// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.1.0) (utils/Address.sol)

pragma solidity ^0.8.20;

import {Errors} from "./Errors.sol";

/**
 * @dev Collection of functions related to the address type
 */
library Address {
  /**
   * @dev There's no code at `target` (it is not a contract).
   */
  error AddressEmptyCode(address target);

  /**
   * @dev Replacement for Solidity's `transfer`: sends `amount` wei to
   * `recipient`, forwarding all available gas and reverting on errors.
   *
   * https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost
   * of certain opcodes, possibly making contracts go over the 2300 gas limit
   * imposed by `transfer`, making them unable to receive funds via
   * `transfer`. {sendValue} removes this limitation.
   *
   * https://consensys.net/diligence/blog/2019/09/stop-using-soliditys-transfer-now/[Learn more].
   *
   * IMPORTANT: because control is transferred to `recipient`, care must be
   * taken to not create reentrancy vulnerabilities. Consider using
   * {ReentrancyGuard} or the
   * https://solidity.readthedocs.io/en/v0.8.20/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions
   * pattern].
   */
  function sendValue(address payable recipient, uint256 amount) internal {
    if (address(this).balance < amount) {
      revert Errors.InsufficientBalance(address(this).balance, amount);
    }

    (bool success,) = recipient.call{value: amount}("");
    if (!success) {
      revert Errors.FailedCall();
    }
  }

  /**
   * @dev Performs a Solidity function call using a low level `call`. A
   * plain `call` is an unsafe replacement for a function call: use this
   * function instead.
   *
   * If `target` reverts with a revert reason or custom error, it is bubbled
   * up by this function (like regular Solidity function calls). However, if
   * the call reverted with no returned reason, this function reverts with a
   * {Errors.FailedCall} error.
   *
   * Returns the raw returned data. To convert to the expected return value,
   * use
   * https://solidity.readthedocs.io/en/latest/units-and-global-variables.html?highlight=abi.decode#abi-encoding-and-decoding-functions[`abi.decode`].
   *
   * Requirements:
   *
   * - `target` must be a contract.
   * - calling `target` with `data` must not revert.
   */
  function functionCall(address target, bytes memory data) internal returns (bytes memory) {
    return functionCallWithValue(target, data, 0);
  }

  /**
   * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
   * but also transferring `value` wei to `target`.
   *
   * Requirements:
   *
   * - the calling contract must have an ETH balance of at least `value`.
   * - the called Solidity function must be `payable`.
   */
  function functionCallWithValue(
    address target,
    bytes memory data,
    uint256 value
  ) internal returns (bytes memory) {
    if (address(this).balance < value) {
      revert Errors.InsufficientBalance(address(this).balance, value);
    }
    (bool success, bytes memory returndata) = target.call{value: value}(data);
    return verifyCallResultFromTarget(target, success, returndata);
  }

  /**
   * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
   * but performing a static call.
   */
  function functionStaticCall(
    address target,
    bytes memory data
  ) internal view returns (bytes memory) {
    (bool success, bytes memory returndata) = target.staticcall(data);
    return verifyCallResultFromTarget(target, success, returndata);
  }

  /**
   * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
   * but performing a delegate call.
   */
  function functionDelegateCall(address target, bytes memory data) internal returns (bytes memory) {
    (bool success, bytes memory returndata) = target.delegatecall(data);
    return verifyCallResultFromTarget(target, success, returndata);
  }

  /**
   * @dev Tool to verify that a low level call to smart-contract was successful, and reverts if the
   * target
   * was not a contract or bubbling up the revert reason (falling back to {Errors.FailedCall}) in
   * case
   * of an unsuccessful call.
   */
  function verifyCallResultFromTarget(
    address target,
    bool success,
    bytes memory returndata
  ) internal view returns (bytes memory) {
    if (!success) {
      _revert(returndata);
    } else {
      // only check if target is a contract if the call was successful and the return data is empty
      // otherwise we already know that it was a contract
      if (returndata.length == 0 && target.code.length == 0) {
        revert AddressEmptyCode(target);
      }
      return returndata;
    }
  }

  /**
   * @dev Tool to verify that a low level call was successful, and reverts if it wasn't, either by
   * bubbling the
   * revert reason or with a default {Errors.FailedCall} error.
   */
  function verifyCallResult(
    bool success,
    bytes memory returndata
  ) internal pure returns (bytes memory) {
    if (!success) {
      _revert(returndata);
    } else {
      return returndata;
    }
  }

  /**
   * @dev Reverts with returndata if present. Otherwise reverts with {Errors.FailedCall}.
   */
  function _revert(
    bytes memory returndata
  ) private pure {
    // Look for revert reason and bubble it up if present
    if (returndata.length > 0) {
      // The easiest way to bubble the revert reason is using memory via assembly
      assembly ("memory-safe") {
        let returndata_size := mload(returndata)
        revert(add(32, returndata), returndata_size)
      }
    } else {
      revert Errors.FailedCall();
    }
  }
}

// SPDX-License-Identifier: MIT
pragma solidity 0.8.26;

import {IBUILDClaimSeason0} from "./interfaces/IBUILDClaimSeason0.sol";
import {ITypeAndVersion} from "chainlink/contracts/src/v0.8/shared/interfaces/ITypeAndVersion.sol";

import {SafeERC20} from "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol";
import {IERC20} from "@openzeppelin/contracts/token/ERC20/IERC20.sol";
import {Pausable} from "@openzeppelin/contracts/utils/Pausable.sol";
import {MerkleProof} from "@openzeppelin/contracts/utils/cryptography/MerkleProof.sol";

contract BUILDClaimSeason0 is IBUILDClaimSeason0, ITypeAndVersion, Pausable {
  using SafeERC20 for IERC20;

  /// @inheritdoc ITypeAndVersion
  string public constant typeAndVersion = "BUILDClaimSeason0 1.0.0";

  /// @notice The ID for the project admin role
  /// @dev Hash: 0x52eafc11f6f81f86878bffd31109a0d92f37506527754f00788853ff9f63b130
  bytes32 public constant PROJECT_ADMIN_ROLE = keccak256("PROJECT_ADMIN_ROLE");

  /// @notice The ID for the project approver role
  /// @dev Hash: 0x2994bd4882683bca108c813a4379f82de215a9fa2c66048fbe6e80d8137bba5f
  bytes32 public constant PROJECT_APPROVER_ROLE = keccak256("PROJECT_APPROVER_ROLE");

  /// @notice The amount of tokens claimed by each user
  mapping(address user => uint256 claimed) private s_claimedAmounts;

  /// @notice The accepted season 0 config for the project
  ProjectSeasonConfig private s_config;

  /// @notice The proposed season 0 config for the project
  ProjectSeasonConfig private s_proposedConfig;

  /// @notice The mapping from roles (PROJECT_ADMIN_ROLE, PROJECT_APPROVER_ROLE) to their respective
  /// owners
  mapping(bytes32 role => address holder) private s_roleHolder;

  /// @notice The mapping from roles (PROJECT_ADMIN_ROLE, PROJECT_APPROVER_ROLE) to their respective
  /// pending owners
  /// @dev pending owners can accept the role transfer and become the new owner
  mapping(bytes32 role => address pendingHolder) private s_pendingRoleHolder;

  /// @notice The project token
  IERC20 private immutable i_token;

  // ================================================================
  // |                       Initialization                         |
  // ================================================================

  /// @notice constructor
  /// @param token The project token
  /// @param approver The project approver
  /// @param config The initial config for the project's season 0
  constructor(address token, address approver, ProjectSeasonConfig memory config) {
    if (token == address(0) || approver == address(0)) {
      revert InvalidZeroAddress();
    }

    _validateConfig(config);

    i_token = IERC20(token);
    s_roleHolder[PROJECT_ADMIN_ROLE] = msg.sender;
    s_pendingRoleHolder[PROJECT_APPROVER_ROLE] = approver;
    s_proposedConfig = config;

    emit RoleTransferred(PROJECT_ADMIN_ROLE, address(0), msg.sender);
    emit RoleTransferProposed(PROJECT_APPROVER_ROLE, address(0), approver);
    emit ProjectSeasonConfigProposed(config);
  }

