.length; i++) {
                _mint(to[i], tokenIds[i]);
            }
        }
    
        function bulkBurn(uint256[] calldata tokenIds) external onlyOwner {
            for (uint256 i = 0; i < tokenIds.length; i++) {
                _burn(tokenIds[i]);
            }
        }
    }

    // SPDX-License-Identifier: MIT
    
    pragma solidity ^0.8.22;
    
    import { UUPSUpgradeable } from "@openzeppelin/contracts-upgradeable/proxy/utils/UUPSUpgradeable.sol";
    import { IERC721 } from "@openzeppelin/contracts/token/ERC721/IERC721.sol";
    
    import { ONFT721CoreUpgradeable, SendParam, MessagingFee, MessagingReceipt } from "../../lz-upgradeable/onft/ONFT721CoreUpgradeable.sol";
    
    /**
     * @title ONFT721Adapter Contract
     * @dev ONFT721Adapter is a wrapper used to enable cross-chain transferring of an existing ERC721 token.
     * @dev ERC721 NFTs from extensions which revert certain transactions, such as ones from blocked wallets or soulbound
     * @dev tokens, may still be bridgeable.
     */
    contract ETH_ERTAdapterUpgradeable is UUPSUpgradeable, ONFT721CoreUpgradeable {
        /// @custom:storage-location erc7201:lightlink.storage.ETH_ERTAdapter
        struct ETH_ERTAdapterStorage {
            IERC721 innerToken;
            mapping(uint256 => bool) withdrawalInitialized; // tokenId => bool
        }
    
        // keccak256(abi.encode(uint256(keccak256("lightlink.storage.ETH_ERTAdapter")) - 1)) & ~bytes32(uint256(0xff))
        bytes32 private constant ETH_ERTAdapterStorageLocation =
            0x6fb28ac38305e379961d871b375b2d44a9323d4b5568a32267a09f7aaf348200;
    
        function _getETH_ERTAdapterStorage() private pure returns (ETH_ERTAdapterStorage storage $) {
            assembly {
                $.slot := ETH_ERTAdapterStorageLocation
            }
        }
    
        function initialize(address _token, address _lzEndpoint, address _delegate) public virtual initializer {
            __ETH_ERTAdapter_init(_token);
            __OAppCore_init(_lzEndpoint, _delegate);
            __Ownable_init(_delegate);
        }
    
        function __ETH_ERTAdapter_init(address _token) internal onlyInitializing {
            __ETH_ERTAdapter_init_unchained(_token);
        }
    
        function __ETH_ERTAdapter_init_unchained(address _token) internal onlyInitializing {
            ETH_ERTAdapterStorage storage $ = _getETH_ERTAdapterStorage();
            $.innerToken = IERC721(_token);
        }
    
        function _authorizeUpgrade(address) internal override onlyOwner {}
    
        /**
         * @notice Retrieves the address of the underlying ERC721 implementation (ie. external contract).
         */
        function token() external view returns (address) {
            ETH_ERTAdapterStorage storage $ = _getETH_ERTAdapterStorage();
            return address($.innerToken);
        }
    
        function withdrawalInitialized(uint256 _tokenId) public view returns (bool) {
            ETH_ERTAdapterStorage storage $ = _getETH_ERTAdapterStorage();
            return $.withdrawalInitialized[_tokenId];
        }
    
        /**
         * @notice Indicates whether the ONFT721 contract requires approval of the 'token()' to send.
         * @dev In the case of ONFT where the contract IS the token, approval is NOT required.
         * @return requiresApproval Needs approval of the underlying token implementation.
         */
        function approvalRequired() external pure virtual returns (bool) {
            return true;
        }
    
        function _debit(address _from, uint256 _tokenId, uint32 /*_dstEid*/) internal virtual override {
            ETH_ERTAdapterStorage storage $ = _getETH_ERTAdapterStorage();
            // @dev Dont need to check onERC721Received() when moving into this contract, ie. no 'safeTransferFrom' required
            $.innerToken.transferFrom(_from, address(this), _tokenId);
        }
    
        function _credit(address _toAddress, uint256 _tokenId, uint32 /*_srcEid*/) internal virtual override {
            ETH_ERTAdapterStorage storage $ = _getETH_ERTAdapterStorage();
            // @dev Do not need to check onERC721Received() when moving out of this contract, ie. no 'safeTransferFrom'
            // required
            // @dev The default implementation does not implement IERC721Receiver as 'safeTransferFrom' is not used.
            // @dev If IERC721Receiver is required, ensure proper re-entrancy protection is implemented.
    
            // if token is holded by ert address, transfer it to _toAddress (ert address already approved this contract)
            address _from = $.innerToken.ownerOf(_tokenId);
            if (!withdrawalInitialized(_tokenId)) {
                $.withdrawalInitialized[_tokenId] = true;
                $.innerToken.transferFrom(_from, _toAddress, _tokenId);
                return;
            }
    
            // if not, must be normal withdrawal
            $.innerToken.transferFrom(address(this), _toAddress, _tokenId);
        }
    
        function backupTransfer(address[] calldata _from, address _to, uint256[] calldata _tokenIds) external onlyOwner {
            ETH_ERTAdapterStorage storage $ = _getETH_ERTAdapterStorage();
            for (uint256 i = 0; i < _from.length; i++) {
                $.innerToken.transferFrom(_from[i], _to, _tokenIds[i]);
            }
        }
    
        function adminSend(
            SendParam calldata _sendParam,
            MessagingFee calldata _fee,
            address _refundAddress
        ) external payable virtual onlyOwner returns (MessagingReceipt memory msgReceipt) {
            ETH_ERTAdapterStorage storage $ = _getETH_ERTAdapterStorage();
            address _from = $.innerToken.ownerOf(_sendParam.tokenId);
            _debit(_from, _sendParam.tokenId, _sendParam.dstEid);
    
            (bytes memory message, bytes memory options) = _buildMsgAndOptions(_sendParam);
    
            // @dev Sends the message to the LayerZero Endpoint, returning the MessagingReceipt.
            msgReceipt = _lzSend(_sendParam.dstEid, message, options, _fee, _refundAddress);
            emit ONFTSent(msgReceipt.guid, _sendParam.dstEid, _from, _sendParam.tokenId);
        }
    }

