services/cctp-relayer/contracts/messagetransmitter/messagetransmitter.contractinfo.json
{"/solidity/MessageTransmitter.sol:Address":{"code":"0x60566023600b82828239805160001a607314601657fe5b30600052607381538281f3fe73000000000000000000000000000000000000000030146080604052600080fdfea2646970667358221220692b67c87ddcd80ea0806a3c207ef65bcbcc1b11c3697fc6ea2f736cca0cda7964736f6c63430007060033","runtime-code":"0x73000000000000000000000000000000000000000030146080604052600080fdfea2646970667358221220692b67c87ddcd80ea0806a3c207ef65bcbcc1b11c3697fc6ea2f736cca0cda7964736f6c63430007060033","info":{"source":"/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npragma solidity 0.7.6;\n\n/*\nThe MIT License (MIT)\n\nCopyright (c) 2016 Smart Contract Solutions, Inc.\n\nPermission is hereby granted, free of charge, to any person obtaining\na copy of this software and associated documentation files (the\n\"Software\"), to deal in the Software without restriction, including\nwithout limitation the rights to use, copy, modify, merge, publish,\ndistribute, sublicense, and/or sell copies of the Software, and to\npermit persons to whom the Software is furnished to do so, subject to\nthe following conditions:\n\nThe above copyright notice and this permission notice shall be included\nin all copies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS\nOR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF\nMERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.\nIN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY\nCLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,\nTORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE\nSOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n*/\n\nlibrary TypedMemView {\n using SafeMath for uint256;\n\n // Why does this exist?\n // the solidity `bytes memory` type has a few weaknesses.\n // 1. You can't index ranges effectively\n // 2. You can't slice without copying\n // 3. The underlying data may represent any type\n // 4. Solidity never deallocates memory, and memory costs grow\n // superlinearly\n\n // By using a memory view instead of a `bytes memory` we get the following\n // advantages:\n // 1. Slices are done on the stack, by manipulating the pointer\n // 2. We can index arbitrary ranges and quickly convert them to stack types\n // 3. We can insert type info into the pointer, and typecheck at runtime\n\n // This makes `TypedMemView` a useful tool for efficient zero-copy\n // algorithms.\n\n // Why bytes29?\n // We want to avoid confusion between views, digests, and other common\n // types so we chose a large and uncommonly used odd number of bytes\n //\n // Note that while bytes are left-aligned in a word, integers and addresses\n // are right-aligned. This means when working in assembly we have to\n // account for the 3 unused bytes on the righthand side\n //\n // First 5 bytes are a type flag.\n // - ff_ffff_fffe is reserved for unknown type.\n // - ff_ffff_ffff is reserved for invalid types/errors.\n // next 12 are memory address\n // next 12 are len\n // bottom 3 bytes are empty\n\n // Assumptions:\n // - non-modification of memory.\n // - No Solidity updates\n // - - wrt free mem point\n // - - wrt bytes representation in memory\n // - - wrt memory addressing in general\n\n // Usage:\n // - create type constants\n // - use `assertType` for runtime type assertions\n // - - unfortunately we can't do this at compile time yet :(\n // - recommended: implement modifiers that perform type checking\n // - - e.g.\n // - - `uint40 constant MY_TYPE = 3;`\n // - - ` modifer onlyMyType(bytes29 myView) { myView.assertType(MY_TYPE); }`\n // - instantiate a typed view from a bytearray using `ref`\n // - use `index` to inspect the contents of the view\n // - use `slice` to create smaller views into the same memory\n // - - `slice` can increase the offset\n // - - `slice can decrease the length`\n // - - must specify the output type of `slice`\n // - - `slice` will return a null view if you try to overrun\n // - - make sure to explicitly check for this with `notNull` or `assertType`\n // - use `equal` for typed comparisons.\n\n // The null view\n bytes29 public constant NULL = hex\"ffffffffffffffffffffffffffffffffffffffffffffffffffffffffff\";\n uint256 constant LOW_12_MASK = 0xffffffffffffffffffffffff;\n uint8 constant TWELVE_BYTES = 96;\n\n /**\n * @notice Returns the encoded hex character that represents the lower 4 bits of the argument.\n * @param _b The byte\n * @return char - The encoded hex character\n */\n function nibbleHex(uint8 _b) internal pure returns (uint8 char) {\n // This can probably be done more efficiently, but it's only in error\n // paths, so we don't really care :)\n uint8 _nibble = _b | 0xf0; // set top 4, keep bottom 4\n if (_nibble == 0xf0) {return 0x30;} // 0\n if (_nibble == 0xf1) {return 0x31;} // 1\n if (_nibble == 0xf2) {return 0x32;} // 2\n if (_nibble == 0xf3) {return 0x33;} // 3\n if (_nibble == 0xf4) {return 0x34;} // 4\n if (_nibble == 0xf5) {return 0x35;} // 5\n if (_nibble == 0xf6) {return 0x36;} // 6\n if (_nibble == 0xf7) {return 0x37;} // 7\n if (_nibble == 0xf8) {return 0x38;} // 8\n if (_nibble == 0xf9) {return 0x39;} // 9\n if (_nibble == 0xfa) {return 0x61;} // a\n if (_nibble == 0xfb) {return 0x62;} // b\n if (_nibble == 0xfc) {return 0x63;} // c\n if (_nibble == 0xfd) {return 0x64;} // d\n if (_nibble == 0xfe) {return 0x65;} // e\n if (_nibble == 0xff) {return 0x66;} // f\n }\n\n /**\n * @notice Returns a uint16 containing the hex-encoded byte.\n * @param _b The byte\n * @return encoded - The hex-encoded byte\n */\n function byteHex(uint8 _b) internal pure returns (uint16 encoded) {\n encoded |= nibbleHex(_b \u003e\u003e 4); // top 4 bits\n encoded \u003c\u003c= 8;\n encoded |= nibbleHex(_b); // lower 4 bits\n }\n\n /**\n * @notice Encodes the uint256 to hex. `first` contains the encoded top 16 bytes.\n * `second` contains the encoded lower 16 bytes.\n *\n * @param _b The 32 bytes as uint256\n * @return first - The top 16 bytes\n * @return second - The bottom 16 bytes\n */\n function encodeHex(uint256 _b) internal pure returns (uint256 first, uint256 second) {\n for (uint8 i = 31; i \u003e 15; i -= 1) {\n uint8 _byte = uint8(_b \u003e\u003e (i * 8));\n first |= byteHex(_byte);\n if (i != 16) {\n first \u003c\u003c= 16;\n }\n }\n\n // abusing underflow here =_=\n for (uint8 i = 15; i \u003c 255 ; i -= 1) {\n uint8 _byte = uint8(_b \u003e\u003e (i * 8));\n second |= byteHex(_byte);\n if (i != 0) {\n second \u003c\u003c= 16;\n }\n }\n }\n\n /**\n * @notice Changes the endianness of a uint256.\n * @dev https://graphics.stanford.edu/~seander/bithacks.html#ReverseParallel\n * @param _b The unsigned integer to reverse\n * @return v - The reversed value\n */\n function reverseUint256(uint256 _b) internal pure returns (uint256 v) {\n v = _b;\n\n // swap bytes\n v = ((v \u003e\u003e 8) \u0026 0x00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF) |\n ((v \u0026 0x00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF) \u003c\u003c 8);\n // swap 2-byte long pairs\n v = ((v \u003e\u003e 16) \u0026 0x0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF) |\n ((v \u0026 0x0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF) \u003c\u003c 16);\n // swap 4-byte long pairs\n v = ((v \u003e\u003e 32) \u0026 0x00000000FFFFFFFF00000000FFFFFFFF00000000FFFFFFFF00000000FFFFFFFF) |\n ((v \u0026 0x00000000FFFFFFFF00000000FFFFFFFF00000000FFFFFFFF00000000FFFFFFFF) \u003c\u003c 32);\n // swap 8-byte long pairs\n v = ((v \u003e\u003e 64) \u0026 0x0000000000000000FFFFFFFFFFFFFFFF0000000000000000FFFFFFFFFFFFFFFF) |\n ((v \u0026 0x0000000000000000FFFFFFFFFFFFFFFF0000000000000000FFFFFFFFFFFFFFFF) \u003c\u003c 64);\n // swap 16-byte long pairs\n v = (v \u003e\u003e 128) | (v \u003c\u003c 128);\n }\n\n /**\n * @notice Create a mask with the highest `_len` bits set.\n * @param _len The length\n * @return mask - The mask\n */\n function leftMask(uint8 _len) private pure returns (uint256 mask) {\n // ugly. redo without assembly?\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n mask := sar(\n sub(_len, 1),\n 0x8000000000000000000000000000000000000000000000000000000000000000\n )\n }\n }\n\n /**\n * @notice Return the null view.\n * @return bytes29 - The null view\n */\n function nullView() internal pure returns (bytes29) {\n return NULL;\n }\n\n /**\n * @notice Check if the view is null.\n * @return bool - True if the view is null\n */\n function isNull(bytes29 memView) internal pure returns (bool) {\n return memView == NULL;\n }\n\n /**\n * @notice Check if the view is not null.\n * @return bool - True if the view is not null\n */\n function notNull(bytes29 memView) internal pure returns (bool) {\n return !isNull(memView);\n }\n\n /**\n * @notice Check if the view is of a valid type and points to a valid location\n * in memory.\n * @dev We perform this check by examining solidity's unallocated memory\n * pointer and ensuring that the view's upper bound is less than that.\n * @param memView The view\n * @return ret - True if the view is valid\n */\n function isValid(bytes29 memView) internal pure returns (bool ret) {\n if (typeOf(memView) == 0xffffffffff) {return false;}\n uint256 _end = end(memView);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n ret := not(gt(_end, mload(0x40)))\n }\n }\n\n /**\n * @notice Require that a typed memory view be valid.\n * @dev Returns the view for easy chaining.\n * @param memView The view\n * @return bytes29 - The validated view\n */\n function assertValid(bytes29 memView) internal pure returns (bytes29) {\n require(isValid(memView), \"Validity assertion failed\");\n return memView;\n }\n\n /**\n * @notice Return true if the memview is of the expected type. Otherwise false.\n * @param memView The view\n * @param _expected The expected type\n * @return bool - True if the memview is of the expected type\n */\n function isType(bytes29 memView, uint40 _expected) internal pure returns (bool) {\n return typeOf(memView) == _expected;\n }\n\n /**\n * @notice Require that a typed memory view has a specific type.\n * @dev Returns the view for easy chaining.\n * @param memView The view\n * @param _expected The expected type\n * @return bytes29 - The view with validated type\n */\n function assertType(bytes29 memView, uint40 _expected) internal pure returns (bytes29) {\n if (!isType(memView, _expected)) {\n (, uint256 g) = encodeHex(uint256(typeOf(memView)));\n (, uint256 e) = encodeHex(uint256(_expected));\n string memory err = string(\n abi.encodePacked(\n \"Type assertion failed. Got 0x\",\n uint80(g),\n \". Expected 0x\",\n uint80(e)\n )\n );\n revert(err);\n }\n return memView;\n }\n\n /**\n * @notice Return an identical view with a different type.\n * @param memView The view\n * @param _newType The new type\n * @return newView - The new view with the specified type\n */\n function castTo(bytes29 memView, uint40 _newType) internal pure returns (bytes29 newView) {\n // then | in the new type\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n // shift off the top 5 bytes\n newView := or(newView, shr(40, shl(40, memView)))\n newView := or(newView, shl(216, _newType))\n }\n }\n\n /**\n * @notice Unsafe raw pointer construction. This should generally not be called\n * directly. Prefer `ref` wherever possible.\n * @dev Unsafe raw pointer construction. This should generally not be called\n * directly. Prefer `ref` wherever possible.\n * @param _type The type\n * @param _loc The memory address\n * @param _len The length\n * @return newView - The new view with the specified type, location and length\n */\n function unsafeBuildUnchecked(uint256 _type, uint256 _loc, uint256 _len) private pure returns (bytes29 newView) {\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n newView := shl(96, or(newView, _type)) // insert type\n newView := shl(96, or(newView, _loc)) // insert loc\n newView := shl(24, or(newView, _len)) // empty bottom 3 bytes\n }\n }\n\n /**\n * @notice Instantiate a new memory view. This should generally not be called\n * directly. Prefer `ref` wherever possible.\n * @dev Instantiate a new memory view. This should generally not be called\n * directly. Prefer `ref` wherever possible.\n * @param _type The type\n * @param _loc The memory address\n * @param _len The length\n * @return newView - The new view with the specified type, location and length\n */\n function build(uint256 _type, uint256 _loc, uint256 _len) internal pure returns (bytes29 newView) {\n uint256 _end = _loc.add(_len);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n if gt(_end, mload(0x40)) {\n _end := 0\n }\n }\n if (_end == 0) {\n return NULL;\n }\n newView = unsafeBuildUnchecked(_type, _loc, _len);\n }\n\n /**\n * @notice Instantiate a memory view from a byte array.\n * @dev Note that due to Solidity memory representation, it is not possible to\n * implement a deref, as the `bytes` type stores its len in memory.\n * @param arr The byte array\n * @param newType The type\n * @return bytes29 - The memory view\n */\n function ref(bytes memory arr, uint40 newType) internal pure returns (bytes29) {\n uint256 _len = arr.length;\n\n uint256 _loc;\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n _loc := add(arr, 0x20) // our view is of the data, not the struct\n }\n\n return build(newType, _loc, _len);\n }\n\n /**\n * @notice Return the associated type information.\n * @param memView The memory view\n * @return _type - The type associated with the view\n */\n function typeOf(bytes29 memView) internal pure returns (uint40 _type) {\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n // 216 == 256 - 40\n _type := shr(216, memView) // shift out lower 24 bytes\n }\n }\n\n /**\n * @notice Optimized type comparison. Checks that the 5-byte type flag is equal.\n * @param left The first view\n * @param right The second view\n * @return bool - True if the 5-byte type flag is equal\n */\n function sameType(bytes29 left, bytes29 right) internal pure returns (bool) {\n return (left ^ right) \u003e\u003e (2 * TWELVE_BYTES) == 0;\n }\n\n /**\n * @notice Return the memory address of the underlying bytes.\n * @param memView The view\n * @return _loc - The memory address\n */\n function loc(bytes29 memView) internal pure returns (uint96 _loc) {\n uint256 _mask = LOW_12_MASK; // assembly can't use globals\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n // 120 bits = 12 bytes (the encoded loc) + 3 bytes (empty low space)\n _loc := and(shr(120, memView), _mask)\n }\n }\n\n /**\n * @notice The number of memory words this memory view occupies, rounded up.\n * @param memView The view\n * @return uint256 - The number of memory words\n */\n function words(bytes29 memView) internal pure returns (uint256) {\n return uint256(len(memView)).add(32) / 32;\n }\n\n /**\n * @notice The in-memory footprint of a fresh copy of the view.\n * @param memView The view\n * @return uint256 - The in-memory footprint of a fresh copy of the view.\n */\n function footprint(bytes29 memView) internal pure returns (uint256) {\n return words(memView) * 32;\n }\n\n /**\n * @notice The number of bytes of the view.\n * @param memView The view\n * @return _len - The length of the view\n */\n function len(bytes29 memView) internal pure returns (uint96 _len) {\n uint256 _mask = LOW_12_MASK; // assembly can't use globals\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n _len := and(shr(24, memView), _mask)\n }\n }\n\n /**\n * @notice Returns the endpoint of `memView`.\n * @param memView The view\n * @return uint256 - The endpoint of `memView`\n */\n function end(bytes29 memView) internal pure returns (uint256) {\n return loc(memView) + len(memView);\n }\n\n /**\n * @notice Safe slicing without memory modification.\n * @param memView The view\n * @param _index The start index\n * @param _len The length\n * @param newType The new type\n * @return bytes29 - The new view\n */\n function slice(bytes29 memView, uint256 _index, uint256 _len, uint40 newType) internal pure returns (bytes29) {\n uint256 _loc = loc(memView);\n\n // Ensure it doesn't overrun the view\n if (_loc.add(_index).add(_len) \u003e end(memView)) {\n return NULL;\n }\n\n _loc = _loc.add(_index);\n return build(newType, _loc, _len);\n }\n\n /**\n * @notice Shortcut to `slice`. Gets a view representing the first `_len` bytes.\n * @param memView The view\n * @param _len The length\n * @param newType The new type\n * @return bytes29 - The new view\n */\n function prefix(bytes29 memView, uint256 _len, uint40 newType) internal pure returns (bytes29) {\n return slice(memView, 0, _len, newType);\n }\n\n /**\n * @notice Shortcut to `slice`. Gets a view representing the last `_len` byte.\n * @param memView The view\n * @param _len The length\n * @param newType The new type\n * @return bytes29 - The new view\n */\n function postfix(bytes29 memView, uint256 _len, uint40 newType) internal pure returns (bytes29) {\n return slice(memView, uint256(len(memView)).sub(_len), _len, newType);\n }\n\n /**\n * @notice Construct an error message for an indexing overrun.\n * @param _loc The memory address\n * @param _len The length\n * @param _index The index\n * @param _slice The slice where the overrun occurred\n * @return err - The err\n */\n function indexErrOverrun(\n uint256 _loc,\n uint256 _len,\n uint256 _index,\n uint256 _slice\n ) internal pure returns (string memory err) {\n (, uint256 a) = encodeHex(_loc);\n (, uint256 b) = encodeHex(_len);\n (, uint256 c) = encodeHex(_index);\n (, uint256 d) = encodeHex(_slice);\n err = string(\n abi.encodePacked(\n \"TypedMemView/index - Overran the view. Slice is at 0x\",\n uint48(a),\n \" with length 0x\",\n uint48(b),\n \". Attempted to index at offset 0x\",\n uint48(c),\n \" with length 0x\",\n uint48(d),\n \".\"\n )\n );\n }\n\n /**\n * @notice Load up to 32 bytes from the view onto the stack.\n * @dev Returns a bytes32 with only the `_bytes` highest bytes set.\n * This can be immediately cast to a smaller fixed-length byte array.\n * To automatically cast to an integer, use `indexUint`.\n * @param memView The view\n * @param _index The index\n * @param _bytes The bytes\n * @return result - The 32 byte result\n */\n function index(bytes29 memView, uint256 _index, uint8 _bytes) internal pure returns (bytes32 result) {\n if (_bytes == 0) {return bytes32(0);}\n if (_index.add(_bytes) \u003e len(memView)) {\n revert(indexErrOverrun(loc(memView), len(memView), _index, uint256(_bytes)));\n }\n require(_bytes \u003c= 32, \"TypedMemView/index - Attempted to index more than 32 bytes\");\n\n uint8 bitLength = _bytes * 8;\n uint256 _loc = loc(memView);\n uint256 _mask = leftMask(bitLength);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n result := and(mload(add(_loc, _index)), _mask)\n }\n }\n\n /**\n * @notice Parse an unsigned integer from the view at `_index`.\n * @dev Requires that the view have \u003e= `_bytes` bytes following that index.\n * @param memView The view\n * @param _index The index\n * @param _bytes The bytes\n * @return result - The unsigned integer\n */\n function indexUint(bytes29 memView, uint256 _index, uint8 _bytes) internal pure returns (uint256 result) {\n return uint256(index(memView, _index, _bytes)) \u003e\u003e ((32 - _bytes) * 8);\n }\n\n /**\n * @notice Parse an unsigned integer from LE bytes.\n * @param memView The view\n * @param _index The index\n * @param _bytes The bytes\n * @return result - The unsigned integer\n */\n function indexLEUint(bytes29 memView, uint256 _index, uint8 _bytes) internal pure returns (uint256 result) {\n return reverseUint256(uint256(index(memView, _index, _bytes)));\n }\n\n /**\n * @notice Parse an address from the view at `_index`. Requires that the view have \u003e= 20 bytes\n * following that index.\n * @param memView The view\n * @param _index The index\n * @return address - The address\n */\n function indexAddress(bytes29 memView, uint256 _index) internal pure returns (address) {\n return address(uint160(indexUint(memView, _index, 20)));\n }\n\n /**\n * @notice Return the keccak256 hash of the underlying memory\n * @param memView The view\n * @return digest - The keccak256 hash of the underlying memory\n */\n function keccak(bytes29 memView) internal pure returns (bytes32 digest) {\n uint256 _loc = loc(memView);\n uint256 _len = len(memView);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n digest := keccak256(_loc, _len)\n }\n }\n\n /**\n * @notice Return the sha2 digest of the underlying memory.\n * @dev We explicitly deallocate memory afterwards.\n * @param memView The view\n * @return digest - The sha2 hash of the underlying memory\n */\n function sha2(bytes29 memView) internal view returns (bytes32 digest) {\n uint256 _loc = loc(memView);\n uint256 _len = len(memView);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n let ptr := mload(0x40)\n pop(staticcall(gas(), 2, _loc, _len, ptr, 0x20)) // sha2 #1\n digest := mload(ptr)\n }\n }\n\n /**\n * @notice Implements bitcoin's hash160 (rmd160(sha2()))\n * @param memView The pre-image\n * @return digest - the Digest\n */\n function hash160(bytes29 memView) internal view returns (bytes20 digest) {\n uint256 _loc = loc(memView);\n uint256 _len = len(memView);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n let ptr := mload(0x40)\n pop(staticcall(gas(), 2, _loc, _len, ptr, 0x20)) // sha2\n pop(staticcall(gas(), 3, ptr, 0x20, ptr, 0x20)) // rmd160\n digest := mload(add(ptr, 0xc)) // return value is 0-prefixed.\n }\n }\n\n /**\n * @notice Implements bitcoin's hash256 (double sha2)\n * @param memView A view of the preimage\n * @return digest - the Digest\n */\n function hash256(bytes29 memView) internal view returns (bytes32 digest) {\n uint256 _loc = loc(memView);\n uint256 _len = len(memView);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n let ptr := mload(0x40)\n pop(staticcall(gas(), 2, _loc, _len, ptr, 0x20)) // sha2 #1\n pop(staticcall(gas(), 2, ptr, 0x20, ptr, 0x20)) // sha2 #2\n digest := mload(ptr)\n }\n }\n\n /**\n * @notice Return true if the underlying memory is equal. Else false.\n * @param left The first view\n * @param right The second view\n * @return bool - True if the underlying memory is equal\n */\n function untypedEqual(bytes29 left, bytes29 right) internal pure returns (bool) {\n return (loc(left) == loc(right) \u0026\u0026 len(left) == len(right)) || keccak(left) == keccak(right);\n }\n\n /**\n * @notice Return false if the underlying memory is equal. Else true.\n * @param left The first view\n * @param right The second view\n * @return bool - False if the underlying memory is equal\n */\n function untypedNotEqual(bytes29 left, bytes29 right) internal pure returns (bool) {\n return !untypedEqual(left, right);\n }\n\n /**\n * @notice Compares type equality.\n * @dev Shortcuts if the pointers are identical, otherwise compares type and digest.\n * @param left The first view\n * @param right The second view\n * @return bool - True if the types are the same\n */\n function equal(bytes29 left, bytes29 right) internal pure returns (bool) {\n return left == right || (typeOf(left) == typeOf(right) \u0026\u0026 keccak(left) == keccak(right));\n }\n\n /**\n * @notice Compares type inequality.\n * @dev Shortcuts if the pointers are identical, otherwise compares type and digest.\n * @param left The first view\n * @param right The second view\n * @return bool - True if the types are not the same\n */\n function notEqual(bytes29 left, bytes29 right) internal pure returns (bool) {\n return !equal(left, right);\n }\n\n /**\n * @notice Copy the view to a location, return an unsafe memory reference\n * @dev Super Dangerous direct memory access.\n *\n * This reference can be overwritten if anything else modifies memory (!!!).\n * As such it MUST be consumed IMMEDIATELY.\n * This function is private to prevent unsafe usage by callers.\n * @param memView The view\n * @param _newLoc The new location\n * @return written - the unsafe memory reference\n */\n function unsafeCopyTo(bytes29 memView, uint256 _newLoc) private view returns (bytes29 written) {\n require(notNull(memView), \"TypedMemView/copyTo - Null pointer deref\");\n require(isValid(memView), \"TypedMemView/copyTo - Invalid pointer deref\");\n uint256 _len = len(memView);\n uint256 _oldLoc = loc(memView);\n\n uint256 ptr;\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n ptr := mload(0x40)\n // revert if we're writing in occupied memory\n if gt(ptr, _newLoc) {\n revert(0x60, 0x20) // empty revert message\n }\n\n // use the identity precompile to copy\n // guaranteed not to fail, so pop the success\n pop(staticcall(gas(), 4, _oldLoc, _len, _newLoc, _len))\n }\n\n written = unsafeBuildUnchecked(typeOf(memView), _newLoc, _len);\n }\n\n /**\n * @notice Copies the referenced memory to a new loc in memory, returning a `bytes` pointing to\n * the new memory\n * @dev Shortcuts if the pointers are identical, otherwise compares type and digest.\n * @param memView The view\n * @return ret - The view pointing to the new memory\n */\n function clone(bytes29 memView) internal view returns (bytes memory ret) {\n uint256 ptr;\n uint256 _len = len(memView);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n ptr := mload(0x40) // load unused memory pointer\n ret := ptr\n }\n unsafeCopyTo(memView, ptr + 0x20);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n mstore(0x40, add(add(ptr, _len), 0x20)) // write new unused pointer\n mstore(ptr, _len) // write len of new array (in bytes)\n }\n }\n\n /**\n * @notice Join the views in memory, return an unsafe reference to the memory.\n * @dev Super Dangerous direct memory access.\n *\n * This reference can be overwritten if anything else modifies memory (!!!).