  /// @notice Project admin can propose new configs
  /// @dev Overwrites if there's already a proposed config
  /// @param config The proposed config
  function proposeConfig(
    ProjectSeasonConfig calldata config
  ) external onlyRole(PROJECT_ADMIN_ROLE) {
    _validateConfig(config);

    s_proposedConfig = config;

    emit ProjectSeasonConfigProposed(config);
  }

  /// @notice Project approvers can approve the proposed configs and put them into effect
  /// @dev Reverts if the proposed config is not the expected config (i.e. the hashes don't match)
  /// @dev Reverts if no token has been deposited yet
  /// @param configDigest The hash of the config to be accepted
  function acceptConfig(
    bytes32 configDigest
  ) external onlyRole(PROJECT_APPROVER_ROLE) {
    if (configDigest == bytes32(0)) {
      revert InvalidConfigDigest();
    }

    if (i_token.balanceOf(address(this)) == 0) {
      revert ZeroTokenDeposited();
    }

    ProjectSeasonConfig memory proposedConfig = s_proposedConfig;
    bytes32 proposedConfigDigest = keccak256(abi.encode(proposedConfig));
    if (proposedConfigDigest != configDigest) {
      revert ConfigDigestMismatch(proposedConfigDigest, configDigest);
    }

    // make sure we're not accepting empty values
    _validateConfig(proposedConfig);

    s_config = proposedConfig;
    delete s_proposedConfig;

    emit ProjectSeasonConfigUpdated(
      address(i_token),
      0, // season 0
      proposedConfig
    );
  }

  /// @inheritdoc IBUILDClaimSeason0
  function getToken() external view returns (IERC20) {
    return i_token;
  }

  /// @notice Returns the proposed config, including the withdrawal recipient, claim end date, and
  /// the merkle root.
  /// @return The proposed config
  function getProposedConfig() external view returns (ProjectSeasonConfig memory) {
    return s_proposedConfig;
  }

  /// @notice Returns the accepted config, including the withdrawal recipient, claim end date, and
  /// the merkle root.
  /// @return The accepted config
  function getConfig() external view returns (ProjectSeasonConfig memory) {
    return s_config;
  }

  /// @notice Util function for validating the proposed config
  /// @dev Reverts if one of the fields in the config is invalid
  /// @dev claimEndsAt < curr timestamp is the mechanism for ending the claim period
  /// @param config The proposed config
  function _validateConfig(
    ProjectSeasonConfig memory config
  ) private pure {
    if (config.merkleRoot == bytes32(0)) {
      revert InvalidMerkleRoot();
    }
    if (config.withdrawalRecipient == address(0)) {
      revert InvalidZeroAddress();
    }
  }

  // ================================================================
  // |                        Token Deposits                        |
  // ================================================================

  /// @inheritdoc IBUILDClaimSeason0
  /// @dev can be done when claim period active or not.
  function deposit(
    uint256 amount
  ) external onlyRole(PROJECT_ADMIN_ROLE) {
    if (amount == 0) {
      revert InvalidTokenAmount();
    }

    i_token.safeTransferFrom(msg.sender, address(this), amount);

    emit Deposited(address(i_token), msg.sender, amount);
  }

  // ================================================================
  // |                       Token Withdrawals                      |
  // ================================================================

  /// @inheritdoc IBUILDClaimSeason0
  function withdraw() external onlyRole(PROJECT_ADMIN_ROLE) {
    if (s_config.withdrawalRecipient == address(0)) {
      revert UnsetConfig();
    }
    if (isClaimActive()) {
      revert CannotWithdrawWhileClaimIsActive();
    }

    uint256 amount = i_token.balanceOf(address(this));
    if (amount == 0) {
      revert ZeroTokenBalance();
    }
    address recipient = s_config.withdrawalRecipient;

    i_token.safeTransfer(recipient, amount);

    emit Withdrawn(address(i_token), recipient, amount);
  }

  // ================================================================
  // |                         Token Claims                         |
  // ================================================================

  /// @inheritdoc IBUILDClaimSeason0
  function claim(address user, ClaimParams[] calldata params) external whenNotPaused {
    if (!isClaimActive()) {
      revert EnforcedClaimPeriodActive();
    }
    if (params.length > 1) {
      revert InvalidClaimParamsLength();
    }

    _claim(user, params[0]); // will only have one season: s0
  }

  /// @inheritdoc IBUILDClaimSeason0
  function getClaimedAmounts(
    UserSeasonId[] calldata usersAndSeasonIds
  ) external view returns (uint256[] memory) {
    uint256[] memory amounts = new uint256[](usersAndSeasonIds.length);
    for (uint256 i; i < usersAndSeasonIds.length; ++i) {
      amounts[i] = s_claimedAmounts[usersAndSeasonIds[i].user];
    }
    return amounts;
  }

  /// @inheritdoc IBUILDClaimSeason0
  function isClaimActive() public view returns (bool) {
    return block.timestamp < s_config.claimEndsAt;
  }

  /// @notice Util function that claims tokens for a user for multiple seasons
  /// @param user The user address
  /// @param params A claim params including the season ID (ignored as there's only season 0),
  /// proof, and the token amount
  function _claim(address user, ClaimParams calldata params) private {
    uint256 claimableAmount = params.maxTokenAmount;

    _validateMerkleProof(user, claimableAmount, params.salt, params.proof);

    if (s_claimedAmounts[user] > 0) {
      revert UserAlreadyClaimed();
    }
    if (claimableAmount == 0) {
      revert InvalidTokenAmount();
    }

    s_claimedAmounts[user] = claimableAmount;

    i_token.safeTransfer(user, claimableAmount);

    emit Claimed(user, /* season 0 */ 0, claimableAmount, claimableAmount);
  }

  /// @notice Validates if the user is eligible to claim the amount of tokens.
  /// A merkle tree's leaf consists of a user address and their token amount.
  /// @param user The user's address
  /// @param tokenAmount The user's total claimable token amount
  /// @param salt A randomly generated salt to prevent brute-force guessing of merkle proofs
  /// @param proof The merkle proof of the user's address and max token amount
  function _validateMerkleProof(
    address user,
    uint256 tokenAmount,
    uint256 salt,
    bytes32[] memory proof
  ) private view {
    // verify the merkle proof
    if (
      !MerkleProof.verify(
        proof,
        s_config.merkleRoot,
        keccak256(bytes.concat(keccak256(abi.encode(user, tokenAmount, salt))))
      )
    ) {
      revert InvalidMerkleProof();
    }
  }

  // ================================================================
  // |                       Pause / Unpause                        |
  // ================================================================
  /// @notice This function pauses the contract
  /// @dev Sets the pause flag to true
  function emergencyPause() external onlyRole(PROJECT_APPROVER_ROLE) {
    _pause();
  }

  /// @notice This function unpauses the contract
  /// @dev Sets the pause flag to false
  function emergencyUnpause() external onlyRole(PROJECT_APPROVER_ROLE) {
    _unpause();
  }

  // ================================================================
  // |                         Role Management                      |
  // ================================================================

  /// @notice Proposes a role transfer to a new holder
  /// @param role The role to transfer
  /// @param newHolder The new holder of the role
  function proposeRoleTransfer(bytes32 role, address newHolder) external onlyRole(role) {
    _validateRole(role);
    if (newHolder == address(0)) {
      revert InvalidZeroAddress();
    }

    address currentRoleHolder = s_roleHolder[role];
    address pendingRoleHolder = s_pendingRoleHolder[role];
    if (pendingRoleHolder == newHolder || currentRoleHolder == newHolder) {
      return;
    }

    s_pendingRoleHolder[role] = newHolder;

    emit RoleTransferProposed(role, currentRoleHolder, newHolder);
  }

  /// @notice Accepts a role transfer to a new holder
  /// @dev The role transfer must be proposed first by the current role holder
  /// @param role The role to accept
  function acceptRoleTransfer(
    bytes32 role
  ) external {
    _validateRole(role);
    address pendingRoleHolder = s_pendingRoleHolder[role];
    if (msg.sender != pendingRoleHolder) {
      revert UnauthorizedAccount(msg.sender, role);
    }

    address currentRoleHolder = s_roleHolder[role];

    // proposeRoleTransfer checks if pending and proposed role holder are the same, or if the
    // pending role holder is already the role holder
    s_roleHolder[role] = pendingRoleHolder;
    delete s_pendingRoleHolder[role];

    emit RoleTransferred(role, currentRoleHolder, pendingRoleHolder);
  }

  /// @notice Returns the current holder address of the given role
  /// @return The address that's holding the role
  function getRoleHolder(
    bytes32 role
  ) external view returns (address) {
    return s_roleHolder[role];
  }

  /// @notice Returns the pending holder address of the given role
  /// @return The address that has a pending transfer for the role
  function getPendingRoleHolder(
    bytes32 role
  ) external view returns (address) {
    return s_pendingRoleHolder[role];
  }