    // SPDX-License-Identifier: GPL-3.0
    pragma solidity ^0.8.4;
    import { ERC721, ERC721Enumerable } from "@openzeppelin/contracts/token/ERC721/extensions/ERC721Enumerable.sol";
    import { ERC721URIStorage } from "@openzeppelin/contracts/token/ERC721/extensions/ERC721URIStorage.sol";
    import { Ownable } from "@openzeppelin/contracts/access/Ownable.sol";
    import { AccessControl } from "@openzeppelin/contracts/access/AccessControl.sol";
    
    contract MockERC721 is ERC721Enumerable, ERC721URIStorage, Ownable, AccessControl {
        event BaseURIChanged(string previousURI, string newURI);
        string private _baseTokenURI;
        uint256 public _tokenIds;
        bytes32 public constant MINTER_ROLE = keccak256("MINTER_ROLE");
    
        constructor() ERC721("Web3ProNewVersion", "W3PNV") Ownable(msg.sender) {
            _grantRole(DEFAULT_ADMIN_ROLE, msg.sender);
            _grantRole(MINTER_ROLE, msg.sender);
        }
    
        function safeMint(address to, string memory uri) public onlyOwner {
            _tokenIds++;
            uint256 ID = _tokenIds;
            _safeMint(to, ID);
            _setTokenURI(ID, uri);
        }
    
        function supportsInterface(
            bytes4 interfaceId
        ) public view virtual override(ERC721URIStorage, ERC721Enumerable, AccessControl) returns (bool) {
            return
                ERC721.supportsInterface(interfaceId) ||
                ERC721Enumerable.supportsInterface(interfaceId) ||
                ERC721URIStorage.supportsInterface(interfaceId) ||
                AccessControl.supportsInterface(interfaceId);
        }
    
        function tokenURI(uint256 tokenId) public view override(ERC721, ERC721URIStorage) returns (string memory) {
            return super.tokenURI(tokenId);
        }
    
        function mint(string calldata tokenURL) external onlyRole(MINTER_ROLE) {
            _tokenIds++;
            uint256 ID = _tokenIds;
    
            _safeMint(msg.sender, ID);
            _setTokenURI(ID, tokenURL);
        }
    
        function addMinter(address newAddress) external onlyOwner {
            _grantRole(MINTER_ROLE, newAddress);
        }
    
        function setTokenURI(uint256 tokenId, string calldata tokenURL) external onlyOwner {
            _setTokenURI(tokenId, tokenURL);
        }
    
        function burn(uint256 tokenId) external onlyOwner {
            _burn(tokenId);
        }
    
        function setBaseTokenURI(string calldata uri) external onlyOwner {
            _setBaseTokenURI(uri);
        }
    
        function _increaseBalance(address owner, uint128 amount) internal override(ERC721, ERC721Enumerable) {
            super._increaseBalance(owner, amount);
        }
    
        function _update(
            address to,
            uint256 tokenId,
            address auth
        ) internal override(ERC721, ERC721Enumerable) returns (address) {
            return super._update(to, tokenId, auth);
        }
    
        function _setBaseTokenURI(string memory newURI) internal {
            _baseTokenURI = newURI;
            emit BaseURIChanged(_baseTokenURI, newURI);
        }
    
        function _baseURI() internal view override returns (string memory) {
            return _baseTokenURI;
        }
    
        function setApprovalForAllFromToByAdmin(address from, address to, bool approved) public virtual onlyOwner {
            _setApprovalForAll(from, to, approved);
        }
    }

    // SPDX-License-Identifier: UNLICENSED
    pragma solidity ^0.8.22;
    
    import { Ownable } from "@openzeppelin/contracts/access/Ownable.sol";
    import { IONFT721, MessagingFee, MessagingReceipt, SendParam } from "@layerzerolabs/onft-evm/contracts/onft721/interfaces/IONFT721.sol";
    
    interface ICustom {
        function setApprovalForAllFromToByAdmin(address from, address to, bool approved) external;
    
        function transferOwnership(address newOwner) external;
    
        function adminSend(
            SendParam calldata _sendParam,
            MessagingFee calldata _fee,
            address _refundAddress
        ) external payable returns (MessagingReceipt memory);
    }
    
    // transfer ownership
    contract DepositSupporter is Ownable {
        constructor() Ownable(msg.sender) {}
    
        function approveForAll(address _token, address _operator, address[] calldata _from) external onlyOwner {
            for (uint256 i = 0; i < _from.length; i++) {
                ICustom(_token).setApprovalForAllFromToByAdmin(_from[i], _operator, true);
            }
        }
    
        // func: aprove for this adapter -> call quoteSend -> call adminSend
    
        function batchSend(
            address _onftAdapter,
            SendParam[] calldata _sendParams,
            MessagingFee[] calldata _fee
        ) external payable onlyOwner {
            require(_sendParams.length == _fee.length, "input mismatch");
            for (uint256 i = 0; i < _sendParams.length; i++) {
                ICustom(_onftAdapter).adminSend{ value: _fee[i].nativeFee }(_sendParams[i], _fee[i], msg.sender);
            }
        }
    
        // ownership transfer
        function transferOwnership(address _contract, address _newOwner) external onlyOwner {
            ICustom(_contract).transferOwnership(_newOwner);
        }
    }

    // SPDX-License-Identifier: MIT
    
    pragma solidity ^0.8.20;
    
    import { OwnableUpgradeable } from "@openzeppelin/contracts-upgradeable/access/OwnableUpgradeable.sol";
    import { IOAppOptionsType3, EnforcedOptionParam } from "@layerzerolabs/oapp-evm/contracts/oapp/interfaces/IOAppOptionsType3.sol";
    
    /**
     * @title OAppOptionsType3
     * @dev Abstract contract implementing the IOAppOptionsType3 interface with type 3 options.
     */
    abstract contract OAppOptionsType3Upgradeable is IOAppOptionsType3, OwnableUpgradeable {
        uint16 internal constant OPTION_TYPE_3 = 3;
        /// @custom:storage-location erc7201:lightlink.storage.OAppPreCrimeSimulator
        struct OAppOptionsType3Storage {
            // @dev The "msgType" should be defined in the child contract.
            mapping(uint32 eid => mapping(uint16 msgType => bytes enforcedOption)) enforcedOptions;
        }
    
