// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (utils/Address.sol)

pragma solidity ^0.8.20;

/**
 * @dev Collection of functions related to the address type
 */
library Address {
  /**
   * @dev The ETH balance of the account is not enough to perform the operation.
   */
  error AddressInsufficientBalance(address account);

  /**
   * @dev There's no code at `target` (it is not a contract).
   */
  error AddressEmptyCode(address target);

  /**
   * @dev A call to an address target failed. The target may have reverted.
   */
  error FailedInnerCall();

  /**
   * @dev Replacement for Solidity's `transfer`: sends `amount` wei to
   * `recipient`, forwarding all available gas and reverting on errors.
   *
   * https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost
   * of certain opcodes, possibly making contracts go over the 2300 gas limit
   * imposed by `transfer`, making them unable to receive funds via
   * `transfer`. {sendValue} removes this limitation.
   *
   * https://consensys.net/diligence/blog/2019/09/stop-using-soliditys-transfer-now/[Learn more].
   *
   * IMPORTANT: because control is transferred to `recipient`, care must be
   * taken to not create reentrancy vulnerabilities. Consider using
   * {ReentrancyGuard} or the
   * https://solidity.readthedocs.io/en/v0.8.20/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions
   * pattern].
   */
  function sendValue(address payable recipient, uint256 amount) internal {
    if (address(this).balance < amount) {
      revert AddressInsufficientBalance(address(this));
    }

    (bool success,) = recipient.call{ value: amount }("");
    if (!success) {
      revert FailedInnerCall();
    }
  }

  /**
   * @dev Performs a Solidity function call using a low level `call`. A
   * plain `call` is an unsafe replacement for a function call: use this
   * function instead.
   *
   * If `target` reverts with a revert reason or custom error, it is bubbled
   * up by this function (like regular Solidity function calls). However, if
   * the call reverted with no returned reason, this function reverts with a
   * {FailedInnerCall} error.
   *
   * Returns the raw returned data. To convert to the expected return value,
   * use
   * https://solidity.readthedocs.io/en/latest/units-and-global-variables.html?highlight=abi.decode#abi-encoding-and-decoding-functions[`abi.decode`].
   *
   * Requirements:
   *
   * - `target` must be a contract.
   * - calling `target` with `data` must not revert.
   */
  function functionCall(address target, bytes memory data) internal returns (bytes memory) {
    return functionCallWithValue(target, data, 0);
  }

  /**
   * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
   * but also transferring `value` wei to `target`.
   *
   * Requirements:
   *
   * - the calling contract must have an ETH balance of at least `value`.
   * - the called Solidity function must be `payable`.
   */
  function functionCallWithValue(address target, bytes memory data, uint256 value) internal returns (bytes memory) {
    if (address(this).balance < value) {
      revert AddressInsufficientBalance(address(this));
    }
    (bool success, bytes memory returndata) = target.call{ value: value }(data);
    return verifyCallResultFromTarget(target, success, returndata);
  }

  /**
   * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
   * but performing a static call.
   */
  function functionStaticCall(address target, bytes memory data) internal view returns (bytes memory) {
    (bool success, bytes memory returndata) = target.staticcall(data);
    return verifyCallResultFromTarget(target, success, returndata);
  }

  /**
   * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
   * but performing a delegate call.
   */
  function functionDelegateCall(address target, bytes memory data) internal returns (bytes memory) {
    (bool success, bytes memory returndata) = target.delegatecall(data);
    return verifyCallResultFromTarget(target, success, returndata);
  }

  /**
   * @dev Tool to verify that a low level call to smart-contract was successful, and reverts if the target
   * was not a contract or bubbling up the revert reason (falling back to {FailedInnerCall}) in case of an
   * unsuccessful call.
   */
  function verifyCallResultFromTarget(address target, bool success, bytes memory returndata)
    internal
    view
    returns (bytes memory)
  {
    if (!success) {
      _revert(returndata);
    } else {
      // only check if target is a contract if the call was successful and the return data is empty
      // otherwise we already know that it was a contract
      if (returndata.length == 0 && target.code.length == 0) {
        revert AddressEmptyCode(target);
      }
      return returndata;
    }
  }

  /**
   * @dev Tool to verify that a low level call was successful, and reverts if it wasn't, either by bubbling the
   * revert reason or with a default {FailedInnerCall} error.
   */
  function verifyCallResult(bool success, bytes memory returndata) internal pure returns (bytes memory) {
    if (!success) {
      _revert(returndata);
    } else {
      return returndata;
    }
  }

  /**
   * @dev Reverts with returndata if present. Otherwise reverts with {FailedInnerCall}.
   */
  function _revert(bytes memory returndata) private pure {
    // Look for revert reason and bubble it up if present
    if (returndata.length > 0) {
      // The easiest way to bubble the revert reason is using memory via assembly
      /// @solidity memory-safe-assembly
      assembly {
        let returndata_size := mload(returndata)
        revert(add(32, returndata), returndata_size)
      }
    } else {
      revert FailedInnerCall();
    }
  }
}

// SPDX-License-Identifier: MIT

// modified from https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/utils/structs/BitMaps.sol
pragma solidity ^0.8.20;

type BitMap256 is uint256;

using BitMaps for BitMap256 global;

library BitMaps {
  /**
   * @dev Returns whether the bit at `index` is set.
   */
  function get(BitMap256 bitmap, uint8 index) internal pure returns (bool) {
    uint256 mask = 1 << index;
    return BitMap256.unwrap(bitmap) & mask != 0;
  }

  /**
   * @dev Sets the bit at `index`.
   */
  function set(BitMap256 bitmap, uint8 index) internal pure returns (BitMap256) {
    uint256 mask = 1 << index;
    return BitMap256.wrap(BitMap256.unwrap(bitmap) | mask);
  }
}

// SPDX-License-Identifier: Unlicense
/*
 * @title Solidity Bytes Arrays Utils
 * @author Gonçalo Sá <goncalo.sa@consensys.net>
 *
 * @dev Bytes tightly packed arrays utility library for ethereum contracts written in Solidity.
 *      The library lets you concatenate, slice and type cast bytes arrays both in memory and storage.
 */
pragma solidity >=0.8.0 <0.9.0;

library BytesLib {
  function concat(bytes memory _preBytes, bytes memory _postBytes) internal pure returns (bytes memory) {
    bytes memory tempBytes;

    assembly {
      // Get a location of some free memory and store it in tempBytes as
      // Solidity does for memory variables.
      tempBytes := mload(0x40)

      // Store the length of the first bytes array at the beginning of
      // the memory for tempBytes.
      let length := mload(_preBytes)
      mstore(tempBytes, length)

      // Maintain a memory counter for the current write location in the
      // temp bytes array by adding the 32 bytes for the array length to
      // the starting location.
      let mc := add(tempBytes, 0x20)
      // Stop copying when the memory counter reaches the length of the
      // first bytes array.
      let end := add(mc, length)

      for {
        // Initialize a copy counter to the start of the _preBytes data,
        // 32 bytes into its memory.
        let cc := add(_preBytes, 0x20)
      } lt(mc, end) {
        // Increase both counters by 32 bytes each iteration.
        mc := add(mc, 0x20)
        cc := add(cc, 0x20)
      } {
        // Write the _preBytes data into the tempBytes memory 32 bytes
        // at a time.
        mstore(mc, mload(cc))
      }

      // Add the length of _postBytes to the current length of tempBytes
      // and store it as the new length in the first 32 bytes of the
      // tempBytes memory.
      length := mload(_postBytes)
      mstore(tempBytes, add(length, mload(tempBytes)))

      // Move the memory counter back from a multiple of 0x20 to the
      // actual end of the _preBytes data.
      mc := end
      // Stop copying when the memory counter reaches the new combined
      // length of the arrays.
      end := add(mc, length)

      for { let cc := add(_postBytes, 0x20) } lt(mc, end) {
        mc := add(mc, 0x20)
        cc := add(cc, 0x20)
      } { mstore(mc, mload(cc)) }

      // Update the free-memory pointer by padding our last write location
      // to 32 bytes: add 31 bytes to the end of tempBytes to move to the
      // next 32 byte block, then round down to the nearest multiple of
      // 32. If the sum of the length of the two arrays is zero then add
      // one before rounding down to leave a blank 32 bytes (the length block with 0).
      mstore(
        0x40,
        and(
          add(add(end, iszero(add(length, mload(_preBytes)))), 31),
          not(31) // Round down to the nearest 32 bytes.
        )
      )
    }

    return tempBytes;
  }

  function concatStorage(bytes storage _preBytes, bytes memory _postBytes) internal {
    assembly {
      // Read the first 32 bytes of _preBytes storage, which is the length
      // of the array. (We don't need to use the offset into the slot
      // because arrays use the entire slot.)
      let fslot := sload(_preBytes.slot)
      // Arrays of 31 bytes or less have an even value in their slot,
      // while longer arrays have an odd value. The actual length is
      // the slot divided by two for odd values, and the lowest order
      // byte divided by two for even values.
      // If the slot is even, bitwise and the slot with 255 and divide by
      // two to get the length. If the slot is odd, bitwise and the slot
      // with -1 and divide by two.
      let slength := div(and(fslot, sub(mul(0x100, iszero(and(fslot, 1))), 1)), 2)
      let mlength := mload(_postBytes)
      let newlength := add(slength, mlength)
      // slength can contain both the length and contents of the array
      // if length < 32 bytes so let's prepare for that
      // v. http://solidity.readthedocs.io/en/latest/miscellaneous.html#layout-of-state-variables-in-storage
      switch add(lt(slength, 32), lt(newlength, 32))
      case 2 {
        // Since the new array still fits in the slot, we just need to
        // update the contents of the slot.
        // uint256(bytes_storage) = uint256(bytes_storage) + uint256(bytes_memory) + new_length
        sstore(
          _preBytes.slot,
          // all the modifications to the slot are inside this
          // next block
          add(
            // we can just add to the slot contents because the
            // bytes we want to change are the LSBs
            fslot,
            add(
              mul(
                div(
                  // load the bytes from memory
                  mload(add(_postBytes, 0x20)),
                  // zero all bytes to the right
                  exp(0x100, sub(32, mlength))
                ),
                // and now shift left the number of bytes to
                // leave space for the length in the slot
                exp(0x100, sub(32, newlength))
              ),
              // increase length by the double of the memory
              // bytes length
              mul(mlength, 2)
            )
          )
        )
      }
      case 1 {
        // The stored value fits in the slot, but the combined value
        // will exceed it.
        // get the keccak hash to get the contents of the array
        mstore(0x0, _preBytes.slot)
        let sc := add(keccak256(0x0, 0x20), div(slength, 32))

        // save new length
        sstore(_preBytes.slot, add(mul(newlength, 2), 1))

        // The contents of the _postBytes array start 32 bytes into
        // the structure. Our first read should obtain the `submod`
        // bytes that can fit into the unused space in the last word
        // of the stored array. To get this, we read 32 bytes starting
        // from `submod`, so the data we read overlaps with the array
        // contents by `submod` bytes. Masking the lowest-order
        // `submod` bytes allows us to add that value directly to the
        // stored value.

        let submod := sub(32, slength)
        let mc := add(_postBytes, submod)
        let end := add(_postBytes, mlength)
        let mask := sub(exp(0x100, submod), 1)

        sstore(
          sc, add(and(fslot, 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff00), and(mload(mc), mask))
        )

        for {
          mc := add(mc, 0x20)
          sc := add(sc, 1)
        } lt(mc, end) {
          sc := add(sc, 1)
          mc := add(mc, 0x20)
        } { sstore(sc, mload(mc)) }

        mask := exp(0x100, sub(mc, end))

        sstore(sc, mul(div(mload(mc), mask), mask))
      }
      default {
        // get the keccak hash to get the contents of the array
        mstore(0x0, _preBytes.slot)
        // Start copying to the last used word of the stored array.
        let sc := add(keccak256(0x0, 0x20), div(slength, 32))

        // save new length
        sstore(_preBytes.slot, add(mul(newlength, 2), 1))

        // Copy over the first `submod` bytes of the new data as in
        // case 1 above.
        let slengthmod := mod(slength, 32)
        let mlengthmod := mod(mlength, 32)
        let submod := sub(32, slengthmod)
        let mc := add(_postBytes, submod)
        let end := add(_postBytes, mlength)
        let mask := sub(exp(0x100, submod), 1)

        sstore(sc, add(sload(sc), and(mload(mc), mask)))

        for {
          sc := add(sc, 1)
          mc := add(mc, 0x20)
        } lt(mc, end) {
          sc := add(sc, 1)
          mc := add(mc, 0x20)
        } { sstore(sc, mload(mc)) }

        mask := exp(0x100, sub(mc, end))

        sstore(sc, mul(div(mload(mc), mask), mask))
      }
    }
  }

  function slice(bytes memory _bytes, uint256 _start, uint256 _length) internal pure returns (bytes memory) {
    require(_length + 31 >= _length, "slice_overflow");
    require(_bytes.length >= _start + _length, "slice_outOfBounds");

    bytes memory tempBytes;

    assembly {
      switch iszero(_length)
      case 0 {
        // Get a location of some free memory and store it in tempBytes as
        // Solidity does for memory variables.
        tempBytes := mload(0x40)

        // The first word of the slice result is potentially a partial
        // word read from the original array. To read it, we calculate
        // the length of that partial word and start copying that many
        // bytes into the array. The first word we copy will start with
        // data we don't care about, but the last `lengthmod` bytes will
        // land at the beginning of the contents of the new array. When
        // we're done copying, we overwrite the full first word with
        // the actual length of the slice.
        let lengthmod := and(_length, 31)

        // The multiplication in the next line is necessary
        // because when slicing multiples of 32 bytes (lengthmod == 0)
        // the following copy loop was copying the origin's length
        // and then ending prematurely not copying everything it should.
        let mc := add(add(tempBytes, lengthmod), mul(0x20, iszero(lengthmod)))
        let end := add(mc, _length)

        for {
          // The multiplication in the next line has the same exact purpose
          // as the one above.
          let cc := add(add(add(_bytes, lengthmod), mul(0x20, iszero(lengthmod))), _start)
        } lt(mc, end) {
          mc := add(mc, 0x20)
          cc := add(cc, 0x20)
        } { mstore(mc, mload(cc)) }

        mstore(tempBytes, _length)

        //update free-memory pointer
        //allocating the array padded to 32 bytes like the compiler does now
        mstore(0x40, and(add(mc, 31), not(31)))
      }
      //if we want a zero-length slice let's just return a zero-length array
      default {
        tempBytes := mload(0x40)
        //zero out the 32 bytes slice we are about to return
        //we need to do it because Solidity does not garbage collect
        mstore(tempBytes, 0)

        mstore(0x40, add(tempBytes, 0x20))
      }
    }

    return tempBytes;
  }

  function toAddress(bytes memory _bytes, uint256 _start) internal pure returns (address) {
    require(_bytes.length >= _start + 20, "toAddress_outOfBounds");
    address tempAddress;

    assembly {
      tempAddress := div(mload(add(add(_bytes, 0x20), _start)), 0x1000000000000000000000000)
    }

    return tempAddress;
  }

  function toUint8(bytes memory _bytes, uint256 _start) internal pure returns (uint8) {
    require(_bytes.length >= _start + 1, "toUint8_outOfBounds");
    uint8 tempUint;

    assembly {
      tempUint := mload(add(add(_bytes, 0x1), _start))
    }

    return tempUint;
  }

  function toUint16(bytes memory _bytes, uint256 _start) internal pure returns (uint16) {
    require(_bytes.length >= _start + 2, "toUint16_outOfBounds");
    uint16 tempUint;

    assembly {
      tempUint := mload(add(add(_bytes, 0x2), _start))
    }

    return tempUint;
  }

  function toUint32(bytes memory _bytes, uint256 _start) internal pure returns (uint32) {
    require(_bytes.length >= _start + 4, "toUint32_outOfBounds");
    uint32 tempUint;

    assembly {
      tempUint := mload(add(add(_bytes, 0x4), _start))
    }

    return tempUint;
  }

  function toUint64(bytes memory _bytes, uint256 _start) internal pure returns (uint64) {
    require(_bytes.length >= _start + 8, "toUint64_outOfBounds");
    uint64 tempUint;

    assembly {
      tempUint := mload(add(add(_bytes, 0x8), _start))
    }

    return tempUint;
  }

  function toUint96(bytes memory _bytes, uint256 _start) internal pure returns (uint96) {
    require(_bytes.length >= _start + 12, "toUint96_outOfBounds");
    uint96 tempUint;

    assembly {
      tempUint := mload(add(add(_bytes, 0xc), _start))
    }

    return tempUint;
  }

  function toUint128(bytes memory _bytes, uint256 _start) internal pure returns (uint128) {
    require(_bytes.length >= _start + 16, "toUint128_outOfBounds");
    uint128 tempUint;

    assembly {
      tempUint := mload(add(add(_bytes, 0x10), _start))
    }

    return tempUint;
  }

  function toUint256(bytes memory _bytes, uint256 _start) internal pure returns (uint256) {
    require(_bytes.length >= _start + 32, "toUint256_outOfBounds");
    uint256 tempUint;

    assembly {
      tempUint := mload(add(add(_bytes, 0x20), _start))
    }

    return tempUint;
  }

  function toBytes32(bytes memory _bytes, uint256 _start) internal pure returns (bytes32) {
    require(_bytes.length >= _start + 32, "toBytes32_outOfBounds");
    bytes32 tempBytes32;

    assembly {
      tempBytes32 := mload(add(add(_bytes, 0x20), _start))
    }

    return tempBytes32;
  }

  function equal(bytes memory _preBytes, bytes memory _postBytes) internal pure returns (bool) {
    bool success = true;

    assembly {
      let length := mload(_preBytes)