  /// @notice Util function for validating the role
  /// @param role The role to validate
  /// @dev Valid roles: PROJECT_ADMIN_ROLE, PROJECT_APPROVER_ROLE
  function _validateRole(
    bytes32 role
  ) private pure {
    if (role != PROJECT_ADMIN_ROLE && role != PROJECT_APPROVER_ROLE) {
      revert InvalidRole(role);
    }
  }

  /// @notice Modifier that checks if msg.sender is the role holder
  /// @param role The role that the msg.sender should have
  modifier onlyRole(
    bytes32 role
  ) {
    if (msg.sender != s_roleHolder[role]) {
      revert UnauthorizedAccount(msg.sender, role);
    }
    _;
  }
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.1) (utils/Context.sol)

pragma solidity ^0.8.20;

/**
 * @dev Provides information about the current execution context, including the
 * sender of the transaction and its data. While these are generally available
 * via msg.sender and msg.data, they should not be accessed in such a direct
 * manner, since when dealing with meta-transactions the account sending and
 * paying for execution may not be the actual sender (as far as an application
 * is concerned).
 *
 * This contract is only required for intermediate, library-like contracts.
 */
abstract contract Context {
  function _msgSender() internal view virtual returns (address) {
    return msg.sender;
  }

  function _msgData() internal view virtual returns (bytes calldata) {
    return msg.data;
  }

  function _contextSuffixLength() internal view virtual returns (uint256) {
    return 0;
  }
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.1.0) (utils/Errors.sol)

pragma solidity ^0.8.20;

/**
 * @dev Collection of common custom errors used in multiple contracts
 *
 * IMPORTANT: Backwards compatibility is not guaranteed in future versions of the library.
 * It is recommended to avoid relying on the error API for critical functionality.
 *
 * _Available since v5.1._
 */
library Errors {
  /**
   * @dev The ETH balance of the account is not enough to perform the operation.
   */
  error InsufficientBalance(uint256 balance, uint256 needed);

  /**
   * @dev A call to an address target failed. The target may have reverted.
   */
  error FailedCall();

  /**
   * @dev The deployment failed.
   */
  error FailedDeployment();

  /**
   * @dev A necessary precompile is missing.
   */
  error MissingPrecompile(address);
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.1.0) (utils/cryptography/Hashes.sol)

pragma solidity ^0.8.20;

/**
 * @dev Library of standard hash functions.
 *
 * _Available since v5.1._
 */
library Hashes {
  /**
   * @dev Commutative Keccak256 hash of a sorted pair of bytes32. Frequently used when working with
   * merkle proofs.
   *
   * NOTE: Equivalent to the `standardNodeHash` in our
   * https://github.com/OpenZeppelin/merkle-tree[JavaScript library].
   */
  function commutativeKeccak256(bytes32 a, bytes32 b) internal pure returns (bytes32) {
    return a < b ? _efficientKeccak256(a, b) : _efficientKeccak256(b, a);
  }

  /**
   * @dev Implementation of keccak256(abi.encode(a, b)) that doesn't allocate or expand memory.
   */
  function _efficientKeccak256(bytes32 a, bytes32 b) private pure returns (bytes32 value) {
    assembly ("memory-safe") {
      mstore(0x00, a)
      mstore(0x20, b)
      value := keccak256(0x00, 0x40)
    }
  }
}

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;

import {IERC20} from "@openzeppelin/contracts/token/ERC20/IERC20.sol";

interface IBUILDClaimSeason0 {
  /// @notice this event is emitted when a token deposit is made
  /// @param token The token address
  /// @param sender The depositor address
  /// @param amount The deposit amount
  event Deposited(address indexed token, address indexed sender, uint256 amount);

  /// @notice this event is emitted when a token withdrawal is made
  /// @param token The token address
  /// @param recipient The withdrawal address
  /// @param amount The withdrawal amount
  event Withdrawn(address indexed token, address indexed recipient, uint256 amount);

  /// @notice this event is emitted when a claim is made
  /// @param user The user address
  /// @param seasonId The season id
  /// @param amount The claim amount
  /// @param userClaimedInSeason The cumulative amount claimed by the user in the season
  event Claimed(
    address indexed user, uint256 seasonId, uint256 amount, uint256 userClaimedInSeason
  );

  /// @notice this event is emitted when a project's season config is changed
  /// @param token The project's token address
  /// @param seasonId The season id (= 0)
  /// @param config the updated config
  event ProjectSeasonConfigUpdated(
    address indexed token, uint256 indexed seasonId, ProjectSeasonConfig config
  );

  /// @notice this event is emitted when a project's season config is proposed
  /// @param config the proposed config
  event ProjectSeasonConfigProposed(ProjectSeasonConfig config);

  event RoleTransferProposed(
    bytes32 indexed role, address currentRoleOwner, address proposedRoleOwner
  );

  event RoleTransferred(bytes32 indexed role, address previousRoleOwner, address newRoleOwner);

  /// @notice this error is thrown when an empty merkle root is provided
  error InvalidMerkleRoot();

  /// @notice this error is thrown when an invalid merkle proof is provided
  error InvalidMerkleProof();

  /// @notice this error is thrown when a zero token amount is provided for deposit or claim.
  error InvalidTokenAmount();

  /// @notice This error is thrown whenever a zero-address is supplied when
  /// a non-zero address is required
  error InvalidZeroAddress();

  /// @notice this error is thrown when a zero token balance in withdraw.
  error ZeroTokenBalance();

  /// @notice This error is thrown when empty bytes are given as an expected config digest.
  error InvalidConfigDigest();

  /// @notice this error is thrown when a zero address is provided as the user address or the user
  /// address doesn't match the msg.sender (when using claim), or the tx.origin (when using
  /// multicall3Claim)
  /// @param user The user address
  error InvalidUser(address user);

  /// @notice this error is thrown when an invalid role is provided
  error InvalidRole(bytes32 role);

  /// @notice this error is thrown when a withdrawal attempt is made while the project season
  /// configuration is not set.
  error UnsetConfig();

  /// @notice this error is thrown when an unauthorized address tries to call a function
  /// @param account The unauthorized address
  /// @param role The role that the address is missing
  error UnauthorizedAccount(address account, bytes32 role);

  /// @notice This error is thrown when the hashes of the proposed and expected config don't match.
  error ConfigDigestMismatch(bytes32 proposedConfigDigest, bytes32 expectedConfigDigest);

  /// @notice This error is thrown when the claim period is still active
  error EnforcedClaimPeriodActive();

  /// @notice This error is thrown when the claim period ended
  error CannotWithdrawWhileClaimIsActive();

  /// @notice This error is thrown when the user has already claimed their tokens.
  error UserAlreadyClaimed();

  /// @notice This error is thrown when the project approver tries to accept proposed configs but
  /// the project admin hasn't deposited any tokens
  error ZeroTokenDeposited();

  /// @notice This error is thrown when more than one claim params is given.
  error InvalidClaimParamsLength();

  /// @notice This struct defines the configs for the project's season 0
  struct ProjectSeasonConfig {
    bytes32 merkleRoot; // The root for the allowlist merkle tree
    uint96 claimEndsAt; // ──────────╮ The unix timestamp for the claim period end date in seconds
    address withdrawalRecipient; // ─╯ The initial recipient address for leftover token withdrawal
  }

  /// @notice This struct defines the parameters for claiming tokens
  struct ClaimParams {
    /// @notice The season id, must be 0.
    uint256 seasonId;
    /// @notice The merkle proof for the user's token amount for season 0
    bytes32[] proof;
    /// @notice A randomly generated salt to prevent brute-force guessing of merkle proofs
    uint256 salt;
    /// @notice The total token amount user can get for season 0
    uint256 maxTokenAmount;
  }

  /// @notice This struct defines the user and season id for the claimed amounts query
  struct UserSeasonId {
    /// @notice The user address
    address user;
    /// @notice The season id (ignored)
    uint256 seasonId;
  }

  /// @notice Project admins can deposit tokens for the program.
  /// @param amount The deposit amount
  function deposit(
    uint256 amount
  ) external;

  /// @notice Project admins can execute the scheduled token withdrawal
  function withdraw() external;

  /// @notice Calculates the unlocked tokens for a particular user and transfers the tokens to the
  /// user.
  /// The user must provide a valid merkle proof and total token amount they will get after unlock
  /// finishes.
  /// This function is to be used by EOAs when they claim from a single BUILDClaimSeason0 contract,
  /// as well
  /// as by multisig wallets when they claim from a single BUILDClaimSeason0 contract
  /// @param user The address of the user claiming the tokens. This should match the msg.sender.
  /// @param params Claim params including the season IDs, proofs, and max token amounts
  function claim(address user, ClaimParams[] calldata params) external;