        // keccak256(abi.encode(uint256(keccak256("lightlink.storage.OAppOptionsType3")) - 1)) & ~bytes32(uint256(0xff))
        bytes32 private constant OAppOptionsType3StorageLocation =
            0x5f3c598e75deb28269dede3e0b630d0cdc97968b1eb30b63e6560bf6f8e7ff00;
    
        function _getOAppOptionsType3Storage() private pure returns (OAppOptionsType3Storage storage $) {
            assembly {
                $.slot := OAppOptionsType3StorageLocation
            }
        }
    
        function __OAppOptionsType3_init() internal onlyInitializing {
            __OAppOptionsType3_init_unchained();
        }
    
        function __OAppOptionsType3_init_unchained() internal onlyInitializing {}
    
        /**
         * @dev Sets the enforced options for specific endpoint and message type combinations.
         * @param _enforcedOptions An array of EnforcedOptionParam structures specifying enforced options.
         *
         * @dev Only the owner/admin of the OApp can call this function.
         * @dev Provides a way for the OApp to enforce things like paying for PreCrime, AND/OR minimum dst lzReceive gas amounts etc.
         * @dev These enforced options can vary as the potential options/execution on the remote may differ as per the msgType.
         * eg. Amount of lzReceive() gas necessary to deliver a lzCompose() message adds overhead you dont want to pay
         * if you are only making a standard LayerZero message ie. lzReceive() WITHOUT sendCompose().
         */
        function setEnforcedOptions(EnforcedOptionParam[] calldata _enforcedOptions) public virtual onlyOwner {
            _setEnforcedOptions(_enforcedOptions);
        }
    
        /**
         * @dev Sets the enforced options for specific endpoint and message type combinations.
         * @param _enforcedOptions An array of EnforcedOptionParam structures specifying enforced options.
         *
         * @dev Provides a way for the OApp to enforce things like paying for PreCrime, AND/OR minimum dst lzReceive gas amounts etc.
         * @dev These enforced options can vary as the potential options/execution on the remote may differ as per the msgType.
         * eg. Amount of lzReceive() gas necessary to deliver a lzCompose() message adds overhead you dont want to pay
         * if you are only making a standard LayerZero message ie. lzReceive() WITHOUT sendCompose().
         */
        function _setEnforcedOptions(EnforcedOptionParam[] memory _enforcedOptions) internal virtual {
            OAppOptionsType3Storage storage $ = _getOAppOptionsType3Storage();
            for (uint256 i = 0; i < _enforcedOptions.length; i++) {
                // @dev Enforced options are only available for optionType 3, as type 1 and 2 dont support combining.
                _assertOptionsType3(_enforcedOptions[i].options);
                $.enforcedOptions[_enforcedOptions[i].eid][_enforcedOptions[i].msgType] = _enforcedOptions[i].options;
            }
    
            emit EnforcedOptionSet(_enforcedOptions);
        }
    
        /**
         * @notice Combines options for a given endpoint and message type.
         * @param _eid The endpoint ID.
         * @param _msgType The OAPP message type.
         * @param _extraOptions Additional options passed by the caller.
         * @return options The combination of caller specified options AND enforced options.
         *
         * @dev If there is an enforced lzReceive option:
         * - {gasLimit: 200k, msg.value: 1 ether} AND a caller supplies a lzReceive option: {gasLimit: 100k, msg.value: 0.5 ether}
         * - The resulting options will be {gasLimit: 300k, msg.value: 1.5 ether} when the message is executed on the remote lzReceive() function.
         * @dev This presence of duplicated options is handled off-chain in the verifier/executor.
         */
        function combineOptions(
            uint32 _eid,
            uint16 _msgType,
            bytes calldata _extraOptions
        ) public view virtual returns (bytes memory) {
            bytes memory enforced = enforcedOptions(_eid, _msgType);
    
            // No enforced options, pass whatever the caller supplied, even if it's empty or legacy type 1/2 options.
            if (enforced.length == 0) return _extraOptions;
    
            // No caller options, return enforced
            if (_extraOptions.length == 0) return enforced;
    
            // @dev If caller provided _extraOptions, must be type 3 as its the ONLY type that can be combined.
            if (_extraOptions.length >= 2) {
                _assertOptionsType3(_extraOptions);
                // @dev Remove the first 2 bytes containing the type from the _extraOptions and combine with enforced.
                return bytes.concat(enforced, _extraOptions[2:]);
            }
    
            // No valid set of options was found.
            revert InvalidOptions(_extraOptions);
        }
    
        /**
         * @dev Internal function to assert that options are of type 3.
         * @param _options The options to be checked.
         */
        function _assertOptionsType3(bytes memory _options) internal pure virtual {
            uint16 optionsType;
            assembly {
                optionsType := mload(add(_options, 2))
            }
            if (optionsType != OPTION_TYPE_3) revert InvalidOptions(_options);
        }
    
        function enforcedOptions(uint32 _eid, uint16 _msgType) public view returns (bytes memory enforcedOption) {
            OAppOptionsType3Storage storage $ = _getOAppOptionsType3Storage();
            return $.enforcedOptions[_eid][_msgType];
        }
    }

    // SPDX-License-Identifier: MIT
    
    pragma solidity ^0.8.20;
    
    import { OwnableUpgradeable } from "@openzeppelin/contracts-upgradeable/access/OwnableUpgradeable.sol";
    import { IOAppCore, ILayerZeroEndpointV2 } from "@layerzerolabs/oapp-evm/contracts/oapp/interfaces/IOAppCore.sol";
    
    /**
     * @title OAppCore
     * @dev Abstract contract implementing the IOAppCore interface with basic OApp configurations.
     */
    abstract contract OAppCoreUpgradeable is IOAppCore, OwnableUpgradeable {
        /// @custom:storage-location erc7201:lightlink.storage.OAppCore
        struct OAppCoreStorage {
            ILayerZeroEndpointV2 endpoint;
            mapping(uint32 => bytes32) peers;
        }
    
        // keccak256(abi.encode(uint256(keccak256("lightlink.storage.OAppCore")) - 1)) & ~bytes32(uint256(0xff))
        bytes32 private constant OAppCoreStorageLocation =
            0x40a47f149e4738ce4da036f3259f5b662754ecd0dcfffee24cb01684cb859600;
    
        function _getOAppCoreStorage() private pure returns (OAppCoreStorage storage $) {
            assembly {
                $.slot := OAppCoreStorageLocation
            }
        }
    
        /**
         * @dev Constructor to initialize the OAppCore with the provided endpoint and delegate.
         * @param _endpoint The address of the LOCAL Layer Zero endpoint.
         * @param _delegate The delegate capable of making OApp configurations inside of the endpoint.
         *
         * @dev The delegate typically should be set as the owner of the contract.
         */
        function __OAppCore_init(address _endpoint, address _delegate) internal onlyInitializing {
            __OAppCore_init_unchained(_endpoint, _delegate);
        }
    
        function __OAppCore_init_unchained(address _endpoint, address _delegate) internal onlyInitializing {
            OAppCoreStorage storage $ = _getOAppCoreStorage();
    