\n * As such it MUST be consumed IMMEDIATELY.\n * This function is private to prevent unsafe usage by callers.\n * @param memViews The views\n * @return unsafeView - The conjoined view pointing to the new memory\n */\n function unsafeJoin(bytes29[] memory memViews, uint256 _location) private view returns (bytes29 unsafeView) {\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n let ptr := mload(0x40)\n // revert if we're writing in occupied memory\n if gt(ptr, _location) {\n revert(0x60, 0x20) // empty revert message\n }\n }\n\n uint256 _offset = 0;\n for (uint256 i = 0; i \u003c memViews.length; i ++) {\n bytes29 memView = memViews[i];\n unsafeCopyTo(memView, _location + _offset);\n _offset += len(memView);\n }\n unsafeView = unsafeBuildUnchecked(0, _location, _offset);\n }\n\n /**\n * @notice Produce the keccak256 digest of the concatenated contents of multiple views.\n * @param memViews The views\n * @return bytes32 - The keccak256 digest\n */\n function joinKeccak(bytes29[] memory memViews) internal view returns (bytes32) {\n uint256 ptr;\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n ptr := mload(0x40) // load unused memory pointer\n }\n return keccak(unsafeJoin(memViews, ptr));\n }\n\n /**\n * @notice Produce the sha256 digest of the concatenated contents of multiple views.\n * @param memViews The views\n * @return bytes32 - The sha256 digest\n */\n function joinSha2(bytes29[] memory memViews) internal view returns (bytes32) {\n uint256 ptr;\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n ptr := mload(0x40) // load unused memory pointer\n }\n return sha2(unsafeJoin(memViews, ptr));\n }\n\n /**\n * @notice copies all views, joins them into a new bytearray.\n * @param memViews The views\n * @return ret - The new byte array\n */\n function join(bytes29[] memory memViews) internal view returns (bytes memory ret) {\n uint256 ptr;\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n ptr := mload(0x40) // load unused memory pointer\n }\n\n bytes29 _newView = unsafeJoin(memViews, ptr + 0x20);\n uint256 _written = len(_newView);\n uint256 _footprint = footprint(_newView);\n\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n // store the legnth\n mstore(ptr, _written)\n // new pointer is old + 0x20 + the footprint of the body\n mstore(0x40, add(add(ptr, _footprint), 0x20))\n ret := ptr\n }\n }\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * @title IRelayer\n * @notice Sends messages from source domain to destination domain\n */\ninterface IRelayer {\n /**\n * @notice Sends an outgoing message from the source domain.\n * @dev Increment nonce, format the message, and emit `MessageSent` event with message information.\n * @param destinationDomain Domain of destination chain\n * @param recipient Address of message recipient on destination domain as bytes32\n * @param messageBody Raw bytes content of message\n * @return nonce reserved by message\n */\n function sendMessage(\n uint32 destinationDomain,\n bytes32 recipient,\n bytes calldata messageBody\n ) external returns (uint64);\n\n /**\n * @notice Sends an outgoing message from the source domain, with a specified caller on the\n * destination domain.\n * @dev Increment nonce, format the message, and emit `MessageSent` event with message information.\n * WARNING: if the `destinationCaller` does not represent a valid address as bytes32, then it will not be possible\n * to broadcast the message on the destination domain. This is an advanced feature, and the standard\n * sendMessage() should be preferred for use cases where a specific destination caller is not required.\n * @param destinationDomain Domain of destination chain\n * @param recipient Address of message recipient on destination domain as bytes32\n * @param destinationCaller caller on the destination domain, as bytes32\n * @param messageBody Raw bytes content of message\n * @return nonce reserved by message\n */\n function sendMessageWithCaller(\n uint32 destinationDomain,\n bytes32 recipient,\n bytes32 destinationCaller,\n bytes calldata messageBody\n ) external returns (uint64);\n\n /**\n * @notice Replace a message with a new message body and/or destination caller.\n * @dev The `originalAttestation` must be a valid attestation of `originalMessage`.\n * @param originalMessage original message to replace\n * @param originalAttestation attestation of `originalMessage`\n * @param newMessageBody new message body of replaced message\n * @param newDestinationCaller the new destination caller\n */\n function replaceMessage(\n bytes calldata originalMessage,\n bytes calldata originalAttestation,\n bytes calldata newMessageBody,\n bytes32 newDestinationCaller\n ) external;\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * @title IReceiver\n * @notice Receives messages on destination chain and forwards them to IMessageDestinationHandler\n */\ninterface IReceiver {\n /**\n * @notice Receives an incoming message, validating the header and passing\n * the body to application-specific handler.\n * @param message The message raw bytes\n * @param signature The message signature\n * @return success bool, true if successful\n */\n function receiveMessage(bytes calldata message, bytes calldata signature)\n external\n returns (bool success);\n}\n\n/**\n * @title IMessageTransmitter\n * @notice Interface for message transmitters, which both relay and receive messages.\n */\ninterface IMessageTransmitter is IRelayer, IReceiver {\n\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * @title IMessageHandler\n * @notice Handles messages on destination domain forwarded from\n * an IReceiver\n */\ninterface IMessageHandler {\n /**\n * @notice handles an incoming message from a Receiver\n * @param sourceDomain the source domain of the message\n * @param sender the sender of the message\n * @param messageBody The message raw bytes\n * @return success bool, true if successful\n */\n function handleReceiveMessage(\n uint32 sourceDomain,\n bytes32 sender,\n bytes calldata messageBody\n ) external returns (bool);\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * @title Message Library\n * @notice Library for formatted messages used by Relayer and Receiver.\n *\n * @dev The message body is dynamically-sized to support custom message body\n * formats. Other fields must be fixed-size to avoid hash collisions.\n * Each other input value has an explicit type to guarantee fixed-size.\n * Padding: uintNN fields are left-padded, and bytesNN fields are right-padded.\n *\n * Field Bytes Type Index\n * version 4 uint32 0\n * sourceDomain 4 uint32 4\n * destinationDomain 4 uint32 8\n * nonce 8 uint64 12\n * sender 32 bytes32 20\n * recipient 32 bytes32 52\n * destinationCaller 32 bytes32 84\n * messageBody dynamic bytes 116\n *\n **/\nlibrary Message {\n using TypedMemView for bytes;\n using TypedMemView for bytes29;\n\n // Indices of each field in message\n uint8 private constant VERSION_INDEX = 0;\n uint8 private constant SOURCE_DOMAIN_INDEX = 4;\n uint8 private constant DESTINATION_DOMAIN_INDEX = 8;\n uint8 private constant NONCE_INDEX = 12;\n uint8 private constant SENDER_INDEX = 20;\n uint8 private constant RECIPIENT_INDEX = 52;\n uint8 private constant DESTINATION_CALLER_INDEX = 84;\n uint8 private constant MESSAGE_BODY_INDEX = 116;\n\n /**\n * @notice Returns formatted (packed) message with provided fields\n * @param _msgVersion the version of the message format\n * @param _msgSourceDomain Domain of home chain\n * @param _msgDestinationDomain Domain of destination chain\n * @param _msgNonce Destination-specific nonce\n * @param _msgSender Address of sender on source chain as bytes32\n * @param _msgRecipient Address of recipient on destination chain as bytes32\n * @param _msgDestinationCaller Address of caller on destination chain as bytes32\n * @param _msgRawBody Raw bytes of message body\n * @return Formatted message\n **/\n function _formatMessage(\n uint32 _msgVersion,\n uint32 _msgSourceDomain,\n uint32 _msgDestinationDomain,\n uint64 _msgNonce,\n bytes32 _msgSender,\n bytes32 _msgRecipient,\n bytes32 _msgDestinationCaller,\n bytes memory _msgRawBody\n ) internal pure returns (bytes memory) {\n return\n abi.encodePacked(\n _msgVersion,\n _msgSourceDomain,\n _msgDestinationDomain,\n _msgNonce,\n _msgSender,\n _msgRecipient,\n _msgDestinationCaller,\n _msgRawBody\n );\n }\n\n // @notice Returns _message's version field\n function _version(bytes29 _message) internal pure returns (uint32) {\n return uint32(_message.indexUint(VERSION_INDEX, 4));\n }\n\n // @notice Returns _message's sourceDomain field\n function _sourceDomain(bytes29 _message) internal pure returns (uint32) {\n return uint32(_message.indexUint(SOURCE_DOMAIN_INDEX, 4));\n }\n\n // @notice Returns _message's destinationDomain field\n function _destinationDomain(bytes29 _message)\n internal\n pure\n returns (uint32)\n {\n return uint32(_message.indexUint(DESTINATION_DOMAIN_INDEX, 4));\n }\n\n // @notice Returns _message's nonce field\n function _nonce(bytes29 _message) internal pure returns (uint64) {\n return uint64(_message.indexUint(NONCE_INDEX, 8));\n }\n\n // @notice Returns _message's sender field\n function _sender(bytes29 _message) internal pure returns (bytes32) {\n return _message.index(SENDER_INDEX, 32);\n }\n\n // @notice Returns _message's recipient field\n function _recipient(bytes29 _message) internal pure returns (bytes32) {\n return _message.index(RECIPIENT_INDEX, 32);\n }\n\n // @notice Returns _message's destinationCaller field\n function _destinationCaller(bytes29 _message)\n internal\n pure\n returns (bytes32)\n {\n return _message.index(DESTINATION_CALLER_INDEX, 32);\n }\n\n // @notice Returns _message's messageBody field\n function _messageBody(bytes29 _message) internal pure returns (bytes29) {\n return\n _message.slice(\n MESSAGE_BODY_INDEX,\n _message.len() - MESSAGE_BODY_INDEX,\n 0\n );\n }\n\n /**\n * @notice converts address to bytes32 (alignment preserving cast.)\n * @param addr the address to convert to bytes32\n */\n function addressToBytes32(address addr) external pure returns (bytes32) {\n return bytes32(uint256(uint160(addr)));\n }\n\n /**\n * @notice converts bytes32 to address (alignment preserving cast.)\n * @dev Warning: it is possible to have different input values _buf map to the same address.\n * For use cases where this is not acceptable, validate that the first 12 bytes of _buf are zero-padding.\n * @param _buf the bytes32 to convert to address\n */\n function bytes32ToAddress(bytes32 _buf) public pure returns (address) {\n return address(uint160(uint256(_buf)));\n }\n\n /**\n * @notice Reverts if message is malformed or incorrect length\n * @param _message The message as bytes29\n */\n function _validateMessageFormat(bytes29 _message) internal pure {\n require(_message.isValid(), \"Malformed message\");\n require(\n _message.len() \u003e= MESSAGE_BODY_INDEX,\n \"Invalid message: too short\"\n );\n }\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/*\n * @dev Provides information about the current execution context, including the\n * sender of the transaction and its data. While these are generally available\n * via msg.sender and msg.data, they should not be accessed in such a direct\n * manner, since when dealing with GSN meta-transactions the account sending and\n * paying for execution may not be the actual sender (as far as an application\n * is concerned).\n *\n * This contract is only required for intermediate, library-like contracts.\n */\nabstract contract Context {\n function _msgSender() internal view virtual returns (address payable) {\n return msg.sender;\n }\n\n function _msgData() internal view virtual returns (bytes memory) {\n this; // silence state mutability warning without generating bytecode - see https://github.com/ethereum/solidity/issues/2691\n return msg.data;\n }\n}\n\n/**\n * @dev forked from https://github.com/OpenZeppelin/openzeppelin-contracts/blob/7c5f6bc2c8743d83443fa46395d75f2f3f99054a/contracts/access/Ownable.sol\n * Modifications:\n * 1. Update Solidity version from 0.8.0 to 0.7.6 (11/9/2022). (v8 was used\n * as base because it includes internal _transferOwnership method.)\n * 2. Remove renounceOwnership function\n *\n * Description\n * Contract module which provides a basic access control mechanism, where\n * there is an account (an owner) that can be granted exclusive access to\n * specific functions.\n *\n * By default, the owner account will be the one that deploys the contract. This\n * can later be changed with {transferOwnership}.\n *\n * This module is used through inheritance. It will make available the modifier\n * `onlyOwner`, which can be applied to your functions to restrict their use to\n * the owner.\n */\nabstract contract Ownable is Context {\n address private _owner;\n\n event OwnershipTransferred(\n address indexed previousOwner,\n address indexed newOwner\n );\n\n /**\n * @dev Initializes the contract setting the deployer as the initial owner.\n */\n constructor() {\n _transferOwnership(_msgSender());\n }\n\n /**\n * @dev Throws if called by any account other than the owner.\n */\n modifier onlyOwner() {\n _checkOwner();\n _;\n }\n\n /**\n * @dev Returns the address of the current owner.\n */\n function owner() public view virtual returns (address) {\n return _owner;\n }\n\n /**\n * @dev Throws if the sender is not the owner.\n */\n function _checkOwner() internal view virtual {\n require(owner() == _msgSender(), \"Ownable: caller is not the owner\");\n }\n\n /**\n * @dev Transfers ownership of the contract to a new account (`newOwner`).\n * Can only be called by the current owner.\n */\n function transferOwnership(address newOwner) public virtual onlyOwner {\n require(\n newOwner != address(0),\n \"Ownable: new owner is the zero address\"\n );\n _transferOwnership(newOwner);\n }\n\n /**\n * @dev Transfers ownership of the contract to a new account (`newOwner`).\n * Internal function without access restriction.\n */\n function _transferOwnership(address newOwner) internal virtual {\n address oldOwner = _owner;\n _owner = newOwner;\n emit OwnershipTransferred(oldOwner, newOwner);\n }\n}\n\n/**\n * @dev forked from https://github.com/OpenZeppelin/openzeppelin-contracts/blob/7c5f6bc2c8743d83443fa46395d75f2f3f99054a/contracts/access/Ownable2Step.sol\n * Modifications:\n * 1. Update Solidity version from 0.8.0 to 0.7.6. Version 0.8.0 was used\n * as base because this contract was added to OZ repo after version 0.8.0.\n *\n * Contract module which provides access control mechanism, where\n * there is an account (an owner) that can be granted exclusive access to\n * specific functions.\n *\n * By default, the owner account will be the one that deploys the contract. This\n * can later be changed with {transferOwnership} and {acceptOwnership}.\n *\n * This module is used through inheritance. It will make available all functions\n * from parent (Ownable).\n */\nabstract contract Ownable2Step is Ownable {\n address private _pendingOwner;\n\n event OwnershipTransferStarted(\n address indexed previousOwner,\n address indexed newOwner\n );\n\n /**\n * @dev Returns the address of the pending owner.\n */\n function pendingOwner() public view virtual returns (address) {\n return _pendingOwner;\n }\n\n /**\n * @dev Starts the ownership transfer of the contract to a new account. Replaces the pending transfer if there is one.\n * Can only be called by the current owner.\n */\n function transferOwnership(address newOwner)\n public\n virtual\n override\n onlyOwner\n {\n _pendingOwner = newOwner;\n emit OwnershipTransferStarted(owner(), newOwner);\n }\n\n /**\n * @dev Transfers ownership of the contract to a new account (`newOwner`) and deletes any pending owner.\n * Internal function without access restriction.\n */\n function _transferOwnership(address newOwner) internal virtual override {\n delete _pendingOwner;\n super._transferOwnership(newOwner);\n }\n\n /**\n * @dev The new owner accepts the ownership transfer.\n */\n function acceptOwnership() external {\n address sender = _msgSender();\n require(\n pendingOwner() == sender,\n \"Ownable2Step: caller is not the new owner\"\n );\n _transferOwnership(sender);\n }\n}\n\n/**\n * @notice Base contract which allows children to implement an emergency stop\n * mechanism\n * @dev Forked from https://github.com/centrehq/centre-tokens/blob/0d3cab14ebd133a83fc834dbd48d0468bdf0b391/contracts/v1/Pausable.sol\n * Modifications:\n * 1. Update Solidity version from 0.6.12 to 0.7.6 (8/23/2022)\n * 2. Change pauser visibility to private, declare external getter (11/19/22)\n */\ncontract Pausable is Ownable2Step {\n event Pause();\n event Unpause();\n event PauserChanged(address indexed newAddress);\n\n address private _pauser;\n bool public paused = false;\n\n /**\n * @dev Modifier to make a function callable only when the contract is not paused.\n */\n modifier whenNotPaused() {\n require(!paused, \"Pausable: paused\");\n _;\n }\n\n /**\n * @dev throws if called by any account other than the pauser\n */\n modifier onlyPauser() {\n require(msg.sender == _pauser, \"Pausable: caller is not the pauser\");\n _;\n }\n\n /**\n * @notice Returns current pauser\n * @return Pauser's address\n */\n function pauser() external view returns (address) {\n return _pauser;\n }\n\n /**\n * @dev called by the owner to pause, triggers stopped state\n */\n function pause() external onlyPauser {\n paused = true;\n emit Pause();\n }\n\n /**\n * @dev called by the owner to unpause, returns to normal state\n */\n function unpause() external onlyPauser {\n paused = false;\n emit Unpause();\n }\n\n /**\n * @dev update the pauser role\n */\n function updatePauser(address _newPauser) external onlyOwner {\n require(\n _newPauser != address(0),\n \"Pausable: new pauser is the zero address\"\n );\n _pauser = _newPauser;\n emit PauserChanged(_pauser);\n }\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * @dev Interface of the ERC20 standard as defined in the EIP.\n */\ninterface IERC20 {\n /**\n * @dev Returns the amount of tokens in existence.\n */\n function totalSupply() external view returns (uint256);\n\n /**\n * @dev Returns the amount of tokens owned by `account`.\n */\n function balanceOf(address account) external view returns (uint256);\n\n /**\n * @dev Moves `amount` tokens from the caller's account to `recipient`.\n *\n * Returns a boolean value indicating whether the operation succeeded.\n *\n * Emits a {Transfer} event.\n */\n function transfer(address recipient, uint256 amount) external returns (bool);\n\n /**\n * @dev Returns the remaining number of tokens that `spender` will be\n * allowed to spend on behalf of `owner` through {transferFrom}. This is\n * zero by default.\n *\n * This value changes when {approve} or {transferFrom} are called.\n */\n function allowance(address owner, address spender) external view returns (uint256);\n\n /**\n * @dev Sets `amount` as the allowance of `spender` over the caller's tokens.\n *\n * Returns a boolean value indicating whether the operation succeeded.\n *\n * IMPORTANT: Beware that changing an allowance with this method brings the risk\n * that someone may use both the old and the new allowance by unfortunate\n * transaction ordering. One possible solution to mitigate this race\n * condition is to first reduce the spender's allowance to 0 and set the\n * desired value afterwards:\n * https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729\n *\n * Emits an {Approval} event.\n */\n function approve(address spender, uint256 amount) external returns (bool);\n\n /**\n * @dev Moves `amount` tokens from `sender` to `recipient` using the\n * allowance mechanism. `amount` is then deducted from the caller's\n * allowance.\n *\n * Returns a boolean value indicating whether the operation succeeded.\n *\n * Emits a {Transfer} event.\n */\n function transferFrom(address sender, address recipient, uint256 amount) external returns (bool);\n\n /**\n * @dev Emitted when `value` tokens are moved from one account (`from`) to\n * another (`to`).\n *\n * Note that `value` may be zero.\n */\n event Transfer(address indexed from, address indexed to, uint256 value);\n\n /**\n * @dev Emitted when the allowance of a `spender` for an `owner` is set by\n * a call to {approve}. `value` is the new allowance.\n */\n event Approval(address indexed owner, address indexed spender, uint256 value);\n}\n\n/**\n * @dev Wrappers over Solidity's arithmetic operations with added overflow\n * checks.\n *\n * Arithmetic operations in Solidity wrap on overflow. This can easily result\n * in bugs, because programmers usually assume that an overflow raises an\n * error, which is the standard behavior in high level programming languages.\n * `SafeMath` restores this intuition by reverting the transaction when an\n * operation overflows.\n *\n * Using this library instead of the unchecked operations eliminates an entire\n * class of bugs, so it's recommended to use it always.\n */\nlibrary SafeMath {\n /**\n * @dev Returns the addition of two unsigned integers, with an overflow flag.\n *\n * _Available since v3.4._\n */\n function tryAdd(uint256 a, uint256 b) internal pure returns (bool, uint256) {\n uint256 c = a + b;\n if (c \u003c a) return (false, 0);\n return (true, c);\n }\n\n /**\n * @dev Returns the substraction of two unsigned integers, with an overflow flag.\n *\n * _Available since v3.4._\n */\n function trySub(uint256 a, uint256 b) internal pure returns (bool, uint256) {\n if (b \u003e a) return (false, 0);\n return (true, a - b);\n }\n\n /**\n * @dev Returns the multiplication of two unsigned integers, with an overflow flag.\n *\n * _Available since v3.4._\n */\n function tryMul(uint256 a, uint256 b) internal pure returns (bool, uint256) {\n // Gas optimization: this is cheaper than requiring 'a' not being zero, but the\n // benefit is lost if 'b' is also tested.\n // See: https://github.com/OpenZeppelin/openzeppelin-contracts/pull/522\n if (a == 0) return (true, 0);\n uint256 c = a * b;\n if (c / a != b) return (false, 0);\n return (true, c);\n }\n\n /**\n * @dev Returns the division of two unsigned integers, with a division by zero flag.\n *\n * _Available since v3.4._\n */\n function tryDiv(uint256 a, uint256 b) internal pure returns (bool, uint256) {\n if (b == 0) return (false, 0);\n return (true, a / b);\n }\n\n /**\n * @dev Returns the remainder of dividing two unsigned integers, with a division by zero flag.\n *\n * _Available since v3.4._\n */\n function tryMod(uint256 a, uint256 b) internal pure returns (bool, uint256) {\n if (b == 0) return (false, 0);\n return (true, a % b);\n }\n\n /**\n * @dev Returns the addition of two unsigned integers, reverting on\n * overflow.\n *\n * Counterpart to Solidity's `+` operator.\n *\n * Requirements:\n *\n * - Addition cannot overflow.\n */\n function add(uint256 a, uint256 b) internal pure returns (uint256) {\n uint256 c = a + b;\n require(c \u003e= a, \"SafeMath: addition overflow\");\n return c;\n }\n\n /**\n * @dev Returns the subtraction of two unsigned integers, reverting on\n * overflow (when the result is negative).\n *\n * Counterpart to Solidity's `-` operator.\n *\n * Requirements:\n *\n * - Subtraction cannot overflow.\n */\n function sub(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b \u003c= a, \"SafeMath: subtraction overflow\");\n return a - b;\n }\n\n /**\n * @dev Returns the multiplication of two unsigned integers, reverting on\n * overflow.\n *\n * Counterpart to Solidity's `*` operator.\n *\n * Requirements:\n *\n * - Multiplication cannot overflow.\n */\n function mul(uint256 a, uint256 b) internal pure returns (uint256) {\n if (a == 0) return 0;\n uint256 c = a * b;\n require(c / a == b, \"SafeMath: multiplication overflow\");\n return c;\n }\n\n /**\n * @dev Returns the integer division of two unsigned integers, reverting on\n * division by zero. The result is rounded towards zero.\n *\n * Counterpart to Solidity's `/` operator. Note: this function uses a\n * `revert` opcode (which leaves remaining gas untouched) while Solidity\n * uses an invalid opcode to revert (consuming all remaining gas).\n *\n * Requirements:\n *\n * - The divisor cannot be zero.\n */\n function div(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b \u003e 0, \"SafeMath: division by zero\");\n return a / b;\n }\n\n /**\n * @dev Returns the remainder of dividing two unsigned integers. (unsigned integer modulo),\n * reverting when dividing by zero.\n *\n * Counterpart to Solidity's `%` operator. This function uses a `revert`\n * opcode (which leaves remaining gas untouched) while Solidity uses an\n * invalid opcode to revert (consuming all remaining gas).\n *\n * Requirements:\n *\n * - The divisor cannot be zero.\n */\n function mod(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b \u003e 0, \"SafeMath: modulo by zero\");\n return a % b;\n }\n\n /**\n * @dev Returns the subtraction of two unsigned integers, reverting with custom message on\n * overflow (when the result is negative).\n *\n * CAUTION: This function is deprecated because it requires allocating memory for the error\n * message unnecessarily. For custom revert reasons use {trySub}.\n *\n * Counterpart to Solidity's `-` operator.\n *\n * Requirements:\n *\n * - Subtraction cannot overflow.\n */\n function sub(uint256 a, uint256 b, string memory errorMessage) internal pure returns (uint256) {\n require(b \u003c= a, errorMessage);\n return a - b;\n }\n\n /**\n * @dev Returns the integer division of two unsigned integers, reverting with custom message on\n * division by zero. The result is rounded towards zero.\n *\n * CAUTION: This function is deprecated because it requires allocating memory for the error\n * message unnecessarily. For custom revert reasons use {tryDiv}.