  /// @notice Returns the project token
  /// @return the token address
  function getToken() external view returns (IERC20);

  /// @notice Returns the amounts of tokens that have been claimed by the users for season 0
  /// @param usersAndSeasonIds The user addresses and season ids (ignored)
  /// @return uint256[] The amounts of claimed tokens
  function getClaimedAmounts(
    UserSeasonId[] calldata usersAndSeasonIds
  ) external view returns (uint256[] memory);

  /// @notice returns whether the claim period is active or not.
  /// @return bool whether the claim period is active.
  function isClaimActive() external view returns (bool);
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.1.0) (interfaces/IERC1363.sol)

pragma solidity ^0.8.20;

import {IERC20} from "./IERC20.sol";
import {IERC165} from "./IERC165.sol";

/**
 * @title IERC1363
 * @dev Interface of the ERC-1363 standard as defined in the
 * https://eips.ethereum.org/EIPS/eip-1363[ERC-1363].
 *
 * Defines an extension interface for ERC-20 tokens that supports executing code on a recipient
 * contract
 * after `transfer` or `transferFrom`, or code on a spender contract after `approve`, in a single
 * transaction.
 */
interface IERC1363 is IERC20, IERC165 {
  /*
     * Note: the ERC-165 identifier for this interface is 0xb0202a11.
     * 0xb0202a11 ===
     *   bytes4(keccak256('transferAndCall(address,uint256)')) ^
     *   bytes4(keccak256('transferAndCall(address,uint256,bytes)')) ^
     *   bytes4(keccak256('transferFromAndCall(address,address,uint256)')) ^
     *   bytes4(keccak256('transferFromAndCall(address,address,uint256,bytes)')) ^
     *   bytes4(keccak256('approveAndCall(address,uint256)')) ^
     *   bytes4(keccak256('approveAndCall(address,uint256,bytes)'))
     */

  /**
   * @dev Moves a `value` amount of tokens from the caller's account to `to`
   * and then calls {IERC1363Receiver-onTransferReceived} on `to`.
   * @param to The address which you want to transfer to.
   * @param value The amount of tokens to be transferred.
   * @return A boolean value indicating whether the operation succeeded unless throwing.
   */
  function transferAndCall(address to, uint256 value) external returns (bool);

  /**
   * @dev Moves a `value` amount of tokens from the caller's account to `to`
   * and then calls {IERC1363Receiver-onTransferReceived} on `to`.
   * @param to The address which you want to transfer to.
   * @param value The amount of tokens to be transferred.
   * @param data Additional data with no specified format, sent in call to `to`.
   * @return A boolean value indicating whether the operation succeeded unless throwing.
   */
  function transferAndCall(address to, uint256 value, bytes calldata data) external returns (bool);

  /**
   * @dev Moves a `value` amount of tokens from `from` to `to` using the allowance mechanism
   * and then calls {IERC1363Receiver-onTransferReceived} on `to`.
   * @param from The address which you want to send tokens from.
   * @param to The address which you want to transfer to.
   * @param value The amount of tokens to be transferred.
   * @return A boolean value indicating whether the operation succeeded unless throwing.
   */
  function transferFromAndCall(address from, address to, uint256 value) external returns (bool);

  /**
   * @dev Moves a `value` amount of tokens from `from` to `to` using the allowance mechanism
   * and then calls {IERC1363Receiver-onTransferReceived} on `to`.
   * @param from The address which you want to send tokens from.
   * @param to The address which you want to transfer to.
   * @param value The amount of tokens to be transferred.
   * @param data Additional data with no specified format, sent in call to `to`.
   * @return A boolean value indicating whether the operation succeeded unless throwing.
   */
  function transferFromAndCall(
    address from,
    address to,
    uint256 value,
    bytes calldata data
  ) external returns (bool);

  /**
   * @dev Sets a `value` amount of tokens as the allowance of `spender` over the
   * caller's tokens and then calls {IERC1363Spender-onApprovalReceived} on `spender`.
   * @param spender The address which will spend the funds.
   * @param value The amount of tokens to be spent.
   * @return A boolean value indicating whether the operation succeeded unless throwing.
   */
  function approveAndCall(address spender, uint256 value) external returns (bool);

  /**
   * @dev Sets a `value` amount of tokens as the allowance of `spender` over the
   * caller's tokens and then calls {IERC1363Spender-onApprovalReceived} on `spender`.
   * @param spender The address which will spend the funds.
   * @param value The amount of tokens to be spent.
   * @param data Additional data with no specified format, sent in call to `spender`.
   * @return A boolean value indicating whether the operation succeeded unless throwing.
   */
  function approveAndCall(
    address spender,
    uint256 value,
    bytes calldata data
  ) external returns (bool);
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (interfaces/IERC165.sol)

pragma solidity ^0.8.20;

import {IERC165} from "../utils/introspection/IERC165.sol";

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.1.0) (token/ERC20/IERC20.sol)

pragma solidity ^0.8.20;

/**
 * @dev Interface of the ERC-20 standard as defined in the ERC.
 */
interface IERC20 {
  /**
   * @dev Emitted when `value` tokens are moved from one account (`from`) to
   * another (`to`).
   *
   * Note that `value` may be zero.
   */
  event Transfer(address indexed from, address indexed to, uint256 value);

  /**
   * @dev Emitted when the allowance of a `spender` for an `owner` is set by
   * a call to {approve}. `value` is the new allowance.
   */
  event Approval(address indexed owner, address indexed spender, uint256 value);

  /**
   * @dev Returns the value of tokens in existence.
   */
  function totalSupply() external view returns (uint256);

  /**
   * @dev Returns the value of tokens owned by `account`.
   */
  function balanceOf(
    address account
  ) external view returns (uint256);

  /**
   * @dev Moves a `value` amount of tokens from the caller's account to `to`.
   *
   * Returns a boolean value indicating whether the operation succeeded.
   *
   * Emits a {Transfer} event.
   */
  function transfer(address to, uint256 value) external returns (bool);

  /**
   * @dev Returns the remaining number of tokens that `spender` will be
   * allowed to spend on behalf of `owner` through {transferFrom}. This is
   * zero by default.
   *
   * This value changes when {approve} or {transferFrom} are called.
   */
  function allowance(address owner, address spender) external view returns (uint256);

  /**
   * @dev Sets a `value` amount of tokens as the allowance of `spender` over the
   * caller's tokens.
   *
   * Returns a boolean value indicating whether the operation succeeded.
   *
   * IMPORTANT: Beware that changing an allowance with this method brings the risk
   * that someone may use both the old and the new allowance by unfortunate
   * transaction ordering. One possible solution to mitigate this race
   * condition is to first reduce the spender's allowance to 0 and set the
   * desired value afterwards:
   * https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729
   *
   * Emits an {Approval} event.
   */
  function approve(address spender, uint256 value) external returns (bool);

  /**
   * @dev Moves a `value` amount of tokens from `from` to `to` using the
   * allowance mechanism. `value` is then deducted from the caller's
   * allowance.
   *
   * Returns a boolean value indicating whether the operation succeeded.
   *
   * Emits a {Transfer} event.
   */
  function transferFrom(address from, address to, uint256 value) external returns (bool);
}

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;

interface ITypeAndVersion {
  function typeAndVersion() external pure returns (string memory);
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.1.0) (utils/cryptography/MerkleProof.sol)
// This file was procedurally generated from scripts/generate/templates/MerkleProof.js.

pragma solidity ^0.8.20;

import {Hashes} from "./Hashes.sol";

/**
 * @dev These functions deal with verification of Merkle Tree proofs.
 *
 * The tree and the proofs can be generated using our
 * https://github.com/OpenZeppelin/merkle-tree[JavaScript library].
 * You will find a quickstart guide in the readme.
 *
 * WARNING: You should avoid using leaf values that are 64 bytes long prior to
 * hashing, or use a hash function other than keccak256 for hashing leaves.
 * This is because the concatenation of a sorted pair of internal nodes in
 * the Merkle tree could be reinterpreted as a leaf value.
 * OpenZeppelin's JavaScript library generates Merkle trees that are safe
 * against this attack out of the box.
 *
 * IMPORTANT: Consider memory side-effects when using custom hashing functions
 * that access memory in an unsafe way.
 *
 * NOTE: This library supports proof verification for merkle trees built using
 * custom _commutative_ hashing functions (i.e. `H(a, b) == H(b, a)`). Proving
 * leaf inclusion in trees built using non-commutative hashing functions requires
 * additional logic that is not supported by this library.
 */
library MerkleProof {
  /**
   * @dev The multiproof provided is not valid.
   */
  error MerkleProofInvalidMultiproof();