      // if lengths don't match the arrays are not equal
      switch eq(length, mload(_postBytes))
      case 1 {
        // cb is a circuit breaker in the for loop since there's
        //  no said feature for inline assembly loops
        // cb = 1 - don't breaker
        // cb = 0 - break
        let cb := 1

        let mc := add(_preBytes, 0x20)
        let end := add(mc, length)

        for { let cc := add(_postBytes, 0x20) }
        // the next line is the loop condition:
        // while(uint256(mc < end) + cb == 2)
        eq(add(lt(mc, end), cb), 2) {
          mc := add(mc, 0x20)
          cc := add(cc, 0x20)
        } {
          // if any of these checks fails then arrays are not equal
          if iszero(eq(mload(mc), mload(cc))) {
            // unsuccess:
            success := 0
            cb := 0
          }
        }
      }
      default {
        // unsuccess:
        success := 0
      }
    }

    return success;
  }

  function equal_nonAligned(bytes memory _preBytes, bytes memory _postBytes) internal pure returns (bool) {
    bool success = true;

    assembly {
      let length := mload(_preBytes)

      // if lengths don't match the arrays are not equal
      switch eq(length, mload(_postBytes))
      case 1 {
        // cb is a circuit breaker in the for loop since there's
        //  no said feature for inline assembly loops
        // cb = 1 - don't breaker
        // cb = 0 - break
        let cb := 1

        let endMinusWord := add(_preBytes, length)
        let mc := add(_preBytes, 0x20)
        let cc := add(_postBytes, 0x20)

        for {
          // the next line is the loop condition:
          // while(uint256(mc < endWord) + cb == 2)
        } eq(add(lt(mc, endMinusWord), cb), 2) {
          mc := add(mc, 0x20)
          cc := add(cc, 0x20)
        } {
          // if any of these checks fails then arrays are not equal
          if iszero(eq(mload(mc), mload(cc))) {
            // unsuccess:
            success := 0
            cb := 0
          }
        }

        // Only if still successful
        // For <1 word tail bytes
        if gt(success, 0) {
          // Get the remainder of length/32
          // length % 32 = AND(length, 32 - 1)
          let numTailBytes := and(length, 0x1f)
          let mcRem := mload(mc)
          let ccRem := mload(cc)
          for { let i := 0 }
          // the next line is the loop condition:
          // while(uint256(i < numTailBytes) + cb == 2)
          eq(add(lt(i, numTailBytes), cb), 2) { i := add(i, 1) } {
            if iszero(eq(byte(i, mcRem), byte(i, ccRem))) {
              // unsuccess:
              success := 0
              cb := 0
            }
          }
        }
      }
      default {
        // unsuccess:
        success := 0
      }
    }

    return success;
  }

  function equalStorage(bytes storage _preBytes, bytes memory _postBytes) internal view returns (bool) {
    bool success = true;

    assembly {
      // we know _preBytes_offset is 0
      let fslot := sload(_preBytes.slot)
      // Decode the length of the stored array like in concatStorage().
      let slength := div(and(fslot, sub(mul(0x100, iszero(and(fslot, 1))), 1)), 2)
      let mlength := mload(_postBytes)

      // if lengths don't match the arrays are not equal
      switch eq(slength, mlength)
      case 1 {
        // slength can contain both the length and contents of the array
        // if length < 32 bytes so let's prepare for that
        // v. http://solidity.readthedocs.io/en/latest/miscellaneous.html#layout-of-state-variables-in-storage
        if iszero(iszero(slength)) {
          switch lt(slength, 32)
          case 1 {
            // blank the last byte which is the length
            fslot := mul(div(fslot, 0x100), 0x100)

            if iszero(eq(fslot, mload(add(_postBytes, 0x20)))) {
              // unsuccess:
              success := 0
            }
          }
          default {
            // cb is a circuit breaker in the for loop since there's
            //  no said feature for inline assembly loops
            // cb = 1 - don't breaker
            // cb = 0 - break
            let cb := 1

            // get the keccak hash to get the contents of the array
            mstore(0x0, _preBytes.slot)
            let sc := keccak256(0x0, 0x20)

            let mc := add(_postBytes, 0x20)
            let end := add(mc, mlength)

            // the next line is the loop condition:
            // while(uint256(mc < end) + cb == 2)
            for { } eq(add(lt(mc, end), cb), 2) {
              sc := add(sc, 1)
              mc := add(mc, 0x20)
            } {
              if iszero(eq(sload(sc), mload(mc))) {
                // unsuccess:
                success := 0
                cb := 0
              }
            }
          }
        }
      }
      default {
        // unsuccess:
        success := 0
      }
    }

    return success;
  }
}

// SPDX-License-Identifier: LZBL-1.2

pragma solidity ^0.8.20;

library CalldataBytesLib {
  function toU8(bytes calldata _bytes, uint256 _start) internal pure returns (uint8) {
    return uint8(_bytes[_start]);
  }

  function toU16(bytes calldata _bytes, uint256 _start) internal pure returns (uint16) {
    unchecked {
      uint256 end = _start + 2;
      return uint16(bytes2(_bytes[_start:end]));
    }
  }

  function toU32(bytes calldata _bytes, uint256 _start) internal pure returns (uint32) {
    unchecked {
      uint256 end = _start + 4;
      return uint32(bytes4(_bytes[_start:end]));
    }
  }

  function toU64(bytes calldata _bytes, uint256 _start) internal pure returns (uint64) {
    unchecked {
      uint256 end = _start + 8;
      return uint64(bytes8(_bytes[_start:end]));
    }
  }

  function toU128(bytes calldata _bytes, uint256 _start) internal pure returns (uint128) {
    unchecked {
      uint256 end = _start + 16;
      return uint128(bytes16(_bytes[_start:end]));
    }
  }

  function toU256(bytes calldata _bytes, uint256 _start) internal pure returns (uint256) {
    unchecked {
      uint256 end = _start + 32;
      return uint256(bytes32(_bytes[_start:end]));
    }
  }

  function toAddr(bytes calldata _bytes, uint256 _start) internal pure returns (address) {
    unchecked {
      uint256 end = _start + 20;
      return address(bytes20(_bytes[_start:end]));
    }
  }

  function toB32(bytes calldata _bytes, uint256 _start) internal pure returns (bytes32) {
    unchecked {
      uint256 end = _start + 32;
      return bytes32(_bytes[_start:end]);
    }
  }
}

// SPDX-License-Identifier: MIT
pragma solidity >=0.8.19;

import "./Errors.sol" as CastingErrors;
import { MAX_UINT128, MAX_UINT40 } from "../Common.sol";
import { uMAX_SD1x18, uMIN_SD1x18 } from "../sd1x18/Constants.sol";
import { SD1x18 } from "../sd1x18/ValueType.sol";
import { uMAX_SD21x18, uMIN_SD21x18 } from "../sd21x18/Constants.sol";
import { SD21x18 } from "../sd21x18/ValueType.sol";
import { uMAX_UD2x18 } from "../ud2x18/Constants.sol";
import { UD2x18 } from "../ud2x18/ValueType.sol";
import { uMAX_UD21x18 } from "../ud21x18/Constants.sol";
import { UD21x18 } from "../ud21x18/ValueType.sol";
import { UD60x18 } from "../ud60x18/ValueType.sol";
import { SD59x18 } from "./ValueType.sol";

/// @notice Casts an SD59x18 number into int256.
/// @dev This is basically a functional alias for {unwrap}.
function intoInt256(SD59x18 x) pure returns (int256 result) {
  result = SD59x18.unwrap(x);
}

/// @notice Casts an SD59x18 number into SD1x18.
/// @dev Requirements:
/// - x ≥ uMIN_SD1x18
/// - x ≤ uMAX_SD1x18
function intoSD1x18(SD59x18 x) pure returns (SD1x18 result) {
  int256 xInt = SD59x18.unwrap(x);
  if (xInt < uMIN_SD1x18) {
    revert CastingErrors.PRBMath_SD59x18_IntoSD1x18_Underflow(x);
  }
  if (xInt > uMAX_SD1x18) {
    revert CastingErrors.PRBMath_SD59x18_IntoSD1x18_Overflow(x);
  }
  result = SD1x18.wrap(int64(xInt));
}

/// @notice Casts an SD59x18 number into SD21x18.
/// @dev Requirements:
/// - x ≥ uMIN_SD21x18
/// - x ≤ uMAX_SD21x18
function intoSD21x18(SD59x18 x) pure returns (SD21x18 result) {
  int256 xInt = SD59x18.unwrap(x);
  if (xInt < uMIN_SD21x18) {
    revert CastingErrors.PRBMath_SD59x18_IntoSD21x18_Underflow(x);
  }
  if (xInt > uMAX_SD21x18) {
    revert CastingErrors.PRBMath_SD59x18_IntoSD21x18_Overflow(x);
  }
  result = SD21x18.wrap(int128(xInt));
}

/// @notice Casts an SD59x18 number into UD2x18.
/// @dev Requirements:
/// - x ≥ 0
/// - x ≤ uMAX_UD2x18
function intoUD2x18(SD59x18 x) pure returns (UD2x18 result) {
  int256 xInt = SD59x18.unwrap(x);
  if (xInt < 0) {
    revert CastingErrors.PRBMath_SD59x18_IntoUD2x18_Underflow(x);
  }
  if (xInt > int256(uint256(uMAX_UD2x18))) {
    revert CastingErrors.PRBMath_SD59x18_IntoUD2x18_Overflow(x);
  }
  result = UD2x18.wrap(uint64(uint256(xInt)));
}

/// @notice Casts an SD59x18 number into UD21x18.
/// @dev Requirements:
/// - x ≥ 0
/// - x ≤ uMAX_UD21x18
function intoUD21x18(SD59x18 x) pure returns (UD21x18 result) {
  int256 xInt = SD59x18.unwrap(x);
  if (xInt < 0) {
    revert CastingErrors.PRBMath_SD59x18_IntoUD21x18_Underflow(x);
  }
  if (xInt > int256(uint256(uMAX_UD21x18))) {
    revert CastingErrors.PRBMath_SD59x18_IntoUD21x18_Overflow(x);
  }
  result = UD21x18.wrap(uint128(uint256(xInt)));
}

/// @notice Casts an SD59x18 number into UD60x18.
/// @dev Requirements:
/// - x ≥ 0
function intoUD60x18(SD59x18 x) pure returns (UD60x18 result) {
  int256 xInt = SD59x18.unwrap(x);
  if (xInt < 0) {
    revert CastingErrors.PRBMath_SD59x18_IntoUD60x18_Underflow(x);
  }
  result = UD60x18.wrap(uint256(xInt));
}

/// @notice Casts an SD59x18 number into uint256.
/// @dev Requirements:
/// - x ≥ 0
function intoUint256(SD59x18 x) pure returns (uint256 result) {
  int256 xInt = SD59x18.unwrap(x);
  if (xInt < 0) {
    revert CastingErrors.PRBMath_SD59x18_IntoUint256_Underflow(x);
  }
  result = uint256(xInt);
}

/// @notice Casts an SD59x18 number into uint128.
/// @dev Requirements:
/// - x ≥ 0
/// - x ≤ uMAX_UINT128
function intoUint128(SD59x18 x) pure returns (uint128 result) {
  int256 xInt = SD59x18.unwrap(x);
  if (xInt < 0) {
    revert CastingErrors.PRBMath_SD59x18_IntoUint128_Underflow(x);
  }
  if (xInt > int256(uint256(MAX_UINT128))) {
    revert CastingErrors.PRBMath_SD59x18_IntoUint128_Overflow(x);
  }
  result = uint128(uint256(xInt));
}

/// @notice Casts an SD59x18 number into uint40.
/// @dev Requirements:
/// - x ≥ 0
/// - x ≤ MAX_UINT40
function intoUint40(SD59x18 x) pure returns (uint40 result) {
  int256 xInt = SD59x18.unwrap(x);
  if (xInt < 0) {
    revert CastingErrors.PRBMath_SD59x18_IntoUint40_Underflow(x);
  }
  if (xInt > int256(uint256(MAX_UINT40))) {
    revert CastingErrors.PRBMath_SD59x18_IntoUint40_Overflow(x);
  }
  result = uint40(uint256(xInt));
}

/// @notice Alias for {wrap}.
function sd(int256 x) pure returns (SD59x18 result) {
  result = SD59x18.wrap(x);
}

/// @notice Alias for {wrap}.
function sd59x18(int256 x) pure returns (SD59x18 result) {
  result = SD59x18.wrap(x);
}

/// @notice Unwraps an SD59x18 number into int256.
function unwrap(SD59x18 x) pure returns (int256 result) {
  result = SD59x18.unwrap(x);
}

/// @notice Wraps an int256 number into SD59x18.
function wrap(int256 x) pure returns (SD59x18 result) {
  result = SD59x18.wrap(x);
}

// SPDX-License-Identifier: MIT
pragma solidity >=0.8.19;

// Common.sol
//
// Common mathematical functions used in both SD59x18 and UD60x18. Note that these global functions do not
// always operate with SD59x18 and UD60x18 numbers.

/*//////////////////////////////////////////////////////////////////////////
                                CUSTOM ERRORS
//////////////////////////////////////////////////////////////////////////*/

/// @notice Thrown when the resultant value in {mulDiv} overflows uint256.
error PRBMath_MulDiv_Overflow(uint256 x, uint256 y, uint256 denominator);

/// @notice Thrown when the resultant value in {mulDiv18} overflows uint256.
error PRBMath_MulDiv18_Overflow(uint256 x, uint256 y);

/// @notice Thrown when one of the inputs passed to {mulDivSigned} is `type(int256).min`.
error PRBMath_MulDivSigned_InputTooSmall();

/// @notice Thrown when the resultant value in {mulDivSigned} overflows int256.
error PRBMath_MulDivSigned_Overflow(int256 x, int256 y);

/*//////////////////////////////////////////////////////////////////////////
                                    CONSTANTS
//////////////////////////////////////////////////////////////////////////*/

/// @dev The maximum value a uint128 number can have.
uint128 constant MAX_UINT128 = type(uint128).max;

/// @dev The maximum value a uint40 number can have.
uint40 constant MAX_UINT40 = type(uint40).max;

/// @dev The maximum value a uint64 number can have.
uint64 constant MAX_UINT64 = type(uint64).max;

/// @dev The unit number, which the decimal precision of the fixed-point types.
uint256 constant UNIT = 1e18;

/// @dev The unit number inverted mod 2^256.
uint256 constant UNIT_INVERSE =
  78_156_646_155_174_841_979_727_994_598_816_262_306_175_212_592_076_161_876_661_508_869_554_232_690_281;

/// @dev The the largest power of two that divides the decimal value of `UNIT`. The logarithm of this value is the least
/// significant
/// bit in the binary representation of `UNIT`.
uint256 constant UNIT_LPOTD = 262_144;

/*//////////////////////////////////////////////////////////////////////////
                                    FUNCTIONS
//////////////////////////////////////////////////////////////////////////*/

/// @notice Calculates the binary exponent of x using the binary fraction method.
/// @dev Has to use 192.64-bit fixed-point numbers. See https://ethereum.stackexchange.com/a/96594/24693.
/// @param x The exponent as an unsigned 192.64-bit fixed-point number.
/// @return result The result as an unsigned 60.18-decimal fixed-point number.
/// @custom:smtchecker abstract-function-nondet
function exp2(uint256 x) pure returns (uint256 result) {
  unchecked {
    // Start from 0.5 in the 192.64-bit fixed-point format.
    result = 0x800000000000000000000000000000000000000000000000;