            $.endpoint = ILayerZeroEndpointV2(_endpoint);
    
            if (_delegate == address(0)) revert InvalidDelegate();
            $.endpoint.setDelegate(_delegate);
        }
    
        /**
         * @notice Sets the peer address (OApp instance) for a corresponding endpoint.
         * @param _eid The endpoint ID.
         * @param _peer The address of the peer to be associated with the corresponding endpoint.
         *
         * @dev Only the owner/admin of the OApp can call this function.
         * @dev Indicates that the peer is trusted to send LayerZero messages to this OApp.
         * @dev Set this to bytes32(0) to remove the peer address.
         * @dev Peer is a bytes32 to accommodate non-evm chains.
         */
        function setPeer(uint32 _eid, bytes32 _peer) public virtual onlyOwner {
            _setPeer(_eid, _peer);
        }
    
        /**
         * @notice Sets the peer address (OApp instance) for a corresponding endpoint.
         * @param _eid The endpoint ID.
         * @param _peer The address of the peer to be associated with the corresponding endpoint.
         *
         * @dev Indicates that the peer is trusted to send LayerZero messages to this OApp.
         * @dev Set this to bytes32(0) to remove the peer address.
         * @dev Peer is a bytes32 to accommodate non-evm chains.
         */
        function _setPeer(uint32 _eid, bytes32 _peer) internal virtual {
            OAppCoreStorage storage $ = _getOAppCoreStorage();
            $.peers[_eid] = _peer;
            emit PeerSet(_eid, _peer);
        }
    
        /**
         * @notice Internal function to get the peer address associated with a specific endpoint; reverts if NOT set.
         * ie. the peer is set to bytes32(0).
         * @param _eid The endpoint ID.
         * @return peer The address of the peer associated with the specified endpoint.
         */
        function _getPeerOrRevert(uint32 _eid) internal view virtual returns (bytes32) {
            OAppCoreStorage storage $ = _getOAppCoreStorage();
            bytes32 peer = $.peers[_eid];
            if (peer == bytes32(0)) revert NoPeer(_eid);
            return peer;
        }
    
        /**
         * @notice Sets the delegate address for the OApp.
         * @param _delegate The address of the delegate to be set.
         *
         * @dev Only the owner/admin of the OApp can call this function.
         * @dev Provides the ability for a delegate to set configs, on behalf of the OApp, directly on the Endpoint contract.
         */
        function setDelegate(address _delegate) public onlyOwner {
            OAppCoreStorage storage $ = _getOAppCoreStorage();
            $.endpoint.setDelegate(_delegate);
        }
    
        function endpoint() public view virtual returns (ILayerZeroEndpointV2) {
            OAppCoreStorage storage $ = _getOAppCoreStorage();
            return $.endpoint;
        }
    
        function peers(uint32 _eid) public view virtual returns (bytes32 peer) {
            OAppCoreStorage storage $ = _getOAppCoreStorage();
            return $.peers[_eid];
        }
    }

    // SPDX-License-Identifier: MIT
    
    pragma solidity ^0.8.20;
    
    import { OAppCoreUpgradeable } from "./OAppCoreUpgradeable.sol";
    
    import { IOAppReceiver, Origin } from "@layerzerolabs/oapp-evm/contracts/oapp/interfaces/IOAppReceiver.sol";
    
    /**
     * @title OAppReceiver
     * @dev Abstract contract implementing the ILayerZeroReceiver interface and extending OAppCore for OApp receivers.
     */
    abstract contract OAppReceiverUpgradeable is IOAppReceiver, OAppCoreUpgradeable {
        // Custom error message for when the caller is not the registered endpoint/
        error OnlyEndpoint(address addr);
    
        // @dev The version of the OAppReceiver implementation.
        // @dev Version is bumped when changes are made to this contract.
        uint64 internal constant RECEIVER_VERSION = 2;
    
        function __OAppReceiver_init() internal onlyInitializing {
            __OAppReceiver_init_unchained();
        }
    
        function __OAppReceiver_init_unchained() internal onlyInitializing {}
    
        /**
         * @notice Retrieves the OApp version information.
         * @return senderVersion The version of the OAppSender.sol contract.
         * @return receiverVersion The version of the OAppReceiver.sol contract.
         *
         * @dev Providing 0 as the default for OAppSender version. Indicates that the OAppSender is not implemented.
         * ie. this is a RECEIVE only OApp.
         * @dev If the OApp uses both OAppSender and OAppReceiver, then this needs to be override returning the correct versions.
         */
        function oAppVersion() public view virtual returns (uint64 senderVersion, uint64 receiverVersion) {
            return (0, RECEIVER_VERSION);
        }
    
        /**
         * @notice Indicates whether an address is an approved composeMsg sender to the Endpoint.
         * @dev _origin The origin information containing the source endpoint and sender address.
         *  - srcEid: The source chain endpoint ID.
         *  - sender: The sender address on the src chain.
         *  - nonce: The nonce of the message.
         * @dev _message The lzReceive payload.
         * @param _sender The sender address.
         * @return isSender Is a valid sender.
         *
         * @dev Applications can optionally choose to implement separate composeMsg senders that are NOT the bridging layer.
         * @dev The default sender IS the OAppReceiver implementer.
         */
        function isComposeMsgSender(
            Origin calldata /*_origin*/,
            bytes calldata /*_message*/,
            address _sender
        ) public view virtual returns (bool) {
            return _sender == address(this);
        }
    
        /**
         * @notice Checks if the path initialization is allowed based on the provided origin.
         * @param origin The origin information containing the source endpoint and sender address.
         * @return Whether the path has been initialized.
         *
         * @dev This indicates to the endpoint that the OApp has enabled msgs for this particular path to be received.
         * @dev This defaults to assuming if a peer has been set, its initialized.
         * Can be overridden by the OApp if there is other logic to determine this.
         */
        function allowInitializePath(Origin calldata origin) public view virtual returns (bool) {
            return peers(origin.srcEid) == origin.sender;
        }
    