\n *\n * Counterpart to Solidity's `/` operator. Note: this function uses a\n * `revert` opcode (which leaves remaining gas untouched) while Solidity\n * uses an invalid opcode to revert (consuming all remaining gas).\n *\n * Requirements:\n *\n * - The divisor cannot be zero.\n */\n function div(uint256 a, uint256 b, string memory errorMessage) internal pure returns (uint256) {\n require(b \u003e 0, errorMessage);\n return a / b;\n }\n\n /**\n * @dev Returns the remainder of dividing two unsigned integers. (unsigned integer modulo),\n * reverting with custom message when dividing by zero.\n *\n * CAUTION: This function is deprecated because it requires allocating memory for the error\n * message unnecessarily. For custom revert reasons use {tryMod}.\n *\n * Counterpart to Solidity's `%` operator. This function uses a `revert`\n * opcode (which leaves remaining gas untouched) while Solidity uses an\n * invalid opcode to revert (consuming all remaining gas).\n *\n * Requirements:\n *\n * - The divisor cannot be zero.\n */\n function mod(uint256 a, uint256 b, string memory errorMessage) internal pure returns (uint256) {\n require(b \u003e 0, errorMessage);\n return a % b;\n }\n}\n\n/**\n * @dev Collection of functions related to the address type\n */\nlibrary Address {\n /**\n * @dev Returns true if `account` is a contract.\n *\n * [IMPORTANT]\n * ====\n * It is unsafe to assume that an address for which this function returns\n * false is an externally-owned account (EOA) and not a contract.\n *\n * Among others, `isContract` will return false for the following\n * types of addresses:\n *\n * - an externally-owned account\n * - a contract in construction\n * - an address where a contract will be created\n * - an address where a contract lived, but was destroyed\n * ====\n */\n function isContract(address account) internal view returns (bool) {\n // This method relies on extcodesize, which returns 0 for contracts in\n // construction, since the code is only stored at the end of the\n // constructor execution.\n\n uint256 size;\n // solhint-disable-next-line no-inline-assembly\n assembly { size := extcodesize(account) }\n return size \u003e 0;\n }\n\n /**\n * @dev Replacement for Solidity's `transfer`: sends `amount` wei to\n * `recipient`, forwarding all available gas and reverting on errors.\n *\n * https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost\n * of certain opcodes, possibly making contracts go over the 2300 gas limit\n * imposed by `transfer`, making them unable to receive funds via\n * `transfer`. {sendValue} removes this limitation.\n *\n * https://diligence.consensys.net/posts/2019/09/stop-using-soliditys-transfer-now/[Learn more].\n *\n * IMPORTANT: because control is transferred to `recipient`, care must be\n * taken to not create reentrancy vulnerabilities. Consider using\n * {ReentrancyGuard} or the\n * https://solidity.readthedocs.io/en/v0.5.11/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern].\n */\n function sendValue(address payable recipient, uint256 amount) internal {\n require(address(this).balance \u003e= amount, \"Address: insufficient balance\");\n\n // solhint-disable-next-line avoid-low-level-calls, avoid-call-value\n (bool success, ) = recipient.call{ value: amount }(\"\");\n require(success, \"Address: unable to send value, recipient may have reverted\");\n }\n\n /**\n * @dev Performs a Solidity function call using a low level `call`. A\n * plain`call` is an unsafe replacement for a function call: use this\n * function instead.\n *\n * If `target` reverts with a revert reason, it is bubbled up by this\n * function (like regular Solidity function calls).\n *\n * Returns the raw returned data. To convert to the expected return value,\n * use https://solidity.readthedocs.io/en/latest/units-and-global-variables.html?highlight=abi.decode#abi-encoding-and-decoding-functions[`abi.decode`].\n *\n * Requirements:\n *\n * - `target` must be a contract.\n * - calling `target` with `data` must not revert.\n *\n * _Available since v3.1._\n */\n function functionCall(address target, bytes memory data) internal returns (bytes memory) {\n return functionCall(target, data, \"Address: low-level call failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], but with\n * `errorMessage` as a fallback revert reason when `target` reverts.\n *\n * _Available since v3.1._\n */\n function functionCall(address target, bytes memory data, string memory errorMessage) internal returns (bytes memory) {\n return functionCallWithValue(target, data, 0, errorMessage);\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\n * but also transferring `value` wei to `target`.\n *\n * Requirements:\n *\n * - the calling contract must have an ETH balance of at least `value`.\n * - the called Solidity function must be `payable`.\n *\n * _Available since v3.1._\n */\n function functionCallWithValue(address target, bytes memory data, uint256 value) internal returns (bytes memory) {\n return functionCallWithValue(target, data, value, \"Address: low-level call with value failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCallWithValue-address-bytes-uint256-}[`functionCallWithValue`], but\n * with `errorMessage` as a fallback revert reason when `target` reverts.\n *\n * _Available since v3.1._\n */\n function functionCallWithValue(address target, bytes memory data, uint256 value, string memory errorMessage) internal returns (bytes memory) {\n require(address(this).balance \u003e= value, \"Address: insufficient balance for call\");\n require(isContract(target), \"Address: call to non-contract\");\n\n // solhint-disable-next-line avoid-low-level-calls\n (bool success, bytes memory returndata) = target.call{ value: value }(data);\n return _verifyCallResult(success, returndata, errorMessage);\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\n * but performing a static call.\n *\n * _Available since v3.3._\n */\n function functionStaticCall(address target, bytes memory data) internal view returns (bytes memory) {\n return functionStaticCall(target, data, \"Address: low-level static call failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],\n * but performing a static call.\n *\n * _Available since v3.3._\n */\n function functionStaticCall(address target, bytes memory data, string memory errorMessage) internal view returns (bytes memory) {\n require(isContract(target), \"Address: static call to non-contract\");\n\n // solhint-disable-next-line avoid-low-level-calls\n (bool success, bytes memory returndata) = target.staticcall(data);\n return _verifyCallResult(success, returndata, errorMessage);\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\n * but performing a delegate call.\n *\n * _Available since v3.4._\n */\n function functionDelegateCall(address target, bytes memory data) internal returns (bytes memory) {\n return functionDelegateCall(target, data, \"Address: low-level delegate call failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],\n * but performing a delegate call.\n *\n * _Available since v3.4._\n */\n function functionDelegateCall(address target, bytes memory data, string memory errorMessage) internal returns (bytes memory) {\n require(isContract(target), \"Address: delegate call to non-contract\");\n\n // solhint-disable-next-line avoid-low-level-calls\n (bool success, bytes memory returndata) = target.delegatecall(data);\n return _verifyCallResult(success, returndata, errorMessage);\n }\n\n function _verifyCallResult(bool success, bytes memory returndata, string memory errorMessage) private pure returns(bytes memory) {\n if (success) {\n return returndata;\n } else {\n // Look for revert reason and bubble it up if present\n if (returndata.length \u003e 0) {\n // The easiest way to bubble the revert reason is using memory via assembly\n\n // solhint-disable-next-line no-inline-assembly\n assembly {\n let returndata_size := mload(returndata)\n revert(add(32, returndata), returndata_size)\n }\n } else {\n revert(errorMessage);\n }\n }\n }\n}\n\n/**\n * @title SafeERC20\n * @dev Wrappers around ERC20 operations that throw on failure (when the token\n * contract returns false). Tokens that return no value (and instead revert or\n * throw on failure) are also supported, non-reverting calls are assumed to be\n * successful.\n * To use this library you can add a `using SafeERC20 for IERC20;` statement to your contract,\n * which allows you to call the safe operations as `token.safeTransfer(...)`, etc.\n */\nlibrary SafeERC20 {\n using SafeMath for uint256;\n using Address for address;\n\n function safeTransfer(IERC20 token, address to, uint256 value) internal {\n _callOptionalReturn(token, abi.encodeWithSelector(token.transfer.selector, to, value));\n }\n\n function safeTransferFrom(IERC20 token, address from, address to, uint256 value) internal {\n _callOptionalReturn(token, abi.encodeWithSelector(token.transferFrom.selector, from, to, value));\n }\n\n /**\n * @dev Deprecated. This function has issues similar to the ones found in\n * {IERC20-approve}, and its usage is discouraged.\n *\n * Whenever possible, use {safeIncreaseAllowance} and\n * {safeDecreaseAllowance} instead.\n */\n function safeApprove(IERC20 token, address spender, uint256 value) internal {\n // safeApprove should only be called when setting an initial allowance,\n // or when resetting it to zero. To increase and decrease it, use\n // 'safeIncreaseAllowance' and 'safeDecreaseAllowance'\n // solhint-disable-next-line max-line-length\n require((value == 0) || (token.allowance(address(this), spender) == 0),\n \"SafeERC20: approve from non-zero to non-zero allowance\"\n );\n _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, value));\n }\n\n function safeIncreaseAllowance(IERC20 token, address spender, uint256 value) internal {\n uint256 newAllowance = token.allowance(address(this), spender).add(value);\n _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, newAllowance));\n }\n\n function safeDecreaseAllowance(IERC20 token, address spender, uint256 value) internal {\n uint256 newAllowance = token.allowance(address(this), spender).sub(value, \"SafeERC20: decreased allowance below zero\");\n _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, newAllowance));\n }\n\n /**\n * @dev Imitates a Solidity high-level call (i.e. a regular function call to a contract), relaxing the requirement\n * on the return value: the return value is optional (but if data is returned, it must not be false).\n * @param token The token targeted by the call.\n * @param data The call data (encoded using abi.encode or one of its variants).\n */\n function _callOptionalReturn(IERC20 token, bytes memory data) private {\n // We need to perform a low level call here, to bypass Solidity's return data size checking mechanism, since\n // we're implementing it ourselves. We use {Address.functionCall} to perform this call, which verifies that\n // the target address contains contract code and also asserts for success in the low-level call.\n\n bytes memory returndata = address(token).functionCall(data, \"SafeERC20: low-level call failed\");\n if (returndata.length \u003e 0) { // Return data is optional\n // solhint-disable-next-line max-line-length\n require(abi.decode(returndata, (bool)), \"SafeERC20: ERC20 operation did not succeed\");\n }\n }\n}\n\n/**\n * @notice Base contract which allows children to rescue ERC20 locked in their contract.\n * @dev Forked from https://github.com/centrehq/centre-tokens/blob/0d3cab14ebd133a83fc834dbd48d0468bdf0b391/contracts/v1.1/Rescuable.sol\n * Modifications:\n * 1. Update Solidity version from 0.6.12 to 0.7.6 (8/23/2022)\n */\ncontract Rescuable is Ownable2Step {\n using SafeERC20 for IERC20;\n\n address private _rescuer;\n\n event RescuerChanged(address indexed newRescuer);\n\n /**\n * @notice Returns current rescuer\n * @return Rescuer's address\n */\n function rescuer() external view returns (address) {\n return _rescuer;\n }\n\n /**\n * @notice Revert if called by any account other than the rescuer.\n */\n modifier onlyRescuer() {\n require(msg.sender == _rescuer, \"Rescuable: caller is not the rescuer\");\n _;\n }\n\n /**\n * @notice Rescue ERC20 tokens locked up in this contract.\n * @param tokenContract ERC20 token contract address\n * @param to Recipient address\n * @param amount Amount to withdraw\n */\n function rescueERC20(\n IERC20 tokenContract,\n address to,\n uint256 amount\n ) external onlyRescuer {\n tokenContract.safeTransfer(to, amount);\n }\n\n /**\n * @notice Assign the rescuer role to a given address.\n * @param newRescuer New rescuer's address\n */\n function updateRescuer(address newRescuer) external onlyOwner {\n require(\n newRescuer != address(0),\n \"Rescuable: new rescuer is the zero address\"\n );\n _rescuer = newRescuer;\n emit RescuerChanged(newRescuer);\n }\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * @dev Library for managing\n * https://en.wikipedia.org/wiki/Set_(abstract_data_type)[sets] of primitive\n * types.\n *\n * Sets have the following properties:\n *\n * - Elements are added, removed, and checked for existence in constant time\n * (O(1)).\n * - Elements are enumerated in O(n). No guarantees are made on the ordering.\n *\n * ```\n * contract Example {\n * // Add the library methods\n * using EnumerableSet for EnumerableSet.AddressSet;\n *\n * // Declare a set state variable\n * EnumerableSet.AddressSet private mySet;\n * }\n * ```\n *\n * As of v3.3.0, sets of type `bytes32` (`Bytes32Set`), `address` (`AddressSet`)\n * and `uint256` (`UintSet`) are supported.\n */\nlibrary EnumerableSet {\n // To implement this library for multiple types with as little code\n // repetition as possible, we write it in terms of a generic Set type with\n // bytes32 values.\n // The Set implementation uses private functions, and user-facing\n // implementations (such as AddressSet) are just wrappers around the\n // underlying Set.\n // This means that we can only create new EnumerableSets for types that fit\n // in bytes32.\n\n struct Set {\n // Storage of set values\n bytes32[] _values;\n\n // Position of the value in the `values` array, plus 1 because index 0\n // means a value is not in the set.\n mapping (bytes32 =\u003e uint256) _indexes;\n }\n\n /**\n * @dev Add a value to a set. O(1).\n *\n * Returns true if the value was added to the set, that is if it was not\n * already present.\n */\n function _add(Set storage set, bytes32 value) private returns (bool) {\n if (!_contains(set, value)) {\n set._values.push(value);\n // The value is stored at length-1, but we add 1 to all indexes\n // and use 0 as a sentinel value\n set._indexes[value] = set._values.length;\n return true;\n } else {\n return false;\n }\n }\n\n /**\n * @dev Removes a value from a set. O(1).\n *\n * Returns true if the value was removed from the set, that is if it was\n * present.\n */\n function _remove(Set storage set, bytes32 value) private returns (bool) {\n // We read and store the value's index to prevent multiple reads from the same storage slot\n uint256 valueIndex = set._indexes[value];\n\n if (valueIndex != 0) { // Equivalent to contains(set, value)\n // To delete an element from the _values array in O(1), we swap the element to delete with the last one in\n // the array, and then remove the last element (sometimes called as 'swap and pop').\n // This modifies the order of the array, as noted in {at}.\n\n uint256 toDeleteIndex = valueIndex - 1;\n uint256 lastIndex = set._values.length - 1;\n\n // When the value to delete is the last one, the swap operation is unnecessary. However, since this occurs\n // so rarely, we still do the swap anyway to avoid the gas cost of adding an 'if' statement.\n\n bytes32 lastvalue = set._values[lastIndex];\n\n // Move the last value to the index where the value to delete is\n set._values[toDeleteIndex] = lastvalue;\n // Update the index for the moved value\n set._indexes[lastvalue] = toDeleteIndex + 1; // All indexes are 1-based\n\n // Delete the slot where the moved value was stored\n set._values.pop();\n\n // Delete the index for the deleted slot\n delete set._indexes[value];\n\n return true;\n } else {\n return false;\n }\n }\n\n /**\n * @dev Returns true if the value is in the set. O(1).\n */\n function _contains(Set storage set, bytes32 value) private view returns (bool) {\n return set._indexes[value] != 0;\n }\n\n /**\n * @dev Returns the number of values on the set. O(1).\n */\n function _length(Set storage set) private view returns (uint256) {\n return set._values.length;\n }\n\n /**\n * @dev Returns the value stored at position `index` in the set. O(1).\n *\n * Note that there are no guarantees on the ordering of values inside the\n * array, and it may change when more values are added or removed.\n *\n * Requirements:\n *\n * - `index` must be strictly less than {length}.\n */\n function _at(Set storage set, uint256 index) private view returns (bytes32) {\n require(set._values.length \u003e index, \"EnumerableSet: index out of bounds\");\n return set._values[index];\n }\n\n // Bytes32Set\n\n struct Bytes32Set {\n Set _inner;\n }\n\n /**\n * @dev Add a value to a set. O(1).\n *\n * Returns true if the value was added to the set, that is if it was not\n * already present.\n */\n function add(Bytes32Set storage set, bytes32 value) internal returns (bool) {\n return _add(set._inner, value);\n }\n\n /**\n * @dev Removes a value from a set. O(1).\n *\n * Returns true if the value was removed from the set, that is if it was\n * present.\n */\n function remove(Bytes32Set storage set, bytes32 value) internal returns (bool) {\n return _remove(set._inner, value);\n }\n\n /**\n * @dev Returns true if the value is in the set. O(1).\n */\n function contains(Bytes32Set storage set, bytes32 value) internal view returns (bool) {\n return _contains(set._inner, value);\n }\n\n /**\n * @dev Returns the number of values in the set. O(1).\n */\n function length(Bytes32Set storage set) internal view returns (uint256) {\n return _length(set._inner);\n }\n\n /**\n * @dev Returns the value stored at position `index` in the set. O(1).\n *\n * Note that there are no guarantees on the ordering of values inside the\n * array, and it may change when more values are added or removed.\n *\n * Requirements:\n *\n * - `index` must be strictly less than {length}.\n */\n function at(Bytes32Set storage set, uint256 index) internal view returns (bytes32) {\n return _at(set._inner, index);\n }\n\n // AddressSet\n\n struct AddressSet {\n Set _inner;\n }\n\n /**\n * @dev Add a value to a set. O(1).\n *\n * Returns true if the value was added to the set, that is if it was not\n * already present.\n */\n function add(AddressSet storage set, address value) internal returns (bool) {\n return _add(set._inner, bytes32(uint256(uint160(value))));\n }\n\n /**\n * @dev Removes a value from a set. O(1).\n *\n * Returns true if the value was removed from the set, that is if it was\n * present.\n */\n function remove(AddressSet storage set, address value) internal returns (bool) {\n return _remove(set._inner, bytes32(uint256(uint160(value))));\n }\n\n /**\n * @dev Returns true if the value is in the set. O(1).\n */\n function contains(AddressSet storage set, address value) internal view returns (bool) {\n return _contains(set._inner, bytes32(uint256(uint160(value))));\n }\n\n /**\n * @dev Returns the number of values in the set. O(1).\n */\n function length(AddressSet storage set) internal view returns (uint256) {\n return _length(set._inner);\n }\n\n /**\n * @dev Returns the value stored at position `index` in the set. O(1).\n *\n * Note that there are no guarantees on the ordering of values inside the\n * array, and it may change when more values are added or removed.\n *\n * Requirements:\n *\n * - `index` must be strictly less than {length}.\n */\n function at(AddressSet storage set, uint256 index) internal view returns (address) {\n return address(uint160(uint256(_at(set._inner, index))));\n }\n\n // UintSet\n\n struct UintSet {\n Set _inner;\n }\n\n /**\n * @dev Add a value to a set. O(1).\n *\n * Returns true if the value was added to the set, that is if it was not\n * already present.\n */\n function add(UintSet storage set, uint256 value) internal returns (bool) {\n return _add(set._inner, bytes32(value));\n }\n\n /**\n * @dev Removes a value from a set. O(1).\n *\n * Returns true if the value was removed from the set, that is if it was\n * present.\n */\n function remove(UintSet storage set, uint256 value) internal returns (bool) {\n return _remove(set._inner, bytes32(value));\n }\n\n /**\n * @dev Returns true if the value is in the set. O(1).\n */\n function contains(UintSet storage set, uint256 value) internal view returns (bool) {\n return _contains(set._inner, bytes32(value));\n }\n\n /**\n * @dev Returns the number of values on the set. O(1).\n */\n function length(UintSet storage set) internal view returns (uint256) {\n return _length(set._inner);\n }\n\n /**\n * @dev Returns the value stored at position `index` in the set. O(1).\n *\n * Note that there are no guarantees on the ordering of values inside the\n * array, and it may change when more values are added or removed.\n *\n * Requirements:\n *\n * - `index` must be strictly less than {length}.\n */\n function at(UintSet storage set, uint256 index) internal view returns (uint256) {\n return uint256(_at(set._inner, index));\n }\n}\n\n/**\n * @dev Elliptic Curve Digital Signature Algorithm (ECDSA) operations.\n *\n * These functions can be used to verify that a message was signed by the holder\n * of the private keys of a given address.\n */\nlibrary ECDSA {\n /**\n * @dev Returns the address that signed a hashed message (`hash`) with\n * `signature`. This address can then be used for verification purposes.\n *\n * The `ecrecover` EVM opcode allows for malleable (non-unique) signatures:\n * this function rejects them by requiring the `s` value to be in the lower\n * half order, and the `v` value to be either 27 or 28.\n *\n * IMPORTANT: `hash` _must_ be the result of a hash operation for the\n * verification to be secure: it is possible to craft signatures that\n * recover to arbitrary addresses for non-hashed data. A safe way to ensure\n * this is by receiving a hash of the original message (which may otherwise\n * be too long), and then calling {toEthSignedMessageHash} on it.\n */\n function recover(bytes32 hash, bytes memory signature) internal pure returns (address) {\n // Check the signature length\n if (signature.length != 65) {\n revert(\"ECDSA: invalid signature length\");\n }\n\n // Divide the signature in r, s and v variables\n bytes32 r;\n bytes32 s;\n uint8 v;\n\n // ecrecover takes the signature parameters, and the only way to get them\n // currently is to use assembly.\n // solhint-disable-next-line no-inline-assembly\n assembly {\n r := mload(add(signature, 0x20))\n s := mload(add(signature, 0x40))\n v := byte(0, mload(add(signature, 0x60)))\n }\n\n return recover(hash, v, r, s);\n }\n\n /**\n * @dev Overload of {ECDSA-recover-bytes32-bytes-} that receives the `v`,\n * `r` and `s` signature fields separately.\n */\n function recover(bytes32 hash, uint8 v, bytes32 r, bytes32 s) internal pure returns (address) {\n // EIP-2 still allows signature malleability for ecrecover(). Remove this possibility and make the signature\n // unique. Appendix F in the Ethereum Yellow paper (https://ethereum.github.io/yellowpaper/paper.pdf), defines\n // the valid range for s in (281): 0 \u003c s \u003c secp256k1n ÷ 2 + 1, and for v in (282): v ∈ {27, 28}. Most\n // signatures from current libraries generate a unique signature with an s-value in the lower half order.\n //\n // If your library generates malleable signatures, such as s-values in the upper range, calculate a new s-value\n // with 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141 - s1 and flip v from 27 to 28 or\n // vice versa. If your library also generates signatures with 0/1 for v instead 27/28, add 27 to v to accept\n // these malleable signatures as well.\n require(uint256(s) \u003c= 0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0, \"ECDSA: invalid signature 's' value\");\n require(v == 27 || v == 28, \"ECDSA: invalid signature 'v' value\");\n\n // If the signature is valid (and not malleable), return the signer address\n address signer = ecrecover(hash, v, r, s);\n require(signer != address(0), \"ECDSA: invalid signature\");\n\n return signer;\n }\n\n /**\n * @dev Returns an Ethereum Signed Message, created from a `hash`. This\n * replicates the behavior of the\n * https://github.com/ethereum/wiki/wiki/JSON-RPC#eth_sign[`eth_sign`]\n * JSON-RPC method.\n *\n * See {recover}.