    // The following logic multiplies the result by $\sqrt{2^{-i}}$ when the bit at position i is 1. Key points:
    //
    // 1. Intermediate results will not overflow, as the starting point is 2^191 and all magic factors are under 2^65.
    // 2. The rationale for organizing the if statements into groups of 8 is gas savings. If the result of performing
    // a bitwise AND operation between x and any value in the array [0x80; 0x40; 0x20; 0x10; 0x08; 0x04; 0x02; 0x01] is
    // 1,
    // we know that `x & 0xFF` is also 1.
    if (x & 0xFF00000000000000 > 0) {
      if (x & 0x8000000000000000 > 0) {
        result = (result * 0x16A09E667F3BCC909) >> 64;
      }
      if (x & 0x4000000000000000 > 0) {
        result = (result * 0x1306FE0A31B7152DF) >> 64;
      }
      if (x & 0x2000000000000000 > 0) {
        result = (result * 0x1172B83C7D517ADCE) >> 64;
      }
      if (x & 0x1000000000000000 > 0) {
        result = (result * 0x10B5586CF9890F62A) >> 64;
      }
      if (x & 0x800000000000000 > 0) {
        result = (result * 0x1059B0D31585743AE) >> 64;
      }
      if (x & 0x400000000000000 > 0) {
        result = (result * 0x102C9A3E778060EE7) >> 64;
      }
      if (x & 0x200000000000000 > 0) {
        result = (result * 0x10163DA9FB33356D8) >> 64;
      }
      if (x & 0x100000000000000 > 0) {
        result = (result * 0x100B1AFA5ABCBED61) >> 64;
      }
    }

    if (x & 0xFF000000000000 > 0) {
      if (x & 0x80000000000000 > 0) {
        result = (result * 0x10058C86DA1C09EA2) >> 64;
      }
      if (x & 0x40000000000000 > 0) {
        result = (result * 0x1002C605E2E8CEC50) >> 64;
      }
      if (x & 0x20000000000000 > 0) {
        result = (result * 0x100162F3904051FA1) >> 64;
      }
      if (x & 0x10000000000000 > 0) {
        result = (result * 0x1000B175EFFDC76BA) >> 64;
      }
      if (x & 0x8000000000000 > 0) {
        result = (result * 0x100058BA01FB9F96D) >> 64;
      }
      if (x & 0x4000000000000 > 0) {
        result = (result * 0x10002C5CC37DA9492) >> 64;
      }
      if (x & 0x2000000000000 > 0) {
        result = (result * 0x1000162E525EE0547) >> 64;
      }
      if (x & 0x1000000000000 > 0) {
        result = (result * 0x10000B17255775C04) >> 64;
      }
    }

    if (x & 0xFF0000000000 > 0) {
      if (x & 0x800000000000 > 0) {
        result = (result * 0x1000058B91B5BC9AE) >> 64;
      }
      if (x & 0x400000000000 > 0) {
        result = (result * 0x100002C5C89D5EC6D) >> 64;
      }
      if (x & 0x200000000000 > 0) {
        result = (result * 0x10000162E43F4F831) >> 64;
      }
      if (x & 0x100000000000 > 0) {
        result = (result * 0x100000B1721BCFC9A) >> 64;
      }
      if (x & 0x80000000000 > 0) {
        result = (result * 0x10000058B90CF1E6E) >> 64;
      }
      if (x & 0x40000000000 > 0) {
        result = (result * 0x1000002C5C863B73F) >> 64;
      }
      if (x & 0x20000000000 > 0) {
        result = (result * 0x100000162E430E5A2) >> 64;
      }
      if (x & 0x10000000000 > 0) {
        result = (result * 0x1000000B172183551) >> 64;
      }
    }

    if (x & 0xFF00000000 > 0) {
      if (x & 0x8000000000 > 0) {
        result = (result * 0x100000058B90C0B49) >> 64;
      }
      if (x & 0x4000000000 > 0) {
        result = (result * 0x10000002C5C8601CC) >> 64;
      }
      if (x & 0x2000000000 > 0) {
        result = (result * 0x1000000162E42FFF0) >> 64;
      }
      if (x & 0x1000000000 > 0) {
        result = (result * 0x10000000B17217FBB) >> 64;
      }
      if (x & 0x800000000 > 0) {
        result = (result * 0x1000000058B90BFCE) >> 64;
      }
      if (x & 0x400000000 > 0) {
        result = (result * 0x100000002C5C85FE3) >> 64;
      }
      if (x & 0x200000000 > 0) {
        result = (result * 0x10000000162E42FF1) >> 64;
      }
      if (x & 0x100000000 > 0) {
        result = (result * 0x100000000B17217F8) >> 64;
      }
    }

    if (x & 0xFF000000 > 0) {
      if (x & 0x80000000 > 0) {
        result = (result * 0x10000000058B90BFC) >> 64;
      }
      if (x & 0x40000000 > 0) {
        result = (result * 0x1000000002C5C85FE) >> 64;
      }
      if (x & 0x20000000 > 0) {
        result = (result * 0x100000000162E42FF) >> 64;
      }
      if (x & 0x10000000 > 0) {
        result = (result * 0x1000000000B17217F) >> 64;
      }
      if (x & 0x8000000 > 0) {
        result = (result * 0x100000000058B90C0) >> 64;
      }
      if (x & 0x4000000 > 0) {
        result = (result * 0x10000000002C5C860) >> 64;
      }
      if (x & 0x2000000 > 0) {
        result = (result * 0x1000000000162E430) >> 64;
      }
      if (x & 0x1000000 > 0) {
        result = (result * 0x10000000000B17218) >> 64;
      }
    }

    if (x & 0xFF0000 > 0) {
      if (x & 0x800000 > 0) {
        result = (result * 0x1000000000058B90C) >> 64;
      }
      if (x & 0x400000 > 0) {
        result = (result * 0x100000000002C5C86) >> 64;
      }
      if (x & 0x200000 > 0) {
        result = (result * 0x10000000000162E43) >> 64;
      }
      if (x & 0x100000 > 0) {
        result = (result * 0x100000000000B1721) >> 64;
      }
      if (x & 0x80000 > 0) {
        result = (result * 0x10000000000058B91) >> 64;
      }
      if (x & 0x40000 > 0) {
        result = (result * 0x1000000000002C5C8) >> 64;
      }
      if (x & 0x20000 > 0) {
        result = (result * 0x100000000000162E4) >> 64;
      }
      if (x & 0x10000 > 0) {
        result = (result * 0x1000000000000B172) >> 64;
      }
    }

    if (x & 0xFF00 > 0) {
      if (x & 0x8000 > 0) {
        result = (result * 0x100000000000058B9) >> 64;
      }
      if (x & 0x4000 > 0) {
        result = (result * 0x10000000000002C5D) >> 64;
      }
      if (x & 0x2000 > 0) {
        result = (result * 0x1000000000000162E) >> 64;
      }
      if (x & 0x1000 > 0) {
        result = (result * 0x10000000000000B17) >> 64;
      }
      if (x & 0x800 > 0) {
        result = (result * 0x1000000000000058C) >> 64;
      }
      if (x & 0x400 > 0) {
        result = (result * 0x100000000000002C6) >> 64;
      }
      if (x & 0x200 > 0) {
        result = (result * 0x10000000000000163) >> 64;
      }
      if (x & 0x100 > 0) {
        result = (result * 0x100000000000000B1) >> 64;
      }
    }

    if (x & 0xFF > 0) {
      if (x & 0x80 > 0) {
        result = (result * 0x10000000000000059) >> 64;
      }
      if (x & 0x40 > 0) {
        result = (result * 0x1000000000000002C) >> 64;
      }
      if (x & 0x20 > 0) {
        result = (result * 0x10000000000000016) >> 64;
      }
      if (x & 0x10 > 0) {
        result = (result * 0x1000000000000000B) >> 64;
      }
      if (x & 0x8 > 0) {
        result = (result * 0x10000000000000006) >> 64;
      }
      if (x & 0x4 > 0) {
        result = (result * 0x10000000000000003) >> 64;
      }
      if (x & 0x2 > 0) {
        result = (result * 0x10000000000000001) >> 64;
      }
      if (x & 0x1 > 0) {
        result = (result * 0x10000000000000001) >> 64;
      }
    }

    // In the code snippet below, two operations are executed simultaneously:
    //
    // 1. The result is multiplied by $(2^n + 1)$, where $2^n$ represents the integer part, and the additional 1
    // accounts for the initial guess of 0.5. This is achieved by subtracting from 191 instead of 192.
    // 2. The result is then converted to an unsigned 60.18-decimal fixed-point format.
    //
    // The underlying logic is based on the relationship $2^{191-ip} = 2^{ip} / 2^{191}$, where $ip$ denotes the,
    // integer part, $2^n$.
    result *= UNIT;
    result >>= (191 - (x >> 64));
  }
}

/// @notice Finds the zero-based index of the first 1 in the binary representation of x.
///
/// @dev See the note on "msb" in this Wikipedia article: https://en.wikipedia.org/wiki/Find_first_set
///
/// Each step in this implementation is equivalent to this high-level code:
///
/// ```solidity
/// if (x >= 2 ** 128) {
///     x >>= 128;
///     result += 128;
/// }
/// ```
///
/// Where 128 is replaced with each respective power of two factor. See the full high-level implementation here:
/// https://gist.github.com/PaulRBerg/f932f8693f2733e30c4d479e8e980948
///
/// The Yul instructions used below are:
///
/// - "gt" is "greater than"
/// - "or" is the OR bitwise operator
/// - "shl" is "shift left"
/// - "shr" is "shift right"
///
/// @param x The uint256 number for which to find the index of the most significant bit.
/// @return result The index of the most significant bit as a uint256.
/// @custom:smtchecker abstract-function-nondet
function msb(uint256 x) pure returns (uint256 result) {
  // 2^128
  assembly ("memory-safe") {
    let factor := shl(7, gt(x, 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF))
    x := shr(factor, x)
    result := or(result, factor)
  }
  // 2^64
  assembly ("memory-safe") {
    let factor := shl(6, gt(x, 0xFFFFFFFFFFFFFFFF))
    x := shr(factor, x)
    result := or(result, factor)
  }
  // 2^32
  assembly ("memory-safe") {
    let factor := shl(5, gt(x, 0xFFFFFFFF))
    x := shr(factor, x)
    result := or(result, factor)
  }
  // 2^16
  assembly ("memory-safe") {
    let factor := shl(4, gt(x, 0xFFFF))
    x := shr(factor, x)
    result := or(result, factor)
  }
  // 2^8
  assembly ("memory-safe") {
    let factor := shl(3, gt(x, 0xFF))
    x := shr(factor, x)
    result := or(result, factor)
  }
  // 2^4
  assembly ("memory-safe") {
    let factor := shl(2, gt(x, 0xF))
    x := shr(factor, x)
    result := or(result, factor)
  }
  // 2^2
  assembly ("memory-safe") {
    let factor := shl(1, gt(x, 0x3))
    x := shr(factor, x)
    result := or(result, factor)
  }
  // 2^1
  // No need to shift x any more.
  assembly ("memory-safe") {
    let factor := gt(x, 0x1)
    result := or(result, factor)
  }
}

/// @notice Calculates x*y÷denominator with 512-bit precision.
///
/// @dev Credits to Remco Bloemen under MIT license https://xn--2-umb.com/21/muldiv.
///
/// Notes:
/// - The result is rounded toward zero.
///
/// Requirements:
/// - The denominator must not be zero.
/// - The result must fit in uint256.
///
/// @param x The multiplicand as a uint256.
/// @param y The multiplier as a uint256.
/// @param denominator The divisor as a uint256.
/// @return result The result as a uint256.
/// @custom:smtchecker abstract-function-nondet
function mulDiv(uint256 x, uint256 y, uint256 denominator) pure returns (uint256 result) {
  // 512-bit multiply [prod1 prod0] = x * y. Compute the product mod 2^256 and mod 2^256 - 1, then use
  // use the Chinese Remainder Theorem to reconstruct the 512-bit result. The result is stored in two 256
  // variables such that product = prod1 * 2^256 + prod0.
  uint256 prod0; // Least significant 256 bits of the product
  uint256 prod1; // Most significant 256 bits of the product
  assembly ("memory-safe") {
    let mm := mulmod(x, y, not(0))
    prod0 := mul(x, y)
    prod1 := sub(sub(mm, prod0), lt(mm, prod0))
  }

  // Handle non-overflow cases, 256 by 256 division.
  if (prod1 == 0) {
    unchecked {
      return prod0 / denominator;
    }
  }

  // Make sure the result is less than 2^256. Also prevents denominator == 0.
  if (prod1 >= denominator) {
    revert PRBMath_MulDiv_Overflow(x, y, denominator);
  }

  ////////////////////////////////////////////////////////////////////////////
  // 512 by 256 division
  ////////////////////////////////////////////////////////////////////////////

  // Make division exact by subtracting the remainder from [prod1 prod0].
  uint256 remainder;
  assembly ("memory-safe") {
    // Compute remainder using the mulmod Yul instruction.
    remainder := mulmod(x, y, denominator)

    // Subtract 256 bit number from 512-bit number.
    prod1 := sub(prod1, gt(remainder, prod0))
    prod0 := sub(prod0, remainder)
  }

  unchecked {
    // Calculate the largest power of two divisor of the denominator using the unary operator ~. This operation cannot
    // overflow
    // because the denominator cannot be zero at this point in the function execution. The result is always >= 1.
    // For more detail, see https://cs.stackexchange.com/q/138556/92363.
    uint256 lpotdod = denominator & (~denominator + 1);
    uint256 flippedLpotdod;

    assembly ("memory-safe") {
      // Factor powers of two out of denominator.
      denominator := div(denominator, lpotdod)

      // Divide [prod1 prod0] by lpotdod.
      prod0 := div(prod0, lpotdod)

      // Get the flipped value `2^256 / lpotdod`. If the `lpotdod` is zero, the flipped value is one.
      // `sub(0, lpotdod)` produces the two's complement version of `lpotdod`, which is equivalent to flipping all the
      // bits.
      // However, `div` interprets this value as an unsigned value: https://ethereum.stackexchange.com/q/147168/24693
      flippedLpotdod := add(div(sub(0, lpotdod), lpotdod), 1)
    }

    // Shift in bits from prod1 into prod0.
    prod0 |= prod1 * flippedLpotdod;

    // Invert denominator mod 2^256. Now that denominator is an odd number, it has an inverse modulo 2^256 such
    // that denominator * inv = 1 mod 2^256. Compute the inverse by starting with a seed that is correct for
    // four bits. That is, denominator * inv = 1 mod 2^4.
    uint256 inverse = (3 * denominator) ^ 2;

    // Use the Newton-Raphson iteration to improve the precision. Thanks to Hensel's lifting lemma, this also works
    // in modular arithmetic, doubling the correct bits in each step.
    inverse *= 2 - denominator * inverse; // inverse mod 2^8
    inverse *= 2 - denominator * inverse; // inverse mod 2^16
    inverse *= 2 - denominator * inverse; // inverse mod 2^32
    inverse *= 2 - denominator * inverse; // inverse mod 2^64
    inverse *= 2 - denominator * inverse; // inverse mod 2^128
    inverse *= 2 - denominator * inverse; // inverse mod 2^256

    // Because the division is now exact we can divide by multiplying with the modular inverse of denominator.
    // This will give us the correct result modulo 2^256. Since the preconditions guarantee that the outcome is
    // less than 2^256, this is the final result. We don't need to compute the high bits of the result and prod1
    // is no longer required.
    result = prod0 * inverse;
  }
}

/// @notice Calculates x*y÷1e18 with 512-bit precision.
///
/// @dev A variant of {mulDiv} with constant folding, i.e. in which the denominator is hard coded to 1e18.
///
/// Notes:
/// - The body is purposely left uncommented; to understand how this works, see the documentation in {mulDiv}.
/// - The result is rounded toward zero.
/// - We take as an axiom that the result cannot be `MAX_UINT256` when x and y solve the following system of equations:
///
/// $$
/// \begin{cases}
///     x * y = MAX\_UINT256 * UNIT \\
///     (x * y) \% UNIT \geq \frac{UNIT}{2}
/// \end{cases}
/// $$
///
/// Requirements:
/// - Refer to the requirements in {mulDiv}.
/// - The result must fit in uint256.
///
/// @param x The multiplicand as an unsigned 60.18-decimal fixed-point number.
/// @param y The multiplier as an unsigned 60.18-decimal fixed-point number.
/// @return result The result as an unsigned 60.18-decimal fixed-point number.
/// @custom:smtchecker abstract-function-nondet
function mulDiv18(uint256 x, uint256 y) pure returns (uint256 result) {
  uint256 prod0;
  uint256 prod1;
  assembly ("memory-safe") {
    let mm := mulmod(x, y, not(0))
    prod0 := mul(x, y)
    prod1 := sub(sub(mm, prod0), lt(mm, prod0))
  }

  if (prod1 == 0) {
    unchecked {
      return prod0 / UNIT;
    }
  }

  if (prod1 >= UNIT) {
    revert PRBMath_MulDiv18_Overflow(x, y);
  }

  uint256 remainder;
  assembly ("memory-safe") {
    remainder := mulmod(x, y, UNIT)
    result :=
      mul(
        or(
          div(sub(prod0, remainder), UNIT_LPOTD),
          mul(sub(prod1, gt(remainder, prod0)), add(div(sub(0, UNIT_LPOTD), UNIT_LPOTD), 1))
        ),
        UNIT_INVERSE
      )
  }
}