  /**
   * @dev Returns true if a `leaf` can be proved to be a part of a Merkle tree
   * defined by `root`. For this, a `proof` must be provided, containing
   * sibling hashes on the branch from the leaf to the root of the tree. Each
   * pair of leaves and each pair of pre-images are assumed to be sorted.
   *
   * This version handles proofs in memory with the default hashing function.
   */
  function verify(bytes32[] memory proof, bytes32 root, bytes32 leaf) internal pure returns (bool) {
    return processProof(proof, leaf) == root;
  }

  /**
   * @dev Returns the rebuilt hash obtained by traversing a Merkle tree up
   * from `leaf` using `proof`. A `proof` is valid if and only if the rebuilt
   * hash matches the root of the tree. When processing the proof, the pairs
   * of leaves & pre-images are assumed to be sorted.
   *
   * This version handles proofs in memory with the default hashing function.
   */
  function processProof(bytes32[] memory proof, bytes32 leaf) internal pure returns (bytes32) {
    bytes32 computedHash = leaf;
    for (uint256 i = 0; i < proof.length; i++) {
      computedHash = Hashes.commutativeKeccak256(computedHash, proof[i]);
    }
    return computedHash;
  }

  /**
   * @dev Returns true if a `leaf` can be proved to be a part of a Merkle tree
   * defined by `root`. For this, a `proof` must be provided, containing
   * sibling hashes on the branch from the leaf to the root of the tree. Each
   * pair of leaves and each pair of pre-images are assumed to be sorted.
   *
   * This version handles proofs in memory with a custom hashing function.
   */
  function verify(
    bytes32[] memory proof,
    bytes32 root,
    bytes32 leaf,
    function(bytes32, bytes32) view returns (bytes32) hasher
  ) internal view returns (bool) {
    return processProof(proof, leaf, hasher) == root;
  }

  /**
   * @dev Returns the rebuilt hash obtained by traversing a Merkle tree up
   * from `leaf` using `proof`. A `proof` is valid if and only if the rebuilt
   * hash matches the root of the tree. When processing the proof, the pairs
   * of leaves & pre-images are assumed to be sorted.
   *
   * This version handles proofs in memory with a custom hashing function.
   */
  function processProof(
    bytes32[] memory proof,
    bytes32 leaf,
    function(bytes32, bytes32) view returns (bytes32) hasher
  ) internal view returns (bytes32) {
    bytes32 computedHash = leaf;
    for (uint256 i = 0; i < proof.length; i++) {
      computedHash = hasher(computedHash, proof[i]);
    }
    return computedHash;
  }

  /**
   * @dev Returns true if a `leaf` can be proved to be a part of a Merkle tree
   * defined by `root`. For this, a `proof` must be provided, containing
   * sibling hashes on the branch from the leaf to the root of the tree. Each
   * pair of leaves and each pair of pre-images are assumed to be sorted.
   *
   * This version handles proofs in calldata with the default hashing function.
   */
  function verifyCalldata(
    bytes32[] calldata proof,
    bytes32 root,
    bytes32 leaf
  ) internal pure returns (bool) {
    return processProofCalldata(proof, leaf) == root;
  }

  /**
   * @dev Returns the rebuilt hash obtained by traversing a Merkle tree up
   * from `leaf` using `proof`. A `proof` is valid if and only if the rebuilt
   * hash matches the root of the tree. When processing the proof, the pairs
   * of leaves & pre-images are assumed to be sorted.
   *
   * This version handles proofs in calldata with the default hashing function.
   */
  function processProofCalldata(
    bytes32[] calldata proof,
    bytes32 leaf
  ) internal pure returns (bytes32) {
    bytes32 computedHash = leaf;
    for (uint256 i = 0; i < proof.length; i++) {
      computedHash = Hashes.commutativeKeccak256(computedHash, proof[i]);
    }
    return computedHash;
  }

  /**
   * @dev Returns true if a `leaf` can be proved to be a part of a Merkle tree
   * defined by `root`. For this, a `proof` must be provided, containing
   * sibling hashes on the branch from the leaf to the root of the tree. Each
   * pair of leaves and each pair of pre-images are assumed to be sorted.
   *
   * This version handles proofs in calldata with a custom hashing function.
   */
  function verifyCalldata(
    bytes32[] calldata proof,
    bytes32 root,
    bytes32 leaf,
    function(bytes32, bytes32) view returns (bytes32) hasher
  ) internal view returns (bool) {
    return processProofCalldata(proof, leaf, hasher) == root;
  }

  /**
   * @dev Returns the rebuilt hash obtained by traversing a Merkle tree up
   * from `leaf` using `proof`. A `proof` is valid if and only if the rebuilt
   * hash matches the root of the tree. When processing the proof, the pairs
   * of leaves & pre-images are assumed to be sorted.
   *
   * This version handles proofs in calldata with a custom hashing function.
   */
  function processProofCalldata(
    bytes32[] calldata proof,
    bytes32 leaf,
    function(bytes32, bytes32) view returns (bytes32) hasher
  ) internal view returns (bytes32) {
    bytes32 computedHash = leaf;
    for (uint256 i = 0; i < proof.length; i++) {
      computedHash = hasher(computedHash, proof[i]);
    }
    return computedHash;
  }

  /**
   * @dev Returns true if the `leaves` can be simultaneously proven to be a part of a Merkle tree
   * defined by
   * `root`, according to `proof` and `proofFlags` as described in {processMultiProof}.
   *
   * This version handles multiproofs in memory with the default hashing function.
   *
   * CAUTION: Not all Merkle trees admit multiproofs. See {processMultiProof} for details.
   *
   * NOTE: Consider the case where `root == proof[0] && leaves.length == 0` as it will return
   * `true`.
   * The `leaves` must be validated independently. See {processMultiProof}.
   */
  function multiProofVerify(
    bytes32[] memory proof,
    bool[] memory proofFlags,
    bytes32 root,
    bytes32[] memory leaves
  ) internal pure returns (bool) {
    return processMultiProof(proof, proofFlags, leaves) == root;
  }

  /**
   * @dev Returns the root of a tree reconstructed from `leaves` and sibling nodes in `proof`. The
   * reconstruction
   * proceeds by incrementally reconstructing all inner nodes by combining a leaf/inner node with
   * either another
   * leaf/inner node or a proof sibling node, depending on whether each `proofFlags` item is true or
   * false
   * respectively.
   *
   * This version handles multiproofs in memory with the default hashing function.
   *
   * CAUTION: Not all Merkle trees admit multiproofs. To use multiproofs, it is sufficient to ensure
   * that: 1) the tree
   * is complete (but not necessarily perfect), 2) the leaves to be proven are in the opposite order
   * they are in the
   * tree (i.e., as seen from right to left starting at the deepest layer and continuing at the next
   * layer).
   *
   * NOTE: The _empty set_ (i.e. the case where `proof.length == 1 && leaves.length == 0`) is
   * considered a no-op,
   * and therefore a valid multiproof (i.e. it returns `proof[0]`). Consider disallowing this case
   * if you're not
   * validating the leaves elsewhere.
   */
  function processMultiProof(
    bytes32[] memory proof,
    bool[] memory proofFlags,
    bytes32[] memory leaves
  ) internal pure returns (bytes32 merkleRoot) {
    // This function rebuilds the root hash by traversing the tree up from the leaves. The root is
    // rebuilt by
    // consuming and producing values on a queue. The queue starts with the `leaves` array, then
    // goes onto the
    // `hashes` array. At the end of the process, the last hash in the `hashes` array should contain
    // the root of
    // the Merkle tree.
    uint256 leavesLen = leaves.length;
    uint256 proofFlagsLen = proofFlags.length;

    // Check proof validity.
    if (leavesLen + proof.length != proofFlagsLen + 1) {
      revert MerkleProofInvalidMultiproof();
    }