\n */\n function toEthSignedMessageHash(bytes32 hash) internal pure returns (bytes32) {\n // 32 is the length in bytes of hash,\n // enforced by the type signature above\n return keccak256(abi.encodePacked(\"\\x19Ethereum Signed Message:\\n32\", hash));\n }\n}\n\ncontract Attestable is Ownable2Step {\n // ============ Events ============\n /**\n * @notice Emitted when an attester is enabled\n * @param attester newly enabled attester\n */\n event AttesterEnabled(address indexed attester);\n\n /**\n * @notice Emitted when an attester is disabled\n * @param attester newly disabled attester\n */\n event AttesterDisabled(address indexed attester);\n\n /**\n * @notice Emitted when threshold number of attestations (m in m/n multisig) is updated\n * @param oldSignatureThreshold old signature threshold\n * @param newSignatureThreshold new signature threshold\n */\n event SignatureThresholdUpdated(\n uint256 oldSignatureThreshold,\n uint256 newSignatureThreshold\n );\n\n /**\n * @dev Emitted when attester manager address is updated\n * @param previousAttesterManager representing the address of the previous attester manager\n * @param newAttesterManager representing the address of the new attester manager\n */\n event AttesterManagerUpdated(\n address indexed previousAttesterManager,\n address indexed newAttesterManager\n );\n\n // ============ Libraries ============\n using EnumerableSet for EnumerableSet.AddressSet;\n\n // ============ State Variables ============\n // number of signatures from distinct attesters required for a message to be received (m in m/n multisig)\n uint256 public signatureThreshold;\n\n // 65-byte ECDSA signature: v (32) + r (32) + s (1)\n uint256 internal constant signatureLength = 65;\n\n // enabled attesters (message signers)\n // (length of enabledAttesters is n in m/n multisig of message signers)\n EnumerableSet.AddressSet private enabledAttesters;\n\n // Attester Manager of the contract\n address private _attesterManager;\n\n // ============ Modifiers ============\n /**\n * @dev Throws if called by any account other than the attester manager.\n */\n modifier onlyAttesterManager() {\n require(msg.sender == _attesterManager, \"Caller not attester manager\");\n _;\n }\n\n // ============ Constructor ============\n /**\n * @dev The constructor sets the original attester manager of the contract to the sender account.\n * @param attester attester to initialize\n */\n constructor(address attester) {\n _setAttesterManager(msg.sender);\n // Initially 1 signature is required. Threshold can be increased by attesterManager.\n signatureThreshold = 1;\n enableAttester(attester);\n }\n\n // ============ Public/External Functions ============\n /**\n * @notice Enables an attester\n * @dev Only callable by attesterManager. New attester must be nonzero, and currently disabled.\n * @param newAttester attester to enable\n */\n function enableAttester(address newAttester) public onlyAttesterManager {\n require(newAttester != address(0), \"New attester must be nonzero\");\n require(enabledAttesters.add(newAttester), \"Attester already enabled\");\n emit AttesterEnabled(newAttester);\n }\n\n /**\n * @notice returns true if given `attester` is enabled, else false\n * @param attester attester to check enabled status of\n * @return true if given `attester` is enabled, else false\n */\n function isEnabledAttester(address attester) public view returns (bool) {\n return enabledAttesters.contains(attester);\n }\n\n /**\n * @notice returns the number of enabled attesters\n * @return number of enabled attesters\n */\n function getNumEnabledAttesters() public view returns (uint256) {\n return enabledAttesters.length();\n }\n\n /**\n * @dev Allows the current attester manager to transfer control of the contract to a newAttesterManager.\n * @param newAttesterManager The address to update attester manager to.\n */\n function updateAttesterManager(address newAttesterManager)\n external\n onlyOwner\n {\n require(\n newAttesterManager != address(0),\n \"Invalid attester manager address\"\n );\n address _oldAttesterManager = _attesterManager;\n _setAttesterManager(newAttesterManager);\n emit AttesterManagerUpdated(_oldAttesterManager, newAttesterManager);\n }\n\n /**\n * @notice Disables an attester\n * @dev Only callable by attesterManager. Disabling the attester is not allowed if there is only one attester\n * enabled, or if it would cause the number of enabled attesters to become less than signatureThreshold.\n * (Attester must be currently enabled.)\n * @param attester attester to disable\n */\n function disableAttester(address attester) external onlyAttesterManager {\n // Disallow disabling attester if there is only 1 active attester\n uint256 _numEnabledAttesters = getNumEnabledAttesters();\n\n require(_numEnabledAttesters \u003e 1, \"Too few enabled attesters\");\n\n // Disallow disabling an attester if it would cause the n in m/n multisig to fall below m (threshold # of signers).\n require(\n _numEnabledAttesters \u003e signatureThreshold,\n \"Signature threshold is too low\"\n );\n\n require(enabledAttesters.remove(attester), \"Attester already disabled\");\n emit AttesterDisabled(attester);\n }\n\n /**\n * @notice Sets the threshold of signatures required to attest to a message.\n * (This is the m in m/n multisig.)\n * @dev new signature threshold must be nonzero, and must not exceed number\n * of enabled attesters.\n * @param newSignatureThreshold new signature threshold\n */\n function setSignatureThreshold(uint256 newSignatureThreshold)\n external\n onlyAttesterManager\n {\n require(newSignatureThreshold != 0, \"Invalid signature threshold\");\n\n // New signature threshold cannot exceed the number of enabled attesters\n require(\n newSignatureThreshold \u003c= enabledAttesters.length(),\n \"New signature threshold too high\"\n );\n\n require(\n newSignatureThreshold != signatureThreshold,\n \"Signature threshold already set\"\n );\n\n uint256 _oldSignatureThreshold = signatureThreshold;\n signatureThreshold = newSignatureThreshold;\n emit SignatureThresholdUpdated(\n _oldSignatureThreshold,\n signatureThreshold\n );\n }\n\n /**\n * @dev Returns the address of the attester manager\n * @return address of the attester manager\n */\n function attesterManager() external view returns (address) {\n return _attesterManager;\n }\n\n /**\n * @notice gets enabled attester at given `index`\n * @param index index of attester to check\n * @return enabled attester at given `index`\n */\n function getEnabledAttester(uint256 index) external view returns (address) {\n return enabledAttesters.at(index);\n }\n\n // ============ Internal Utils ============\n /**\n * @dev Sets a new attester manager address\n * @param _newAttesterManager attester manager address to set\n */\n function _setAttesterManager(address _newAttesterManager) internal {\n _attesterManager = _newAttesterManager;\n }\n\n /**\n * @notice reverts if the attestation, which is comprised of one or more concatenated 65-byte signatures, is invalid.\n * @dev Rules for valid attestation:\n * 1. length of `_attestation` == 65 (signature length) * signatureThreshold\n * 2. addresses recovered from attestation must be in increasing order.\n * For example, if signature A is signed by address 0x1..., and signature B\n * is signed by address 0x2..., attestation must be passed as AB.\n * 3. no duplicate signers\n * 4. all signers must be enabled attesters\n *\n * Based on Christian Lundkvist's Simple Multisig\n * (https://github.com/christianlundkvist/simple-multisig/tree/560c463c8651e0a4da331bd8f245ccd2a48ab63d)\n * @param _message message to verify attestation of\n * @param _attestation attestation of `_message`\n */\n function _verifyAttestationSignatures(\n bytes calldata _message,\n bytes calldata _attestation\n ) internal view {\n require(\n _attestation.length == signatureLength * signatureThreshold,\n \"Invalid attestation length\"\n );\n\n // (Attesters cannot be address(0))\n address _latestAttesterAddress = address(0);\n // Address recovered from signatures must be in increasing order, to prevent duplicates\n\n bytes32 _digest = keccak256(_message);\n\n for (uint256 i; i \u003c signatureThreshold; ++i) {\n bytes memory _signature = _attestation[i * signatureLength:i *\n signatureLength +\n signatureLength];\n\n address _recoveredAttester = _recoverAttesterSignature(\n _digest,\n _signature\n );\n\n // Signatures must be in increasing order of address, and may not duplicate signatures from same address\n require(\n _recoveredAttester \u003e _latestAttesterAddress,\n \"Invalid signature order or dupe\"\n );\n require(\n isEnabledAttester(_recoveredAttester),\n \"Invalid signature: not attester\"\n );\n _latestAttesterAddress = _recoveredAttester;\n }\n }\n\n /**\n * @notice Checks that signature was signed by attester\n * @param _digest message hash\n * @param _signature message signature\n * @return address of recovered signer\n **/\n function _recoverAttesterSignature(bytes32 _digest, bytes memory _signature)\n internal\n pure\n returns (address)\n {\n return (ECDSA.recover(_digest, _signature));\n }\n}\n\n/**\n * @title MessageTransmitter\n * @notice Contract responsible for sending and receiving messages across chains.\n */\ncontract MessageTransmitter is\n IMessageTransmitter,\n Pausable,\n Rescuable,\n Attestable\n{\n // ============ Events ============\n /**\n * @notice Emitted when a new message is dispatched\n * @param message Raw bytes of message\n */\n event MessageSent(bytes message);\n\n /**\n * @notice Emitted when a new message is received\n * @param caller Caller (msg.sender) on destination domain\n * @param sourceDomain The source domain this message originated from\n * @param nonce The nonce unique to this message\n * @param sender The sender of this message\n * @param messageBody message body bytes\n */\n event MessageReceived(\n address indexed caller,\n uint32 sourceDomain,\n uint64 indexed nonce,\n bytes32 sender,\n bytes messageBody\n );\n\n /**\n * @notice Emitted when max message body size is updated\n * @param newMaxMessageBodySize new maximum message body size, in bytes\n */\n event MaxMessageBodySizeUpdated(uint256 newMaxMessageBodySize);\n\n // ============ Libraries ============\n using TypedMemView for bytes;\n using TypedMemView for bytes29;\n using Message for bytes29;\n\n // ============ State Variables ============\n // Domain of chain on which the contract is deployed\n uint32 public immutable localDomain;\n\n // Message Format version\n uint32 public immutable version;\n\n // Maximum size of message body, in bytes.\n // This value is set by owner.\n uint256 public maxMessageBodySize;\n\n // Next available nonce from this source domain\n uint64 public nextAvailableNonce;\n\n // Maps a bytes32 hash of (sourceDomain, nonce) -\u003e uint256 (0 if unused, 1 if used)\n mapping(bytes32 =\u003e uint256) public usedNonces;\n\n // ============ Constructor ============\n constructor(\n uint32 _localDomain,\n address _attester,\n uint32 _maxMessageBodySize,\n uint32 _version\n ) Attestable(_attester) {\n localDomain = _localDomain;\n maxMessageBodySize = _maxMessageBodySize;\n version = _version;\n }\n\n // ============ External Functions ============\n /**\n * @notice Send the message to the destination domain and recipient\n * @dev Increment nonce, format the message, and emit `MessageSent` event with message information.\n * @param destinationDomain Domain of destination chain\n * @param recipient Address of message recipient on destination chain as bytes32\n * @param messageBody Raw bytes content of message\n * @return nonce reserved by message\n */\n function sendMessage(\n uint32 destinationDomain,\n bytes32 recipient,\n bytes calldata messageBody\n ) external override whenNotPaused returns (uint64) {\n bytes32 _emptyDestinationCaller = bytes32(0);\n uint64 _nonce = _reserveAndIncrementNonce();\n bytes32 _messageSender = Message.addressToBytes32(msg.sender);\n\n _sendMessage(\n destinationDomain,\n recipient,\n _emptyDestinationCaller,\n _messageSender,\n _nonce,\n messageBody\n );\n\n return _nonce;\n }\n\n /**\n * @notice Replace a message with a new message body and/or destination caller.\n * @dev The `originalAttestation` must be a valid attestation of `originalMessage`.\n * Reverts if msg.sender does not match sender of original message, or if the source domain of the original message\n * does not match this MessageTransmitter's local domain.\n * @param originalMessage original message to replace\n * @param originalAttestation attestation of `originalMessage`\n * @param newMessageBody new message body of replaced message\n * @param newDestinationCaller the new destination caller, which may be the\n * same as the original destination caller, a new destination caller, or an empty\n * destination caller (bytes32(0), indicating that any destination caller is valid.)\n */\n function replaceMessage(\n bytes calldata originalMessage,\n bytes calldata originalAttestation,\n bytes calldata newMessageBody,\n bytes32 newDestinationCaller\n ) external override whenNotPaused {\n // Validate each signature in the attestation\n _verifyAttestationSignatures(originalMessage, originalAttestation);\n\n bytes29 _originalMsg = originalMessage.ref(0);\n\n // Validate message format\n _originalMsg._validateMessageFormat();\n\n // Validate message sender\n bytes32 _sender = _originalMsg._sender();\n require(\n msg.sender == Message.bytes32ToAddress(_sender),\n \"Sender not permitted to use nonce\"\n );\n\n // Validate source domain\n uint32 _sourceDomain = _originalMsg._sourceDomain();\n require(\n _sourceDomain == localDomain,\n \"Message not originally sent from this domain\"\n );\n\n uint32 _destinationDomain = _originalMsg._destinationDomain();\n bytes32 _recipient = _originalMsg._recipient();\n uint64 _nonce = _originalMsg._nonce();\n\n _sendMessage(\n _destinationDomain,\n _recipient,\n newDestinationCaller,\n _sender,\n _nonce,\n newMessageBody\n );\n }\n\n /**\n * @notice Send the message to the destination domain and recipient, for a specified `destinationCaller` on the\n * destination domain.\n * @dev Increment nonce, format the message, and emit `MessageSent` event with message information.\n * WARNING: if the `destinationCaller` does not represent a valid address, then it will not be possible\n * to broadcast the message on the destination domain. This is an advanced feature, and the standard\n * sendMessage() should be preferred for use cases where a specific destination caller is not required.\n * @param destinationDomain Domain of destination chain\n * @param recipient Address of message recipient on destination domain as bytes32\n * @param destinationCaller caller on the destination domain, as bytes32\n * @param messageBody Raw bytes content of message\n * @return nonce reserved by message\n */\n function sendMessageWithCaller(\n uint32 destinationDomain,\n bytes32 recipient,\n bytes32 destinationCaller,\n bytes calldata messageBody\n ) external override whenNotPaused returns (uint64) {\n require(\n destinationCaller != bytes32(0),\n \"Destination caller must be nonzero\"\n );\n\n uint64 _nonce = _reserveAndIncrementNonce();\n bytes32 _messageSender = Message.addressToBytes32(msg.sender);\n\n _sendMessage(\n destinationDomain,\n recipient,\n destinationCaller,\n _messageSender,\n _nonce,\n messageBody\n );\n\n return _nonce;\n }\n\n /**\n * @notice Receive a message. Messages with a given nonce\n * can only be broadcast once for a (sourceDomain, destinationDomain)\n * pair. The message body of a valid message is passed to the\n * specified recipient for further processing.\n *\n * @dev Attestation format:\n * A valid attestation is the concatenated 65-byte signature(s) of exactly\n * `thresholdSignature` signatures, in increasing order of attester address.\n * ***If the attester addresses recovered from signatures are not in\n * increasing order, signature verification will fail.***\n * If incorrect number of signatures or duplicate signatures are supplied,\n * signature verification will fail.\n *\n * Message format:\n * Field Bytes Type Index\n * version 4 uint32 0\n * sourceDomain 4 uint32 4\n * destinationDomain 4 uint32 8\n * nonce 8 uint64 12\n * sender 32 bytes32 20\n * recipient 32 bytes32 52\n * messageBody dynamic bytes 84\n * @param message Message bytes\n * @param attestation Concatenated 65-byte signature(s) of `message`, in increasing order\n * of the attester address recovered from signatures.\n * @return success bool, true if successful\n */\n function receiveMessage(bytes calldata message, bytes calldata attestation)\n external\n override\n whenNotPaused\n returns (bool success)\n {\n // Validate each signature in the attestation\n _verifyAttestationSignatures(message, attestation);\n\n bytes29 _msg = message.ref(0);\n\n // Validate message format\n _msg._validateMessageFormat();\n\n // Validate domain\n require(\n _msg._destinationDomain() == localDomain,\n \"Invalid destination domain\"\n );\n\n // Validate destination caller\n if (_msg._destinationCaller() != bytes32(0)) {\n require(\n _msg._destinationCaller() ==\n Message.addressToBytes32(msg.sender),\n \"Invalid caller for message\"\n );\n }\n\n // Validate version\n require(_msg._version() == version, \"Invalid message version\");\n\n // Validate nonce is available\n uint32 _sourceDomain = _msg._sourceDomain();\n uint64 _nonce = _msg._nonce();\n bytes32 _sourceAndNonce = _hashSourceAndNonce(_sourceDomain, _nonce);\n require(usedNonces[_sourceAndNonce] == 0, \"Nonce already used\");\n // Mark nonce used\n usedNonces[_sourceAndNonce] = 1;\n\n // Handle receive message\n bytes32 _sender = _msg._sender();\n bytes memory _messageBody = _msg._messageBody().clone();\n require(\n IMessageHandler(Message.bytes32ToAddress(_msg._recipient()))\n .handleReceiveMessage(_sourceDomain, _sender, _messageBody),\n \"handleReceiveMessage() failed\"\n );\n\n // Emit MessageReceived event\n emit MessageReceived(\n msg.sender,\n _sourceDomain,\n _nonce,\n _sender,\n _messageBody\n );\n return true;\n }\n\n /**\n * @notice Sets the max message body size\n * @dev This value should not be reduced without good reason,\n * to avoid impacting users who rely on large messages.\n * @param newMaxMessageBodySize new max message body size, in bytes\n */\n function setMaxMessageBodySize(uint256 newMaxMessageBodySize)\n external\n onlyOwner\n {\n maxMessageBodySize = newMaxMessageBodySize;\n emit MaxMessageBodySizeUpdated(maxMessageBodySize);\n }\n\n // ============ Internal Utils ============\n /**\n * @notice Send the message to the destination domain and recipient. If `_destinationCaller` is not equal to bytes32(0),\n * the message can only be received on the destination chain when called by `_destinationCaller`.\n * @dev Format the message and emit `MessageSent` event with message information.\n * @param _destinationDomain Domain of destination chain\n * @param _recipient Address of message recipient on destination domain as bytes32\n * @param _destinationCaller caller on the destination domain, as bytes32\n * @param _sender message sender, as bytes32\n * @param _nonce nonce reserved for message\n * @param _messageBody Raw bytes content of message\n */\n function _sendMessage(\n uint32 _destinationDomain,\n bytes32 _recipient,\n bytes32 _destinationCaller,\n bytes32 _sender,\n uint64 _nonce,\n bytes calldata _messageBody\n ) internal {\n // Validate message body length\n require(\n _messageBody.length \u003c= maxMessageBodySize,\n \"Message body exceeds max size\"\n );\n\n require(_recipient != bytes32(0), \"Recipient must be nonzero\");\n\n // serialize message\n bytes memory _message = Message._formatMessage(\n version,\n localDomain,\n _destinationDomain,\n _nonce,\n _sender,\n _recipient,\n _destinationCaller,\n _messageBody\n );\n\n // Emit MessageSent event\n emit MessageSent(_message);\n }\n\n /**\n * @notice hashes `_source` and `_nonce`.\n * @param _source Domain of chain where the transfer originated\n * @param _nonce The unique identifier for the message from source to\n destination\n * @return hash of source and nonce\n */\n function _hashSourceAndNonce(uint32 _source, uint64 _nonce)\n internal\n pure\n returns (bytes32)\n {\n return keccak256(abi.encodePacked(_source, _nonce));\n }\n\n /**\n * Reserve and increment next available nonce\n * @return nonce reserved\n */\n function _reserveAndIncrementNonce() internal returns (uint64) {\n uint64 _nonceReserved = nextAvailableNonce;\n nextAvailableNonce = nextAvailableNonce + 1;\n return _nonceReserved;\n }\n}\n","language":"Solidity","languageVersion":"0.7.6","compilerVersion":"0.7.6","compilerOptions":"--combined-json bin,bin-runtime,srcmap,srcmap-runtime,abi,userdoc,devdoc,metadata,hashes --optimize --optimize-runs 10000 --allow-paths ., ./, ../","srcMap":"65282:7684:0:-:0;;;;;;;;;;;;;;;;;;;;;;;;;","srcMapRuntime":"65282:7684:0:-:0;;;;;;;;","abiDefinition":[],"userDoc":{"kind":"user","methods":{},"version":1},"developerDoc":{"details":"Collection of functions related to the address type","kind":"dev","methods":{},"version":1},"metadata":"{\"compiler\":{\"version\":\"0.7.6+commit.7338295f\"},\"language\":\"Solidity\",\"output\":{\"abi\":[],\"devdoc\":{\"details\":\"Collection of functions related to the address type\",\"kind\":\"dev\",\"methods\":{},\"version\":1},\"userdoc\":{\"kind\":\"user\",\"methods\":{},\"version\":1}},\"settings\":{\"compilationTarget\":{\"/solidity/MessageTransmitter.sol\":\"Address\"},\"evmVersion\":\"istanbul\",\"libraries\":{},\"metadata\":{\"bytecodeHash\":\"ipfs\"},\"optimizer\":{\"enabled\":true,\"runs\":10000},\"remappings\":[]},\"sources\":{\"/solidity/MessageTransmitter.sol\":{\"keccak256\":\"0x66482a7675b7a8f1b856597c0bcce83a042b7f528008def6999bc6ac352490c3\",\"urls\":[\"bzz-raw://1ac50e39d1d55ebb3768c40e3a059e0061a4b3604e6d696b344536449bf54493\",\"dweb:/ipfs/QmVs58APPUCVq74xCsVLCMdfB18yJTqFzgXNL5qEJu7GY6\"]}},\"version\":1}"},"hashes":{}},"/solidity/MessageTransmitter.sol:Attestable":{"code":"0x60806040523480156200001157600080fd5b506040516200116638038062001166833981810160405260208110156200003757600080fd5b50516200004d620000476200006f565b62000073565b62000058336200009d565b60016002556200006881620000bf565b50620002f6565b3390565b600180546001600160a01b03191690556200009a816200021f602090811b62000a2c17901c565b50565b600580546001600160a01b0319166001600160a01b0392909216919091179055565b6005546001600160a01b031633146200011f576040805162461bcd60e51b815260206004820152601b60248201527f43616c6c6572206e6f74206174746573746572206d616e616765720000000000604482015290519081900360640190fd5b6001600160a01b0381166200017b576040805162461bcd60e51b815260206004820152601c60248201527f4e6577206174746573746572206d757374206265206e6f6e7a65726f00000000604482015290519081900360640190fd5b620001968160036200026f60201b62000aa11790919060201c565b620001e8576040805162461bcd60e51b815260206004820152601860248201527f417474657374657220616c726561647920656e61626c65640000000000000000604482015290519081900360640190fd5b6040516001600160a01b038216907f5b99bab45c72ce67e89466dbc47480b9c1fde1400e7268bbf463b8354ee4653f90600090a250565b600080546001600160a01b038381166001600160a01b0319831681178455604051919092169283917f8be0079c531659141344cd1fd0a4f28419497f9722a3daafe3b4186f6b6457e09190a35050565b600062000286836001600160a01b0384166200028f565b90505b92915050565b60006200029d8383620002de565b620002d55750815460018181018455600084815260208082209093018490558454848252828601909352604090209190915562000289565b50600062000289565b60009081526001919091016020526040902054151590565b610e6080620003066000396000f3fe608060405234801561001057600080fd5b50600436106100df5760003560e01c8063a82f2e261161008c578063de7769d411610066578063de7769d4146101fd578063e30c397814610230578063f2fde38b14610238578063fae368791461026b576100df565b8063a82f2e26146101bb578063bbde5374146101c3578063beb673d8146101e0576100df565b80637af82f60116100bd5780637af82f601461013b5780638da5cb5b146101825780639b0d94b7146101b3576100df565b80632d025080146100e457806351079a531461011957806379ba509714610133575b600080fd5b610117600480360360208110156100fa57600080fd5b503573ffffffffffffffffffffffffffffffffffffffff1661029e565b005b610121610462565b60408051918252519081900360200190f35b610117610473565b61016e6004803603602081101561015157600080fd5b503573ffffffffffffffffffffffffffffffffffffffff166104fc565b604080519115158252519081900360200190f35b61018a61050f565b6040805173ffffffffffffffffffffffffffffffffffffffff9092168252519081900360200190f35b61018a61052b565b610121610547565b610117600480360360208110156101d957600080fd5b503561054d565b61018a600480360360208110156101f657600080fd5b5035610707565b6101176004803603602081101561021357600080fd5b503573ffffffffffffffffffffffffffffffffffffffff16610714565b61018a610804565b6101176004803603602081101561024e57600080fd5b503573ffffffffffffffffffffffffffffffffffffffff16610820565b6101176004803603602081101561028157600080fd5b503573ffffffffffffffffffffffffffffffffffffffff166108b8565b60055473ffffffffffffffffffffffffffffffffffffffff16331461030a576040805162461bcd60e51b815260206004820152601b60248201527f43616c6c6572206e6f74206174746573746572206d616e616765720000000000604482015290519081900360640190fd5b6000610314610462565b90506001811161036b576040805162461bcd60e51b815260206004820152601960248201527f546f6f2066657720656e61626c65642061747465737465727300000000000000604482015290519081900360640190fd5b60025481116103c1576040805162461bcd60e51b815260206004820152601e60248201527f5369676e6174757265207468726573686f6c6420697320746f6f206c6f770000604482015290519081900360640190fd5b6103cc600383610aca565b61041d576040805162461bcd60e51b815260206004820152601960248201527f417474657374657220616c72656164792064697361626c656400000000000000604482015290519081900360640190fd5b60405173ffffffffffffffffffffffffffffffffffffffff8316907f78e573a18c75957b7cadaab01511aa1c19a659f06ecf53e01de37ed92d3261fc90600090a25050565b600061046e6003610aec565b905090565b600061047d610af7565b90508073ffffffffffffffffffffffffffffffffffffffff1661049e610804565b73ffffffffffffffffffffffffffffffffffffffff16146104f05760405162461bcd60e51b8152600401808060200182810382526029815260200180610e026029913960400191505060405180910390fd5b6104f981610afb565b50565b6000610509600383610b2c565b92915050565b60005473ffffffffffffffffffffffffffffffffffffffff1690565b60055473ffffffffffffffffffffffffffffffffffffffff1690565b60025481565b60055473ffffffffffffffffffffffffffffffffffffffff1633146105b9576040805162461bcd60e51b815260206004820152601b60248201527f43616c6c6572206e6f74206174746573746572206d616e616765720000000000604482015290519081900360640190fd5b8061060b576040805162461bcd60e51b815260206004820152601b60248201527f496e76616c6964207369676e6174757265207468726573686f6c640