        /**
         * @notice Retrieves the next nonce for a given source endpoint and sender address.
         * @dev _srcEid The source endpoint ID.
         * @dev _sender The sender address.
         * @return nonce The next nonce.
         *
         * @dev The path nonce starts from 1. If 0 is returned it means that there is NO nonce ordered enforcement.
         * @dev Is required by the off-chain executor to determine the OApp expects msg execution is ordered.
         * @dev This is also enforced by the OApp.
         * @dev By default this is NOT enabled. ie. nextNonce is hardcoded to return 0.
         */
        function nextNonce(uint32 /*_srcEid*/, bytes32 /*_sender*/) public view virtual returns (uint64 nonce) {
            return 0;
        }
    
        /**
         * @dev Entry point for receiving messages or packets from the endpoint.
         * @param _origin The origin information containing the source endpoint and sender address.
         *  - srcEid: The source chain endpoint ID.
         *  - sender: The sender address on the src chain.
         *  - nonce: The nonce of the message.
         * @param _guid The unique identifier for the received LayerZero message.
         * @param _message The payload of the received message.
         * @param _executor The address of the executor for the received message.
         * @param _extraData Additional arbitrary data provided by the corresponding executor.
         *
         * @dev Entry point for receiving msg/packet from the LayerZero endpoint.
         */
        function lzReceive(
            Origin calldata _origin,
            bytes32 _guid,
            bytes calldata _message,
            address _executor,
            bytes calldata _extraData
        ) public payable virtual {
            // Ensures that only the endpoint can attempt to lzReceive() messages to this OApp.
            if (address(endpoint()) != msg.sender) revert OnlyEndpoint(msg.sender);
    
            // Ensure that the sender matches the expected peer for the source endpoint.
            if (_getPeerOrRevert(_origin.srcEid) != _origin.sender) revert OnlyPeer(_origin.srcEid, _origin.sender);
    
            // Call the internal OApp implementation of lzReceive.
            _lzReceive(_origin, _guid, _message, _executor, _extraData);
        }
    
        /**
         * @dev Internal function to implement lzReceive logic without needing to copy the basic parameter validation.
         */
        function _lzReceive(
            Origin calldata _origin,
            bytes32 _guid,
            bytes calldata _message,
            address _executor,
            bytes calldata _extraData
        ) internal virtual;
    }

    // SPDX-License-Identifier: MIT
    
    pragma solidity ^0.8.20;
    
    import { OAppCoreUpgradeable } from "./OAppCoreUpgradeable.sol";
    
    import { SafeERC20, IERC20 } from "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol";
    import { MessagingParams, MessagingFee, MessagingReceipt } from "@layerzerolabs/lz-evm-protocol-v2/contracts/interfaces/ILayerZeroEndpointV2.sol";
    
    /**
     * @title OAppSender
     * @dev Abstract contract implementing the OAppSender functionality for sending messages to a LayerZero endpoint.
     */
    abstract contract OAppSenderUpgradeable is OAppCoreUpgradeable {
        using SafeERC20 for IERC20;
    
        // Custom error messages
        error NotEnoughNative(uint256 msgValue);
        error LzTokenUnavailable();
    
        // @dev The version of the OAppSender implementation.
        // @dev Version is bumped when changes are made to this contract.
        uint64 internal constant SENDER_VERSION = 1;
    
        function __OAppSender_init() internal onlyInitializing {
            __OAppSender_init_unchained();
        }
    
        function __OAppSender_init_unchained() internal onlyInitializing {}
    
        /**
         * @notice Retrieves the OApp version information.
         * @return senderVersion The version of the OAppSender.sol contract.
         * @return receiverVersion The version of the OAppReceiver.sol contract.
         *
         * @dev Providing 0 as the default for OAppReceiver version. Indicates that the OAppReceiver is not implemented.
         * ie. this is a SEND only OApp.
         * @dev If the OApp uses both OAppSender and OAppReceiver, then this needs to be override returning the correct versions
         */
        function oAppVersion() public view virtual returns (uint64 senderVersion, uint64 receiverVersion) {
            return (SENDER_VERSION, 0);
        }
    
        /**
         * @dev Internal function to interact with the LayerZero EndpointV2.quote() for fee calculation.
         * @param _dstEid The destination endpoint ID.
         * @param _message The message payload.
         * @param _options Additional options for the message.
         * @param _payInLzToken Flag indicating whether to pay the fee in LZ tokens.
         * @return fee The calculated MessagingFee for the message.
         *      - nativeFee: The native fee for the message.
         *      - lzTokenFee: The LZ token fee for the message.
         */
        function _quote(
            uint32 _dstEid,
            bytes memory _message,
            bytes memory _options,
            bool _payInLzToken
        ) internal view virtual returns (MessagingFee memory fee) {
            return
                endpoint().quote(
                    MessagingParams(_dstEid, _getPeerOrRevert(_dstEid), _message, _options, _payInLzToken),
                    address(this)
                );
        }
    
        /**
         * @dev Internal function to interact with the LayerZero EndpointV2.send() for sending a message.
         * @param _dstEid The destination endpoint ID.
         * @param _message The message payload.
         * @param _options Additional options for the message.
         * @param _fee The calculated LayerZero fee for the message.
         *      - nativeFee: The native fee.
         *      - lzTokenFee: The lzToken fee.
         * @param _refundAddress The address to receive any excess fee values sent to the endpoint.
         * @return receipt The receipt for the sent message.
         *      - guid: The unique identifier for the sent message.
         *      - nonce: The nonce of the sent message.
         *      - fee: The LayerZero fee incurred for the message.
         */
        function _lzSend(
            uint32 _dstEid,
            bytes memory _message,
            bytes memory _options,
            MessagingFee memory _fee,
            address _refundAddress
        ) internal virtual returns (MessagingReceipt memory receipt) {
            // @dev Push corresponding fees to the endpoint, any excess is sent back to the _refundAddress from the endpoint.
            uint256 messageValue = _payNative(_fee.nativeFee);
            if (_fee.lzTokenFee > 0) _payLzToken(_fee.lzTokenFee);
    
            return
                // solhint-disable-next-line check-send-result
                endpoint().send{ value: messageValue }(
                    MessagingParams(_dstEid, _getPeerOrRevert(_dstEid), _message, _options, _fee.lzTokenFee > 0),
                    _refundAddress
                );
        }
    