    // The xxxPos values are "pointers" to the next value to consume in each array. All accesses are
    // done using
    // `xxx[xxxPos++]`, which return the current value and increment the pointer, thus mimicking a
    // queue's "pop".
    bytes32[] memory hashes = new bytes32[](proofFlagsLen);
    uint256 leafPos = 0;
    uint256 hashPos = 0;
    uint256 proofPos = 0;
    // At each step, we compute the next hash using two values:
    // - a value from the "main queue". If not all leaves have been consumed, we get the next leaf,
    // otherwise we
    //   get the next hash.
    // - depending on the flag, either another value from the "main queue" (merging branches) or an
    // element from the
    //   `proof` array.
    for (uint256 i = 0; i < proofFlagsLen; i++) {
      bytes32 a = leafPos < leavesLen ? leaves[leafPos++] : hashes[hashPos++];
      bytes32 b = proofFlags[i]
        ? (leafPos < leavesLen ? leaves[leafPos++] : hashes[hashPos++])
        : proof[proofPos++];
      hashes[i] = Hashes.commutativeKeccak256(a, b);
    }

    if (proofFlagsLen > 0) {
      if (proofPos != proof.length) {
        revert MerkleProofInvalidMultiproof();
      }
      unchecked {
        return hashes[proofFlagsLen - 1];
      }
    } else if (leavesLen > 0) {
      return leaves[0];
    } else {
      return proof[0];
    }
  }

  /**
   * @dev Returns true if the `leaves` can be simultaneously proven to be a part of a Merkle tree
   * defined by
   * `root`, according to `proof` and `proofFlags` as described in {processMultiProof}.
   *
   * This version handles multiproofs in memory with a custom hashing function.
   *
   * CAUTION: Not all Merkle trees admit multiproofs. See {processMultiProof} for details.
   *
   * NOTE: Consider the case where `root == proof[0] && leaves.length == 0` as it will return
   * `true`.
   * The `leaves` must be validated independently. See {processMultiProof}.
   */
  function multiProofVerify(
    bytes32[] memory proof,
    bool[] memory proofFlags,
    bytes32 root,
    bytes32[] memory leaves,
    function(bytes32, bytes32) view returns (bytes32) hasher
  ) internal view returns (bool) {
    return processMultiProof(proof, proofFlags, leaves, hasher) == root;
  }

  /**
   * @dev Returns the root of a tree reconstructed from `leaves` and sibling nodes in `proof`. The
   * reconstruction
   * proceeds by incrementally reconstructing all inner nodes by combining a leaf/inner node with
   * either another
   * leaf/inner node or a proof sibling node, depending on whether each `proofFlags` item is true or
   * false
   * respectively.
   *
   * This version handles multiproofs in memory with a custom hashing function.
   *
   * CAUTION: Not all Merkle trees admit multiproofs. To use multiproofs, it is sufficient to ensure
   * that: 1) the tree
   * is complete (but not necessarily perfect), 2) the leaves to be proven are in the opposite order
   * they are in the
   * tree (i.e., as seen from right to left starting at the deepest layer and continuing at the next
   * layer).
   *
   * NOTE: The _empty set_ (i.e. the case where `proof.length == 1 && leaves.length == 0`) is
   * considered a no-op,
   * and therefore a valid multiproof (i.e. it returns `proof[0]`). Consider disallowing this case
   * if you're not
   * validating the leaves elsewhere.
   */
  function processMultiProof(
    bytes32[] memory proof,
    bool[] memory proofFlags,
    bytes32[] memory leaves,
    function(bytes32, bytes32) view returns (bytes32) hasher
  ) internal view returns (bytes32 merkleRoot) {
    // This function rebuilds the root hash by traversing the tree up from the leaves. The root is
    // rebuilt by
    // consuming and producing values on a queue. The queue starts with the `leaves` array, then
    // goes onto the
    // `hashes` array. At the end of the process, the last hash in the `hashes` array should contain
    // the root of
    // the Merkle tree.
    uint256 leavesLen = leaves.length;
    uint256 proofFlagsLen = proofFlags.length;

    // Check proof validity.
    if (leavesLen + proof.length != proofFlagsLen + 1) {
      revert MerkleProofInvalidMultiproof();
    }

    // The xxxPos values are "pointers" to the next value to consume in each array. All accesses are
    // done using
    // `xxx[xxxPos++]`, which return the current value and increment the pointer, thus mimicking a
    // queue's "pop".
    bytes32[] memory hashes = new bytes32[](proofFlagsLen);
    uint256 leafPos = 0;
    uint256 hashPos = 0;
    uint256 proofPos = 0;
    // At each step, we compute the next hash using two values:
    // - a value from the "main queue". If not all leaves have been consumed, we get the next leaf,
    // otherwise we
    //   get the next hash.
    // - depending on the flag, either another value from the "main queue" (merging branches) or an
    // element from the
    //   `proof` array.
    for (uint256 i = 0; i < proofFlagsLen; i++) {
      bytes32 a = leafPos < leavesLen ? leaves[leafPos++] : hashes[hashPos++];
      bytes32 b = proofFlags[i]
        ? (leafPos < leavesLen ? leaves[leafPos++] : hashes[hashPos++])
        : proof[proofPos++];
      hashes[i] = hasher(a, b);
    }

    if (proofFlagsLen > 0) {
      if (proofPos != proof.length) {
        revert MerkleProofInvalidMultiproof();
      }
      unchecked {
        return hashes[proofFlagsLen - 1];
      }
    } else if (leavesLen > 0) {
      return leaves[0];
    } else {
      return proof[0];
    }
  }

  /**
   * @dev Returns true if the `leaves` can be simultaneously proven to be a part of a Merkle tree
   * defined by
   * `root`, according to `proof` and `proofFlags` as described in {processMultiProof}.
   *
   * This version handles multiproofs in calldata with the default hashing function.
   *
   * CAUTION: Not all Merkle trees admit multiproofs. See {processMultiProof} for details.
   *
   * NOTE: Consider the case where `root == proof[0] && leaves.length == 0` as it will return
   * `true`.
   * The `leaves` must be validated independently. See {processMultiProofCalldata}.
   */
  function multiProofVerifyCalldata(
    bytes32[] calldata proof,
    bool[] calldata proofFlags,
    bytes32 root,
    bytes32[] memory leaves
  ) internal pure returns (bool) {
    return processMultiProofCalldata(proof, proofFlags, leaves) == root;
  }

  /**
   * @dev Returns the root of a tree reconstructed from `leaves` and sibling nodes in `proof`. The
   * reconstruction
   * proceeds by incrementally reconstructing all inner nodes by combining a leaf/inner node with
   * either another
   * leaf/inner node or a proof sibling node, depending on whether each `proofFlags` item is true or
   * false
   * respectively.
   *
   * This version handles multiproofs in calldata with the default hashing function.
   *
   * CAUTION: Not all Merkle trees admit multiproofs. To use multiproofs, it is sufficient to ensure
   * that: 1) the tree
   * is complete (but not necessarily perfect), 2) the leaves to be proven are in the opposite order
   * they are in the
   * tree (i.e., as seen from right to left starting at the deepest layer and continuing at the next
   * layer).
   *
   * NOTE: The _empty set_ (i.e. the case where `proof.length == 1 && leaves.length == 0`) is
   * considered a no-op,
   * and therefore a valid multiproof (i.e. it returns `proof[0]`). Consider disallowing this case
   * if you're not
   * validating the leaves elsewhere.
   */
  function processMultiProofCalldata(
    bytes32[] calldata proof,
    bool[] calldata proofFlags,
    bytes32[] memory leaves
  ) internal pure returns (bytes32 merkleRoot) {
    // This function rebuilds the root hash by traversing the tree up from the leaves. The root is
    // rebuilt by
    // consuming and producing values on a queue. The queue starts with the `leaves` array, then
    // goes onto the
    // `hashes` array. At the end of the process, the last hash in the `hashes` array should contain
    // the root of
    // the Merkle tree.
    uint256 leavesLen = leaves.length;
    uint256 proofFlagsLen = proofFlags.length;

    // Check proof validity.
    if (leavesLen + proof.length != proofFlagsLen + 1) {
      revert MerkleProofInvalidMultiproof();
    }