/// @notice Calculates x*y÷denominator with 512-bit precision.
///
/// @dev This is an extension of {mulDiv} for signed numbers, which works by computing the signs and the absolute values
/// separately.
///
/// Notes:
/// - The result is rounded toward zero.
///
/// Requirements:
/// - Refer to the requirements in {mulDiv}.
/// - None of the inputs can be `type(int256).min`.
/// - The result must fit in int256.
///
/// @param x The multiplicand as an int256.
/// @param y The multiplier as an int256.
/// @param denominator The divisor as an int256.
/// @return result The result as an int256.
/// @custom:smtchecker abstract-function-nondet
function mulDivSigned(int256 x, int256 y, int256 denominator) pure returns (int256 result) {
  if (x == type(int256).min || y == type(int256).min || denominator == type(int256).min) {
    revert PRBMath_MulDivSigned_InputTooSmall();
  }

  // Get hold of the absolute values of x, y and the denominator.
  uint256 xAbs;
  uint256 yAbs;
  uint256 dAbs;
  unchecked {
    xAbs = x < 0 ? uint256(-x) : uint256(x);
    yAbs = y < 0 ? uint256(-y) : uint256(y);
    dAbs = denominator < 0 ? uint256(-denominator) : uint256(denominator);
  }

  // Compute the absolute value of x*y÷denominator. The result must fit in int256.
  uint256 resultAbs = mulDiv(xAbs, yAbs, dAbs);
  if (resultAbs > uint256(type(int256).max)) {
    revert PRBMath_MulDivSigned_Overflow(x, y);
  }

  // Get the signs of x, y and the denominator.
  uint256 sx;
  uint256 sy;
  uint256 sd;
  assembly ("memory-safe") {
    // "sgt" is the "signed greater than" assembly instruction and "sub(0,1)" is -1 in two's complement.
    sx := sgt(x, sub(0, 1))
    sy := sgt(y, sub(0, 1))
    sd := sgt(denominator, sub(0, 1))
  }

  // XOR over sx, sy and sd. What this does is to check whether there are 1 or 3 negative signs in the inputs.
  // If there are, the result should be negative. Otherwise, it should be positive.
  unchecked {
    result = sx ^ sy ^ sd == 0 ? -int256(resultAbs) : int256(resultAbs);
  }
}

/// @notice Calculates the square root of x using the Babylonian method.
///
/// @dev See https://en.wikipedia.org/wiki/Methods_of_computing_square_roots#Babylonian_method.
///
/// Notes:
/// - If x is not a perfect square, the result is rounded down.
/// - Credits to OpenZeppelin for the explanations in comments below.
///
/// @param x The uint256 number for which to calculate the square root.
/// @return result The result as a uint256.
/// @custom:smtchecker abstract-function-nondet
function sqrt(uint256 x) pure returns (uint256 result) {
  if (x == 0) {
    return 0;
  }

  // For our first guess, we calculate the biggest power of 2 which is smaller than the square root of x.
  //
  // We know that the "msb" (most significant bit) of x is a power of 2 such that we have:
  //
  // $$
  // msb(x) <= x <= 2*msb(x)$
  // $$
  //
  // We write $msb(x)$ as $2^k$, and we get:
  //
  // $$
  // k = log_2(x)
  // $$
  //
  // Thus, we can write the initial inequality as:
  //
  // $$
  // 2^{log_2(x)} <= x <= 2*2^{log_2(x)+1} \\
  // sqrt(2^k) <= sqrt(x) < sqrt(2^{k+1}) \\
  // 2^{k/2} <= sqrt(x) < 2^{(k+1)/2} <= 2^{(k/2)+1}
  // $$
  //
  // Consequently, $2^{log_2(x) /2} is a good first approximation of sqrt(x) with at least one correct bit.
  uint256 xAux = uint256(x);
  result = 1;
  if (xAux >= 2 ** 128) {
    xAux >>= 128;
    result <<= 64;
  }
  if (xAux >= 2 ** 64) {
    xAux >>= 64;
    result <<= 32;
  }
  if (xAux >= 2 ** 32) {
    xAux >>= 32;
    result <<= 16;
  }
  if (xAux >= 2 ** 16) {
    xAux >>= 16;
    result <<= 8;
  }
  if (xAux >= 2 ** 8) {
    xAux >>= 8;
    result <<= 4;
  }
  if (xAux >= 2 ** 4) {
    xAux >>= 4;
    result <<= 2;
  }
  if (xAux >= 2 ** 2) {
    result <<= 1;
  }

  // At this point, `result` is an estimation with at least one bit of precision. We know the true value has at
  // most 128 bits, since it is the square root of a uint256. Newton's method converges quadratically (precision
  // doubles at every iteration). We thus need at most 7 iteration to turn our partial result with one bit of
  // precision into the expected uint128 result.
  unchecked {
    result = (result + x / result) >> 1;
    result = (result + x / result) >> 1;
    result = (result + x / result) >> 1;
    result = (result + x / result) >> 1;
    result = (result + x / result) >> 1;
    result = (result + x / result) >> 1;
    result = (result + x / result) >> 1;

    // If x is not a perfect square, round the result toward zero.
    uint256 roundedResult = x / result;
    if (result >= roundedResult) {
      result = roundedResult;
    }
  }
}

// SPDX-License-Identifier: MIT
pragma solidity >=0.8.19;

import { SD21x18 } from "./ValueType.sol";

/// @dev Euler's number as an SD21x18 number.
SD21x18 constant E = SD21x18.wrap(2_718_281_828_459_045_235);

/// @dev The maximum value an SD21x18 number can have.
int128 constant uMAX_SD21x18 = 170_141_183_460_469_231_731_687_303_715_884_105_727;
SD21x18 constant MAX_SD21x18 = SD21x18.wrap(uMAX_SD21x18);

/// @dev The minimum value an SD21x18 number can have.
int128 constant uMIN_SD21x18 = -170_141_183_460_469_231_731_687_303_715_884_105_728;
SD21x18 constant MIN_SD21x18 = SD21x18.wrap(uMIN_SD21x18);

/// @dev PI as an SD21x18 number.
SD21x18 constant PI = SD21x18.wrap(3_141_592_653_589_793_238);

/// @dev The unit number, which gives the decimal precision of SD21x18.
SD21x18 constant UNIT = SD21x18.wrap(1e18);
int128 constant uUNIT = 1e18;

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.1) (utils/Context.sol)

pragma solidity ^0.8.20;

/**
 * @dev Provides information about the current execution context, including the
 * sender of the transaction and its data. While these are generally available
 * via msg.sender and msg.data, they should not be accessed in such a direct
 * manner, since when dealing with meta-transactions the account sending and
 * paying for execution may not be the actual sender (as far as an application
 * is concerned).
 *
 * This contract is only required for intermediate, library-like contracts.
 */
abstract contract Context {
  function _msgSender() internal view virtual returns (address) {
    return msg.sender;
  }

  function _msgData() internal view virtual returns (bytes calldata) {
    return msg.data;
  }

  function _contextSuffixLength() internal view virtual returns (uint256) {
    return 0;
  }
}

// SPDX-License-Identifier: MIT
pragma solidity >=0.8.19;

import { uMAX_UD60x18, uUNIT } from "./Constants.sol";
import { PRBMath_UD60x18_Convert_Overflow } from "./Errors.sol";
import { UD60x18 } from "./ValueType.sol";

/// @notice Converts a UD60x18 number to a simple integer by dividing it by `UNIT`.
/// @dev The result is rounded toward zero.
/// @param x The UD60x18 number to convert.
/// @return result The same number in basic integer form.
function convert(UD60x18 x) pure returns (uint256 result) {
  result = UD60x18.unwrap(x) / uUNIT;
}

/// @notice Converts a simple integer to UD60x18 by multiplying it by `UNIT`.
///
/// @dev Requirements:
/// - x ≤ MAX_UD60x18 / UNIT
///
/// @param x The basic integer to convert.
/// @return result The same number converted to UD60x18.
function convert(uint256 x) pure returns (UD60x18 result) {
  if (x > uMAX_UD60x18 / uUNIT) {
    revert PRBMath_UD60x18_Convert_Overflow(x);
  }
  unchecked {
    result = UD60x18.wrap(x * uUNIT);
  }
}

// SPDX-License-Identifier: LZBL-1.2

pragma solidity ^0.8.20;

import { BytesLib } from "solidity-bytes-utils/contracts/BytesLib.sol";

import { BitMap256 } from "@layerzerolabs/lz-evm-protocol-v2/contracts/messagelib/libs/BitMaps.sol";
import { CalldataBytesLib } from "@layerzerolabs/lz-evm-protocol-v2/contracts/libs/CalldataBytesLib.sol";

library DVNOptions {
  using CalldataBytesLib for bytes;
  using BytesLib for bytes;

  uint8 internal constant WORKER_ID = 2;
  uint8 internal constant OPTION_TYPE_PRECRIME = 1;

  error DVN_InvalidDVNIdx();
  error DVN_InvalidDVNOptions(uint256 cursor);

  /// @dev group dvn options by its idx
  /// @param _options [dvn_id][dvn_option][dvn_id][dvn_option]...
  ///        dvn_option = [option_size][dvn_idx][option_type][option]
  ///        option_size = len(dvn_idx) + len(option_type) + len(option)
  ///        dvn_id: uint8, dvn_idx: uint8, option_size: uint16, option_type: uint8, option: bytes
  /// @return dvnOptions the grouped options, still share the same format of _options
  /// @return dvnIndices the dvn indices
  function groupDVNOptionsByIdx(bytes memory _options)
    internal
    pure
    returns (bytes[] memory dvnOptions, uint8[] memory dvnIndices)
  {
    if (_options.length == 0) return (dvnOptions, dvnIndices);

    uint8 numDVNs = getNumDVNs(_options);

    // if there is only 1 dvn, we can just return the whole options
    if (numDVNs == 1) {
      dvnOptions = new bytes[](1);
      dvnOptions[0] = _options;

      dvnIndices = new uint8[](1);
      dvnIndices[0] = _options.toUint8(3); // dvn idx
      return (dvnOptions, dvnIndices);
    }

    // otherwise, we need to group the options by dvn_idx
    dvnIndices = new uint8[](numDVNs);
    dvnOptions = new bytes[](numDVNs);
    unchecked {
      uint256 cursor = 0;
      uint256 start = 0;
      uint8 lastDVNIdx = 255; // 255 is an invalid dvn_idx

      while (cursor < _options.length) {
        ++cursor; // skip worker_id

        // optionLength asserted in getNumDVNs (skip check)
        uint16 optionLength = _options.toUint16(cursor);
        cursor += 2;

        // dvnIdx asserted in getNumDVNs (skip check)
        uint8 dvnIdx = _options.toUint8(cursor);

        // dvnIdx must equal to the lastDVNIdx for the first option
        // so it is always skipped in the first option
        // this operation slices out options whenever the scan finds a different lastDVNIdx
        if (lastDVNIdx == 255) {
          lastDVNIdx = dvnIdx;
        } else if (dvnIdx != lastDVNIdx) {
          uint256 len = cursor - start - 3; // 3 is for worker_id and option_length
          bytes memory opt = _options.slice(start, len);
          _insertDVNOptions(dvnOptions, dvnIndices, lastDVNIdx, opt);

          // reset the start and lastDVNIdx
          start += len;
          lastDVNIdx = dvnIdx;
        }

        cursor += optionLength;
      }

      // skip check the cursor here because the cursor is asserted in getNumDVNs
      // if we have reached the end of the options, we need to process the last dvn
      uint256 size = cursor - start;
      bytes memory op = _options.slice(start, size);
      _insertDVNOptions(dvnOptions, dvnIndices, lastDVNIdx, op);

      // revert dvnIndices to start from 0
      for (uint8 i = 0; i < numDVNs; ++i) {
        --dvnIndices[i];
      }
    }
  }

  function _insertDVNOptions(
    bytes[] memory _dvnOptions,
    uint8[] memory _dvnIndices,
    uint8 _dvnIdx,
    bytes memory _newOptions
  ) internal pure {
    // dvnIdx starts from 0 but default value of dvnIndices is 0,
    // so we tell if the slot is empty by adding 1 to dvnIdx
    if (_dvnIdx == 255) revert DVN_InvalidDVNIdx();
    uint8 dvnIdxAdj = _dvnIdx + 1;

    for (uint256 j = 0; j < _dvnIndices.length; ++j) {
      uint8 index = _dvnIndices[j];
      if (dvnIdxAdj == index) {
        _dvnOptions[j] = abi.encodePacked(_dvnOptions[j], _newOptions);
        break;
      } else if (index == 0) {
        // empty slot, that means it is the first time we see this dvn
        _dvnIndices[j] = dvnIdxAdj;
        _dvnOptions[j] = _newOptions;
        break;
      }
    }
  }

  /// @dev get the number of unique dvns
  /// @param _options the format is the same as groupDVNOptionsByIdx
  function getNumDVNs(bytes memory _options) internal pure returns (uint8 numDVNs) {
    uint256 cursor = 0;
    BitMap256 bitmap;

    // find number of unique dvn_idx
    unchecked {
      while (cursor < _options.length) {
        ++cursor; // skip worker_id

        uint16 optionLength = _options.toUint16(cursor);
        cursor += 2;
        if (optionLength < 2) revert DVN_InvalidDVNOptions(cursor); // at least 1 byte for dvn_idx and 1 byte for
          // option_type

        uint8 dvnIdx = _options.toUint8(cursor);

        // if dvnIdx is not set, increment numDVNs
        // max num of dvns is 255, 255 is an invalid dvn_idx
        // The order of the dvnIdx is not required to be sequential, as enforcing the order may weaken
        // the composability of the options. e.g. if we refrain from enforcing the order, an OApp that has
        // already enforced certain options can append additional options to the end of the enforced
        // ones without restrictions.
        if (dvnIdx == 255) revert DVN_InvalidDVNIdx();
        if (!bitmap.get(dvnIdx)) {
          ++numDVNs;
          bitmap = bitmap.set(dvnIdx);
        }

        cursor += optionLength;
      }
    }
    if (cursor != _options.length) revert DVN_InvalidDVNOptions(cursor);
  }

  /// @dev decode the next dvn option from _options starting from the specified cursor
  /// @param _options the format is the same as groupDVNOptionsByIdx
  /// @param _cursor the cursor to start decoding
  /// @return optionType the type of the option
  /// @return option the option
  /// @return cursor the cursor to start decoding the next option
  function nextDVNOption(bytes calldata _options, uint256 _cursor)
    internal
    pure
    returns (uint8 optionType, bytes calldata option, uint256 cursor)
  {
    unchecked {
      // skip worker id
      cursor = _cursor + 1;

      // read option size
      uint16 size = _options.toU16(cursor);
      cursor += 2;

      // read option type
      optionType = _options.toU8(cursor + 1); // skip dvn_idx

      // startCursor and endCursor are used to slice the option from _options
      uint256 startCursor = cursor + 2; // skip option type and dvn_idx
      uint256 endCursor = cursor + size;
      option = _options[startCursor:endCursor];
      cursor += size;
    }
  }
}

// SPDX-License-Identifier: GPL-3.0-or-later
pragma solidity >=0.8.19;

import { IERC20 } from "@openzeppelin/contracts/token/ERC20/IERC20.sol";
import { UD2x18 } from "@prb/math/src/UD2x18.sol";
import { UD60x18 } from "@prb/math/src/UD60x18.sol";

// DataTypes.sol
//
// This file defines all structs used in V2 Core, most of which are organized under three namespaces:
//
// - Lockup
// - LockupDynamic
// - LockupLinear
//
// You will notice that some structs contain "slot" annotations - they are used to indicate the
// storage layout of the struct. It is more gas efficient to group small data types together so
// that they fit in a single 32-byte slot.