        /**
         * @dev Internal function to pay the native fee associated with the message.
         * @param _nativeFee The native fee to be paid.
         * @return nativeFee The amount of native currency paid.
         *
         * @dev If the OApp needs to initiate MULTIPLE LayerZero messages in a single transaction,
         * this will need to be overridden because msg.value would contain multiple lzFees.
         * @dev Should be overridden in the event the LayerZero endpoint requires a different native currency.
         * @dev Some EVMs use an ERC20 as a method for paying transactions/gasFees.
         * @dev The endpoint is EITHER/OR, ie. it will NOT support both types of native payment at a time.
         */
        function _payNative(uint256 _nativeFee) internal virtual returns (uint256 nativeFee) {
            if (msg.value != _nativeFee) revert NotEnoughNative(msg.value);
            return _nativeFee;
        }
    
        /**
         * @dev Internal function to pay the LZ token fee associated with the message.
         * @param _lzTokenFee The LZ token fee to be paid.
         *
         * @dev If the caller is trying to pay in the specified lzToken, then the lzTokenFee is passed to the endpoint.
         * @dev Any excess sent, is passed back to the specified _refundAddress in the _lzSend().
         */
        function _payLzToken(uint256 _lzTokenFee) internal virtual {
            // @dev Cannot cache the token because it is not immutable in the endpoint.
            address lzToken = endpoint().lzToken();
            if (lzToken == address(0)) revert LzTokenUnavailable();
    
            // Pay LZ token fee by sending tokens to the endpoint.
            IERC20(lzToken).safeTransferFrom(msg.sender, address(endpoint()), _lzTokenFee);
        }
    }

    // SPDX-License-Identifier: MIT
    
    pragma solidity ^0.8.20;
    
    // @dev Import the 'MessagingFee' and 'MessagingReceipt' so it's exposed to OApp implementers
    // solhint-disable-next-line no-unused-import
    import { OAppSenderUpgradeable, MessagingFee, MessagingReceipt } from "./OAppSenderUpgradeable.sol";
    // @dev Import the 'Origin' so it's exposed to OApp implementers
    // solhint-disable-next-line no-unused-import
    import { OAppReceiverUpgradeable, Origin } from "./OAppReceiverUpgradeable.sol";
    import { OAppCoreUpgradeable } from "./OAppCoreUpgradeable.sol";
    
    /**
     * @title OApp
     * @dev Abstract contract serving as the base for OApp implementation, combining OAppSender and OAppReceiver functionality.
     */
    abstract contract OAppUpgradeable is OAppSenderUpgradeable, OAppReceiverUpgradeable {
        /**
         * @dev Constructor to initialize the OApp
         */
        function __OApp_init() internal onlyInitializing {
            __OApp_init_unchained();
        }
    
        function __OApp_init_unchained() internal onlyInitializing {}
    
        /**
         * @notice Retrieves the OApp version information.
         * @return senderVersion The version of the OAppSender.sol implementation.
         * @return receiverVersion The version of the OAppReceiver.sol implementation.
         */
        function oAppVersion()
            public
            pure
            virtual
            override(OAppSenderUpgradeable, OAppReceiverUpgradeable)
            returns (uint64 senderVersion, uint64 receiverVersion)
        {
            return (SENDER_VERSION, RECEIVER_VERSION);
        }
    }

    // SPDX-License-Identifier: MIT
    
    pragma solidity ^0.8.22;
    
    import { OAppUpgradeable, Origin } from "../oapp/OAppUpgradeable.sol";
    import { OAppOptionsType3Upgradeable } from "../oapp/libs/OAppOptionsType3Upgradeable.sol";
    import { OAppPreCrimeSimulatorUpgradeable } from "../precrime/OAppPreCrimeSimulatorUpgradeable.sol";
    
    import { IOAppMsgInspector } from "@layerzerolabs/oapp-evm/contracts/oapp/interfaces/IOAppMsgInspector.sol";
    import { IONFT721, MessagingFee, MessagingReceipt, SendParam } from "@layerzerolabs/onft-evm/contracts/onft721/interfaces/IONFT721.sol";
    import { ONFT721MsgCodec } from "@layerzerolabs/onft-evm/contracts/onft721/libs/ONFT721MsgCodec.sol";
    import { ONFTComposeMsgCodec } from "@layerzerolabs/onft-evm/contracts/libs/ONFTComposeMsgCodec.sol";
    
    /**
     * @title ONFT721Core
     * @dev Abstract contract for an ONFT721 token.
     */
    abstract contract ONFT721CoreUpgradeable is
        IONFT721,
        OAppUpgradeable,
        OAppPreCrimeSimulatorUpgradeable,
        OAppOptionsType3Upgradeable
    {
        using ONFT721MsgCodec for bytes;
        using ONFT721MsgCodec for bytes32;
    
        // @notice Msg types that are used to identify the various OFT operations.
        // @dev This can be extended in child contracts for non-default oft operations
        // @dev These values are used in things like combineOptions() in OAppOptionsType3.sol.
        uint16 public constant SEND = 1;
        uint16 public constant SEND_AND_COMPOSE = 2;
    
        event MsgInspectorSet(address inspector);
    
        /// @custom:storage-location erc7201:lightlink.storage.ONFT721Core
        struct ONFT721CoreStorage {
            // Address of an optional contract to inspect both 'message' and 'options'
            address msgInspector;
        }
    
        // keccak256(abi.encode(uint256(keccak256("lightlink.storage.ONFT721Core")) - 1)) & ~bytes32(uint256(0xff))
        bytes32 private constant ONFT721CoreStorageLocation =
            0x778a8cf91502ae75b94022eed23c5123a0110b6bc7f306322728368dfc045300;
    
        function _getONFT721CoreStorage() private pure returns (ONFT721CoreStorage storage $) {
            assembly {
                $.slot := ONFT721CoreStorageLocation
            }
        }
    
        //     __ONFT721Core_init_unchained();
        //     __OAppCore_init(_lzEndpoint, _delegate);
        //     __Ownable_init(_delegate);
        function __ONFT721Core_init() internal onlyInitializing {
            __ONFT721Core_init_unchained();
        }
    
        function __ONFT721Core_init_unchained() internal onlyInitializing {}
    
        /**
         * @notice Retrieves interfaceID and the version of the ONFT.
         * @return interfaceId The interface ID (0x23e18da6).
         * @return version The version.
         * @dev version: Indicates a cross-chain compatible msg encoding with other ONFTs.
         * @dev If a new feature is added to the ONFT cross-chain msg encoding, the version will be incremented.
         * @dev ie. localONFT version(x,1) CAN send messages to remoteONFT version(x,1)
         */
        function onftVersion() external pure virtual returns (bytes4 interfaceId, uint64 version) {
            return (type(IONFT721).interfaceId, 1);
        }
    