    // The xxxPos values are "pointers" to the next value to consume in each array. All accesses are
    // done using
    // `xxx[xxxPos++]`, which return the current value and increment the pointer, thus mimicking a
    // queue's "pop".
    bytes32[] memory hashes = new bytes32[](proofFlagsLen);
    uint256 leafPos = 0;
    uint256 hashPos = 0;
    uint256 proofPos = 0;
    // At each step, we compute the next hash using two values:
    // - a value from the "main queue". If not all leaves have been consumed, we get the next leaf,
    // otherwise we
    //   get the next hash.
    // - depending on the flag, either another value from the "main queue" (merging branches) or an
    // element from the
    //   `proof` array.
    for (uint256 i = 0; i < proofFlagsLen; i++) {
      bytes32 a = leafPos < leavesLen ? leaves[leafPos++] : hashes[hashPos++];
      bytes32 b = proofFlags[i]
        ? (leafPos < leavesLen ? leaves[leafPos++] : hashes[hashPos++])
        : proof[proofPos++];
      hashes[i] = Hashes.commutativeKeccak256(a, b);
    }

    if (proofFlagsLen > 0) {
      if (proofPos != proof.length) {
        revert MerkleProofInvalidMultiproof();
      }
      unchecked {
        return hashes[proofFlagsLen - 1];
      }
    } else if (leavesLen > 0) {
      return leaves[0];
    } else {
      return proof[0];
    }
  }

  /**
   * @dev Returns true if the `leaves` can be simultaneously proven to be a part of a Merkle tree
   * defined by
   * `root`, according to `proof` and `proofFlags` as described in {processMultiProof}.
   *
   * This version handles multiproofs in calldata with a custom hashing function.
   *
   * CAUTION: Not all Merkle trees admit multiproofs. See {processMultiProof} for details.
   *
   * NOTE: Consider the case where `root == proof[0] && leaves.length == 0` as it will return
   * `true`.
   * The `leaves` must be validated independently. See {processMultiProofCalldata}.
   */
  function multiProofVerifyCalldata(
    bytes32[] calldata proof,
    bool[] calldata proofFlags,
    bytes32 root,
    bytes32[] memory leaves,
    function(bytes32, bytes32) view returns (bytes32) hasher
  ) internal view returns (bool) {
    return processMultiProofCalldata(proof, proofFlags, leaves, hasher) == root;
  }

  /**
   * @dev Returns the root of a tree reconstructed from `leaves` and sibling nodes in `proof`. The
   * reconstruction
   * proceeds by incrementally reconstructing all inner nodes by combining a leaf/inner node with
   * either another
   * leaf/inner node or a proof sibling node, depending on whether each `proofFlags` item is true or
   * false
   * respectively.
   *
   * This version handles multiproofs in calldata with a custom hashing function.
   *
   * CAUTION: Not all Merkle trees admit multiproofs. To use multiproofs, it is sufficient to ensure
   * that: 1) the tree
   * is complete (but not necessarily perfect), 2) the leaves to be proven are in the opposite order
   * they are in the
   * tree (i.e., as seen from right to left starting at the deepest layer and continuing at the next
   * layer).
   *
   * NOTE: The _empty set_ (i.e. the case where `proof.length == 1 && leaves.length == 0`) is
   * considered a no-op,
   * and therefore a valid multiproof (i.e. it returns `proof[0]`). Consider disallowing this case
   * if you're not
   * validating the leaves elsewhere.
   */
  function processMultiProofCalldata(
    bytes32[] calldata proof,
    bool[] calldata proofFlags,
    bytes32[] memory leaves,
    function(bytes32, bytes32) view returns (bytes32) hasher
  ) internal view returns (bytes32 merkleRoot) {
    // This function rebuilds the root hash by traversing the tree up from the leaves. The root is
    // rebuilt by
    // consuming and producing values on a queue. The queue starts with the `leaves` array, then
    // goes onto the
    // `hashes` array. At the end of the process, the last hash in the `hashes` array should contain
    // the root of
    // the Merkle tree.
    uint256 leavesLen = leaves.length;
    uint256 proofFlagsLen = proofFlags.length;

    // Check proof validity.
    if (leavesLen + proof.length != proofFlagsLen + 1) {
      revert MerkleProofInvalidMultiproof();
    }

    // The xxxPos values are "pointers" to the next value to consume in each array. All accesses are
    // done using
    // `xxx[xxxPos++]`, which return the current value and increment the pointer, thus mimicking a
    // queue's "pop".
    bytes32[] memory hashes = new bytes32[](proofFlagsLen);
    uint256 leafPos = 0;
    uint256 hashPos = 0;
    uint256 proofPos = 0;
    // At each step, we compute the next hash using two values:
    // - a value from the "main queue". If not all leaves have been consumed, we get the next leaf,
    // otherwise we
    //   get the next hash.
    // - depending on the flag, either another value from the "main queue" (merging branches) or an
    // element from the
    //   `proof` array.
    for (uint256 i = 0; i < proofFlagsLen; i++) {
      bytes32 a = leafPos < leavesLen ? leaves[leafPos++] : hashes[hashPos++];
      bytes32 b = proofFlags[i]
        ? (leafPos < leavesLen ? leaves[leafPos++] : hashes[hashPos++])
        : proof[proofPos++];
      hashes[i] = hasher(a, b);
    }

    if (proofFlagsLen > 0) {
      if (proofPos != proof.length) {
        revert MerkleProofInvalidMultiproof();
      }
      unchecked {
        return hashes[proofFlagsLen - 1];
      }
    } else if (leavesLen > 0) {
      return leaves[0];
    } else {
      return proof[0];
    }
  }
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (utils/Pausable.sol)

pragma solidity ^0.8.20;

import {Context} from "../utils/Context.sol";

/**
 * @dev Contract module which allows children to implement an emergency stop
 * mechanism that can be triggered by an authorized account.
 *
 * This module is used through inheritance. It will make available the
 * modifiers `whenNotPaused` and `whenPaused`, which can be applied to
 * the functions of your contract. Note that they will not be pausable by
 * simply including this module, only once the modifiers are put in place.
 */
abstract contract Pausable is Context {
  bool private _paused;

  /**
   * @dev Emitted when the pause is triggered by `account`.
   */
  event Paused(address account);

  /**
   * @dev Emitted when the pause is lifted by `account`.
   */
  event Unpaused(address account);

  /**
   * @dev The operation failed because the contract is paused.
   */
  error EnforcedPause();

  /**
   * @dev The operation failed because the contract is not paused.
   */
  error ExpectedPause();

  /**
   * @dev Initializes the contract in unpaused state.
   */
  constructor() {
    _paused = false;
  }

  /**
   * @dev Modifier to make a function callable only when the contract is not paused.
   *
   * Requirements:
   *
   * - The contract must not be paused.
   */
  modifier whenNotPaused() {
    _requireNotPaused();
    _;
  }

  /**
   * @dev Modifier to make a function callable only when the contract is paused.
   *
   * Requirements:
   *
   * - The contract must be paused.
   */
  modifier whenPaused() {
    _requirePaused();
    _;
  }

  /**
   * @dev Returns true if the contract is paused, and false otherwise.
   */
  function paused() public view virtual returns (bool) {
    return _paused;
  }

  /**
   * @dev Throws if the contract is paused.
   */
  function _requireNotPaused() internal view virtual {
    if (paused()) {
      revert EnforcedPause();
    }
  }

  /**
   * @dev Throws if the contract is not paused.
   */
  function _requirePaused() internal view virtual {
    if (!paused()) {
      revert ExpectedPause();
    }
  }

  /**
   * @dev Triggers stopped state.
   *
   * Requirements:
   *
   * - The contract must not be paused.
   */
  function _pause() internal virtual whenNotPaused {
    _paused = true;
    emit Paused(_msgSender());
  }

  /**
   * @dev Returns to normal state.
   *
   * Requirements:
   *
   * - The contract must be paused.
   */
  function _unpause() internal virtual whenPaused {
    _paused = false;
    emit Unpaused(_msgSender());
  }
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.1.0) (token/ERC20/utils/SafeERC20.sol)

pragma solidity ^0.8.20;

import {IERC20} from "../IERC20.sol";
import {IERC1363} from "../../../interfaces/IERC1363.sol";
import {Address} from "../../../utils/Address.sol";

/**
 * @title SafeERC20
 * @dev Wrappers around ERC-20 operations that throw on failure (when the token
 * contract returns false). Tokens that return no value (and instead revert or
 * throw on failure) are also supported, non-reverting calls are assumed to be
 * successful.
 * To use this library you can add a `using SafeERC20 for IERC20;` statement to your contract,
 * which allows you to call the safe operations as `token.safeTransfer(...)`, etc.
 */
library SafeERC20 {
  /**
   * @dev An operation with an ERC-20 token failed.
   */
  error SafeERC20FailedOperation(address token);

  /**
   * @dev Indicates a failed `decreaseAllowance` request.
   */
  error SafeERC20FailedDecreaseAllowance(
    address spender, uint256 currentAllowance, uint256 requestedDecrease
  );