000000000604482015290519081900360640190fd5b6106156003610aec565b811115610669576040805162461bcd60e51b815260206004820181905260248201527f4e6577207369676e6174757265207468726573686f6c6420746f6f2068696768604482015290519081900360640190fd5b6002548114156106c0576040805162461bcd60e51b815260206004820152601f60248201527f5369676e6174757265207468726573686f6c6420616c72656164792073657400604482015290519081900360640190fd5b6002805490829055604080518281526020810184905281517f149153f58b4da003a8cfd4523709a202402182cb5aa335046911277a1be6eede929181900390910190a15050565b6000610509600383610b4e565b61071c610b5a565b73ffffffffffffffffffffffffffffffffffffffff8116610784576040805162461bcd60e51b815260206004820181905260248201527f496e76616c6964206174746573746572206d616e616765722061646472657373604482015290519081900360640190fd5b60055473ffffffffffffffffffffffffffffffffffffffff166107a682610bea565b8173ffffffffffffffffffffffffffffffffffffffff168173ffffffffffffffffffffffffffffffffffffffff167f0cee1b7ae04f3c788dd3a46c6fa677eb95b913611ef7ab59524fdc09d346021960405160405180910390a35050565b60015473ffffffffffffffffffffffffffffffffffffffff1690565b610828610b5a565b600180547fffffffffffffffffffffffff00000000000000000000000000000000000000001673ffffffffffffffffffffffffffffffffffffffff831690811790915561087361050f565b73ffffffffffffffffffffffffffffffffffffffff167f38d16b8cac22d99fc7c124b9cd0de2d3fa1faef420bfe791d8c362d765e2270060405160405180910390a350565b60055473ffffffffffffffffffffffffffffffffffffffff163314610924576040805162461bcd60e51b815260206004820152601b60248201527f43616c6c6572206e6f74206174746573746572206d616e616765720000000000604482015290519081900360640190fd5b73ffffffffffffffffffffffffffffffffffffffff811661098c576040805162461bcd60e51b815260206004820152601c60248201527f4e6577206174746573746572206d757374206265206e6f6e7a65726f00000000604482015290519081900360640190fd5b610997600382610aa1565b6109e8576040805162461bcd60e51b815260206004820152601860248201527f417474657374657220616c726561647920656e61626c65640000000000000000604482015290519081900360640190fd5b60405173ffffffffffffffffffffffffffffffffffffffff8216907f5b99bab45c72ce67e89466dbc47480b9c1fde1400e7268bbf463b8354ee4653f90600090a250565b6000805473ffffffffffffffffffffffffffffffffffffffff8381167fffffffffffffffffffffffff0000000000000000000000000000000000000000831681178455604051919092169283917f8be0079c531659141344cd1fd0a4f28419497f9722a3daafe3b4186f6b6457e09190a35050565b6000610ac38373ffffffffffffffffffffffffffffffffffffffff8416610c31565b9392505050565b6000610ac38373ffffffffffffffffffffffffffffffffffffffff8416610c7b565b600061050982610d5f565b3390565b600180547fffffffffffffffffffffffff00000000000000000000000000000000000000001690556104f981610a2c565b6000610ac38373ffffffffffffffffffffffffffffffffffffffff8416610d63565b6000610ac38383610d7b565b610b62610af7565b73ffffffffffffffffffffffffffffffffffffffff16610b8061050f565b73ffffffffffffffffffffffffffffffffffffffff1614610be8576040805162461bcd60e51b815260206004820181905260248201527f4f776e61626c653a2063616c6c6572206973206e6f7420746865206f776e6572604482015290519081900360640190fd5b565b600580547fffffffffffffffffffffffff00000000000000000000000000000000000000001673ffffffffffffffffffffffffffffffffffffffff92909216919091179055565b6000610c3d8383610d63565b610c7357508154600181810184556000848152602080822090930184905584548482528286019093526040902091909155610509565b506000610509565b60008181526001830160205260408120548015610d555783547fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff8083019190810190600090879083908110610ccc57fe5b9060005260206000200154905080876000018481548110610ce957fe5b600091825260208083209091019290925582815260018981019092526040902090840190558654879080610d1957fe5b60019003818190600052602060002001600090559055866001016000878152602001908152602001600020600090556001945050505050610509565b6000915050610509565b5490565b60009081526001919091016020526040902054151590565b81546000908210610dbd5760405162461bcd60e51b8152600401808060200182810382526022815260200180610de06022913960400191505060405180910390fd5b826000018281548110610dcc57fe5b906000526020600020015490509291505056fe456e756d657261626c655365743a20696e646578206f7574206f6620626f756e64734f776e61626c6532537465703a2063616c6c6572206973206e6f7420746865206e6577206f776e6572a26469706673582212202a1b157f6886ccbf5d061a41222b10dee70e3f54a7b84409b3f7347251e260a864736f6c63430007060033","runtime-code":"0x608060405234801561001057600080fd5b50600436106100df5760003560e01c8063a82f2e261161008c578063de7769d411610066578063de7769d4146101fd578063e30c397814610230578063f2fde38b14610238578063fae368791461026b576100df565b8063a82f2e26146101bb578063bbde5374146101c3578063beb673d8146101e0576100df565b80637af82f60116100bd5780637af82f601461013b5780638da5cb5b146101825780639b0d94b7146101b3576100df565b80632d025080146100e457806351079a531461011957806379ba509714610133575b600080fd5b610117600480360360208110156100fa57600080fd5b503573ffffffffffffffffffffffffffffffffffffffff1661029e565b005b610121610462565b60408051918252519081900360200190f35b610117610473565b61016e6004803603602081101561015157600080fd5b503573ffffffffffffffffffffffffffffffffffffffff166104fc565b604080519115158252519081900360200190f35b61018a61050f565b6040805173ffffffffffffffffffffffffffffffffffffffff9092168252519081900360200190f35b61018a61052b565b610121610547565b610117600480360360208110156101d957600080fd5b503561054d565b61018a600480360360208110156101f657600080fd5b5035610707565b6101176004803603602081101561021357600080fd5b503573ffffffffffffffffffffffffffffffffffffffff16610714565b61018a610804565b6101176004803603602081101561024e57600080fd5b503573ffffffffffffffffffffffffffffffffffffffff16610820565b6101176004803603602081101561028157600080fd5b503573ffffffffffffffffffffffffffffffffffffffff166108b8565b60055473ffffffffffffffffffffffffffffffffffffffff16331461030a576040805162461bcd60e51b815260206004820152601b60248201527f43616c6c6572206e6f74206174746573746572206d616e616765720000000000604482015290519081900360640190fd5b6000610314610462565b90506001811161036b576040805162461bcd60e51b815260206004820152601960248201527f546f6f2066657720656e61626c65642061747465737465727300000000000000604482015290519081900360640190fd5b60025481116103c1576040805162461bcd60e51b815260206004820152601e60248201527f5369676e6174757265207468726573686f6c6420697320746f6f206c6f770000604482015290519081900360640190fd5b6103cc600383610aca565b61041d576040805162461bcd60e51b815260206004820152601960248201527f417474657374657220616c72656164792064697361626c656400000000000000604482015290519081900360640190fd5b60405173ffffffffffffffffffffffffffffffffffffffff8316907f78e573a18c75957b7cadaab01511aa1c19a659f06ecf53e01de37ed92d3261fc90600090a25050565b600061046e6003610aec565b905090565b600061047d610af7565b90508073ffffffffffffffffffffffffffffffffffffffff1661049e610804565b73ffffffffffffffffffffffffffffffffffffffff16146104f05760405162461bcd60e51b8152600401808060200182810382526029815260200180610e026029913960400191505060405180910390fd5b6104f981610afb565b50565b6000610509600383610b2c565b92915050565b60005473ffffffffffffffffffffffffffffffffffffffff1690565b60055473ffffffffffffffffffffffffffffffffffffffff1690565b60025481565b60055473ffffffffffffffffffffffffffffffffffffffff1633146105b9576040805162461bcd60e51b815260206004820152601b60248201527f43616c6c6572206e6f74206174746573746572206d616e616765720000000000604482015290519081900360640190fd5b8061060b576040805162461bcd60e51b815260206004820152601b60248201527f496e76616c6964207369676e6174757265207468726573686f6c640000000000604482015290519081900360640190fd5b6106156003610aec565b811115610669576040805162461bcd60e51b815260206004820181905260248201527f4e6577207369676e6174757265207468726573686f6c6420746f6f2068696768604482015290519081900360640190fd5b6002548114156106c0576040805162461bcd60e51b815260206004820152601f60248201527f5369676e6174757265207468726573686f6c6420616c72656164792073657400604482015290519081900360640190fd5b6002805490829055604080518281526020810184905281517f149153f58b4da003a8cfd4523709a202402182cb5aa335046911277a1be6eede929181900390910190a15050565b6000610509600383610b4e565b61071c610b5a565b73ffffffffffffffffffffffffffffffffffffffff8116610784576040805162461bcd60e51b815260206004820181905260248201527f496e76616c6964206174746573746572206d616e616765722061646472657373604482015290519081900360640190fd5b60055473ffffffffffffffffffffffffffffffffffffffff166107a682610bea565b8173ffffffffffffffffffffffffffffffffffffffff168173ffffffffffffffffffffffffffffffffffffffff167f0cee1b7ae04f3c788dd3a46c6fa677eb95b913611ef7ab59524fdc09d346021960405160405180910390a35050565b60015473ffffffffffffffffffffffffffffffffffffffff1690565b610828610b5a565b600180547fffffffffffffffffffffffff00000000000000000000000000000000000000001673ffffffffffffffffffffffffffffffffffffffff831690811790915561087361050f565b73ffffffffffffffffffffffffffffffffffffffff167f38d16b8cac22d99fc7c124b9cd0de2d3fa1faef420bfe791d8c362d765e2270060405160405180910390a350565b60055473ffffffffffffffffffffffffffffffffffffffff163314610924576040805162461bcd60e51b815260206004820152601b60248201527f43616c6c6572206e6f74206174746573746572206d616e616765720000000000604482015290519081900360640190fd5b73ffffffffffffffffffffffffffffffffffffffff811661098c576040805162461bcd60e51b815260206004820152601c60248201527f4e6577206174746573746572206d757374206265206e6f6e7a65726f00000000604482015290519081900360640190fd5b610997600382610aa1565b6109e8576040805162461bcd60e51b815260206004820152601860248201527f417474657374657220616c726561647920656e61626c65640000000000000000604482015290519081900360640190fd5b60405173ffffffffffffffffffffffffffffffffffffffff8216907f5b99bab45c72ce67e89466dbc47480b9c1fde1400e7268bbf463b8354ee4653f90600090a250565b6000805473ffffffffffffffffffffffffffffffffffffffff8381167fffffffffffffffffffffffff0000000000000000000000000000000000000000831681178455604051919092169283917f8be0079c531659141344cd1fd0a4f28419497f9722a3daafe3b4186f6b6457e09190a35050565b6000610ac38373ffffffffffffffffffffffffffffffffffffffff8416610c31565b9392505050565b6000610ac38373ffffffffffffffffffffffffffffffffffffffff8416610c7b565b600061050982610d5f565b3390565b600180547fffffffffffffffffffffffff00000000000000000000000000000000000000001690556104f981610a2c565b6000610ac38373ffffffffffffffffffffffffffffffffffffffff8416610d63565b6000610ac38383610d7b565b610b62610af7565b73ffffffffffffffffffffffffffffffffffffffff16610b8061050f565b73ffffffffffffffffffffffffffffffffffffffff1614610be8576040805162461bcd60e51b815260206004820181905260248201527f4f776e61626c653a2063616c6c6572206973206e6f7420746865206f776e6572604482015290519081900360640190fd5b565b600580547fffffffffffffffffffffffff00000000000000000000000000000000000000001673ffffffffffffffffffffffffffffffffffffffff92909216919091179055565b6000610c3d8383610d63565b610c7357508154600181810184556000848152602080822090930184905584548482528286019093526040902091909155610509565b506000610509565b60008181526001830160205260408120548015610d555783547fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff8083019190810190600090879083908110610ccc57fe5b9060005260206000200154905080876000018481548110610ce957fe5b600091825260208083209091019290925582815260018981019092526040902090840190558654879080610d1957fe5b60019003818190600052602060002001600090559055866001016000878152602001908152602001600020600090556001945050505050610509565b6000915050610509565b5490565b60009081526001919091016020526040902054151590565b81546000908210610dbd5760405162461bcd60e51b8152600401808060200182810382526022815260200180610de06022913960400191505060405180910390fd5b826000018281548110610dcc57fe5b906000526020600020015490509291505056fe456e756d657261626c655365743a20696e646578206f7574206f6620626f756e64734f776e61626c6532537465703a2063616c6c6572206973206e6f7420746865206e6577206f776e6572a26469706673582212202a1b157f6886ccbf5d061a41222b10dee70e3f54a7b84409b3f7347251e260a864736f6c63430007060033","info":{"source":"/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npragma solidity 0.7.6;\n\n/*\nThe MIT License (MIT)\n\nCopyright (c) 2016 Smart Contract Solutions, Inc.\n\nPermission is hereby granted, free of charge, to any person obtaining\na copy of this software and associated documentation files (the\n\"Software\"), to deal in the Software without restriction, including\nwithout limitation the rights to use, copy, modify, merge, publish,\ndistribute, sublicense, and/or sell copies of the Software, and to\npermit persons to whom the Software is furnished to do so, subject to\nthe following conditions:\n\nThe above copyright notice and this permission notice shall be included\nin all copies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS\nOR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF\nMERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.\nIN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY\nCLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,\nTORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE\nSOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n*/\n\nlibrary TypedMemView {\n using SafeMath for uint256;\n\n // Why does this exist?\n // the solidity `bytes memory` type has a few weaknesses.\n // 1. You can't index ranges effectively\n // 2. You can't slice without copying\n // 3. The underlying data may represent any type\n // 4. Solidity never deallocates memory, and memory costs grow\n // superlinearly\n\n // By using a memory view instead of a `bytes memory` we get the following\n // advantages:\n // 1. Slices are done on the stack, by manipulating the pointer\n // 2. We can index arbitrary ranges and quickly convert them to stack types\n // 3. We can insert type info into the pointer, and typecheck at runtime\n\n // This makes `TypedMemView` a useful tool for efficient zero-copy\n // algorithms.\n\n // Why bytes29?\n // We want to avoid confusion between views, digests, and other common\n // types so we chose a large and uncommonly used odd number of bytes\n //\n // Note that while bytes are left-aligned in a word, integers and addresses\n // are right-aligned. This means when working in assembly we have to\n // account for the 3 unused bytes on the righthand side\n //\n // First 5 bytes are a type flag.\n // - ff_ffff_fffe is reserved for unknown type.\n // - ff_ffff_ffff is reserved for invalid types/errors.\n // next 12 are memory address\n // next 12 are len\n // bottom 3 bytes are empty\n\n // Assumptions:\n // - non-modification of memory.\n // - No Solidity updates\n // - - wrt free mem point\n // - - wrt bytes representation in memory\n // - - wrt memory addressing in general\n\n // Usage:\n // - create type constants\n // - use `assertType` for runtime type assertions\n // - - unfortunately we can't do this at compile time yet :(\n // - recommended: implement modifiers that perform type checking\n // - - e.g.\n // - - `uint40 constant MY_TYPE = 3;`\n // - - ` modifer onlyMyType(bytes29 myView) { myView.assertType(MY_TYPE); }`\n // - instantiate a typed view from a bytearray using `ref`\n // - use `index` to inspect the contents of the view\n // - use `slice` to create smaller views into the same memory\n // - - `slice` can increase the offset\n // - - `slice can decrease the length`\n // - - must specify the output type of `slice`\n // - - `slice` will return a null view if you try to overrun\n // - - make sure to explicitly check for this with `notNull` or `assertType`\n // - use `equal` for typed comparisons.\n\n // The null view\n bytes29 public constant NULL = hex\"ffffffffffffffffffffffffffffffffffffffffffffffffffffffffff\";\n uint256 constant LOW_12_MASK = 0xffffffffffffffffffffffff;\n uint8 constant TWELVE_BYTES = 96;\n\n /**\n * @notice Returns the encoded hex character that represents the lower 4 bits of the argument.\n * @param _b The byte\n * @return char - The encoded hex character\n */\n function nibbleHex(uint8 _b) internal pure returns (uint8 char) {\n // This can probably be done more efficiently, but it's only in error\n // paths, so we don't really care :)\n uint8 _nibble = _b | 0xf0; // set top 4, keep bottom 4\n if (_nibble == 0xf0) {return 0x30;} // 0\n if (_nibble == 0xf1) {return 0x31;} // 1\n if (_nibble == 0xf2) {return 0x32;} // 2\n if (_nibble == 0xf3) {return 0x33;} // 3\n if (_nibble == 0xf4) {return 0x34;} // 4\n if (_nibble == 0xf5) {return 0x35;} // 5\n if (_nibble == 0xf6) {return 0x36;} // 6\n if (_nibble == 0xf7) {return 0x37;} // 7\n if (_nibble == 0xf8) {return 0x38;} // 8\n if (_nibble == 0xf9) {return 0x39;} // 9\n if (_nibble == 0xfa) {return 0x61;} // a\n if (_nibble == 0xfb) {return 0x62;} // b\n if (_nibble == 0xfc) {return 0x63;} // c\n if (_nibble == 0xfd) {return 0x64;} // d\n if (_nibble == 0xfe) {return 0x65;} // e\n if (_nibble == 0xff) {return 0x66;} // f\n }\n\n /**\n * @notice Returns a uint16 containing the hex-encoded byte.\n * @param _b The byte\n * @return encoded - The hex-encoded byte\n */\n function byteHex(uint8 _b) internal pure returns (uint16 encoded) {\n encoded |= nibbleHex(_b \u003e\u003e 4); // top 4 bits\n encoded \u003c\u003c= 8;\n encoded |= nibbleHex(_b); // lower 4 bits\n }\n\n /**\n * @notice Encodes the uint256 to hex. `first` contains the encoded top 16 bytes.\n * `second` contains the encoded lower 16 bytes.\n *\n * @param _b The 32 bytes as uint256\n * @return first - The top 16 bytes\n * @return second - The bottom 16 bytes\n */\n function encodeHex(uint256 _b) internal pure returns (uint256 first, uint256 second) {\n for (uint8 i = 31; i \u003e 15; i -= 1) {\n uint8 _byte = uint8(_b \u003e\u003e (i * 8));\n first |= byteHex(_byte);\n if (i != 16) {\n first \u003c\u003c= 16;\n }\n }\n\n // abusing underflow here =_=\n for (uint8 i = 15; i \u003c 255 ; i -= 1) {\n uint8 _byte = uint8(_b \u003e\u003e (i * 8));\n second |= byteHex(_byte);\n if (i != 0) {\n second \u003c\u003c= 16;\n }\n }\n }\n\n /**\n * @notice Changes the endianness of a uint256.\n * @dev https://graphics.stanford.edu/~seander/bithacks.html#ReverseParallel\n * @param _b The unsigned integer to reverse\n * @return v - The reversed value\n */\n function reverseUint256(uint256 _b) internal pure returns (uint256 v) {\n v = _b;\n\n // swap bytes\n v = ((v \u003e\u003e 8) \u0026 0x00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF) |\n ((v \u0026 0x00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF) \u003c\u003c 8);\n // swap 2-byte long pairs\n v = ((v \u003e\u003e 16) \u0026 0x0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF) |\n ((v \u0026 0x0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF) \u003c\u003c 16);\n // swap 4-byte long pairs\n v = ((v \u003e\u003e 32) \u0026 0x00000000FFFFFFFF00000000FFFFFFFF00000000FFFFFFFF00000000FFFFFFFF) |\n ((v \u0026 0x00000000FFFFFFFF00000000FFFFFFFF00000000FFFFFFFF00000000FFFFFFFF) \u003c\u003c 32);\n // swap 8-byte long pairs\n v = ((v \u003e\u003e 64) \u0026 0x0000000000000000FFFFFFFFFFFFFFFF0000000000000000FFFFFFFFFFFFFFFF) |\n ((v \u0026 0x0000000000000000FFFFFFFFFFFFFFFF0000000000000000FFFFFFFFFFFFFFFF) \u003c\u003c 64);\n // swap 16-byte long pairs\n v = (v \u003e\u003e 128) | (v \u003c\u003c 128);\n }\n\n /**\n * @notice Create a mask with the highest `_len` bits set.\n * @param _len The length\n * @return mask - The mask\n */\n function leftMask(uint8 _len) private pure returns (uint256 mask) {\n // ugly. redo without assembly?\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n mask := sar(\n sub(_len, 1),\n 0x8000000000000000000000000000000000000000000000000000000000000000\n )\n }\n }\n\n /**\n * @notice Return the null view.\n * @return bytes29 - The null view\n */\n function nullView() internal pure returns (bytes29) {\n return NULL;\n }\n\n /**\n * @notice Check if the view is null.\n * @return bool - True if the view is null\n */\n function isNull(bytes29 memView) internal pure returns (bool) {\n return memView == NULL;\n }\n\n /**\n * @notice Check if the view is not null.\n * @return bool - True if the view is not null\n */\n function notNull(bytes29 memView) internal pure returns (bool) {\n return !isNull(memView);\n }\n\n /**\n * @notice Check if the view is of a valid type and points to a valid location\n * in memory.\n * @dev We perform this check by examining solidity's unallocated memory\n * pointer and ensuring that the view's upper bound is less than that.\n * @param memView The view\n * @return ret - True if the view is valid\n */\n function isValid(bytes29 memView) internal pure returns (bool ret) {\n if (typeOf(memView) == 0xffffffffff) {return false;}\n uint256 _end = end(memView);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n ret := not(gt(_end, mload(0x40)))\n }\n }\n\n /**\n * @notice Require that a typed memory view be valid.\n * @dev Returns the view for easy chaining.\n * @param memView The view\n * @return bytes29 - The validated view\n */\n function assertValid(bytes29 memView) internal pure returns (bytes29) {\n require(isValid(memView), \"Validity assertion failed\");\n return memView;\n }\n\n /**\n * @notice Return true if the memview is of the expected type. Otherwise false.\n * @param memView The view\n * @param _expected The expected type\n * @return bool - True if the memview is of the expected type\n */\n function isType(bytes29 memView, uint40 _expected) internal pure returns (bool) {\n return typeOf(memView) == _expected;\n }\n\n /**\n * @notice Require that a typed memory view has a specific type.\n * @dev Returns the view for easy chaining.\n * @param memView The view\n * @param _expected The expected type\n * @return bytes29 - The view with validated type\n */\n function assertType(bytes29 memView, uint40 _expected) internal pure returns (bytes29) {\n if (!isType(memView, _expected)) {\n (, uint256 g) = encodeHex(uint256(typeOf(memView)));\n (, uint256 e) = encodeHex(uint256(_expected));\n string memory err = string(\n abi.encodePacked(\n \"Type assertion failed. Got 0x\",\n uint80(g),\n \". Expected 0x\",\n uint80(e)\n )\n );\n revert(err);\n }\n return memView;\n }\n\n /**\n * @notice Return an identical view with a different type.\n * @param memView The view\n * @param _newType The new type\n * @return newView - The new view with the specified type\n */\n function castTo(bytes29 memView, uint40 _newType) internal pure returns (bytes29 newView) {\n // then | in the new type\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n // shift off the top 5 bytes\n newView := or(newView, shr(40, shl(40, memView)))\n newView := or(newView, shl(216, _newType))\n }\n }\n\n /**\n * @notice Unsafe raw pointer construction. This should generally not be called\n * directly. Prefer `ref` wherever possible.\n * @dev Unsafe raw pointer construction. This should generally not be called\n * directly. Prefer `ref` wherever possible.\n * @param _type The type\n * @param _loc The memory address\n * @param _len The length\n * @return newView - The new view with the specified type, location and length\n */\n function unsafeBuildUnchecked(uint256 _type, uint256 _loc, uint256 _len) private pure returns (bytes29 newView) {\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n newView := shl(96, or(newView, _type)) // insert type\n newView := shl(96, or(newView, _loc)) // insert loc\n newView := shl(24, or(newView, _len)) // empty bottom 3 bytes\n }\n }\n\n /**\n * @notice Instantiate a new memory view. This should generally not be called\n * directly. Prefer `ref` wherever possible.\n * @dev Instantiate a new memory view. This should generally not be called\n * directly. Prefer `ref` wherever possible.\n * @param _type The type\n * @param _loc The memory address\n * @param _len The length\n * @return newView - The new view with the specified type, location and length\n */\n function build(uint256 _type, uint256 _loc, uint256 _len) internal pure returns (bytes29 newView) {\n uint256 _end = _loc.add(_len);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n if gt(_end, mload(0x40)) {\n _end := 0\n }\n }\n if (_end == 0) {\n return NULL;\n }\n newView = unsafeBuildUnchecked(_type, _loc, _len);\n }\n\n /**\n * @notice Instantiate a memory view from a byte array.\n * @dev Note that due to Solidity memory representation, it is not possible to\n * implement a deref, as the `bytes` type stores its len in memory.\n * @param arr The byte array\n * @param newType The type\n * @return bytes29 - The memory view\n */\n function ref(bytes memory arr, uint40 newType) internal pure returns (bytes29) {\n uint256 _len = arr.length;\n\n uint256 _loc;\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n _loc := add(arr, 0x20) // our view is of the data, not the struct\n }\n\n return build(newType, _loc, _len);\n }\n\n /**\n * @notice Return the associated type information.\n * @param memView The memory view\n * @return _type - The type associated with the view\n */\n function typeOf(bytes29 memView) internal pure returns (uint40 _type) {\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n // 216 == 256 - 40\n _type := shr(216, memView) // shift out lower 24 bytes\n }\n }\n\n /**\n * @notice Optimized type comparison. Checks that the 5-byte type flag is equal.\n * @param left The first view\n * @param right The second view\n * @return bool - True if the 5-byte type flag is equal\n */\n function sameType(bytes29 left, bytes29 right) internal pure returns (bool) {\n return (left ^ right) \u003e\u003e (2 * TWELVE_BYTES) == 0;\n }\n\n /**\n * @notice Return the memory address of the underlying bytes.\n * @param memView The view\n * @return _loc - The memory address\n */\n function loc(bytes29 memView) internal pure returns (uint96 _loc) {\n uint256 _mask = LOW_12_MASK; // assembly can't use globals\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n // 120 bits = 12 bytes (the encoded loc) + 3 bytes (empty low space)\n _loc := and(shr(120, memView), _mask)\n }\n }\n\n /**\n * @notice The number of memory words this memory view occupies, rounded up.