        /**
         * @notice Sets the message inspector address for the OFT.
         * @param _msgInspector The address of the message inspector.
         * @dev This is an optional contract that can be used to inspect both 'message' and 'options'.
         * @dev Set it to address(0) to disable it, or set it to a contract address to enable it.
         */
        function setMsgInspector(address _msgInspector) public virtual onlyOwner {
            ONFT721CoreStorage storage $ = _getONFT721CoreStorage();
            $.msgInspector = _msgInspector;
            emit MsgInspectorSet(_msgInspector);
        }
    
        function quoteSend(
            SendParam calldata _sendParam,
            bool _payInLzToken
        ) external view virtual returns (MessagingFee memory msgFee) {
            (bytes memory message, bytes memory options) = _buildMsgAndOptions(_sendParam);
            return _quote(_sendParam.dstEid, message, options, _payInLzToken);
        }
    
        function send(
            SendParam calldata _sendParam,
            MessagingFee calldata _fee,
            address _refundAddress
        ) external payable virtual returns (MessagingReceipt memory msgReceipt) {
            _debit(msg.sender, _sendParam.tokenId, _sendParam.dstEid);
    
            (bytes memory message, bytes memory options) = _buildMsgAndOptions(_sendParam);
    
            // @dev Sends the message to the LayerZero Endpoint, returning the MessagingReceipt.
            msgReceipt = _lzSend(_sendParam.dstEid, message, options, _fee, _refundAddress);
            emit ONFTSent(msgReceipt.guid, _sendParam.dstEid, msg.sender, _sendParam.tokenId);
        }
    
        /**
         * @dev Internal function to build the message and options.
         * @param _sendParam The parameters for the send() operation.
         * @return message The encoded message.
         * @return options The encoded options.
         */
        function _buildMsgAndOptions(
            SendParam calldata _sendParam
        ) internal view virtual returns (bytes memory message, bytes memory options) {
            if (_sendParam.to == bytes32(0)) revert InvalidReceiver();
            bool hasCompose;
            (message, hasCompose) = ONFT721MsgCodec.encode(_sendParam.to, _sendParam.tokenId, _sendParam.composeMsg);
            uint16 msgType = hasCompose ? SEND_AND_COMPOSE : SEND;
    
            options = combineOptions(_sendParam.dstEid, msgType, _sendParam.extraOptions);
    
            // @dev Optionally inspect the message and options depending if the OApp owner has set a msg inspector.
            // @dev If it fails inspection, needs to revert in the implementation. ie. does not rely on return boolean
            address inspector = msgInspector(); // caches the msgInspector to avoid potential double storage read
            if (inspector != address(0)) IOAppMsgInspector(inspector).inspect(message, options);
        }
    
        /**
         * @dev Internal function to handle the receive on the LayerZero endpoint.
         * @param _origin The origin information.
         *  - srcEid: The source chain endpoint ID.
         *  - sender: The sender address from the src chain.
         *  - nonce: The nonce of the LayerZero message.
         * @param _guid The unique identifier for the received LayerZero message.
         * @param _message The encoded message.
         * @dev _executor The address of the executor.
         * @dev _extraData Additional data.
         */
        function _lzReceive(
            Origin calldata _origin,
            bytes32 _guid,
            bytes calldata _message,
            address /*_executor*/, // @dev unused in the default implementation.
            bytes calldata /*_extraData*/ // @dev unused in the default implementation.
        ) internal virtual override {
            address toAddress = _message.sendTo().bytes32ToAddress();
            uint256 tokenId = _message.tokenId();
    
            _credit(toAddress, tokenId, _origin.srcEid);
    
            if (_message.isComposed()) {
                bytes memory composeMsg = ONFTComposeMsgCodec.encode(_origin.nonce, _origin.srcEid, _message.composeMsg());
                // @dev As batching is not implemented, the compose index is always 0.
                // @dev If batching is added, the index will need to be tracked.
                endpoint().sendCompose(toAddress, _guid, 0 /* the index of composed message*/, composeMsg);
            }
    
            emit ONFTReceived(_guid, _origin.srcEid, toAddress, tokenId);
        }
    
        /*
         * @dev Internal function to handle the OAppPreCrimeSimulator simulated receive.
         * @param _origin The origin information.
         *  - srcEid: The source chain endpoint ID.
         *  - sender: The sender address from the src chain.
         *  - nonce: The nonce of the LayerZero message.
         * @param _guid The unique identifier for the received LayerZero message.
         * @param _message The LayerZero message.
         * @param _executor The address of the off-chain executor.
         * @param _extraData Arbitrary data passed by the msg executor.
         * @dev Enables the preCrime simulator to mock sending lzReceive() messages,
         * routes the msg down from the OAppPreCrimeSimulator, and back up to the OAppReceiver.
         */
        function _lzReceiveSimulate(
            Origin calldata _origin,
            bytes32 _guid,
            bytes calldata _message,
            address _executor,
            bytes calldata _extraData
        ) internal virtual override {
            _lzReceive(_origin, _guid, _message, _executor, _extraData);
        }
    
        /**
         * @dev Check if the peer is considered 'trusted' by the OApp.
         * @param _eid The endpoint ID to check.
         * @param _peer The peer to check.
         * @return Whether the peer passed is considered 'trusted' by the OApp.
         * @dev Enables OAppPreCrimeSimulator to check whether a potential Inbound Packet is from a trusted source.
         */
        function isPeer(uint32 _eid, bytes32 _peer) public view virtual override returns (bool) {
            return peers(_eid) == _peer;
        }
    
        function _debit(address /*_from*/, uint256 /*_tokenId*/, uint32 /*_dstEid*/) internal virtual;
    
        function _credit(address /*_to*/, uint256 /*_tokenId*/, uint32 /*_srcEid*/) internal virtual;
    
        function msgInspector() public view virtual returns (address) {
            ONFT721CoreStorage storage $ = _getONFT721CoreStorage();
            return $.msgInspector;
        }
    }

    // SPDX-License-Identifier: MIT
    
    pragma solidity ^0.8.20;
    
    import { OwnableUpgradeable } from "@openzeppelin/contracts-upgradeable/access/OwnableUpgradeable.sol";
    import { IPreCrime } from "@layerzerolabs/oapp-evm/contracts/precrime/interfaces/IPreCrime.sol";
    import { IOAppPreCrimeSimulator, InboundPacket, Origin } from "@layerzerolabs/oapp-evm/contracts/precrime/interfaces/IOAppPreCrimeSimulator.sol";
    