  /**
   * @dev Transfer `value` amount of `token` from the calling contract to `to`. If `token` returns
   * no value,
   * non-reverting calls are assumed to be successful.
   */
  function safeTransfer(IERC20 token, address to, uint256 value) internal {
    _callOptionalReturn(token, abi.encodeCall(token.transfer, (to, value)));
  }

  /**
   * @dev Transfer `value` amount of `token` from `from` to `to`, spending the approval given by
   * `from` to the
   * calling contract. If `token` returns no value, non-reverting calls are assumed to be
   * successful.
   */
  function safeTransferFrom(IERC20 token, address from, address to, uint256 value) internal {
    _callOptionalReturn(token, abi.encodeCall(token.transferFrom, (from, to, value)));
  }

  /**
   * @dev Increase the calling contract's allowance toward `spender` by `value`. If `token` returns
   * no value,
   * non-reverting calls are assumed to be successful.
   *
   * IMPORTANT: If the token implements ERC-7674 (ERC-20 with temporary allowance), and if the
   * "client"
   * smart contract uses ERC-7674 to set temporary allowances, then the "client" smart contract
   * should avoid using
   * this function. Performing a {safeIncreaseAllowance} or {safeDecreaseAllowance} operation on a
   * token contract
   * that has a non-zero temporary allowance (for that particular owner-spender) will result in
   * unexpected behavior.
   */
  function safeIncreaseAllowance(IERC20 token, address spender, uint256 value) internal {
    uint256 oldAllowance = token.allowance(address(this), spender);
    forceApprove(token, spender, oldAllowance + value);
  }

  /**
   * @dev Decrease the calling contract's allowance toward `spender` by `requestedDecrease`. If
   * `token` returns no
   * value, non-reverting calls are assumed to be successful.
   *
   * IMPORTANT: If the token implements ERC-7674 (ERC-20 with temporary allowance), and if the
   * "client"
   * smart contract uses ERC-7674 to set temporary allowances, then the "client" smart contract
   * should avoid using
   * this function. Performing a {safeIncreaseAllowance} or {safeDecreaseAllowance} operation on a
   * token contract
   * that has a non-zero temporary allowance (for that particular owner-spender) will result in
   * unexpected behavior.
   */
  function safeDecreaseAllowance(IERC20 token, address spender, uint256 requestedDecrease) internal {
    unchecked {
      uint256 currentAllowance = token.allowance(address(this), spender);
      if (currentAllowance < requestedDecrease) {
        revert SafeERC20FailedDecreaseAllowance(spender, currentAllowance, requestedDecrease);
      }
      forceApprove(token, spender, currentAllowance - requestedDecrease);
    }
  }

  /**
   * @dev Set the calling contract's allowance toward `spender` to `value`. If `token` returns no
   * value,
   * non-reverting calls are assumed to be successful. Meant to be used with tokens that require the
   * approval
   * to be set to zero before setting it to a non-zero value, such as USDT.
   *
   * NOTE: If the token implements ERC-7674, this function will not modify any temporary allowance.
   * This function
   * only sets the "standard" allowance. Any temporary allowance will remain active, in addition to
   * the value being
   * set here.
   */
  function forceApprove(IERC20 token, address spender, uint256 value) internal {
    bytes memory approvalCall = abi.encodeCall(token.approve, (spender, value));

    if (!_callOptionalReturnBool(token, approvalCall)) {
      _callOptionalReturn(token, abi.encodeCall(token.approve, (spender, 0)));
      _callOptionalReturn(token, approvalCall);
    }
  }

  /**
   * @dev Performs an {ERC1363} transferAndCall, with a fallback to the simple {ERC20} transfer if
   * the target has no
   * code. This can be used to implement an {ERC721}-like safe transfer that rely on {ERC1363}
   * checks when
   * targeting contracts.
   *
   * Reverts if the returned value is other than `true`.
   */
  function transferAndCallRelaxed(
    IERC1363 token,
    address to,
    uint256 value,
    bytes memory data
  ) internal {
    if (to.code.length == 0) {
      safeTransfer(token, to, value);
    } else if (!token.transferAndCall(to, value, data)) {
      revert SafeERC20FailedOperation(address(token));
    }
  }

  /**
   * @dev Performs an {ERC1363} transferFromAndCall, with a fallback to the simple {ERC20}
   * transferFrom if the target
   * has no code. This can be used to implement an {ERC721}-like safe transfer that rely on
   * {ERC1363} checks when
   * targeting contracts.
   *
   * Reverts if the returned value is other than `true`.
   */
  function transferFromAndCallRelaxed(
    IERC1363 token,
    address from,
    address to,
    uint256 value,
    bytes memory data
  ) internal {
    if (to.code.length == 0) {
      safeTransferFrom(token, from, to, value);
    } else if (!token.transferFromAndCall(from, to, value, data)) {
      revert SafeERC20FailedOperation(address(token));
    }
  }

  /**
   * @dev Performs an {ERC1363} approveAndCall, with a fallback to the simple {ERC20} approve if the
   * target has no
   * code. This can be used to implement an {ERC721}-like safe transfer that rely on {ERC1363}
   * checks when
   * targeting contracts.
   *
   * NOTE: When the recipient address (`to`) has no code (i.e. is an EOA), this function behaves as
   * {forceApprove}.
   * Opposedly, when the recipient address (`to`) has code, this function only attempts to call
   * {ERC1363-approveAndCall}
   * once without retrying, and relies on the returned value to be true.
   *
   * Reverts if the returned value is other than `true`.
   */
  function approveAndCallRelaxed(
    IERC1363 token,
    address to,
    uint256 value,
    bytes memory data
  ) internal {
    if (to.code.length == 0) {
      forceApprove(token, to, value);
    } else if (!token.approveAndCall(to, value, data)) {
      revert SafeERC20FailedOperation(address(token));
    }
  }

  /**
   * @dev Imitates a Solidity high-level call (i.e. a regular function call to a contract), relaxing
   * the requirement
   * on the return value: the return value is optional (but if data is returned, it must not be
   * false).
   * @param token The token targeted by the call.
   * @param data The call data (encoded using abi.encode or one of its variants).
   *
   * This is a variant of {_callOptionalReturnBool} that reverts if call fails to meet the
   * requirements.
   */
  function _callOptionalReturn(IERC20 token, bytes memory data) private {
    uint256 returnSize;
    uint256 returnValue;
    assembly ("memory-safe") {
      let success := call(gas(), token, 0, add(data, 0x20), mload(data), 0, 0x20)
      // bubble errors
      if iszero(success) {
        let ptr := mload(0x40)
        returndatacopy(ptr, 0, returndatasize())
        revert(ptr, returndatasize())
      }
      returnSize := returndatasize()
      returnValue := mload(0)
    }

    if (returnSize == 0 ? address(token).code.length == 0 : returnValue != 1) {
      revert SafeERC20FailedOperation(address(token));
    }
  }

  /**
   * @dev Imitates a Solidity high-level call (i.e. a regular function call to a contract), relaxing
   * the requirement
   * on the return value: the return value is optional (but if data is returned, it must not be
   * false).
   * @param token The token targeted by the call.
   * @param data The call data (encoded using abi.encode or one of its variants).
   *
   * This is a variant of {_callOptionalReturn} that silently catches all reverts and returns a bool
   * instead.
   */
  function _callOptionalReturnBool(IERC20 token, bytes memory data) private returns (bool) {
    bool success;
    uint256 returnSize;
    uint256 returnValue;
    assembly ("memory-safe") {
      success := call(gas(), token, 0, add(data, 0x20), mload(data), 0, 0x20)
      returnSize := returndatasize()
      returnValue := mload(0)
    }
    return success && (returnSize == 0 ? address(token).code.length > 0 : returnValue == 1);
  }
}

{
  "compilationTarget": {
    "src/BUILDClaimSeason0.sol": "BUILDClaimSeason0"
  },
  "evmVersion": "paris",
  "libraries": {},
  "metadata": {
    "bytecodeHash": "ipfs"
  },
  "optimizer": {
    "enabled": true,
    "runs": 200
  },
  "remappings": [
    ":@openzeppelin/=lib/vendor/openzeppelin-solidity/v5.1.0/",
    ":@openzeppelin@5.2.0/=lib/vendor/openzeppelin-solidity/v5.2.0/",
    ":chainlink/=lib/vendor/chainlink/v2.18.0/",
    ":forge-std/=lib/vendor/forge-std/v1.9.4/src/",
    ":vendor/=lib/vendor/forge-std/v1.9.4/src/"
  ]
}