/// @notice Struct encapsulating the broker parameters passed to the create functions. Both can be set to zero.
/// @param account The address receiving the broker's fee.
/// @param fee The broker's percentage fee from the total amount, denoted as a fixed-point number where 1e18 is 100%.
struct Broker {
  address account;
  UD60x18 fee;
}

/// @notice Namespace for the structs used in both {SablierV2LockupLinear} and {SablierV2LockupDynamic}.
library Lockup {
  /// @notice Struct encapsulating the deposit, withdrawn, and refunded amounts, all denoted in units
  /// of the asset's decimals.
  /// @dev Because the deposited and the withdrawn amount are often read together, declaring them in
  /// the same slot saves gas.
  /// @param deposited The initial amount deposited in the stream, net of fees.
  /// @param withdrawn The cumulative amount withdrawn from the stream.
  /// @param refunded The amount refunded to the sender. Unless the stream was canceled, this is always zero.
  struct Amounts {
    // slot 0
    uint128 deposited;
    uint128 withdrawn;
    // slot 1
    uint128 refunded;
  }

  /// @notice Struct encapsulating the deposit amount, the protocol fee amount, and the broker fee amount,
  /// all denoted in units of the asset's decimals.
  /// @param deposit The amount to deposit in the stream.
  /// @param protocolFee The protocol fee amount.
  /// @param brokerFee The broker fee amount.
  struct CreateAmounts {
    uint128 deposit;
    uint128 protocolFee;
    uint128 brokerFee;
  }

  /// @notice Enum representing the different statuses of a stream.
  /// @custom:value PENDING Stream created but not started; assets are in a pending state.
  /// @custom:value STREAMING Active stream where assets are currently being streamed.
  /// @custom:value SETTLED All assets have been streamed; recipient is due to withdraw them.
  /// @custom:value CANCELED Canceled stream; remaining assets await recipient's withdrawal.
  /// @custom:value DEPLETED Depleted stream; all assets have been withdrawn and/or refunded.
  enum Status {
    PENDING, // value 0
    STREAMING, // value 1
    SETTLED, // value 2
    CANCELED, // value 3
    DEPLETED // value 4

  }
}

/// @notice Namespace for the structs used in {SablierV2LockupDynamic}.
library LockupDynamic {
  /// @notice Struct encapsulating the parameters for the {SablierV2LockupDynamic.createWithDeltas} function.
  /// @param sender The address streaming the assets, with the ability to cancel the stream. It doesn't have to be the
  /// same as `msg.sender`.
  /// @param recipient The address receiving the assets.
  /// @param totalAmount The total amount of ERC-20 assets to be paid, including the stream deposit and any potential
  /// fees, all denoted in units of the asset's decimals.
  /// @param asset The contract address of the ERC-20 asset used for streaming.
  /// @param cancelable Indicates if the stream is cancelable.
  /// @param transferable Indicates if the stream NFT is transferable.
  /// @param broker Struct containing (i) the address of the broker assisting in creating the stream, and (ii) the
  /// percentage fee paid to the broker from `totalAmount`, denoted as a fixed-point number. Both can be set to zero.
  /// @param segments Segments with deltas used to compose the custom streaming curve. Milestones are calculated by
  /// starting from `block.timestamp` and adding each delta to the previous milestone.
  struct CreateWithDeltas {
    address sender;
    bool cancelable;
    bool transferable;
    address recipient;
    uint128 totalAmount;
    IERC20 asset;
    Broker broker;
    SegmentWithDelta[] segments;
  }

  /// @notice Struct encapsulating the parameters for the {SablierV2LockupDynamic.createWithMilestones}
  /// function.
  /// @param sender The address streaming the assets, with the ability to cancel the stream. It doesn't have to be the
  /// same as `msg.sender`.
  /// @param startTime The Unix timestamp indicating the stream's start.
  /// @param cancelable Indicates if the stream is cancelable.
  /// @param transferable Indicates if the stream NFT is transferable.
  /// @param recipient The address receiving the assets.
  /// @param totalAmount The total amount of ERC-20 assets to be paid, including the stream deposit and any potential
  /// fees, all denoted in units of the asset's decimals.
  /// @param asset The contract address of the ERC-20 asset used for streaming.
  /// @param broker Struct containing (i) the address of the broker assisting in creating the stream, and (ii) the
  /// percentage fee paid to the broker from `totalAmount`, denoted as a fixed-point number. Both can be set to zero.
  /// @param segments Segments used to compose the custom streaming curve.
  struct CreateWithMilestones {
    address sender;
    uint40 startTime;
    bool cancelable;
    bool transferable;
    address recipient;
    uint128 totalAmount;
    IERC20 asset;
    Broker broker;
    Segment[] segments;
  }

  /// @notice Struct encapsulating the time range.
  /// @param start The Unix timestamp indicating the stream's start.
  /// @param end The Unix timestamp indicating the stream's end.
  struct Range {
    uint40 start;
    uint40 end;
  }

  /// @notice Segment struct used in the Lockup Dynamic stream.
  /// @param amount The amount of assets to be streamed in this segment, denoted in units of the asset's decimals.
  /// @param exponent The exponent of this segment, denoted as a fixed-point number.
  /// @param milestone The Unix timestamp indicating this segment's end.
  struct Segment {
    // slot 0
    uint128 amount;
    UD2x18 exponent;
    uint40 milestone;
  }

  /// @notice Segment struct used at runtime in {SablierV2LockupDynamic.createWithDeltas}.
  /// @param amount The amount of assets to be streamed in this segment, denoted in units of the asset's decimals.
  /// @param exponent The exponent of this segment, denoted as a fixed-point number.
  /// @param delta The time difference in seconds between this segment and the previous one.
  struct SegmentWithDelta {
    uint128 amount;
    UD2x18 exponent;
    uint40 delta;
  }

  /// @notice Lockup Dynamic stream.
  /// @dev The fields are arranged like this to save gas via tight variable packing.
  /// @param sender The address streaming the assets, with the ability to cancel the stream.
  /// @param startTime The Unix timestamp indicating the stream's start.
  /// @param endTime The Unix timestamp indicating the stream's end.
  /// @param isCancelable Boolean indicating if the stream is cancelable.
  /// @param wasCanceled Boolean indicating if the stream was canceled.
  /// @param asset The contract address of the ERC-20 asset used for streaming.
  /// @param isDepleted Boolean indicating if the stream is depleted.
  /// @param isStream Boolean indicating if the struct entity exists.
  /// @param isTransferable Boolean indicating if the stream NFT is transferable.
  /// @param amounts Struct containing the deposit, withdrawn, and refunded amounts, all denoted in units of the
  /// asset's decimals.
  /// @param segments Segments used to compose the custom streaming curve.
  struct Stream {
    // slot 0
    address sender;
    uint40 startTime;
    uint40 endTime;
    bool isCancelable;
    bool wasCanceled;
    // slot 1
    IERC20 asset;
    bool isDepleted;
    bool isStream;
    bool isTransferable;
    // slot 2 and 3
    Lockup.Amounts amounts;
    // slots [4..n]
    Segment[] segments;
  }
}

/// @notice Namespace for the structs used in {SablierV2LockupLinear}.
library LockupLinear {
  /// @notice Struct encapsulating the parameters for the {SablierV2LockupLinear.createWithDurations} function.
  /// @param sender The address streaming the assets, with the ability to cancel the stream. It doesn't have to be the
  /// same as `msg.sender`.
  /// @param recipient The address receiving the assets.
  /// @param totalAmount The total amount of ERC-20 assets to be paid, including the stream deposit and any potential
  /// fees, all denoted in units of the asset's decimals.
  /// @param asset The contract address of the ERC-20 asset used for streaming.
  /// @param cancelable Indicates if the stream is cancelable.
  /// @param transferable Indicates if the stream NFT is transferable.
  /// @param durations Struct containing (i) cliff period duration and (ii) total stream duration, both in seconds.
  /// @param broker Struct containing (i) the address of the broker assisting in creating the stream, and (ii) the
  /// percentage fee paid to the broker from `totalAmount`, denoted as a fixed-point number. Both can be set to zero.
  struct CreateWithDurations {
    address sender;
    address recipient;
    uint128 totalAmount;
    IERC20 asset;
    bool cancelable;
    bool transferable;
    Durations durations;
    Broker broker;
  }

  /// @notice Struct encapsulating the parameters for the {SablierV2LockupLinear.createWithRange} function.
  /// @param sender The address streaming the assets, with the ability to cancel the stream. It doesn't have to be the
  /// same as `msg.sender`.
  /// @param recipient The address receiving the assets.
  /// @param totalAmount The total amount of ERC-20 assets to be paid, including the stream deposit and any potential
  /// fees, all denoted in units of the asset's decimals.
  /// @param asset The contract address of the ERC-20 asset used for streaming.
  /// @param cancelable Indicates if the stream is cancelable.
  /// @param transferable Indicates if the stream NFT is transferable.
  /// @param range Struct containing (i) the stream's start time, (ii) cliff time, and (iii) end time, all as Unix
  /// timestamps.
  /// @param broker Struct containing (i) the address of the broker assisting in creating the stream, and (ii) the
  /// percentage fee paid to the broker from `totalAmount`, denoted as a fixed-point number. Both can be set to zero.
  struct CreateWithRange {
    address sender;
    address recipient;
    uint128 totalAmount;
    IERC20 asset;
    bool cancelable;
    bool transferable;
    Range range;
    Broker broker;
  }

  /// @notice Struct encapsulating the cliff duration and the total duration.
  /// @param cliff The cliff duration in seconds.
  /// @param total The total duration in seconds.
  struct Durations {
    uint40 cliff;
    uint40 total;
  }

  /// @notice Struct encapsulating the time range.
  /// @param start The Unix timestamp for the stream's start.
  /// @param cliff The Unix timestamp for the cliff period's end.
  /// @param end The Unix timestamp for the stream's end.
  struct Range {
    uint40 start;
    uint40 cliff;
    uint40 end;
  }

  /// @notice Lockup Linear stream.
  /// @dev The fields are arranged like this to save gas via tight variable packing.
  /// @param sender The address streaming the assets, with the ability to cancel the stream.
  /// @param startTime The Unix timestamp indicating the stream's start.
  /// @param cliffTime The Unix timestamp indicating the cliff period's end.
  /// @param isCancelable Boolean indicating if the stream is cancelable.
  /// @param wasCanceled Boolean indicating if the stream was canceled.
  /// @param asset The contract address of the ERC-20 asset used for streaming.
  /// @param endTime The Unix timestamp indicating the stream's end.
  /// @param isDepleted Boolean indicating if the stream is depleted.
  /// @param isStream Boolean indicating if the struct entity exists.
  /// @param isTransferable Boolean indicating if the stream NFT is transferable.
  /// @param amounts Struct containing the deposit, withdrawn, and refunded amounts, all denoted in units of the
  /// asset's decimals.
  struct Stream {
    // slot 0
    address sender;
    uint40 startTime;
    uint40 cliffTime;
    bool isCancelable;
    bool wasCanceled;
    // slot 1
    IERC20 asset;
    uint40 endTime;
    bool isDepleted;
    bool isStream;
    bool isTransferable;
    // slot 2 and 3
    Lockup.Amounts amounts;
  }
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (utils/introspection/ERC165.sol)

pragma solidity ^0.8.20;

import { IERC165 } from "./IERC165.sol";

/**
 * @dev Implementation of the {IERC165} interface.
 *
 * Contracts that want to implement ERC165 should inherit from this contract and override {supportsInterface} to check
 * for the additional interface id that will be supported. For example:
 *
 * ```solidity
 * function supportsInterface(bytes4 interfaceId) public view virtual override returns (bool) {
 *     return interfaceId == type(MyInterface).interfaceId || super.supportsInterface(interfaceId);
 * }
 * ```
 */
abstract contract ERC165 is IERC165 {
  /**
   * @dev See {IERC165-supportsInterface}.
   */
  function supportsInterface(bytes4 interfaceId) public view virtual returns (bool) {
    return interfaceId == type(IERC165).interfaceId;
  }
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (token/ERC721/ERC721.sol)

pragma solidity ^0.8.20;

import { IERC721 } from "./IERC721.sol";
import { IERC721Receiver } from "./IERC721Receiver.sol";
import { IERC721Metadata } from "./extensions/IERC721Metadata.sol";
import { Context } from "../../utils/Context.sol";
import { Strings } from "../../utils/Strings.sol";
import { IERC165, ERC165 } from "../../utils/introspection/ERC165.sol";
import { IERC721Errors } from "../../interfaces/draft-IERC6093.sol";

/**
 * @dev Implementation of https://eips.ethereum.org/EIPS/eip-721[ERC721] Non-Fungible Token Standard, including
 * the Metadata extension, but not including the Enumerable extension, which is available separately as
 * {ERC721Enumerable}.
 */
abstract contract ERC721 is Context, ERC165, IERC721, IERC721Metadata, IERC721Errors {
  using Strings for uint256;

  // Token name
  string private _name;

  // Token symbol
  string private _symbol;

  mapping(uint256 tokenId => address) private _owners;

  mapping(address owner => uint256) private _balances;

  mapping(uint256 tokenId => address) private _tokenApprovals;

  mapping(address owner => mapping(address operator => bool)) private _operatorApprovals;

  /**
   * @dev Initializes the contract by setting a `name` and a `symbol` to the token collection.
   */
  constructor(string memory name_, string memory symbol_) {
    _name = name_;
    _symbol = symbol_;
  }

  /**
   * @dev See {IERC165-supportsInterface}.
   */
  function supportsInterface(bytes4 interfaceId) public view virtual override(ERC165, IERC165) returns (bool) {
    return interfaceId == type(IERC721).interfaceId || interfaceId == type(IERC721Metadata).interfaceId
      || super.supportsInterface(interfaceId);
  }

  /**
   * @dev See {IERC721-balanceOf}.
   */
  function balanceOf(address owner) public view virtual returns (uint256) {
    if (owner == address(0)) {
      revert ERC721InvalidOwner(address(0));
    }
    return _balances[owner];
  }

  /**
   * @dev See {IERC721-ownerOf}.
   */
  function ownerOf(uint256 tokenId) public view virtual returns (address) {
    return _requireOwned(tokenId);
  }

  /**
   * @dev See {IERC721Metadata-name}.
   */
  function name() public view virtual returns (string memory) {
    return _name;
  }

  /**
   * @dev See {IERC721Metadata-symbol}.
   */
  function symbol() public view virtual returns (string memory) {
    return _symbol;
  }

  /**
   * @dev See {IERC721Metadata-tokenURI}.
   */
  function tokenURI(uint256 tokenId) public view virtual returns (string memory) {
    _requireOwned(tokenId);

    string memory baseURI = _baseURI();
    return bytes(baseURI).length > 0 ? string.concat(baseURI, tokenId.toString()) : "";
  }

  /**
   * @dev Base URI for computing {tokenURI}. If set, the resulting URI for each
   * token will be the concatenation of the `baseURI` and the `tokenId`. Empty
   * by default, can be overridden in child contracts.
   */
  function _baseURI() internal view virtual returns (string memory) {
    return "";
  }

  /**
   * @dev See {IERC721-approve}.
   */
  function approve(address to, uint256 tokenId) public virtual {
    _approve(to, tokenId, _msgSender());
  }

  /**
   * @dev See {IERC721-getApproved}.
   */
  function getApproved(uint256 tokenId) public view virtual returns (address) {
    _requireOwned(tokenId);

    return _getApproved(tokenId);
  }

  /**
   * @dev See {IERC721-setApprovalForAll}.
   */
  function setApprovalForAll(address operator, bool approved) public virtual {
    _setApprovalForAll(_msgSender(), operator, approved);
  }

  /**
   * @dev See {IERC721-isApprovedForAll}.
   */
  function isApprovedForAll(address owner, address operator) public view virtual returns (bool) {
    return _operatorApprovals[owner][operator];
  }

  /**
   * @dev See {IERC721-transferFrom}.
   */
  function transferFrom(address from, address to, uint256 tokenId) public virtual {
    if (to == address(0)) {
      revert ERC721InvalidReceiver(address(0));
    }
    // Setting an "auth" arguments enables the `_isAuthorized` check which verifies that the token exists
    // (from != 0). Therefore, it is not needed to verify that the return value is not 0 here.
    address previousOwner = _update(to, tokenId, _msgSender());
    if (previousOwner != from) {
      revert ERC721IncorrectOwner(from, tokenId, previousOwner);
    }
  }

  /**
   * @dev See {IERC721-safeTransferFrom}.
   */
  function safeTransferFrom(address from, address to, uint256 tokenId) public {
    safeTransferFrom(from, to, tokenId, "");
  }