\n * @param memView The view\n * @return uint256 - The number of memory words\n */\n function words(bytes29 memView) internal pure returns (uint256) {\n return uint256(len(memView)).add(32) / 32;\n }\n\n /**\n * @notice The in-memory footprint of a fresh copy of the view.\n * @param memView The view\n * @return uint256 - The in-memory footprint of a fresh copy of the view.\n */\n function footprint(bytes29 memView) internal pure returns (uint256) {\n return words(memView) * 32;\n }\n\n /**\n * @notice The number of bytes of the view.\n * @param memView The view\n * @return _len - The length of the view\n */\n function len(bytes29 memView) internal pure returns (uint96 _len) {\n uint256 _mask = LOW_12_MASK; // assembly can't use globals\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n _len := and(shr(24, memView), _mask)\n }\n }\n\n /**\n * @notice Returns the endpoint of `memView`.\n * @param memView The view\n * @return uint256 - The endpoint of `memView`\n */\n function end(bytes29 memView) internal pure returns (uint256) {\n return loc(memView) + len(memView);\n }\n\n /**\n * @notice Safe slicing without memory modification.\n * @param memView The view\n * @param _index The start index\n * @param _len The length\n * @param newType The new type\n * @return bytes29 - The new view\n */\n function slice(bytes29 memView, uint256 _index, uint256 _len, uint40 newType) internal pure returns (bytes29) {\n uint256 _loc = loc(memView);\n\n // Ensure it doesn't overrun the view\n if (_loc.add(_index).add(_len) \u003e end(memView)) {\n return NULL;\n }\n\n _loc = _loc.add(_index);\n return build(newType, _loc, _len);\n }\n\n /**\n * @notice Shortcut to `slice`. Gets a view representing the first `_len` bytes.\n * @param memView The view\n * @param _len The length\n * @param newType The new type\n * @return bytes29 - The new view\n */\n function prefix(bytes29 memView, uint256 _len, uint40 newType) internal pure returns (bytes29) {\n return slice(memView, 0, _len, newType);\n }\n\n /**\n * @notice Shortcut to `slice`. Gets a view representing the last `_len` byte.\n * @param memView The view\n * @param _len The length\n * @param newType The new type\n * @return bytes29 - The new view\n */\n function postfix(bytes29 memView, uint256 _len, uint40 newType) internal pure returns (bytes29) {\n return slice(memView, uint256(len(memView)).sub(_len), _len, newType);\n }\n\n /**\n * @notice Construct an error message for an indexing overrun.\n * @param _loc The memory address\n * @param _len The length\n * @param _index The index\n * @param _slice The slice where the overrun occurred\n * @return err - The err\n */\n function indexErrOverrun(\n uint256 _loc,\n uint256 _len,\n uint256 _index,\n uint256 _slice\n ) internal pure returns (string memory err) {\n (, uint256 a) = encodeHex(_loc);\n (, uint256 b) = encodeHex(_len);\n (, uint256 c) = encodeHex(_index);\n (, uint256 d) = encodeHex(_slice);\n err = string(\n abi.encodePacked(\n \"TypedMemView/index - Overran the view. Slice is at 0x\",\n uint48(a),\n \" with length 0x\",\n uint48(b),\n \". Attempted to index at offset 0x\",\n uint48(c),\n \" with length 0x\",\n uint48(d),\n \".\"\n )\n );\n }\n\n /**\n * @notice Load up to 32 bytes from the view onto the stack.\n * @dev Returns a bytes32 with only the `_bytes` highest bytes set.\n * This can be immediately cast to a smaller fixed-length byte array.\n * To automatically cast to an integer, use `indexUint`.\n * @param memView The view\n * @param _index The index\n * @param _bytes The bytes\n * @return result - The 32 byte result\n */\n function index(bytes29 memView, uint256 _index, uint8 _bytes) internal pure returns (bytes32 result) {\n if (_bytes == 0) {return bytes32(0);}\n if (_index.add(_bytes) \u003e len(memView)) {\n revert(indexErrOverrun(loc(memView), len(memView), _index, uint256(_bytes)));\n }\n require(_bytes \u003c= 32, \"TypedMemView/index - Attempted to index more than 32 bytes\");\n\n uint8 bitLength = _bytes * 8;\n uint256 _loc = loc(memView);\n uint256 _mask = leftMask(bitLength);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n result := and(mload(add(_loc, _index)), _mask)\n }\n }\n\n /**\n * @notice Parse an unsigned integer from the view at `_index`.\n * @dev Requires that the view have \u003e= `_bytes` bytes following that index.\n * @param memView The view\n * @param _index The index\n * @param _bytes The bytes\n * @return result - The unsigned integer\n */\n function indexUint(bytes29 memView, uint256 _index, uint8 _bytes) internal pure returns (uint256 result) {\n return uint256(index(memView, _index, _bytes)) \u003e\u003e ((32 - _bytes) * 8);\n }\n\n /**\n * @notice Parse an unsigned integer from LE bytes.\n * @param memView The view\n * @param _index The index\n * @param _bytes The bytes\n * @return result - The unsigned integer\n */\n function indexLEUint(bytes29 memView, uint256 _index, uint8 _bytes) internal pure returns (uint256 result) {\n return reverseUint256(uint256(index(memView, _index, _bytes)));\n }\n\n /**\n * @notice Parse an address from the view at `_index`. Requires that the view have \u003e= 20 bytes\n * following that index.\n * @param memView The view\n * @param _index The index\n * @return address - The address\n */\n function indexAddress(bytes29 memView, uint256 _index) internal pure returns (address) {\n return address(uint160(indexUint(memView, _index, 20)));\n }\n\n /**\n * @notice Return the keccak256 hash of the underlying memory\n * @param memView The view\n * @return digest - The keccak256 hash of the underlying memory\n */\n function keccak(bytes29 memView) internal pure returns (bytes32 digest) {\n uint256 _loc = loc(memView);\n uint256 _len = len(memView);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n digest := keccak256(_loc, _len)\n }\n }\n\n /**\n * @notice Return the sha2 digest of the underlying memory.\n * @dev We explicitly deallocate memory afterwards.\n * @param memView The view\n * @return digest - The sha2 hash of the underlying memory\n */\n function sha2(bytes29 memView) internal view returns (bytes32 digest) {\n uint256 _loc = loc(memView);\n uint256 _len = len(memView);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n let ptr := mload(0x40)\n pop(staticcall(gas(), 2, _loc, _len, ptr, 0x20)) // sha2 #1\n digest := mload(ptr)\n }\n }\n\n /**\n * @notice Implements bitcoin's hash160 (rmd160(sha2()))\n * @param memView The pre-image\n * @return digest - the Digest\n */\n function hash160(bytes29 memView) internal view returns (bytes20 digest) {\n uint256 _loc = loc(memView);\n uint256 _len = len(memView);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n let ptr := mload(0x40)\n pop(staticcall(gas(), 2, _loc, _len, ptr, 0x20)) // sha2\n pop(staticcall(gas(), 3, ptr, 0x20, ptr, 0x20)) // rmd160\n digest := mload(add(ptr, 0xc)) // return value is 0-prefixed.\n }\n }\n\n /**\n * @notice Implements bitcoin's hash256 (double sha2)\n * @param memView A view of the preimage\n * @return digest - the Digest\n */\n function hash256(bytes29 memView) internal view returns (bytes32 digest) {\n uint256 _loc = loc(memView);\n uint256 _len = len(memView);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n let ptr := mload(0x40)\n pop(staticcall(gas(), 2, _loc, _len, ptr, 0x20)) // sha2 #1\n pop(staticcall(gas(), 2, ptr, 0x20, ptr, 0x20)) // sha2 #2\n digest := mload(ptr)\n }\n }\n\n /**\n * @notice Return true if the underlying memory is equal. Else false.\n * @param left The first view\n * @param right The second view\n * @return bool - True if the underlying memory is equal\n */\n function untypedEqual(bytes29 left, bytes29 right) internal pure returns (bool) {\n return (loc(left) == loc(right) \u0026\u0026 len(left) == len(right)) || keccak(left) == keccak(right);\n }\n\n /**\n * @notice Return false if the underlying memory is equal. Else true.\n * @param left The first view\n * @param right The second view\n * @return bool - False if the underlying memory is equal\n */\n function untypedNotEqual(bytes29 left, bytes29 right) internal pure returns (bool) {\n return !untypedEqual(left, right);\n }\n\n /**\n * @notice Compares type equality.\n * @dev Shortcuts if the pointers are identical, otherwise compares type and digest.\n * @param left The first view\n * @param right The second view\n * @return bool - True if the types are the same\n */\n function equal(bytes29 left, bytes29 right) internal pure returns (bool) {\n return left == right || (typeOf(left) == typeOf(right) \u0026\u0026 keccak(left) == keccak(right));\n }\n\n /**\n * @notice Compares type inequality.\n * @dev Shortcuts if the pointers are identical, otherwise compares type and digest.\n * @param left The first view\n * @param right The second view\n * @return bool - True if the types are not the same\n */\n function notEqual(bytes29 left, bytes29 right) internal pure returns (bool) {\n return !equal(left, right);\n }\n\n /**\n * @notice Copy the view to a location, return an unsafe memory reference\n * @dev Super Dangerous direct memory access.\n *\n * This reference can be overwritten if anything else modifies memory (!!!).\n * As such it MUST be consumed IMMEDIATELY.\n * This function is private to prevent unsafe usage by callers.\n * @param memView The view\n * @param _newLoc The new location\n * @return written - the unsafe memory reference\n */\n function unsafeCopyTo(bytes29 memView, uint256 _newLoc) private view returns (bytes29 written) {\n require(notNull(memView), \"TypedMemView/copyTo - Null pointer deref\");\n require(isValid(memView), \"TypedMemView/copyTo - Invalid pointer deref\");\n uint256 _len = len(memView);\n uint256 _oldLoc = loc(memView);\n\n uint256 ptr;\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n ptr := mload(0x40)\n // revert if we're writing in occupied memory\n if gt(ptr, _newLoc) {\n revert(0x60, 0x20) // empty revert message\n }\n\n // use the identity precompile to copy\n // guaranteed not to fail, so pop the success\n pop(staticcall(gas(), 4, _oldLoc, _len, _newLoc, _len))\n }\n\n written = unsafeBuildUnchecked(typeOf(memView), _newLoc, _len);\n }\n\n /**\n * @notice Copies the referenced memory to a new loc in memory, returning a `bytes` pointing to\n * the new memory\n * @dev Shortcuts if the pointers are identical, otherwise compares type and digest.\n * @param memView The view\n * @return ret - The view pointing to the new memory\n */\n function clone(bytes29 memView) internal view returns (bytes memory ret) {\n uint256 ptr;\n uint256 _len = len(memView);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n ptr := mload(0x40) // load unused memory pointer\n ret := ptr\n }\n unsafeCopyTo(memView, ptr + 0x20);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n mstore(0x40, add(add(ptr, _len), 0x20)) // write new unused pointer\n mstore(ptr, _len) // write len of new array (in bytes)\n }\n }\n\n /**\n * @notice Join the views in memory, return an unsafe reference to the memory.\n * @dev Super Dangerous direct memory access.\n *\n * This reference can be overwritten if anything else modifies memory (!!!).\n * As such it MUST be consumed IMMEDIATELY.\n * This function is private to prevent unsafe usage by callers.\n * @param memViews The views\n * @return unsafeView - The conjoined view pointing to the new memory\n */\n function unsafeJoin(bytes29[] memory memViews, uint256 _location) private view returns (bytes29 unsafeView) {\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n let ptr := mload(0x40)\n // revert if we're writing in occupied memory\n if gt(ptr, _location) {\n revert(0x60, 0x20) // empty revert message\n }\n }\n\n uint256 _offset = 0;\n for (uint256 i = 0; i \u003c memViews.length; i ++) {\n bytes29 memView = memViews[i];\n unsafeCopyTo(memView, _location + _offset);\n _offset += len(memView);\n }\n unsafeView = unsafeBuildUnchecked(0, _location, _offset);\n }\n\n /**\n * @notice Produce the keccak256 digest of the concatenated contents of multiple views.\n * @param memViews The views\n * @return bytes32 - The keccak256 digest\n */\n function joinKeccak(bytes29[] memory memViews) internal view returns (bytes32) {\n uint256 ptr;\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n ptr := mload(0x40) // load unused memory pointer\n }\n return keccak(unsafeJoin(memViews, ptr));\n }\n\n /**\n * @notice Produce the sha256 digest of the concatenated contents of multiple views.\n * @param memViews The views\n * @return bytes32 - The sha256 digest\n */\n function joinSha2(bytes29[] memory memViews) internal view returns (bytes32) {\n uint256 ptr;\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n ptr := mload(0x40) // load unused memory pointer\n }\n return sha2(unsafeJoin(memViews, ptr));\n }\n\n /**\n * @notice copies all views, joins them into a new bytearray.\n * @param memViews The views\n * @return ret - The new byte array\n */\n function join(bytes29[] memory memViews) internal view returns (bytes memory ret) {\n uint256 ptr;\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n ptr := mload(0x40) // load unused memory pointer\n }\n\n bytes29 _newView = unsafeJoin(memViews, ptr + 0x20);\n uint256 _written = len(_newView);\n uint256 _footprint = footprint(_newView);\n\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n // store the legnth\n mstore(ptr, _written)\n // new pointer is old + 0x20 + the footprint of the body\n mstore(0x40, add(add(ptr, _footprint), 0x20))\n ret := ptr\n }\n }\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * @title IRelayer\n * @notice Sends messages from source domain to destination domain\n */\ninterface IRelayer {\n /**\n * @notice Sends an outgoing message from the source domain.\n * @dev Increment nonce, format the message, and emit `MessageSent` event with message information.\n * @param destinationDomain Domain of destination chain\n * @param recipient Address of message recipient on destination domain as bytes32\n * @param messageBody Raw bytes content of message\n * @return nonce reserved by message\n */\n function sendMessage(\n uint32 destinationDomain,\n bytes32 recipient,\n bytes calldata messageBody\n ) external returns (uint64);\n\n /**\n * @notice Sends an outgoing message from the source domain, with a specified caller on the\n * destination domain.\n * @dev Increment nonce, format the message, and emit `MessageSent` event with message information.\n * WARNING: if the `destinationCaller` does not represent a valid address as bytes32, then it will not be possible\n * to broadcast the message on the destination domain. This is an advanced feature, and the standard\n * sendMessage() should be preferred for use cases where a specific destination caller is not required.\n * @param destinationDomain Domain of destination chain\n * @param recipient Address of message recipient on destination domain as bytes32\n * @param destinationCaller caller on the destination domain, as bytes32\n * @param messageBody Raw bytes content of message\n * @return nonce reserved by message\n */\n function sendMessageWithCaller(\n uint32 destinationDomain,\n bytes32 recipient,\n bytes32 destinationCaller,\n bytes calldata messageBody\n ) external returns (uint64);\n\n /**\n * @notice Replace a message with a new message body and/or destination caller.\n * @dev The `originalAttestation` must be a valid attestation of `originalMessage`.\n * @param originalMessage original message to replace\n * @param originalAttestation attestation of `originalMessage`\n * @param newMessageBody new message body of replaced message\n * @param newDestinationCaller the new destination caller\n */\n function replaceMessage(\n bytes calldata originalMessage,\n bytes calldata originalAttestation,\n bytes calldata newMessageBody,\n bytes32 newDestinationCaller\n ) external;\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * @title IReceiver\n * @notice Receives messages on destination chain and forwards them to IMessageDestinationHandler\n */\ninterface IReceiver {\n /**\n * @notice Receives an incoming message, validating the header and passing\n * the body to application-specific handler.\n * @param message The message raw bytes\n * @param signature The message signature\n * @return success bool, true if successful\n */\n function receiveMessage(bytes calldata message, bytes calldata signature)\n external\n returns (bool success);\n}\n\n/**\n * @title IMessageTransmitter\n * @notice Interface for message transmitters, which both relay and receive messages.\n */\ninterface IMessageTransmitter is IRelayer, IReceiver {\n\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * @title IMessageHandler\n * @notice Handles messages on destination domain forwarded from\n * an IReceiver\n */\ninterface IMessageHandler {\n /**\n * @notice handles an incoming message from a Receiver\n * @param sourceDomain the source domain of the message\n * @param sender the sender of the message\n * @param messageBody The message raw bytes\n * @return success bool, true if successful\n */\n function handleReceiveMessage(\n uint32 sourceDomain,\n bytes32 sender,\n bytes calldata messageBody\n ) external returns (bool);\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * @title Message Library\n * @notice Library for formatted messages used by Relayer and Receiver.\n *\n * @dev The message body is dynamically-sized to support custom message body\n * formats. Other fields must be fixed-size to avoid hash collisions.\n * Each other input value has an explicit type to guarantee fixed-size.\n * Padding: uintNN fields are left-padded, and bytesNN fields are right-padded.\n *\n * Field Bytes Type Index\n * version 4 uint32 0\n * sourceDomain 4 uint32 4\n * destinationDomain 4 uint32 8\n * nonce 8 uint64 12\n * sender 32 bytes32 20\n * recipient 32 bytes32 52\n * destinationCaller 32 bytes32 84\n * messageBody dynamic bytes 116\n *\n **/\nlibrary Message {\n using TypedMemView for bytes;\n using TypedMemView for bytes29;\n\n // Indices of each field in message\n uint8 private constant VERSION_INDEX = 0;\n uint8 private constant SOURCE_DOMAIN_INDEX = 4;\n uint8 private constant DESTINATION_DOMAIN_INDEX = 8;\n uint8 private constant NONCE_INDEX = 12;\n uint8 private constant SENDER_INDEX = 20;\n uint8 private constant RECIPIENT_INDEX = 52;\n uint8 private constant DESTINATION_CALLER_INDEX = 84;\n uint8 private constant MESSAGE_BODY_INDEX = 116;\n\n /**\n * @notice Returns formatted (packed) message with provided fields\n * @param _msgVersion the version of the message format\n * @param _msgSourceDomain Domain of home chain\n * @param _msgDestinationDomain Domain of destination chain\n * @param _msgNonce Destination-specific nonce\n * @param _msgSender Address of sender on source chain as bytes32\n * @param _msgRecipient Address of recipient on destination chain as bytes32\n * @param _msgDestinationCaller Address of caller on destination chain as bytes32\n * @param _msgRawBody Raw bytes of message body\n * @return Formatted message\n **/\n function _formatMessage(\n uint32 _msgVersion,\n uint32 _msgSourceDomain,\n uint32 _msgDestinationDomain,\n uint64 _msgNonce,\n bytes32 _msgSender,\n bytes32 _msgRecipient,\n bytes32 _msgDestinationCaller,\n bytes memory _msgRawBody\n ) internal pure returns (bytes memory) {\n return\n abi.encodePacked(\n _msgVersion,\n _msgSourceDomain,\n _msgDestinationDomain,\n _msgNonce,\n _msgSender,\n _msgRecipient,\n _msgDestinationCaller,\n _msgRawBody\n );\n }\n\n // @notice Returns _message's version field\n function _version(bytes29 _message) internal pure returns (uint32) {\n return uint32(_message.indexUint(VERSION_INDEX, 4));\n }\n\n // @notice Returns _message's sourceDomain field\n function _sourceDomain(bytes29 _message) internal pure returns (uint32) {\n return uint32(_message.indexUint(SOURCE_DOMAIN_INDEX, 4));\n }\n\n // @notice Returns _message's destinationDomain field\n function _destinationDomain(bytes29 _message)\n internal\n pure\n returns (uint32)\n {\n return uint32(_message.indexUint(DESTINATION_DOMAIN_INDEX, 4));\n }\n\n // @notice Returns _message's nonce field\n function _nonce(bytes29 _message) internal pure returns (uint64) {\n return uint64(_message.indexUint(NONCE_INDEX, 8));\n }\n\n // @notice Returns _message's sender field\n function _sender(bytes29 _message) internal pure returns (bytes32) {\n return _message.index(SENDER_INDEX, 32);\n }\n\n // @notice Returns _message's recipient field\n function _recipient(bytes29 _message) internal pure returns (bytes32) {\n return _message.index(RECIPIENT_INDEX, 32);\n }\n\n // @notice Returns _message's destinationCaller field\n function _destinationCaller(bytes29 _message)\n internal\n pure\n returns (bytes32)\n {\n return _message.index(DESTINATION_CALLER_INDEX, 32);\n }\n\n // @notice Returns _message's messageBody field\n function _messageBody(bytes29 _message) internal pure returns (bytes29) {\n return\n _message.slice(\n MESSAGE_BODY_INDEX,\n _message.len() - MESSAGE_BODY_INDEX,\n 0\n );\n }\n\n /**\n * @notice converts address to bytes32 (alignment preserving cast.)\n * @param addr the address to convert to bytes32\n */\n function addressToBytes32(address addr) external pure returns (bytes32) {\n return bytes32(uint256(uint160(addr)));\n }\n\n /**\n * @notice converts bytes32 to address (alignment preserving cast.)\n * @dev Warning: it is possible to have different input values _buf map to the same address.\n * For use cases where this is not acceptable, validate that the first 12 bytes of _buf are zero-padding.\n * @param _buf the bytes32 to convert to address\n */\n function bytes32ToAddress(bytes32 _buf) public pure returns (address) {\n return address(uint160(uint256(_buf)));\n }\n\n /**\n * @notice Reverts if message is malformed or incorrect length\n * @param _message The message as bytes29\n */\n function _validateMessageFormat(bytes29 _message) internal pure {\n require(_message.isValid(), \"Malformed message\");\n require(\n _message.len() \u003e= MESSAGE_BODY_INDEX,\n \"Invalid message: too short\"\n );\n }\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/*\n * @dev Provides information about the current execution context, including the\n * sender of the transaction and its data. While these are generally available\n * via msg.sender and msg.data, they should not be accessed in such a direct\n * manner, since when dealing with GSN meta-transactions the account sending and\n * paying for execution may not be the actual sender (as far as an application\n * is concerned).\n *\n * This contract is only required for intermediate, library-like contracts.\n */\nabstract contract Context {\n function _msgSender() internal view virtual returns (address payable) {\n return msg.sender;\n }\n\n function _msgData() internal view virtual returns (bytes memory) {\n this; // silence state mutability warning without generating bytecode - see https://github.com/ethereum/solidity/issues/2691\n return msg.data;\n }\n}\n\n/**\n * @dev forked from https://github.com/OpenZeppelin/openzeppelin-contracts/blob/7c5f6bc2c8743d83443fa46395d75f2f3f99054a/contracts/access/Ownable.sol\n * Modifications:\n * 1. Update Solidity version from 0.8.0 to 0.7.6 (11/9/2022). (v8 was used\n * as base because it includes internal _transferOwnership method.)\n * 2. Remove renounceOwnership function\n *\n * Description\n * Contract module which provides a basic access control mechanism, where\n * there is an account (an owner) that can be granted exclusive access to\n * specific functions.\n *\n * By default, the owner account will be the one that deploys the contract. This\n * can later be changed with {transferOwnership}.\n *\n * This module is used through inheritance. It will make available the modifier\n * `onlyOwner`, which can be applied to your functions to restrict their use to\n * the owner.\n */\nabstract contract Ownable is Context {\n address private _owner;\n\n event OwnershipTransferred(\n address indexed previousOwner,\n address indexed newOwner\n );\n\n /**\n * @dev Initializes the contract setting the deployer as the initial owner.\n */\n constructor() {\n _transferOwnership(_msgSender());\n }\n\n /**\n * @dev Throws if called by any account other than the owner.\n */\n modifier onlyOwner() {\n _checkOwner();\n _;\n }\n\n /**\n * @dev Returns the address of the current owner.\n */\n function owner() public view virtual returns (address) {\n return _owner;\n }\n\n /**\n * @dev Throws if the sender is not the owner.\n */\n function _checkOwner() internal view virtual {\n require(owner() == _msgSender(), \"Ownable: caller is not the owner\");\n }\n\n /**\n * @dev Transfers ownership of the contract to a new account (`newOwner`).\n * Can only be called by the current owner.\n */\n function transferOwnership(address newOwner) public virtual onlyOwner {\n require(\n newOwner != address(0),\n \"Ownable: new owner is the zero address\"\n );\n _transferOwnership(newOwner);\n }\n\n /**\n * @dev Transfers ownership of the contract to a new account (`newOwner`).\n * Internal function without access restriction.\n */\n function _transferOwnership(address newOwner) internal virtual {\n address oldOwner = _owner;\n _owner = newOwner;\n emit OwnershipTransferred(oldOwner, newOwner);\n }\n}\n\n/**\n * @dev forked from https://github.com/OpenZeppelin/openzeppelin-contracts/blob/7c5f6bc2c8743d83443fa46395d75f2f3f99054a/contracts/access/Ownable2Step.sol\n * Modifications:\n * 1. Update Solidity version from 0.8.0 to 0.7.6. Version 0.8.0 was used\n * as base because this contract was added to OZ repo after version 0.8.0.\n *\n * Contract module which provides access control mechanism, where\n * there is an account (an owner) that can be granted exclusive access to\n * specific functions.