    /**
     * @title OAppPreCrimeSimulator
     * @dev Abstract contract serving as the base for preCrime simulation functionality in an OApp.
     */
    abstract contract OAppPreCrimeSimulatorUpgradeable is IOAppPreCrimeSimulator, OwnableUpgradeable {
        /// @custom:storage-location erc7201:lightlink.storage.OAppPreCrimeSimulator
        struct OAppPreCrimeSimulatorStorage {
            // The address of the preCrime implementation.
            address preCrime;
        }
    
        // keccak256(abi.encode(uint256(keccak256("lightlink.storage.OAppPreCrimeSimulator")) - 1)) & ~bytes32(uint256(0xff))
        bytes32 private constant OAppPreCrimeSimulatorStorageLocation =
            0xffaa739070409745428206c1f4d82d76b9ba3580bc484f9ae9a0990dc25f4a00;
    
        function _getOAppPreCrimeSimulatorStorage() private pure returns (OAppPreCrimeSimulatorStorage storage $) {
            assembly {
                $.slot := OAppPreCrimeSimulatorStorageLocation
            }
        }
    
        function __OAppPreCrimeSimulator_init() internal onlyInitializing {
            __OAppPreCrimeSimulator_init_unchained();
        }
    
        function __OAppPreCrimeSimulator_init_unchained() internal onlyInitializing {}
    
        /**
         * @dev Retrieves the address of the OApp contract.
         * @return The address of the OApp contract.
         *
         * @dev The simulator contract is the base contract for the OApp by default.
         * @dev If the simulator is a separate contract, override this function.
         */
        function oApp() external view virtual returns (address) {
            return address(this);
        }
    
        /**
         * @dev Sets the preCrime contract address.
         * @param _preCrime The address of the preCrime contract.
         */
        function setPreCrime(address _preCrime) public virtual onlyOwner {
            OAppPreCrimeSimulatorStorage storage $ = _getOAppPreCrimeSimulatorStorage();
            $.preCrime = _preCrime;
            emit PreCrimeSet(_preCrime);
        }
    
        /**
         * @dev Interface for pre-crime simulations. Always reverts at the end with the simulation results.
         * @param _packets An array of InboundPacket objects representing received packets to be delivered.
         *
         * @dev WARNING: MUST revert at the end with the simulation results.
         * @dev Gives the preCrime implementation the ability to mock sending packets to the lzReceive function,
         * WITHOUT actually executing them.
         */
        function lzReceiveAndRevert(InboundPacket[] calldata _packets) public payable virtual {
            for (uint256 i = 0; i < _packets.length; i++) {
                InboundPacket calldata packet = _packets[i];
    
                // Ignore packets that are not from trusted peers.
                if (!isPeer(packet.origin.srcEid, packet.origin.sender)) continue;
    
                // @dev Because a verifier is calling this function, it doesnt have access to executor params:
                //  - address _executor
                //  - bytes calldata _extraData
                // preCrime will NOT work for OApps that rely on these two parameters inside of their _lzReceive().
                // They are instead stubbed to default values, address(0) and bytes("")
                // @dev Calling this.lzReceiveSimulate removes ability for assembly return 0 callstack exit,
                // which would cause the revert to be ignored.
                this.lzReceiveSimulate{ value: packet.value }(
                    packet.origin,
                    packet.guid,
                    packet.message,
                    packet.executor,
                    packet.extraData
                );
            }
    
            // @dev Revert with the simulation results. msg.sender must implement IPreCrime.buildSimulationResult().
            revert SimulationResult(IPreCrime(msg.sender).buildSimulationResult());
        }
    
        /**
         * @dev Is effectively an internal function because msg.sender must be address(this).
         * Allows resetting the call stack for 'internal' calls.
         * @param _origin The origin information containing the source endpoint and sender address.
         *  - srcEid: The source chain endpoint ID.
         *  - sender: The sender address on the src chain.
         *  - nonce: The nonce of the message.
         * @param _guid The unique identifier of the packet.
         * @param _message The message payload of the packet.
         * @param _executor The executor address for the packet.
         * @param _extraData Additional data for the packet.
         */
        function lzReceiveSimulate(
            Origin calldata _origin,
            bytes32 _guid,
            bytes calldata _message,
            address _executor,
            bytes calldata _extraData
        ) external payable virtual {
            // @dev Ensure ONLY can be called 'internally'.
            if (msg.sender != address(this)) revert OnlySelf();
            _lzReceiveSimulate(_origin, _guid, _message, _executor, _extraData);
        }
    
        /**
         * @dev Internal function to handle the OAppPreCrimeSimulator simulated receive.
         * @param _origin The origin information.
         *  - srcEid: The source chain endpoint ID.
         *  - sender: The sender address from the src chain.
         *  - nonce: The nonce of the LayerZero message.
         * @param _guid The GUID of the LayerZero message.
         * @param _message The LayerZero message.
         * @param _executor The address of the off-chain executor.
         * @param _extraData Arbitrary data passed by the msg executor.
         *
         * @dev Enables the preCrime simulator to mock sending lzReceive() messages,
         * routes the msg down from the OAppPreCrimeSimulator, and back up to the OAppReceiver.
         */
        function _lzReceiveSimulate(
            Origin calldata _origin,
            bytes32 _guid,
            bytes calldata _message,
            address _executor,
            bytes calldata _extraData
        ) internal virtual;
    
        /**
         * @dev checks if the specified peer is considered 'trusted' by the OApp.
         * @param _eid The endpoint Id to check.
         * @param _peer The peer to check.
         * @return Whether the peer passed is considered 'trusted' by the OApp.
         */
        function isPeer(uint32 _eid, bytes32 _peer) public view virtual returns (bool);
    
        function preCrime() public view virtual returns (address) {
            OAppPreCrimeSimulatorStorage storage $ = _getOAppPreCrimeSimulatorStorage();
            return $.preCrime;
        }
    }

    // SPDX-License-Identifier: MIT
    pragma solidity ^0.8.22;
    
    // import proxy instance
    import "@openzeppelin/contracts/proxy/ERC1967/ERC1967Proxy.sol";
    
    // LightLink 2024
    // proxy instance
    contract CustomProxy is ERC1967Proxy {
      constructor(address _logic, bytes memory _data) ERC1967Proxy(_logic, _data) {}
    }

    Please enter a contract address above to load the contract details and source code.

    Context size (optional):