  /**
   * @dev See {IERC721-safeTransferFrom}.
   */
  function safeTransferFrom(address from, address to, uint256 tokenId, bytes memory data) public virtual {
    transferFrom(from, to, tokenId);
    _checkOnERC721Received(from, to, tokenId, data);
  }

  /**
   * @dev Returns the owner of the `tokenId`. Does NOT revert if token doesn't exist
   *
   * IMPORTANT: Any overrides to this function that add ownership of tokens not tracked by the
   * core ERC721 logic MUST be matched with the use of {_increaseBalance} to keep balances
   * consistent with ownership. The invariant to preserve is that for any address `a` the value returned by
   * `balanceOf(a)` must be equal to the number of tokens such that `_ownerOf(tokenId)` is `a`.
   */
  function _ownerOf(uint256 tokenId) internal view virtual returns (address) {
    return _owners[tokenId];
  }

  /**
   * @dev Returns the approved address for `tokenId`. Returns 0 if `tokenId` is not minted.
   */
  function _getApproved(uint256 tokenId) internal view virtual returns (address) {
    return _tokenApprovals[tokenId];
  }

  /**
   * @dev Returns whether `spender` is allowed to manage `owner`'s tokens, or `tokenId` in
   * particular (ignoring whether it is owned by `owner`).
   *
   * WARNING: This function assumes that `owner` is the actual owner of `tokenId` and does not verify this
   * assumption.
   */
  function _isAuthorized(address owner, address spender, uint256 tokenId) internal view virtual returns (bool) {
    return spender != address(0)
      && (owner == spender || isApprovedForAll(owner, spender) || _getApproved(tokenId) == spender);
  }

  /**
   * @dev Checks if `spender` can operate on `tokenId`, assuming the provided `owner` is the actual owner.
   * Reverts if `spender` does not have approval from the provided `owner` for the given token or for all its assets
   * the `spender` for the specific `tokenId`.
   *
   * WARNING: This function assumes that `owner` is the actual owner of `tokenId` and does not verify this
   * assumption.
   */
  function _checkAuthorized(address owner, address spender, uint256 tokenId) internal view virtual {
    if (!_isAuthorized(owner, spender, tokenId)) {
      if (owner == address(0)) {
        revert ERC721NonexistentToken(tokenId);
      } else {
        revert ERC721InsufficientApproval(spender, tokenId);
      }
    }
  }

  /**
   * @dev Unsafe write access to the balances, used by extensions that "mint" tokens using an {ownerOf} override.
   *
   * NOTE: the value is limited to type(uint128).max. This protect against _balance overflow. It is unrealistic that
   * a uint256 would ever overflow from increments when these increments are bounded to uint128 values.
   *
   * WARNING: Increasing an account's balance using this function tends to be paired with an override of the
   * {_ownerOf} function to resolve the ownership of the corresponding tokens so that balances and ownership
   * remain consistent with one another.
   */
  function _increaseBalance(address account, uint128 value) internal virtual {
    unchecked {
      _balances[account] += value;
    }
  }

  /**
   * @dev Transfers `tokenId` from its current owner to `to`, or alternatively mints (or burns) if the current owner
   * (or `to`) is the zero address. Returns the owner of the `tokenId` before the update.
   *
   * The `auth` argument is optional. If the value passed is non 0, then this function will check that
   * `auth` is either the owner of the token, or approved to operate on the token (by the owner).
   *
   * Emits a {Transfer} event.
   *
   * NOTE: If overriding this function in a way that tracks balances, see also {_increaseBalance}.
   */
  function _update(address to, uint256 tokenId, address auth) internal virtual returns (address) {
    address from = _ownerOf(tokenId);

    // Perform (optional) operator check
    if (auth != address(0)) {
      _checkAuthorized(from, auth, tokenId);
    }

    // Execute the update
    if (from != address(0)) {
      // Clear approval. No need to re-authorize or emit the Approval event
      _approve(address(0), tokenId, address(0), false);

      unchecked {
        _balances[from] -= 1;
      }
    }

    if (to != address(0)) {
      unchecked {
        _balances[to] += 1;
      }
    }

    _owners[tokenId] = to;

    emit Transfer(from, to, tokenId);

    return from;
  }

  /**
   * @dev Mints `tokenId` and transfers it to `to`.
   *
   * WARNING: Usage of this method is discouraged, use {_safeMint} whenever possible
   *
   * Requirements:
   *
   * - `tokenId` must not exist.
   * - `to` cannot be the zero address.
   *
   * Emits a {Transfer} event.
   */
  function _mint(address to, uint256 tokenId) internal {
    if (to == address(0)) {
      revert ERC721InvalidReceiver(address(0));
    }
    address previousOwner = _update(to, tokenId, address(0));
    if (previousOwner != address(0)) {
      revert ERC721InvalidSender(address(0));
    }
  }

  /**
   * @dev Mints `tokenId`, transfers it to `to` and checks for `to` acceptance.
   *
   * Requirements:
   *
   * - `tokenId` must not exist.
   * - If `to` refers to a smart contract, it must implement {IERC721Receiver-onERC721Received}, which is called upon a
   * safe transfer.
   *
   * Emits a {Transfer} event.
   */
  function _safeMint(address to, uint256 tokenId) internal {
    _safeMint(to, tokenId, "");
  }

  /**
   * @dev Same as {xref-ERC721-_safeMint-address-uint256-}[`_safeMint`], with an additional `data` parameter which is
   * forwarded in {IERC721Receiver-onERC721Received} to contract recipients.
   */
  function _safeMint(address to, uint256 tokenId, bytes memory data) internal virtual {
    _mint(to, tokenId);
    _checkOnERC721Received(address(0), to, tokenId, data);
  }

  /**
   * @dev Destroys `tokenId`.
   * The approval is cleared when the token is burned.
   * This is an internal function that does not check if the sender is authorized to operate on the token.
   *
   * Requirements:
   *
   * - `tokenId` must exist.
   *
   * Emits a {Transfer} event.
   */
  function _burn(uint256 tokenId) internal {
    address previousOwner = _update(address(0), tokenId, address(0));
    if (previousOwner == address(0)) {
      revert ERC721NonexistentToken(tokenId);
    }
  }

  /**
   * @dev Transfers `tokenId` from `from` to `to`.
   *  As opposed to {transferFrom}, this imposes no restrictions on msg.sender.
   *
   * Requirements:
   *
   * - `to` cannot be the zero address.
   * - `tokenId` token must be owned by `from`.
   *
   * Emits a {Transfer} event.
   */
  function _transfer(address from, address to, uint256 tokenId) internal {
    if (to == address(0)) {
      revert ERC721InvalidReceiver(address(0));
    }
    address previousOwner = _update(to, tokenId, address(0));
    if (previousOwner == address(0)) {
      revert ERC721NonexistentToken(tokenId);
    } else if (previousOwner != from) {
      revert ERC721IncorrectOwner(from, tokenId, previousOwner);
    }
  }

  /**
   * @dev Safely transfers `tokenId` token from `from` to `to`, checking that contract recipients
   * are aware of the ERC721 standard to prevent tokens from being forever locked.
   *
   * `data` is additional data, it has no specified format and it is sent in call to `to`.
   *
   * This internal function is like {safeTransferFrom} in the sense that it invokes
   * {IERC721Receiver-onERC721Received} on the receiver, and can be used to e.g.
   * implement alternative mechanisms to perform token transfer, such as signature-based.
   *
   * Requirements:
   *
   * - `tokenId` token must exist and be owned by `from`.
   * - `to` cannot be the zero address.
   * - `from` cannot be the zero address.
   * - If `to` refers to a smart contract, it must implement {IERC721Receiver-onERC721Received}, which is called upon a
   * safe transfer.
   *
   * Emits a {Transfer} event.
   */
  function _safeTransfer(address from, address to, uint256 tokenId) internal {
    _safeTransfer(from, to, tokenId, "");
  }

  /**
   * @dev Same as {xref-ERC721-_safeTransfer-address-address-uint256-}[`_safeTransfer`], with an additional `data`
   * parameter which is
   * forwarded in {IERC721Receiver-onERC721Received} to contract recipients.
   */
  function _safeTransfer(address from, address to, uint256 tokenId, bytes memory data) internal virtual {
    _transfer(from, to, tokenId);
    _checkOnERC721Received(from, to, tokenId, data);
  }

  /**
   * @dev Approve `to` to operate on `tokenId`
   *
   * The `auth` argument is optional. If the value passed is non 0, then this function will check that `auth` is
   * either the owner of the token, or approved to operate on all tokens held by this owner.
   *
   * Emits an {Approval} event.
   *
   * Overrides to this logic should be done to the variant with an additional `bool emitEvent` argument.
   */
  function _approve(address to, uint256 tokenId, address auth) internal {
    _approve(to, tokenId, auth, true);
  }

  /**
   * @dev Variant of `_approve` with an optional flag to enable or disable the {Approval} event. The event is not
   * emitted in the context of transfers.
   */
  function _approve(address to, uint256 tokenId, address auth, bool emitEvent) internal virtual {
    // Avoid reading the owner unless necessary
    if (emitEvent || auth != address(0)) {
      address owner = _requireOwned(tokenId);

      // We do not use _isAuthorized because single-token approvals should not be able to call approve
      if (auth != address(0) && owner != auth && !isApprovedForAll(owner, auth)) {
        revert ERC721InvalidApprover(auth);
      }

      if (emitEvent) {
        emit Approval(owner, to, tokenId);
      }
    }

    _tokenApprovals[tokenId] = to;
  }

  /**
   * @dev Approve `operator` to operate on all of `owner` tokens
   *
   * Requirements:
   * - operator can't be the address zero.
   *
   * Emits an {ApprovalForAll} event.
   */
  function _setApprovalForAll(address owner, address operator, bool approved) internal virtual {
    if (operator == address(0)) {
      revert ERC721InvalidOperator(operator);
    }
    _operatorApprovals[owner][operator] = approved;
    emit ApprovalForAll(owner, operator, approved);
  }

  /**
   * @dev Reverts if the `tokenId` doesn't have a current owner (it hasn't been minted, or it has been burned).
   * Returns the owner.
   *
   * Overrides to ownership logic should be done to {_ownerOf}.
   */
  function _requireOwned(uint256 tokenId) internal view returns (address) {
    address owner = _ownerOf(tokenId);
    if (owner == address(0)) {
      revert ERC721NonexistentToken(tokenId);
    }
    return owner;
  }

  /**
   * @dev Private function to invoke {IERC721Receiver-onERC721Received} on a target address. This will revert if the
   * recipient doesn't accept the token transfer. The call is not executed if the target address is not a contract.
   *
   * @param from address representing the previous owner of the given token ID
   * @param to target address that will receive the tokens
   * @param tokenId uint256 ID of the token to be transferred
   * @param data bytes optional data to send along with the call
   */
  function _checkOnERC721Received(address from, address to, uint256 tokenId, bytes memory data) private {
    if (to.code.length > 0) {
      try IERC721Receiver(to).onERC721Received(_msgSender(), from, tokenId, data) returns (bytes4 retval) {
        if (retval != IERC721Receiver.onERC721Received.selector) {
          revert ERC721InvalidReceiver(to);
        }
      } catch (bytes memory reason) {
        if (reason.length == 0) {
          revert ERC721InvalidReceiver(to);
        } else {
          /// @solidity memory-safe-assembly
          assembly {
            revert(add(32, reason), mload(reason))
          }
        }
      }
    }
  }
}

// SPDX-License-Identifier: MIT
pragma solidity >=0.8.19;

import { SD21x18 } from "./ValueType.sol";

/// @notice Thrown when trying to cast an SD21x18 number that doesn't fit in uint128.
error PRBMath_SD21x18_ToUint128_Underflow(SD21x18 x);

/// @notice Thrown when trying to cast an SD21x18 number that doesn't fit in UD60x18.
error PRBMath_SD21x18_ToUD60x18_Underflow(SD21x18 x);

/// @notice Thrown when trying to cast an SD21x18 number that doesn't fit in uint256.
error PRBMath_SD21x18_ToUint256_Underflow(SD21x18 x);

/// @notice Thrown when trying to cast an SD21x18 number that doesn't fit in uint40.
error PRBMath_SD21x18_ToUint40_Overflow(SD21x18 x);

/// @notice Thrown when trying to cast an SD21x18 number that doesn't fit in uint40.
error PRBMath_SD21x18_ToUint40_Underflow(SD21x18 x);

// SPDX-License-Identifier: LZBL-1.2

pragma solidity ^0.8.20;

import { CalldataBytesLib } from "../../libs/CalldataBytesLib.sol";

library ExecutorOptions {
  using CalldataBytesLib for bytes;

  uint8 internal constant WORKER_ID = 1;

  uint8 internal constant OPTION_TYPE_LZRECEIVE = 1;
  uint8 internal constant OPTION_TYPE_NATIVE_DROP = 2;
  uint8 internal constant OPTION_TYPE_LZCOMPOSE = 3;
  uint8 internal constant OPTION_TYPE_ORDERED_EXECUTION = 4;

  error Executor_InvalidLzReceiveOption();
  error Executor_InvalidNativeDropOption();
  error Executor_InvalidLzComposeOption();

  /// @dev decode the next executor option from the options starting from the specified cursor
  /// @param _options [executor_id][executor_option][executor_id][executor_option]...
  ///        executor_option = [option_size][option_type][option]
  ///        option_size = len(option_type) + len(option)
  ///        executor_id: uint8, option_size: uint16, option_type: uint8, option: bytes
  /// @param _cursor the cursor to start decoding from
  /// @return optionType the type of the option
  /// @return option the option of the executor
  /// @return cursor the cursor to start decoding the next executor option
  function nextExecutorOption(bytes calldata _options, uint256 _cursor)
    internal
    pure
    returns (uint8 optionType, bytes calldata option, uint256 cursor)
  {
    unchecked {
      // skip worker id
      cursor = _cursor + 1;

      // read option size
      uint16 size = _options.toU16(cursor);
      cursor += 2;

      // read option type
      optionType = _options.toU8(cursor);

      // startCursor and endCursor are used to slice the option from _options
      uint256 startCursor = cursor + 1; // skip option type
      uint256 endCursor = cursor + size;
      option = _options[startCursor:endCursor];
      cursor += size;
    }
  }

  function decodeLzReceiveOption(bytes calldata _option) internal pure returns (uint128 gas, uint128 value) {
    if (_option.length != 16 && _option.length != 32) revert Executor_InvalidLzReceiveOption();
    gas = _option.toU128(0);
    value = _option.length == 32 ? _option.toU128(16) : 0;
  }

  function decodeNativeDropOption(bytes calldata _option) internal pure returns (uint128 amount, bytes32 receiver) {
    if (_option.length != 48) revert Executor_InvalidNativeDropOption();
    amount = _option.toU128(0);
    receiver = _option.toB32(16);
  }

  function decodeLzComposeOption(bytes calldata _option)
    internal
    pure
    returns (uint16 index, uint128 gas, uint128 value)
  {
    if (_option.length != 18 && _option.length != 34) revert Executor_InvalidLzComposeOption();
    index = _option.toU16(0);
    gas = _option.toU128(2);
    value = _option.length == 34 ? _option.toU128(18) : 0;
  }

  function encodeLzReceiveOption(uint128 _gas, uint128 _value) internal pure returns (bytes memory) {
    return _value == 0 ? abi.encodePacked(_gas) : abi.encodePacked(_gas, _value);
  }

  function encodeNativeDropOption(uint128 _amount, bytes32 _receiver) internal pure returns (bytes memory) {
    return abi.encodePacked(_amount, _receiver);
  }

  function encodeLzComposeOption(uint16 _index, uint128 _gas, uint128 _value) internal pure returns (bytes memory) {
    return _value == 0 ? abi.encodePacked(_index, _gas) : abi.encodePacked(_index, _gas, _value);
  }
}

// SPDX-License-Identifier: MIT
pragma solidity >=0.8.19;

import { wrap } from "./Casting.sol";
import { UD60x18 } from "./ValueType.sol";

/// @notice Implements the checked addition operation (+) in the UD60x18 type.
function add(UD60x18 x, UD60x18 y) pure returns (UD60x18 result) {
  result = wrap(x.unwrap() + y.unwrap());
}

/// @notice Implements the AND (&) bitwise operation in the UD60x18 type.
function and(UD60x18 x, uint256 bits) pure returns (UD60x18 result) {
  result = wrap(x.unwrap() & bits);
}

/// @notice Implements the AND (&) bitwise operation in the UD60x18 type.
function and2(UD60x18 x, UD60x18 y) pure returns (UD60x18 result) {
  result = wrap(x.unwrap() & y.unwrap());
}