\n *\n * By default, the owner account will be the one that deploys the contract. This\n * can later be changed with {transferOwnership} and {acceptOwnership}.\n *\n * This module is used through inheritance. It will make available all functions\n * from parent (Ownable).\n */\nabstract contract Ownable2Step is Ownable {\n address private _pendingOwner;\n\n event OwnershipTransferStarted(\n address indexed previousOwner,\n address indexed newOwner\n );\n\n /**\n * @dev Returns the address of the pending owner.\n */\n function pendingOwner() public view virtual returns (address) {\n return _pendingOwner;\n }\n\n /**\n * @dev Starts the ownership transfer of the contract to a new account. Replaces the pending transfer if there is one.\n * Can only be called by the current owner.\n */\n function transferOwnership(address newOwner)\n public\n virtual\n override\n onlyOwner\n {\n _pendingOwner = newOwner;\n emit OwnershipTransferStarted(owner(), newOwner);\n }\n\n /**\n * @dev Transfers ownership of the contract to a new account (`newOwner`) and deletes any pending owner.\n * Internal function without access restriction.\n */\n function _transferOwnership(address newOwner) internal virtual override {\n delete _pendingOwner;\n super._transferOwnership(newOwner);\n }\n\n /**\n * @dev The new owner accepts the ownership transfer.\n */\n function acceptOwnership() external {\n address sender = _msgSender();\n require(\n pendingOwner() == sender,\n \"Ownable2Step: caller is not the new owner\"\n );\n _transferOwnership(sender);\n }\n}\n\n/**\n * @notice Base contract which allows children to implement an emergency stop\n * mechanism\n * @dev Forked from https://github.com/centrehq/centre-tokens/blob/0d3cab14ebd133a83fc834dbd48d0468bdf0b391/contracts/v1/Pausable.sol\n * Modifications:\n * 1. Update Solidity version from 0.6.12 to 0.7.6 (8/23/2022)\n * 2. Change pauser visibility to private, declare external getter (11/19/22)\n */\ncontract Pausable is Ownable2Step {\n event Pause();\n event Unpause();\n event PauserChanged(address indexed newAddress);\n\n address private _pauser;\n bool public paused = false;\n\n /**\n * @dev Modifier to make a function callable only when the contract is not paused.\n */\n modifier whenNotPaused() {\n require(!paused, \"Pausable: paused\");\n _;\n }\n\n /**\n * @dev throws if called by any account other than the pauser\n */\n modifier onlyPauser() {\n require(msg.sender == _pauser, \"Pausable: caller is not the pauser\");\n _;\n }\n\n /**\n * @notice Returns current pauser\n * @return Pauser's address\n */\n function pauser() external view returns (address) {\n return _pauser;\n }\n\n /**\n * @dev called by the owner to pause, triggers stopped state\n */\n function pause() external onlyPauser {\n paused = true;\n emit Pause();\n }\n\n /**\n * @dev called by the owner to unpause, returns to normal state\n */\n function unpause() external onlyPauser {\n paused = false;\n emit Unpause();\n }\n\n /**\n * @dev update the pauser role\n */\n function updatePauser(address _newPauser) external onlyOwner {\n require(\n _newPauser != address(0),\n \"Pausable: new pauser is the zero address\"\n );\n _pauser = _newPauser;\n emit PauserChanged(_pauser);\n }\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * @dev Interface of the ERC20 standard as defined in the EIP.\n */\ninterface IERC20 {\n /**\n * @dev Returns the amount of tokens in existence.\n */\n function totalSupply() external view returns (uint256);\n\n /**\n * @dev Returns the amount of tokens owned by `account`.\n */\n function balanceOf(address account) external view returns (uint256);\n\n /**\n * @dev Moves `amount` tokens from the caller's account to `recipient`.\n *\n * Returns a boolean value indicating whether the operation succeeded.\n *\n * Emits a {Transfer} event.\n */\n function transfer(address recipient, uint256 amount) external returns (bool);\n\n /**\n * @dev Returns the remaining number of tokens that `spender` will be\n * allowed to spend on behalf of `owner` through {transferFrom}. This is\n * zero by default.\n *\n * This value changes when {approve} or {transferFrom} are called.\n */\n function allowance(address owner, address spender) external view returns (uint256);\n\n /**\n * @dev Sets `amount` as the allowance of `spender` over the caller's tokens.\n *\n * Returns a boolean value indicating whether the operation succeeded.\n *\n * IMPORTANT: Beware that changing an allowance with this method brings the risk\n * that someone may use both the old and the new allowance by unfortunate\n * transaction ordering. One possible solution to mitigate this race\n * condition is to first reduce the spender's allowance to 0 and set the\n * desired value afterwards:\n * https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729\n *\n * Emits an {Approval} event.\n */\n function approve(address spender, uint256 amount) external returns (bool);\n\n /**\n * @dev Moves `amount` tokens from `sender` to `recipient` using the\n * allowance mechanism. `amount` is then deducted from the caller's\n * allowance.\n *\n * Returns a boolean value indicating whether the operation succeeded.\n *\n * Emits a {Transfer} event.\n */\n function transferFrom(address sender, address recipient, uint256 amount) external returns (bool);\n\n /**\n * @dev Emitted when `value` tokens are moved from one account (`from`) to\n * another (`to`).\n *\n * Note that `value` may be zero.\n */\n event Transfer(address indexed from, address indexed to, uint256 value);\n\n /**\n * @dev Emitted when the allowance of a `spender` for an `owner` is set by\n * a call to {approve}. `value` is the new allowance.\n */\n event Approval(address indexed owner, address indexed spender, uint256 value);\n}\n\n/**\n * @dev Wrappers over Solidity's arithmetic operations with added overflow\n * checks.\n *\n * Arithmetic operations in Solidity wrap on overflow. This can easily result\n * in bugs, because programmers usually assume that an overflow raises an\n * error, which is the standard behavior in high level programming languages.\n * `SafeMath` restores this intuition by reverting the transaction when an\n * operation overflows.\n *\n * Using this library instead of the unchecked operations eliminates an entire\n * class of bugs, so it's recommended to use it always.\n */\nlibrary SafeMath {\n /**\n * @dev Returns the addition of two unsigned integers, with an overflow flag.\n *\n * _Available since v3.4._\n */\n function tryAdd(uint256 a, uint256 b) internal pure returns (bool, uint256) {\n uint256 c = a + b;\n if (c \u003c a) return (false, 0);\n return (true, c);\n }\n\n /**\n * @dev Returns the substraction of two unsigned integers, with an overflow flag.\n *\n * _Available since v3.4._\n */\n function trySub(uint256 a, uint256 b) internal pure returns (bool, uint256) {\n if (b \u003e a) return (false, 0);\n return (true, a - b);\n }\n\n /**\n * @dev Returns the multiplication of two unsigned integers, with an overflow flag.\n *\n * _Available since v3.4._\n */\n function tryMul(uint256 a, uint256 b) internal pure returns (bool, uint256) {\n // Gas optimization: this is cheaper than requiring 'a' not being zero, but the\n // benefit is lost if 'b' is also tested.\n // See: https://github.com/OpenZeppelin/openzeppelin-contracts/pull/522\n if (a == 0) return (true, 0);\n uint256 c = a * b;\n if (c / a != b) return (false, 0);\n return (true, c);\n }\n\n /**\n * @dev Returns the division of two unsigned integers, with a division by zero flag.\n *\n * _Available since v3.4._\n */\n function tryDiv(uint256 a, uint256 b) internal pure returns (bool, uint256) {\n if (b == 0) return (false, 0);\n return (true, a / b);\n }\n\n /**\n * @dev Returns the remainder of dividing two unsigned integers, with a division by zero flag.\n *\n * _Available since v3.4._\n */\n function tryMod(uint256 a, uint256 b) internal pure returns (bool, uint256) {\n if (b == 0) return (false, 0);\n return (true, a % b);\n }\n\n /**\n * @dev Returns the addition of two unsigned integers, reverting on\n * overflow.\n *\n * Counterpart to Solidity's `+` operator.\n *\n * Requirements:\n *\n * - Addition cannot overflow.\n */\n function add(uint256 a, uint256 b) internal pure returns (uint256) {\n uint256 c = a + b;\n require(c \u003e= a, \"SafeMath: addition overflow\");\n return c;\n }\n\n /**\n * @dev Returns the subtraction of two unsigned integers, reverting on\n * overflow (when the result is negative).\n *\n * Counterpart to Solidity's `-` operator.\n *\n * Requirements:\n *\n * - Subtraction cannot overflow.\n */\n function sub(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b \u003c= a, \"SafeMath: subtraction overflow\");\n return a - b;\n }\n\n /**\n * @dev Returns the multiplication of two unsigned integers, reverting on\n * overflow.\n *\n * Counterpart to Solidity's `*` operator.\n *\n * Requirements:\n *\n * - Multiplication cannot overflow.\n */\n function mul(uint256 a, uint256 b) internal pure returns (uint256) {\n if (a == 0) return 0;\n uint256 c = a * b;\n require(c / a == b, \"SafeMath: multiplication overflow\");\n return c;\n }\n\n /**\n * @dev Returns the integer division of two unsigned integers, reverting on\n * division by zero. The result is rounded towards zero.\n *\n * Counterpart to Solidity's `/` operator. Note: this function uses a\n * `revert` opcode (which leaves remaining gas untouched) while Solidity\n * uses an invalid opcode to revert (consuming all remaining gas).\n *\n * Requirements:\n *\n * - The divisor cannot be zero.\n */\n function div(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b \u003e 0, \"SafeMath: division by zero\");\n return a / b;\n }\n\n /**\n * @dev Returns the remainder of dividing two unsigned integers. (unsigned integer modulo),\n * reverting when dividing by zero.\n *\n * Counterpart to Solidity's `%` operator. This function uses a `revert`\n * opcode (which leaves remaining gas untouched) while Solidity uses an\n * invalid opcode to revert (consuming all remaining gas).\n *\n * Requirements:\n *\n * - The divisor cannot be zero.\n */\n function mod(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b \u003e 0, \"SafeMath: modulo by zero\");\n return a % b;\n }\n\n /**\n * @dev Returns the subtraction of two unsigned integers, reverting with custom message on\n * overflow (when the result is negative).\n *\n * CAUTION: This function is deprecated because it requires allocating memory for the error\n * message unnecessarily. For custom revert reasons use {trySub}.\n *\n * Counterpart to Solidity's `-` operator.\n *\n * Requirements:\n *\n * - Subtraction cannot overflow.\n */\n function sub(uint256 a, uint256 b, string memory errorMessage) internal pure returns (uint256) {\n require(b \u003c= a, errorMessage);\n return a - b;\n }\n\n /**\n * @dev Returns the integer division of two unsigned integers, reverting with custom message on\n * division by zero. The result is rounded towards zero.\n *\n * CAUTION: This function is deprecated because it requires allocating memory for the error\n * message unnecessarily. For custom revert reasons use {tryDiv}.\n *\n * Counterpart to Solidity's `/` operator. Note: this function uses a\n * `revert` opcode (which leaves remaining gas untouched) while Solidity\n * uses an invalid opcode to revert (consuming all remaining gas).\n *\n * Requirements:\n *\n * - The divisor cannot be zero.\n */\n function div(uint256 a, uint256 b, string memory errorMessage) internal pure returns (uint256) {\n require(b \u003e 0, errorMessage);\n return a / b;\n }\n\n /**\n * @dev Returns the remainder of dividing two unsigned integers. (unsigned integer modulo),\n * reverting with custom message when dividing by zero.\n *\n * CAUTION: This function is deprecated because it requires allocating memory for the error\n * message unnecessarily. For custom revert reasons use {tryMod}.\n *\n * Counterpart to Solidity's `%` operator. This function uses a `revert`\n * opcode (which leaves remaining gas untouched) while Solidity uses an\n * invalid opcode to revert (consuming all remaining gas).\n *\n * Requirements:\n *\n * - The divisor cannot be zero.\n */\n function mod(uint256 a, uint256 b, string memory errorMessage) internal pure returns (uint256) {\n require(b \u003e 0, errorMessage);\n return a % b;\n }\n}\n\n/**\n * @dev Collection of functions related to the address type\n */\nlibrary Address {\n /**\n * @dev Returns true if `account` is a contract.\n *\n * [IMPORTANT]\n * ====\n * It is unsafe to assume that an address for which this function returns\n * false is an externally-owned account (EOA) and not a contract.\n *\n * Among others, `isContract` will return false for the following\n * types of addresses:\n *\n * - an externally-owned account\n * - a contract in construction\n * - an address where a contract will be created\n * - an address where a contract lived, but was destroyed\n * ====\n */\n function isContract(address account) internal view returns (bool) {\n // This method relies on extcodesize, which returns 0 for contracts in\n // construction, since the code is only stored at the end of the\n // constructor execution.\n\n uint256 size;\n // solhint-disable-next-line no-inline-assembly\n assembly { size := extcodesize(account) }\n return size \u003e 0;\n }\n\n /**\n * @dev Replacement for Solidity's `transfer`: sends `amount` wei to\n * `recipient`, forwarding all available gas and reverting on errors.\n *\n * https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost\n * of certain opcodes, possibly making contracts go over the 2300 gas limit\n * imposed by `transfer`, making them unable to receive funds via\n * `transfer`. {sendValue} removes this limitation.\n *\n * https://diligence.consensys.net/posts/2019/09/stop-using-soliditys-transfer-now/[Learn more].\n *\n * IMPORTANT: because control is transferred to `recipient`, care must be\n * taken to not create reentrancy vulnerabilities. Consider using\n * {ReentrancyGuard} or the\n * https://solidity.readthedocs.io/en/v0.5.11/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern].\n */\n function sendValue(address payable recipient, uint256 amount) internal {\n require(address(this).balance \u003e= amount, \"Address: insufficient balance\");\n\n // solhint-disable-next-line avoid-low-level-calls, avoid-call-value\n (bool success, ) = recipient.call{ value: amount }(\"\");\n require(success, \"Address: unable to send value, recipient may have reverted\");\n }\n\n /**\n * @dev Performs a Solidity function call using a low level `call`. A\n * plain`call` is an unsafe replacement for a function call: use this\n * function instead.\n *\n * If `target` reverts with a revert reason, it is bubbled up by this\n * function (like regular Solidity function calls).\n *\n * Returns the raw returned data. To convert to the expected return value,\n * use https://solidity.readthedocs.io/en/latest/units-and-global-variables.html?highlight=abi.decode#abi-encoding-and-decoding-functions[`abi.decode`].\n *\n * Requirements:\n *\n * - `target` must be a contract.\n * - calling `target` with `data` must not revert.\n *\n * _Available since v3.1._\n */\n function functionCall(address target, bytes memory data) internal returns (bytes memory) {\n return functionCall(target, data, \"Address: low-level call failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], but with\n * `errorMessage` as a fallback revert reason when `target` reverts.\n *\n * _Available since v3.1._\n */\n function functionCall(address target, bytes memory data, string memory errorMessage) internal returns (bytes memory) {\n return functionCallWithValue(target, data, 0, errorMessage);\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\n * but also transferring `value` wei to `target`.\n *\n * Requirements:\n *\n * - the calling contract must have an ETH balance of at least `value`.\n * - the called Solidity function must be `payable`.\n *\n * _Available since v3.1._\n */\n function functionCallWithValue(address target, bytes memory data, uint256 value) internal returns (bytes memory) {\n return functionCallWithValue(target, data, value, \"Address: low-level call with value failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCallWithValue-address-bytes-uint256-}[`functionCallWithValue`], but\n * with `errorMessage` as a fallback revert reason when `target` reverts.\n *\n * _Available since v3.1._\n */\n function functionCallWithValue(address target, bytes memory data, uint256 value, string memory errorMessage) internal returns (bytes memory) {\n require(address(this).balance \u003e= value, \"Address: insufficient balance for call\");\n require(isContract(target), \"Address: call to non-contract\");\n\n // solhint-disable-next-line avoid-low-level-calls\n (bool success, bytes memory returndata) = target.call{ value: value }(data);\n return _verifyCallResult(success, returndata, errorMessage);\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\n * but performing a static call.\n *\n * _Available since v3.3._\n */\n function functionStaticCall(address target, bytes memory data) internal view returns (bytes memory) {\n return functionStaticCall(target, data, \"Address: low-level static call failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],\n * but performing a static call.\n *\n * _Available since v3.3._\n */\n function functionStaticCall(address target, bytes memory data, string memory errorMessage) internal view returns (bytes memory) {\n require(isContract(target), \"Address: static call to non-contract\");\n\n // solhint-disable-next-line avoid-low-level-calls\n (bool success, bytes memory returndata) = target.staticcall(data);\n return _verifyCallResult(success, returndata, errorMessage);\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\n * but performing a delegate call.\n *\n * _Available since v3.4._\n */\n function functionDelegateCall(address target, bytes memory data) internal returns (bytes memory) {\n return functionDelegateCall(target, data, \"Address: low-level delegate call failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],\n * but performing a delegate call.\n *\n * _Available since v3.4._\n */\n function functionDelegateCall(address target, bytes memory data, string memory errorMessage) internal returns (bytes memory) {\n require(isContract(target), \"Address: delegate call to non-contract\");\n\n // solhint-disable-next-line avoid-low-level-calls\n (bool success, bytes memory returndata) = target.delegatecall(data);\n return _verifyCallResult(success, returndata, errorMessage);\n }\n\n function _verifyCallResult(bool success, bytes memory returndata, string memory errorMessage) private pure returns(bytes memory) {\n if (success) {\n return returndata;\n } else {\n // Look for revert reason and bubble it up if present\n if (returndata.length \u003e 0) {\n // The easiest way to bubble the revert reason is using memory via assembly\n\n // solhint-disable-next-line no-inline-assembly\n assembly {\n let returndata_size := mload(returndata)\n revert(add(32, returndata), returndata_size)\n }\n } else {\n revert(errorMessage);\n }\n }\n }\n}\n\n/**\n * @title SafeERC20\n * @dev Wrappers around ERC20 operations that throw on failure (when the token\n * contract returns false). Tokens that return no value (and instead revert or\n * throw on failure) are also supported, non-reverting calls are assumed to be\n * successful.\n * To use this library you can add a `using SafeERC20 for IERC20;` statement to your contract,\n * which allows you to call the safe operations as `token.safeTransfer(...)`, etc.\n */\nlibrary SafeERC20 {\n using SafeMath for uint256;\n using Address for address;\n\n function safeTransfer(IERC20 token, address to, uint256 value) internal {\n _callOptionalReturn(token, abi.encodeWithSelector(token.transfer.selector, to, value));\n }\n\n function safeTransferFrom(IERC20 token, address from, address to, uint256 value) internal {\n _callOptionalReturn(token, abi.encodeWithSelector(token.transferFrom.selector, from, to, value));\n }\n\n /**\n * @dev Deprecated. This function has issues similar to the ones found in\n * {IERC20-approve}, and its usage is discouraged.\n *\n * Whenever possible, use {safeIncreaseAllowance} and\n * {safeDecreaseAllowance} instead.\n */\n function safeApprove(IERC20 token, address spender, uint256 value) internal {\n // safeApprove should only be called when setting an initial allowance,\n // or when resetting it to zero. To increase and decrease it, use\n // 'safeIncreaseAllowance' and 'safeDecreaseAllowance'\n // solhint-disable-next-line max-line-length\n require((value == 0) || (token.allowance(address(this), spender) == 0),\n \"SafeERC20: approve from non-zero to non-zero allowance\"\n );\n _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, value));\n }\n\n function safeIncreaseAllowance(IERC20 token, address spender, uint256 value) internal {\n uint256 newAllowance = token.allowance(address(this), spender).add(value);\n _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, newAllowance));\n }\n\n function safeDecreaseAllowance(IERC20 token, address spender, uint256 value) internal {\n uint256 newAllowance = token.allowance(address(this), spender).sub(value, \"SafeERC20: decreased allowance below zero\");\n _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, newAllowance));\n }\n\n /**\n * @dev Imitates a Solidity high-level call (i.e. a regular function call to a contract), relaxing the requirement\n * on the return value: the return value is optional (but if data is returned, it must not be false).\n * @param token The token targeted by the call.\n * @param data The call data (encoded using abi.encode or one of its variants).\n */\n function _callOptionalReturn(IERC20 token, bytes memory data) private {\n // We need to perform a low level call here, to bypass Solidity's return data size checking mechanism, since\n // we're implementing it ourselves. We use {Address.functionCall} to perform this call, which verifies that\n // the target address contains contract code and also asserts for success in the low-level call.\n\n bytes memory returndata = address(token).functionCall(data, \"SafeERC20: low-level call failed\");\n if (returndata.length \u003e 0) { // Return data is optional\n // solhint-disable-next-line max-line-length\n require(abi.decode(returndata, (bool)), \"SafeERC20: ERC20 operation did not succeed\");\n }\n }\n}\n\n/**\n * @notice Base contract which allows children to rescue ERC20 locked in their contract.\n * @dev Forked from https://github.com/centrehq/centre-tokens/blob/0d3cab14ebd133a83fc834dbd48d0468bdf0b391/contracts/v1.1/Rescuable.sol\n * Modifications:\n * 1. Update Solidity version from 0.6.12 to 0.7.6 (8/23/2022)\n */\ncontract Rescuable is Ownable2Step {\n using SafeERC20 for IERC20;\n\n address private _rescuer;\n\n event RescuerChanged(address indexed newRescuer);\n\n /**\n * @notice Returns current rescuer\n * @return Rescuer's address\n */\n function rescuer() external view returns (address) {\n return _rescuer;\n }\n\n /**\n * @notice Revert if called by any account other than the rescuer.\n */\n modifier onlyRescuer() {\n require(msg.sender == _rescuer, \"Rescuable: caller is not the rescuer\");\n _;\n }\n\n /**\n * @notice Rescue ERC20 tokens locked up in this contract.\n * @param tokenContract ERC20 token contract address\n * @param to Recipient address\n * @param amount Amount to withdraw\n */\n function rescueERC20(\n IERC20 tokenContract,\n address to,\n uint256 amount\n ) external onlyRescuer {\n tokenContract.safeTransfer(to, amount);\n }\n\n /**\n * @notice Assign the rescuer role to a given address.\n * @param newRescuer New rescuer's address\n */\n function updateRescuer(address newRescuer) external onlyOwner {\n require(\n newRescuer != address(0),\n \"Rescuable: new rescuer is the zero address\"\n );\n _rescuer = newRescuer;\n emit RescuerChanged(newRescuer);\n }\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * @dev Library for managing\n * https://en.wikipedia.org/wiki/Set_(abstract_data_type)[sets] of primitive\n * types.\n *\n * Sets have the following properties:\n *\n * - Elements are added, removed, and checked for existence in constant time\n * (O(1)).\n * - Elements are enumerated in O(n). No guarantees are made on the ordering.\n *\n * ```\n * contract Example {\n * // Add the library methods\n * using EnumerableSet for EnumerableSet.AddressSet;\n *\n * // Declare a set state variable\n * EnumerableSet.AddressSet private mySet;\n * }\n * ```\n *\n * As of v3.3.0, sets of type `bytes32` (`Bytes32Set`), `address` (`AddressSet`)\n * and `uint256` (`UintSet`) are supported.\n */\nlibrary EnumerableSet {\n // To implement this library for multiple types with as little code\n // repetition as possible, we write it in terms of a generic Set type with\n // bytes32 values.\n // The Set implementation uses private functions, and user-facing\n // implementations (such as AddressSet) are just wrappers around the\n // underlying Set.\n // This means that we can only create new EnumerableSets for types that fit\n // in bytes32.\n\n struct Set {\n // Storage of set values\n bytes32[] _values;\n\n // Position of the value in the `values` array, plus 1 because index 0\n // means a value is not in the set.\n mapping (bytes32 =\u003e uint256) _indexes;\n }\n\n /**\n * @dev Add a value to a set. O(1).\n *\n * Returns true if the value was added to the set, that is if it was not\n * already present.\n */\n function _add(Set storage set, bytes32 value) private returns (bool) {\n if (!