/// @notice Implements the equal operation (==) in the UD60x18 type.
function eq(UD60x18 x, UD60x18 y) pure returns (bool result) {
  result = x.unwrap() == y.unwrap();
}

/// @notice Implements the greater than operation (>) in the UD60x18 type.
function gt(UD60x18 x, UD60x18 y) pure returns (bool result) {
  result = x.unwrap() > y.unwrap();
}

/// @notice Implements the greater than or equal to operation (>=) in the UD60x18 type.
function gte(UD60x18 x, UD60x18 y) pure returns (bool result) {
  result = x.unwrap() >= y.unwrap();
}

/// @notice Implements a zero comparison check function in the UD60x18 type.
function isZero(UD60x18 x) pure returns (bool result) {
  // This wouldn't work if x could be negative.
  result = x.unwrap() == 0;
}

/// @notice Implements the left shift operation (<<) in the UD60x18 type.
function lshift(UD60x18 x, uint256 bits) pure returns (UD60x18 result) {
  result = wrap(x.unwrap() << bits);
}

/// @notice Implements the lower than operation (<) in the UD60x18 type.
function lt(UD60x18 x, UD60x18 y) pure returns (bool result) {
  result = x.unwrap() < y.unwrap();
}

/// @notice Implements the lower than or equal to operation (<=) in the UD60x18 type.
function lte(UD60x18 x, UD60x18 y) pure returns (bool result) {
  result = x.unwrap() <= y.unwrap();
}

/// @notice Implements the checked modulo operation (%) in the UD60x18 type.
function mod(UD60x18 x, UD60x18 y) pure returns (UD60x18 result) {
  result = wrap(x.unwrap() % y.unwrap());
}

/// @notice Implements the not equal operation (!=) in the UD60x18 type.
function neq(UD60x18 x, UD60x18 y) pure returns (bool result) {
  result = x.unwrap() != y.unwrap();
}

/// @notice Implements the NOT (~) bitwise operation in the UD60x18 type.
function not(UD60x18 x) pure returns (UD60x18 result) {
  result = wrap(~x.unwrap());
}

/// @notice Implements the OR (|) bitwise operation in the UD60x18 type.
function or(UD60x18 x, UD60x18 y) pure returns (UD60x18 result) {
  result = wrap(x.unwrap() | y.unwrap());
}

/// @notice Implements the right shift operation (>>) in the UD60x18 type.
function rshift(UD60x18 x, uint256 bits) pure returns (UD60x18 result) {
  result = wrap(x.unwrap() >> bits);
}

/// @notice Implements the checked subtraction operation (-) in the UD60x18 type.
function sub(UD60x18 x, UD60x18 y) pure returns (UD60x18 result) {
  result = wrap(x.unwrap() - y.unwrap());
}

/// @notice Implements the unchecked addition operation (+) in the UD60x18 type.
function uncheckedAdd(UD60x18 x, UD60x18 y) pure returns (UD60x18 result) {
  unchecked {
    result = wrap(x.unwrap() + y.unwrap());
  }
}

/// @notice Implements the unchecked subtraction operation (-) in the UD60x18 type.
function uncheckedSub(UD60x18 x, UD60x18 y) pure returns (UD60x18 result) {
  unchecked {
    result = wrap(x.unwrap() - y.unwrap());
  }
}

/// @notice Implements the XOR (^) bitwise operation in the UD60x18 type.
function xor(UD60x18 x, UD60x18 y) pure returns (UD60x18 result) {
  result = wrap(x.unwrap() ^ y.unwrap());
}

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.25;

interface HeroOFTErrors {
  error GasLimitCannotBeZero();
  error SlippageExceeded(uint256 amountLD, uint256 minAmountLD);
  error ConversionOutOfBounds();
}

// SPDX-License-Identifier: MIT

pragma solidity ^0.8.0;

import { IHeroOFTX } from "./IHeroOFTX.sol";
import { HeroOFTXCallbacks } from "./HeroOFTXCallbacks.sol";
import { HeroOFTErrors } from "./HeroOFTErrors.sol";

import { OApp, MessagingFee, MessagingReceipt, Origin } from "@layerzerolabs/lz-evm-oapp-v2/contracts/oapp/OApp.sol";
import { OptionsBuilder } from "@layerzerolabs/lz-evm-oapp-v2/contracts/oapp/libs/OptionsBuilder.sol";

/**
 * @title HeroOFTX
 * @notice Base OFT LZv2 with TickerOperation support
 */
abstract contract HeroOFTX is IHeroOFTX, HeroOFTXCallbacks, OApp, HeroOFTErrors {
  using OptionsBuilder for bytes;

  uint32 public lzGasLimit;
  bytes public defaultLzOption;

  constructor(uint32 _lzGasLimit) {
    _updateLayerZeroGasLimit(_lzGasLimit);
  }

  function send(uint32 _dstEid, address _to, uint256 _amountIn, uint256 _minAmountOut)
    external
    payable
    returns (MessagingReceipt memory msgReceipt)
  {
    bytes memory option = defaultLzOption;
    uint256 amountOrIdReceiving = _debit(_amountIn, _minAmountOut);

    if (amountOrIdReceiving < _minAmountOut) {
      revert SlippageExceeded(amountOrIdReceiving, _minAmountOut);
    }

    bytes memory payload = _generateMessage(_to, amountOrIdReceiving);
    MessagingFee memory fee = _estimateFee(_dstEid, payload, option);

    msgReceipt = _lzSend(_dstEid, payload, option, fee, payable(msg.sender));

    emit OFTSent(msgReceipt.guid, _dstEid, msg.sender, amountOrIdReceiving);

    return msgReceipt;
  }

  function _lzReceive(
    Origin calldata _origin,
    bytes32 _guid,
    bytes calldata _message,
    address, /*_executor*/ // @dev unused in the default implementation.
    bytes calldata /*_extraData*/ // @dev unused in the default implementation.
  ) internal virtual override {
    (address to, uint64 idOrAmount) = abi.decode(_message, (address, uint64));
    uint256 amountReceivedLD = _credit(to, _toLocalDecimals(idOrAmount), false);

    emit OFTReceived(_guid, _origin.srcEid, to, amountReceivedLD);
  }

  /**
   * @notice _toLocalDecimals Scale back to local chain decimals
   * @param _value Value from the message
   * @dev This function must be overridden by ERCs that handle high balances
   * @dev For ERC721, this won't be an issue since there are no collections that reach uint64.max
   * @dev Refer to BaseERC20.sol for more details.
   */
  function _toLocalDecimals(uint64 _value) internal view virtual returns (uint256) {
    return _value;
  }

  function estimateFee(uint32 _dstEid, address _to, uint256 _tokenId) external view returns (uint256) {
    return _estimateFee(_dstEid, _generateMessage(_to, _tokenId), defaultLzOption).nativeFee;
  }

  function _generateMessage(address _to, uint256 _amountOrId) internal view virtual returns (bytes memory) {
    return abi.encode(_to, _toSharedDecimals(_amountOrId));
  }

  function _estimateFee(uint32 _dstEid, bytes memory _message, bytes memory _options)
    internal
    view
    returns (MessagingFee memory fee_)
  {
    return _quote(_dstEid, _message, _options, false);
  }

  /**
   * @notice _toSharedDecimals Scale back to share chain decimals, some chains only support 6 decimals
   * @param _value Amount sending to another chain
   * @dev This function must be overridden by ERCs that handle high balances
   * @dev For ERC721, this won't be an issue since there are no collections that reach uint64.max
   * @dev Refer to BaseERC20.sol for more details.
   */
  function _toSharedDecimals(uint256 _value) internal view virtual returns (uint64) {
    if (_value > type(uint64).max) revert ConversionOutOfBounds();

    return uint64(_value);
  }

  /**
   * @notice updateLayerZeroGasLimit Set a new gas limit for LZ
   * @param _lzGasLimit gas limit of a LZ Message execution
   */
  function updateLayerZeroGasLimit(uint32 _lzGasLimit) external virtual onlyOwner {
    _updateLayerZeroGasLimit(_lzGasLimit);
  }

  function _updateLayerZeroGasLimit(uint32 _lzGasLimit) internal virtual {
    if (_lzGasLimit == 0) revert GasLimitCannotBeZero();

    lzGasLimit = _lzGasLimit;
    defaultLzOption = OptionsBuilder.newOptions().addExecutorLzReceiveOption(lzGasLimit, 0);
  }
}

// SPDX-License-Identifier: MIT

pragma solidity ^0.8.0;

abstract contract HeroOFTXCallbacks {
  function _debit(uint256 _amountOrId, uint256 _minAmount) internal virtual returns (uint256 _amountSendingOrId_);
  function _credit(address _to, uint256 _value, bool _isFrozen) internal virtual returns (uint256 amountReceived_);
}

// SPDX-License-Identifier: GPL-3.0-or-later
pragma solidity >=0.8.19;

/// @title IAdminable
/// @notice Contract module that provides a basic access control mechanism, with an admin that can be
/// granted exclusive access to specific functions. The inheriting contract must set the initial admin
/// in the constructor.
interface IAdminable {
  /*//////////////////////////////////////////////////////////////////////////
                                       EVENTS
    //////////////////////////////////////////////////////////////////////////*/

  /// @notice Emitted when the admin is transferred.
  /// @param oldAdmin The address of the old admin.
  /// @param newAdmin The address of the new admin.
  event TransferAdmin(address indexed oldAdmin, address indexed newAdmin);

  /*//////////////////////////////////////////////////////////////////////////
                                 CONSTANT FUNCTIONS
    //////////////////////////////////////////////////////////////////////////*/

  /// @notice The address of the admin account or contract.
  function admin() external view returns (address);

  /*//////////////////////////////////////////////////////////////////////////
                               NON-CONSTANT FUNCTIONS
    //////////////////////////////////////////////////////////////////////////*/

  /// @notice Transfers the contract admin to a new address.
  ///
  /// @dev Notes:
  /// - Does not revert if the admin is the same.
  /// - This function can potentially leave the contract without an admin, thereby removing any
  /// functionality that is only available to the admin.
  ///
  /// Requirements:
  /// - `msg.sender` must be the contract admin.
  ///
  /// @param newAdmin The address of the new admin.
  function transferAdmin(address newAdmin) external;
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (utils/introspection/IERC165.sol)

pragma solidity ^0.8.20;

/**
 * @dev Interface of the ERC165 standard, as defined in the
 * https://eips.ethereum.org/EIPS/eip-165[EIP].
 *
 * Implementers can declare support of contract interfaces, which can then be
 * queried by others ({ERC165Checker}).
 *
 * For an implementation, see {ERC165}.
 */
interface IERC165 {
  /**
   * @dev Returns true if this contract implements the interface defined by
   * `interfaceId`. See the corresponding
   * https://eips.ethereum.org/EIPS/eip-165#how-interfaces-are-identified[EIP section]
   * to learn more about how these ids are created.
   *
   * This function call must use less than 30 000 gas.
   */
  function supportsInterface(bytes4 interfaceId) external view returns (bool);
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (token/ERC20/IERC20.sol)

pragma solidity ^0.8.20;

/**
 * @dev Interface of the ERC20 standard as defined in the EIP.
 */
interface IERC20 {
  /**
   * @dev Emitted when `value` tokens are moved from one account (`from`) to
   * another (`to`).
   *
   * Note that `value` may be zero.
   */
  event Transfer(address indexed from, address indexed to, uint256 value);

  /**
   * @dev Emitted when the allowance of a `spender` for an `owner` is set by
   * a call to {approve}. `value` is the new allowance.
   */
  event Approval(address indexed owner, address indexed spender, uint256 value);

  /**
   * @dev Returns the value of tokens in existence.
   */
  function totalSupply() external view returns (uint256);

  /**
   * @dev Returns the value of tokens owned by `account`.
   */
  function balanceOf(address account) external view returns (uint256);

  /**
   * @dev Moves a `value` amount of tokens from the caller's account to `to`.
   *
   * Returns a boolean value indicating whether the operation succeeded.
   *
   * Emits a {Transfer} event.
   */
  function transfer(address to, uint256 value) external returns (bool);

  /**
   * @dev Returns the remaining number of tokens that `spender` will be
   * allowed to spend on behalf of `owner` through {transferFrom}. This is
   * zero by default.
   *
   * This value changes when {approve} or {transferFrom} are called.
   */
  function allowance(address owner, address spender) external view returns (uint256);

  /**
   * @dev Sets a `value` amount of tokens as the allowance of `spender` over the
   * caller's tokens.
   *
   * Returns a boolean value indicating whether the operation succeeded.
   *
   * IMPORTANT: Beware that changing an allowance with this method brings the risk
   * that someone may use both the old and the new allowance by unfortunate
   * transaction ordering. One possible solution to mitigate this race
   * condition is to first reduce the spender's allowance to 0 and set the
   * desired value afterwards:
   * https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729
   *
   * Emits an {Approval} event.
   */
  function approve(address spender, uint256 value) external returns (bool);

  /**
   * @dev Moves a `value` amount of tokens from `from` to `to` using the
   * allowance mechanism. `value` is then deducted from the caller's
   * allowance.
   *
   * Returns a boolean value indicating whether the operation succeeded.
   *
   * Emits a {Transfer} event.
   */
  function transferFrom(address from, address to, uint256 value) external returns (bool);
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (token/ERC20/extensions/IERC20Metadata.sol)

pragma solidity ^0.8.20;

import { IERC20 } from "../IERC20.sol";

/**
 * @dev Interface for the optional metadata functions from the ERC20 standard.
 */
interface IERC20Metadata is IERC20 {
  /**
   * @dev Returns the name of the token.
   */
  function name() external view returns (string memory);

  /**
   * @dev Returns the symbol of the token.
   */
  function symbol() external view returns (string memory);

  /**
   * @dev Returns the decimals places of the token.
   */
  function decimals() external view returns (uint8);
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (token/ERC20/extensions/IERC20Permit.sol)

pragma solidity ^0.8.20;

/**
 * @dev Interface of the ERC20 Permit extension allowing approvals to be made via signatures, as defined in
 * https://eips.ethereum.org/EIPS/eip-2612[EIP-2612].
 *
 * Adds the {permit} method, which can be used to change an account's ERC20 allowance (see {IERC20-allowance}) by
 * presenting a message signed by the account. By not relying on {IERC20-approve}, the token holder account doesn't
 * need to send a transaction, and thus is not required to hold Ether at all.
 *
 * ==== Security Considerations
 *
 * There are two important considerations concerning the use of `permit`. The first is that a valid permit signature
 * expresses an allowance, and it should not be assumed to convey additional meaning. In particular, it should not be
 * considered as an intention to spend the allowance in any specific way. The second is that because permits have
 * built-in replay protection and can be submitted by anyone, they can be frontrun. A protocol that uses permits should
 * take this into consideration and allow a `permit` call to fail. Combining these two aspects, a pattern that may be
 * generally recommended is:
 *
 * ```solidity
 * function doThingWithPermit(..., uint256 value, uint256 deadline, uint8 v, bytes32 r, bytes32 s) public {
 *     try token.permit(msg.sender, address(this), value, deadline, v, r, s) {} catch {}
 *     doThing(..., value);
 * }
 *
 * function doThing(..., uint256 value) public {
 *     token.safeTransferFrom(msg.sender, address(this), value);
 *     ...
 * }
 * ```
 *
 * Observe that: 1) `msg.sender` is used as the owner, leaving no ambiguity as to the signer intent, and 2) the use of
 * `try/catch` allows the permit to fail and makes the code tolerant to frontrunning. (See also
 * {SafeERC20-safeTransferFrom}).
 *
 * Additionally, note that smart contract wallets (such as Argent or Safe) are not able to produce permit signatures, so
 * contracts should have entry points that don't rely on permit.
 */
interface IERC20Permit {
  /**
   * @dev Sets `value` as the allowance of `spender` over ``owner``'s tokens,
   * given ``owner``'s signed approval.
   *
   * IMPORTANT: The same issues {IERC20-approve} has related to transaction
   * ordering also apply here.
   *
   * Emits an {Approval} event.
   *
   * Requirements:
   *
   * - `spender` cannot be the zero address.
   * - `deadline` must be a timestamp in the future.
   * - `v`, `r` and `s` must be a valid `secp256k1` signature from `owner`
   * over the EIP712-formatted function arguments.
   * - the signature must use ``owner``'s current nonce (see {nonces}).
   *
   * For more information on the signature format, see the
   * https://eips.ethereum.org/EIPS/eip-2612#specification[relevant EIP
   * section].
   *
   * CAUTION: See Security Considerations above.
   */
  function permit(address owner, address spender, uint256 value, uint256 deadline, uint8 v, bytes32 r, bytes32 s)
    external;

  /**
   * @dev Returns the current nonce for `owner`. This value must be
   * included whenever a signature is generated for {permit}.
   *
   * Every successful call to {permit} increases ``owner``'s nonce by one. This
   * prevents a signature from being used multiple times.
   */
  function nonces(address owner) external view returns (uint256);

  /**
   * @dev Returns the domain separator used in the encoding of the signature for {permit}, as defined by {EIP712}.
   */
  // solhint-disable-next-line func-name-mixedcase
  function DOMAIN_SEPARATOR() external view returns (bytes32);
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (token/ERC721/IERC721.sol)

pragma solidity ^0.8.20;

import { IERC165 } from "../../utils/introspection/IERC165.sol";

/**
 * @dev Required interface of an ERC721 compliant contract.
 */
interface IERC721 is IERC165 {
  /**
   * @dev Emitted when `tokenId` token is transferred from `from` to `to`.
   */
  event Transfer(address indexed from, address indexed to, uint256 indexed tokenId);

  /**
   * @dev Emitted when `owner` enables `approved` to manage the `tokenId` token.
   */
  event Approval(address indexed owner, address indexed approved, uint256 indexed tokenId);

  /**
   * @dev Emitted when `owner` enables or disables (`approved`) `operator` to manage all of its assets.
   */
  event ApprovalForAll(address indexed owner, address indexed operator, bool approved);

  /**
   * @dev Returns the number of tokens in ``owner``'s account.
   */
  function balanceOf(address owner) external view returns (uint256 balance);

  /**
   * @dev Returns the owner of the `tokenId` token.
   *
   * Requirements:
   *
   * - `tokenId` must exist.
   */
  function ownerOf(uint256 tokenId) external view returns (address owner);

  /**
   * @dev Safely transfers `tokenId` token from `from` to `to`.
   *
   * Requirements:
   *
   * - `from` cannot be the zero address.
   * - `to` cannot be the zero address.
   * - `tokenId` token must exist and be owned by `from`.
   * - If the caller is not `from`, it must be approved to move this token by either {approve} or {setApprovalForAll}.
   * - If `to` refers to a smart contract, it must implement {IERC721Receiver-onERC721Received}, which is called upon
   *   a safe transfer.
   *
   * Emits a {Transfer} event.
   */
  function safeTransferFrom(address from, address to, uint256 tokenId, bytes calldata data) external;

  /**
   * @dev Safely transfers `tokenId` token from `from` to `to`, checking first that contract recipients
   * are aware of the ERC721 protocol to prevent tokens from being forever locked.
   *
   * Requirements:
   *
   * - `from` cannot be the zero address.
   * - `to` cannot be the zero address.
   * - `tokenId` token must exist and be owned by `from`.
   * - If the caller is not `from`, it must have been allowed to move this token by either {approve} or
   *   {setApprovalForAll}.
   * - If `to` refers to a smart contract, it must implement {IERC721Receiver-onERC721Received}, which is called upon
   *   a safe transfer.
   *
   * Emits a {Transfer} event.
   */
  function safeTransferFrom(address from, address to, uint256 tokenId) external;

  /**
   * @dev Transfers `tokenId` token from `from` to `to`.
   *
   * WARNING: Note that the caller is responsible to confirm that the recipient is capable of receiving ERC721
   * or else they may be permanently lost. Usage of {safeTransferFrom} prevents loss, though the caller must
   * understand this adds an external call which potentially creates a reentrancy vulnerability.
   *
   * Requirements:
   *
   * - `from` cannot be the zero address.
   * - `to` cannot be the zero address.
   * - `tokenId` token must be owned by `from`.
   * - If the caller is not `from`, it must be approved to move this token by either {approve} or {setApprovalForAll}.
   *
   * Emits a {Transfer} event.
   */
  function transferFrom(address from, address to, uint256 tokenId) external;

  /**
   * @dev Gives permission to `to` to transfer `tokenId` token to another account.
   * The approval is cleared when the token is transferred.
   *
   * Only a single account can be approved at a time, so approving the zero address clears previous approvals.
   *
   * Requirements:
   *
   * - The caller must own the token or be an approved operator.
   * - `tokenId` must exist.
   *
   * Emits an {Approval} event.
   */
  function approve(address to, uint256 tokenId) external;

  /**
   * @dev Approve or remove `operator` as an operator for the caller.
   * Operators can call {transferFrom} or {safeTransferFrom} for any token owned by the caller.
   *
   * Requirements:
   *
   * - The `operator` cannot be the address zero.
   *
   * Emits an {ApprovalForAll} event.
   */
  function setApprovalForAll(address operator, bool approved) external;

  /**
   * @dev Returns the account approved for `tokenId` token.
   *
   * Requirements:
   *
   * - `tokenId` must exist.
   */
  function getApproved(uint256 tokenId) external view returns (address operator);

  /**
   * @dev Returns if the `operator` is allowed to manage all of the assets of `owner`.
   *
   * See {setApprovalForAll}
   */
  function isApprovedForAll(address owner, address operator) external view returns (bool);
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (token/ERC721/extensions/IERC721Metadata.sol)

pragma solidity ^0.8.20;

import { IERC721 } from "../IERC721.sol";

/**
 * @title ERC-721 Non-Fungible Token Standard, optional metadata extension
 * @dev See https://eips.ethereum.org/EIPS/eip-721
 */
interface IERC721Metadata is IERC721 {
  /**
   * @dev Returns the token collection name.
   */
  function name() external view returns (string memory);

  /**
   * @dev Returns the token collection symbol.
   */
  function symbol() external view returns (string memory);

  /**
   * @dev Returns the Uniform Resource Identifier (URI) for `tokenId` token.
   */
  function tokenURI(uint256 tokenId) external view returns (string memory);
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (token/ERC721/IERC721Receiver.sol)

pragma solidity ^0.8.20;

/**
 * @title ERC721 token receiver interface
 * @dev Interface for any contract that wants to support safeTransfers
 * from ERC721 asset contracts.
 */
interface IERC721Receiver {
  /**
   * @dev Whenever an {IERC721} `tokenId` token is transferred to this contract via {IERC721-safeTransferFrom}
   * by `operator` from `from`, this function is called.
   *
   * It must return its Solidity selector to confirm the token transfer.
   * If any other value is returned or the interface is not implemented by the recipient, the transfer will be
   * reverted.
   *
   * The selector can be obtained in Solidity with `IERC721Receiver.onERC721Received.selector`.
   */
  function onERC721Received(address operator, address from, uint256 tokenId, bytes calldata data)
    external
    returns (bytes4);
}

// SPDX-License-Identifier: MIT
pragma solidity >= 0.8.0;

interface IHeroOFTX {
  event OFTSent(bytes32 indexed guid, uint32 indexed destinationEndpointId, address indexed to, uint256 amountOrId);
  event OFTReceived(bytes32 indexed guid, uint32 indexed sourceEndpointId, address indexed to, uint256 amountOrId);

  /**
   * @notice Estimate Cross-chain fee
   * @param _dstEid Destination LZ Endpoint ID
   * @param _to Receiver of the asset
   * @param _tokenIdOrAmount NFT ID or Amount of the Token sending
   */
  function estimateFee(uint32 _dstEid, address _to, uint256 _tokenIdOrAmount) external view returns (uint256);
}

// SPDX-License-Identifier: MIT
pragma solidity >=0.8.0;

import { LockupLinear } from "@sablier/v2-core/src/types/DataTypes.sol";

interface IIcedrop {
  error NotSupported();
  error Misconfiguration();
  error IcedropAlreadyStarted();
  error AlreadyCalledIcedrop();
  error NotKeyOwner();
  error IcedropNotStarted();
  error NotEnoughToGamble();
  error RemoveMsgValueIfNotGambling();
  error NotRandomizerAI();
  error GamblingAlreadyExecuted();
  error InsufficientFeeCost();
  error MaxRetryReached();
  error GamblingDealAccepted();
  error GamblingNotExecuted();
  error NotEnoughTokenInContract();
  error KeyIsNotSoldOut();
  error FailedToSendETH();

  event GamblingRequestSent(bytes32 indexed keyHash, uint256 indexed randomizerRequestId);
  event GamblingRequestReceived(uint256 indexed randomizerRequestId, bytes32 value);
  event IcedropStarted(address indexed genesisKey, address indexed output, uint256 allowedAmount);
  event IcedropCalled(address indexed user, address indexed genesisKey, uint256 indexed keyId, bytes32 keyHash);
  event StreamStarted(address indexed caller, bytes32 indexed keyHash, uint256 indexed streamId);
  event GamblingCostUpdated(uint256 cost);
  event TreasuryUpdated(address treasury);
  event SupportedTokenUpdated(address indexed genesisKey, SupportedTokenData supportedTokenData);

  struct SupportedTokenData {
    address genesisKey;
    address output;
    uint128 maxOutputToken;
    bool started;
  }

  struct GamblingData {
    LockupLinear.CreateWithDurations streamParams;
    bytes32 keyHash;
    uint256 seed;
    address caller;
    bool executed;
    bool retried;
    bool accepted;
  }

  struct StreamingData {
    uint256 streamId;
    uint128 amount;
    uint32 start;
    uint32 end;
  }

  /**
   * @notice Start the Icedrop of a genesis key
   * @param _key Genesis Key
   * @dev Genesis Key needs to be fully sold out
   */
  function initializeIcedrop(address _key) external;

  /**
   * @notice Start your Vesting of your Icedrop
   * @param _key Genesis Key
   * @param _id  Genesis NFT Key ID
   * @param _gambling use gambling option, in which the linear duration will be randomized betwee 1 to MAX_DURATION
   * @dev `_gambling` is not free and requires to paid the RandomizerAI fee & `gamblingCost`
   */
  function startVesting(address _key, uint256 _id, bool _gambling) external payable;

  /**
   * @notice Accept the gambling result
   * @param _keyHash keccak256(abi.encode(GenesisKey, NFT Id))
   */
  function acceptGamblingResult(bytes32 _keyHash) external;

  /**
   * @notice Retry the gambling one more time at the same cost
   * @param _keyHash keccak256(abi.encode(GenesisKey, NFT Id))
   * @dev can only retry once
   */
  function retryGambling(bytes32 _keyHash) external payable;

  /**
   * @notice Get gambling request data
   * @param _randomizerIdRequest ID of the request on RandomizerAI
   */
  function getGamblingRequest(uint256 _randomizerIdRequest) external view returns (GamblingData memory);

  /**
   * @notice Get Gambling Month result
   * @param _keyHash keccak256(abi.encode(GenesisKey, NFT Id))
   * @dev Revert if the gambling request is missing or not done
   */
  function getGamblingWeekResult(bytes32 _keyHash) external view returns (uint256);

  /**
   * @notice get supported token metadata
   * @param _genesisKey Genesis Key Address
   */
  function getGenesisKeySupport(address _genesisKey) external view returns (SupportedTokenData memory);

  /**
   * @notice Get streaming data
   * @param _keyHash keccak256(abi.encode(GenesisKey, NFT Id))
   */
  function getKeyStreamingData(bytes32 _keyHash) external view returns (StreamingData memory);
}

// SPDX-License-Identifier: MIT

pragma solidity >=0.8.0;

import { IMessageLibManager } from "./IMessageLibManager.sol";
import { IMessagingComposer } from "./IMessagingComposer.sol";
import { IMessagingChannel } from "./IMessagingChannel.sol";
import { IMessagingContext } from "./IMessagingContext.sol";

struct MessagingParams {
  uint32 dstEid;
  bytes32 receiver;
  bytes message;
  bytes options;
  bool payInLzToken;
}

struct MessagingReceipt {
  bytes32 guid;
  uint64 nonce;
  MessagingFee fee;
}

struct MessagingFee {
  uint256 nativeFee;
  uint256 lzTokenFee;
}

struct Origin {
  uint32 srcEid;
  bytes32 sender;
  uint64 nonce;
}

interface ILayerZeroEndpointV2 is IMessageLibManager, IMessagingComposer, IMessagingChannel, IMessagingContext {
  event PacketSent(bytes encodedPayload, bytes options, address sendLibrary);

  event PacketVerified(Origin origin, address receiver, bytes32 payloadHash);

  event PacketDelivered(Origin origin, address receiver);

  event LzReceiveAlert(
    address indexed receiver,
    address indexed executor,
    Origin origin,
    bytes32 guid,
    uint256 gas,
    uint256 value,
    bytes message,
    bytes extraData,
    bytes reason
  );

  event LzTokenSet(address token);

  event DelegateSet(address sender, address delegate);

  function quote(MessagingParams calldata _params, address _sender) external view returns (MessagingFee memory);

  function send(MessagingParams calldata _params, address _refundAddress)
    external
    payable
    returns (MessagingReceipt memory);

  function verify(Origin calldata _origin, address _receiver, bytes32 _payloadHash) external;

  function verifiable(Origin calldata _origin, address _receiver) external view returns (bool);

  function initializable(Origin calldata _origin, address _receiver) external view returns (bool);

  function lzReceive(
    Origin calldata _origin,
    address _receiver,
    bytes32 _guid,
    bytes calldata _message,
    bytes calldata _extraData
  ) external payable;

  // oapp can burn messages partially by calling this function with its own business logic if messages are verified in
  // order
  function clear(address _oapp, Origin calldata _origin, bytes32 _guid, bytes calldata _message) external;

  function setLzToken(address _lzToken) external;

  function lzToken() external view returns (address);

  function nativeToken() external view returns (address);

  function setDelegate(address _delegate) external;
}

// SPDX-License-Identifier: MIT

pragma solidity >=0.8.0;

import { Origin } from "./ILayerZeroEndpointV2.sol";

interface ILayerZeroReceiver {
  function allowInitializePath(Origin calldata _origin) external view returns (bool);

  function nextNonce(uint32 _eid, bytes32 _sender) external view returns (uint64);

  function lzReceive(
    Origin calldata _origin,
    bytes32 _guid,
    bytes calldata _message,
    address _executor,
    bytes calldata _extraData
  ) external payable;
}

// SPDX-License-Identifier: MIT

pragma solidity >=0.8.0;

struct SetConfigParam {
  uint32 eid;
  uint32 configType;
  bytes config;
}

interface IMessageLibManager {
  struct Timeout {
    address lib;
    uint256 expiry;
  }

  event LibraryRegistered(address newLib);
  event DefaultSendLibrarySet(uint32 eid, address newLib);
  event DefaultReceiveLibrarySet(uint32 eid, address newLib);
  event DefaultReceiveLibraryTimeoutSet(uint32 eid, address oldLib, uint256 expiry);
  event SendLibrarySet(address sender, uint32 eid, address newLib);
  event ReceiveLibrarySet(address receiver, uint32 eid, address newLib);
  event ReceiveLibraryTimeoutSet(address receiver, uint32 eid, address oldLib, uint256 timeout);

  function registerLibrary(address _lib) external;

  function isRegisteredLibrary(address _lib) external view returns (bool);

  function getRegisteredLibraries() external view returns (address[] memory);

  function setDefaultSendLibrary(uint32 _eid, address _newLib) external;

  function defaultSendLibrary(uint32 _eid) external view returns (address);

  function setDefaultReceiveLibrary(uint32 _eid, address _newLib, uint256 _timeout) external;

  function defaultReceiveLibrary(uint32 _eid) external view returns (address);

  function setDefaultReceiveLibraryTimeout(uint32 _eid, address _lib, uint256 _expiry) external;

  function defaultReceiveLibraryTimeout(uint32 _eid) external view returns (address lib, uint256 expiry);

  function isSupportedEid(uint32 _eid) external view returns (bool);

  function isValidReceiveLibrary(address _receiver, uint32 _eid, address _lib) external view returns (bool);

  /// ------------------- OApp interfaces -------------------
  function setSendLibrary(address _oapp, uint32 _eid, address _newLib) external;

  function getSendLibrary(address _sender, uint32 _eid) external view returns (address lib);

  function isDefaultSendLibrary(address _sender, uint32 _eid) external view returns (bool);

  function setReceiveLibrary(address _oapp, uint32 _eid, address _newLib, uint256 _gracePeriod) external;

  function getReceiveLibrary(address _receiver, uint32 _eid) external view returns (address lib, bool isDefault);

  function setReceiveLibraryTimeout(address _oapp, uint32 _eid, address _lib, uint256 _gracePeriod) external;

  function receiveLibraryTimeout(address _receiver, uint32 _eid) external view returns (address lib, uint256 expiry);

  function setConfig(address _oapp, address _lib, SetConfigParam[] calldata _params) external;

  function getConfig(address _oapp, address _lib, uint32 _eid, uint32 _configType)
    external
    view
    returns (bytes memory config);
}