_contains(set, value)) {\n set._values.push(value);\n // The value is stored at length-1, but we add 1 to all indexes\n // and use 0 as a sentinel value\n set._indexes[value] = set._values.length;\n return true;\n } else {\n return false;\n }\n }\n\n /**\n * @dev Removes a value from a set. O(1).\n *\n * Returns true if the value was removed from the set, that is if it was\n * present.\n */\n function _remove(Set storage set, bytes32 value) private returns (bool) {\n // We read and store the value's index to prevent multiple reads from the same storage slot\n uint256 valueIndex = set._indexes[value];\n\n if (valueIndex != 0) { // Equivalent to contains(set, value)\n // To delete an element from the _values array in O(1), we swap the element to delete with the last one in\n // the array, and then remove the last element (sometimes called as 'swap and pop').\n // This modifies the order of the array, as noted in {at}.\n\n uint256 toDeleteIndex = valueIndex - 1;\n uint256 lastIndex = set._values.length - 1;\n\n // When the value to delete is the last one, the swap operation is unnecessary. However, since this occurs\n // so rarely, we still do the swap anyway to avoid the gas cost of adding an 'if' statement.\n\n bytes32 lastvalue = set._values[lastIndex];\n\n // Move the last value to the index where the value to delete is\n set._values[toDeleteIndex] = lastvalue;\n // Update the index for the moved value\n set._indexes[lastvalue] = toDeleteIndex + 1; // All indexes are 1-based\n\n // Delete the slot where the moved value was stored\n set._values.pop();\n\n // Delete the index for the deleted slot\n delete set._indexes[value];\n\n return true;\n } else {\n return false;\n }\n }\n\n /**\n * @dev Returns true if the value is in the set. O(1).\n */\n function _contains(Set storage set, bytes32 value) private view returns (bool) {\n return set._indexes[value] != 0;\n }\n\n /**\n * @dev Returns the number of values on the set. O(1).\n */\n function _length(Set storage set) private view returns (uint256) {\n return set._values.length;\n }\n\n /**\n * @dev Returns the value stored at position `index` in the set. O(1).\n *\n * Note that there are no guarantees on the ordering of values inside the\n * array, and it may change when more values are added or removed.\n *\n * Requirements:\n *\n * - `index` must be strictly less than {length}.\n */\n function _at(Set storage set, uint256 index) private view returns (bytes32) {\n require(set._values.length \u003e index, \"EnumerableSet: index out of bounds\");\n return set._values[index];\n }\n\n // Bytes32Set\n\n struct Bytes32Set {\n Set _inner;\n }\n\n /**\n * @dev Add a value to a set. O(1).\n *\n * Returns true if the value was added to the set, that is if it was not\n * already present.\n */\n function add(Bytes32Set storage set, bytes32 value) internal returns (bool) {\n return _add(set._inner, value);\n }\n\n /**\n * @dev Removes a value from a set. O(1).\n *\n * Returns true if the value was removed from the set, that is if it was\n * present.\n */\n function remove(Bytes32Set storage set, bytes32 value) internal returns (bool) {\n return _remove(set._inner, value);\n }\n\n /**\n * @dev Returns true if the value is in the set. O(1).\n */\n function contains(Bytes32Set storage set, bytes32 value) internal view returns (bool) {\n return _contains(set._inner, value);\n }\n\n /**\n * @dev Returns the number of values in the set. O(1).\n */\n function length(Bytes32Set storage set) internal view returns (uint256) {\n return _length(set._inner);\n }\n\n /**\n * @dev Returns the value stored at position `index` in the set. O(1).\n *\n * Note that there are no guarantees on the ordering of values inside the\n * array, and it may change when more values are added or removed.\n *\n * Requirements:\n *\n * - `index` must be strictly less than {length}.\n */\n function at(Bytes32Set storage set, uint256 index) internal view returns (bytes32) {\n return _at(set._inner, index);\n }\n\n // AddressSet\n\n struct AddressSet {\n Set _inner;\n }\n\n /**\n * @dev Add a value to a set. O(1).\n *\n * Returns true if the value was added to the set, that is if it was not\n * already present.\n */\n function add(AddressSet storage set, address value) internal returns (bool) {\n return _add(set._inner, bytes32(uint256(uint160(value))));\n }\n\n /**\n * @dev Removes a value from a set. O(1).\n *\n * Returns true if the value was removed from the set, that is if it was\n * present.\n */\n function remove(AddressSet storage set, address value) internal returns (bool) {\n return _remove(set._inner, bytes32(uint256(uint160(value))));\n }\n\n /**\n * @dev Returns true if the value is in the set. O(1).\n */\n function contains(AddressSet storage set, address value) internal view returns (bool) {\n return _contains(set._inner, bytes32(uint256(uint160(value))));\n }\n\n /**\n * @dev Returns the number of values in the set. O(1).\n */\n function length(AddressSet storage set) internal view returns (uint256) {\n return _length(set._inner);\n }\n\n /**\n * @dev Returns the value stored at position `index` in the set. O(1).\n *\n * Note that there are no guarantees on the ordering of values inside the\n * array, and it may change when more values are added or removed.\n *\n * Requirements:\n *\n * - `index` must be strictly less than {length}.\n */\n function at(AddressSet storage set, uint256 index) internal view returns (address) {\n return address(uint160(uint256(_at(set._inner, index))));\n }\n\n // UintSet\n\n struct UintSet {\n Set _inner;\n }\n\n /**\n * @dev Add a value to a set. O(1).\n *\n * Returns true if the value was added to the set, that is if it was not\n * already present.\n */\n function add(UintSet storage set, uint256 value) internal returns (bool) {\n return _add(set._inner, bytes32(value));\n }\n\n /**\n * @dev Removes a value from a set. O(1).\n *\n * Returns true if the value was removed from the set, that is if it was\n * present.\n */\n function remove(UintSet storage set, uint256 value) internal returns (bool) {\n return _remove(set._inner, bytes32(value));\n }\n\n /**\n * @dev Returns true if the value is in the set. O(1).\n */\n function contains(UintSet storage set, uint256 value) internal view returns (bool) {\n return _contains(set._inner, bytes32(value));\n }\n\n /**\n * @dev Returns the number of values on the set. O(1).\n */\n function length(UintSet storage set) internal view returns (uint256) {\n return _length(set._inner);\n }\n\n /**\n * @dev Returns the value stored at position `index` in the set. O(1).\n *\n * Note that there are no guarantees on the ordering of values inside the\n * array, and it may change when more values are added or removed.\n *\n * Requirements:\n *\n * - `index` must be strictly less than {length}.\n */\n function at(UintSet storage set, uint256 index) internal view returns (uint256) {\n return uint256(_at(set._inner, index));\n }\n}\n\n/**\n * @dev Elliptic Curve Digital Signature Algorithm (ECDSA) operations.\n *\n * These functions can be used to verify that a message was signed by the holder\n * of the private keys of a given address.\n */\nlibrary ECDSA {\n /**\n * @dev Returns the address that signed a hashed message (`hash`) with\n * `signature`. This address can then be used for verification purposes.\n *\n * The `ecrecover` EVM opcode allows for malleable (non-unique) signatures:\n * this function rejects them by requiring the `s` value to be in the lower\n * half order, and the `v` value to be either 27 or 28.\n *\n * IMPORTANT: `hash` _must_ be the result of a hash operation for the\n * verification to be secure: it is possible to craft signatures that\n * recover to arbitrary addresses for non-hashed data. A safe way to ensure\n * this is by receiving a hash of the original message (which may otherwise\n * be too long), and then calling {toEthSignedMessageHash} on it.\n */\n function recover(bytes32 hash, bytes memory signature) internal pure returns (address) {\n // Check the signature length\n if (signature.length != 65) {\n revert(\"ECDSA: invalid signature length\");\n }\n\n // Divide the signature in r, s and v variables\n bytes32 r;\n bytes32 s;\n uint8 v;\n\n // ecrecover takes the signature parameters, and the only way to get them\n // currently is to use assembly.\n // solhint-disable-next-line no-inline-assembly\n assembly {\n r := mload(add(signature, 0x20))\n s := mload(add(signature, 0x40))\n v := byte(0, mload(add(signature, 0x60)))\n }\n\n return recover(hash, v, r, s);\n }\n\n /**\n * @dev Overload of {ECDSA-recover-bytes32-bytes-} that receives the `v`,\n * `r` and `s` signature fields separately.\n */\n function recover(bytes32 hash, uint8 v, bytes32 r, bytes32 s) internal pure returns (address) {\n // EIP-2 still allows signature malleability for ecrecover(). Remove this possibility and make the signature\n // unique. Appendix F in the Ethereum Yellow paper (https://ethereum.github.io/yellowpaper/paper.pdf), defines\n // the valid range for s in (281): 0 \u003c s \u003c secp256k1n ÷ 2 + 1, and for v in (282): v ∈ {27, 28}. Most\n // signatures from current libraries generate a unique signature with an s-value in the lower half order.\n //\n // If your library generates malleable signatures, such as s-values in the upper range, calculate a new s-value\n // with 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141 - s1 and flip v from 27 to 28 or\n // vice versa. If your library also generates signatures with 0/1 for v instead 27/28, add 27 to v to accept\n // these malleable signatures as well.\n require(uint256(s) \u003c= 0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0, \"ECDSA: invalid signature 's' value\");\n require(v == 27 || v == 28, \"ECDSA: invalid signature 'v' value\");\n\n // If the signature is valid (and not malleable), return the signer address\n address signer = ecrecover(hash, v, r, s);\n require(signer != address(0), \"ECDSA: invalid signature\");\n\n return signer;\n }\n\n /**\n * @dev Returns an Ethereum Signed Message, created from a `hash`. This\n * replicates the behavior of the\n * https://github.com/ethereum/wiki/wiki/JSON-RPC#eth_sign[`eth_sign`]\n * JSON-RPC method.\n *\n * See {recover}.\n */\n function toEthSignedMessageHash(bytes32 hash) internal pure returns (bytes32) {\n // 32 is the length in bytes of hash,\n // enforced by the type signature above\n return keccak256(abi.encodePacked(\"\\x19Ethereum Signed Message:\\n32\", hash));\n }\n}\n\ncontract Attestable is Ownable2Step {\n // ============ Events ============\n /**\n * @notice Emitted when an attester is enabled\n * @param attester newly enabled attester\n */\n event AttesterEnabled(address indexed attester);\n\n /**\n * @notice Emitted when an attester is disabled\n * @param attester newly disabled attester\n */\n event AttesterDisabled(address indexed attester);\n\n /**\n * @notice Emitted when threshold number of attestations (m in m/n multisig) is updated\n * @param oldSignatureThreshold old signature threshold\n * @param newSignatureThreshold new signature threshold\n */\n event SignatureThresholdUpdated(\n uint256 oldSignatureThreshold,\n uint256 newSignatureThreshold\n );\n\n /**\n * @dev Emitted when attester manager address is updated\n * @param previousAttesterManager representing the address of the previous attester manager\n * @param newAttesterManager representing the address of the new attester manager\n */\n event AttesterManagerUpdated(\n address indexed previousAttesterManager,\n address indexed newAttesterManager\n );\n\n // ============ Libraries ============\n using EnumerableSet for EnumerableSet.AddressSet;\n\n // ============ State Variables ============\n // number of signatures from distinct attesters required for a message to be received (m in m/n multisig)\n uint256 public signatureThreshold;\n\n // 65-byte ECDSA signature: v (32) + r (32) + s (1)\n uint256 internal constant signatureLength = 65;\n\n // enabled attesters (message signers)\n // (length of enabledAttesters is n in m/n multisig of message signers)\n EnumerableSet.AddressSet private enabledAttesters;\n\n // Attester Manager of the contract\n address private _attesterManager;\n\n // ============ Modifiers ============\n /**\n * @dev Throws if called by any account other than the attester manager.\n */\n modifier onlyAttesterManager() {\n require(msg.sender == _attesterManager, \"Caller not attester manager\");\n _;\n }\n\n // ============ Constructor ============\n /**\n * @dev The constructor sets the original attester manager of the contract to the sender account.\n * @param attester attester to initialize\n */\n constructor(address attester) {\n _setAttesterManager(msg.sender);\n // Initially 1 signature is required. Threshold can be increased by attesterManager.\n signatureThreshold = 1;\n enableAttester(attester);\n }\n\n // ============ Public/External Functions ============\n /**\n * @notice Enables an attester\n * @dev Only callable by attesterManager. New attester must be nonzero, and currently disabled.\n * @param newAttester attester to enable\n */\n function enableAttester(address newAttester) public onlyAttesterManager {\n require(newAttester != address(0), \"New attester must be nonzero\");\n require(enabledAttesters.add(newAttester), \"Attester already enabled\");\n emit AttesterEnabled(newAttester);\n }\n\n /**\n * @notice returns true if given `attester` is enabled, else false\n * @param attester attester to check enabled status of\n * @return true if given `attester` is enabled, else false\n */\n function isEnabledAttester(address attester) public view returns (bool) {\n return enabledAttesters.contains(attester);\n }\n\n /**\n * @notice returns the number of enabled attesters\n * @return number of enabled attesters\n */\n function getNumEnabledAttesters() public view returns (uint256) {\n return enabledAttesters.length();\n }\n\n /**\n * @dev Allows the current attester manager to transfer control of the contract to a newAttesterManager.\n * @param newAttesterManager The address to update attester manager to.\n */\n function updateAttesterManager(address newAttesterManager)\n external\n onlyOwner\n {\n require(\n newAttesterManager != address(0),\n \"Invalid attester manager address\"\n );\n address _oldAttesterManager = _attesterManager;\n _setAttesterManager(newAttesterManager);\n emit AttesterManagerUpdated(_oldAttesterManager, newAttesterManager);\n }\n\n /**\n * @notice Disables an attester\n * @dev Only callable by attesterManager. Disabling the attester is not allowed if there is only one attester\n * enabled, or if it would cause the number of enabled attesters to become less than signatureThreshold.\n * (Attester must be currently enabled.)\n * @param attester attester to disable\n */\n function disableAttester(address attester) external onlyAttesterManager {\n // Disallow disabling attester if there is only 1 active attester\n uint256 _numEnabledAttesters = getNumEnabledAttesters();\n\n require(_numEnabledAttesters \u003e 1, \"Too few enabled attesters\");\n\n // Disallow disabling an attester if it would cause the n in m/n multisig to fall below m (threshold # of signers).\n require(\n _numEnabledAttesters \u003e signatureThreshold,\n \"Signature threshold is too low\"\n );\n\n require(enabledAttesters.remove(attester), \"Attester already disabled\");\n emit AttesterDisabled(attester);\n }\n\n /**\n * @notice Sets the threshold of signatures required to attest to a message.\n * (This is the m in m/n multisig.)\n * @dev new signature threshold must be nonzero, and must not exceed number\n * of enabled attesters.\n * @param newSignatureThreshold new signature threshold\n */\n function setSignatureThreshold(uint256 newSignatureThreshold)\n external\n onlyAttesterManager\n {\n require(newSignatureThreshold != 0, \"Invalid signature threshold\");\n\n // New signature threshold cannot exceed the number of enabled attesters\n require(\n newSignatureThreshold \u003c= enabledAttesters.length(),\n \"New signature threshold too high\"\n );\n\n require(\n newSignatureThreshold != signatureThreshold,\n \"Signature threshold already set\"\n );\n\n uint256 _oldSignatureThreshold = signatureThreshold;\n signatureThreshold = newSignatureThreshold;\n emit SignatureThresholdUpdated(\n _oldSignatureThreshold,\n signatureThreshold\n );\n }\n\n /**\n * @dev Returns the address of the attester manager\n * @return address of the attester manager\n */\n function attesterManager() external view returns (address) {\n return _attesterManager;\n }\n\n /**\n * @notice gets enabled attester at given `index`\n * @param index index of attester to check\n * @return enabled attester at given `index`\n */\n function getEnabledAttester(uint256 index) external view returns (address) {\n return enabledAttesters.at(index);\n }\n\n // ============ Internal Utils ============\n /**\n * @dev Sets a new attester manager address\n * @param _newAttesterManager attester manager address to set\n */\n function _setAttesterManager(address _newAttesterManager) internal {\n _attesterManager = _newAttesterManager;\n }\n\n /**\n * @notice reverts if the attestation, which is comprised of one or more concatenated 65-byte signatures, is invalid.\n * @dev Rules for valid attestation:\n * 1. length of `_attestation` == 65 (signature length) * signatureThreshold\n * 2. addresses recovered from attestation must be in increasing order.\n * For example, if signature A is signed by address 0x1..., and signature B\n * is signed by address 0x2..., attestation must be passed as AB.\n * 3. no duplicate signers\n * 4. all signers must be enabled attesters\n *\n * Based on Christian Lundkvist's Simple Multisig\n * (https://github.com/christianlundkvist/simple-multisig/tree/560c463c8651e0a4da331bd8f245ccd2a48ab63d)\n * @param _message message to verify attestation of\n * @param _attestation attestation of `_message`\n */\n function _verifyAttestationSignatures(\n bytes calldata _message,\n bytes calldata _attestation\n ) internal view {\n require(\n _attestation.length == signatureLength * signatureThreshold,\n \"Invalid attestation length\"\n );\n\n // (Attesters cannot be address(0))\n address _latestAttesterAddress = address(0);\n // Address recovered from signatures must be in increasing order, to prevent duplicates\n\n bytes32 _digest = keccak256(_message);\n\n for (uint256 i; i \u003c signatureThreshold; ++i) {\n bytes memory _signature = _attestation[i * signatureLength:i *\n signatureLength +\n signatureLength];\n\n address _recoveredAttester = _recoverAttesterSignature(\n _digest,\n _signature\n );\n\n // Signatures must be in increasing order of address, and may not duplicate signatures from same address\n require(\n _recoveredAttester \u003e _latestAttesterAddress,\n \"Invalid signature order or dupe\"\n );\n require(\n isEnabledAttester(_recoveredAttester),\n \"Invalid signature: not attester\"\n );\n _latestAttesterAddress = _recoveredAttester;\n }\n }\n\n /**\n * @notice Checks that signature was signed by attester\n * @param _digest message hash\n * @param _signature message signature\n * @return address of recovered signer\n **/\n function _recoverAttesterSignature(bytes32 _digest, bytes memory _signature)\n internal\n pure\n returns (address)\n {\n return (ECDSA.recover(_digest, _signature));\n }\n}\n\n/**\n * @title MessageTransmitter\n * @notice Contract responsible for sending and receiving messages across chains.\n */\ncontract MessageTransmitter is\n IMessageTransmitter,\n Pausable,\n Rescuable,\n Attestable\n{\n // ============ Events ============\n /**\n * @notice Emitted when a new message is dispatched\n * @param message Raw bytes of message\n */\n event MessageSent(bytes message);\n\n /**\n * @notice Emitted when a new message is received\n * @param caller Caller (msg.sender) on destination domain\n * @param sourceDomain The source domain this message originated from\n * @param nonce The nonce unique to this message\n * @param sender The sender of this message\n * @param messageBody message body bytes\n */\n event MessageReceived(\n address indexed caller,\n uint32 sourceDomain,\n uint64 indexed nonce,\n bytes32 sender,\n bytes messageBody\n );\n\n /**\n * @notice Emitted when max message body size is updated\n * @param newMaxMessageBodySize new maximum message body size, in bytes\n */\n event MaxMessageBodySizeUpdated(uint256 newMaxMessageBodySize);\n\n // ============ Libraries ============\n using TypedMemView for bytes;\n using TypedMemView for bytes29;\n using Message for bytes29;\n\n // ============ State Variables ============\n // Domain of chain on which the contract is deployed\n uint32 public immutable localDomain;\n\n // Message Format version\n uint32 public immutable version;\n\n // Maximum size of message body, in bytes.\n // This value is set by owner.\n uint256 public maxMessageBodySize;\n\n // Next available nonce from this source domain\n uint64 public nextAvailableNonce;\n\n // Maps a bytes32 hash of (sourceDomain, nonce) -\u003e uint256 (0 if unused, 1 if used)\n mapping(bytes32 =\u003e uint256) public usedNonces;\n\n // ============ Constructor ============\n constructor(\n uint32 _localDomain,\n address _attester,\n uint32 _maxMessageBodySize,\n uint32 _version\n ) Attestable(_attester) {\n localDomain = _localDomain;\n maxMessageBodySize = _maxMessageBodySize;\n version = _version;\n }\n\n // ============ External Functions ============\n /**\n * @notice Send the message to the destination domain and recipient\n * @dev Increment nonce, format the message, and emit `MessageSent` event with message information.\n * @param destinationDomain Domain of destination chain\n * @param recipient Address of message recipient on destination chain as bytes32\n * @param messageBody Raw bytes content of message\n * @return nonce reserved by message\n */\n function sendMessage(\n uint32 destinationDomain,\n bytes32 recipient,\n bytes calldata messageBody\n ) external override whenNotPaused returns (uint64) {\n bytes32 _emptyDestinationCaller = bytes32(0);\n uint64 _nonce = _reserveAndIncrementNonce();\n bytes32 _messageSender = Message.addressToBytes32(msg.sender);\n\n _sendMessage(\n destinationDomain,\n recipient,\n _emptyDestinationCaller,\n _messageSender,\n _nonce,\n messageBody\n );\n\n return _nonce;\n }\n\n /**\n * @notice Replace a message with a new message body and/or destination caller.\n * @dev The `originalAttestation` must be a valid attestation of `originalMessage`.\n * Reverts if msg.sender does not match sender of original message, or if the source domain of the original message\n * does not match this MessageTransmitter's local domain.\n * @param originalMessage original message to replace\n * @param originalAttestation attestation of `originalMessage`\n * @param newMessageBody new message body of replaced message\n * @param newDestinationCaller the new destination caller, which may be the\n * same as the original destination caller, a new destination caller, or an empty\n * destination caller (bytes32(0), indicating that any destination caller is valid.)\n */\n function replaceMessage(\n bytes calldata originalMessage,\n bytes calldata originalAttestation,\n bytes calldata newMessageBody,\n bytes32 newDestinationCaller\n ) external override whenNotPaused {\n // Validate each signature in the attestation\n _verifyAttestationSignatures(originalMessage, originalAttestation);\n\n bytes29 _originalMsg = originalMessage.ref(0);\n\n // Validate message format\n _originalMsg._validateMessageFormat();\n\n // Validate message sender\n bytes32 _sender = _originalMsg._sender();\n require(\n msg.sender == Message.bytes32ToAddress(_sender),\n \"Sender not permitted to use nonce\"\n );\n\n // Validate source domain\n uint32 _sourceDomain = _originalMsg._sourceDomain();\n require(\n _sourceDomain == localDomain,\n \"Message not originally sent from this domain\"\n );\n\n uint32 _destinationDomain = _originalMsg._destinationDomain();\n bytes32 _recipient = _originalMsg._recipient();\n uint64 _nonce = _originalMsg._nonce();\n\n _sendMessage(\n _destinationDomain,\n _recipient,\n newDestinationCaller,\n _sender,\n _nonce,\n newMessageBody\n );\n }\n\n /**\n * @notice Send the message to the destination domain and recipient, for a specified `destinationCaller` on the\n * destination domain.\n * @dev Increment nonce, format the message, and emit `MessageSent` event with message information.\n * WARNING: if the `destinationCaller` does not represent a valid address, then it will not be possible\n * to broadcast the message on the destination domain. This is an advanced feature, and the standard\n * sendMessage() should be preferred for use cases where a specific destination caller is not required.\n * @param destinationDomain Domain of destination chain\n * @param recipient Address of message recipient on destination domain as bytes32\n * @param destinationCaller caller on the destination domain, as bytes32\n * @param messageBody Raw bytes content of message\n * @return nonce reserved by message\n */\n function sendMessageWithCaller(\n uint32 destinationDomain,\n bytes32 recipient,\n bytes32 destinationCaller,\n bytes calldata messageBody\n ) external override whenNotPaused returns (uint64) {\n require(\n destinationCaller != bytes32(0),\n \"Destination caller must be nonzero\"\n );\n\n uint64 _nonce = _reserveAndIncrementNonce();\n bytes32 _messageSender = Message.addressToBytes32(msg.sender);\n\n _sendMessage(\n destinationDomain,\n recipient,\n destinationCaller,\n _messageSender,\n _nonce,\n messageBody\n );\n\n return _nonce;\n }\n\n /**\n * @notice Receive a message. Messages with a given nonce\n * can only be broadcast once for a (sourceDomain, destinationDomain)\n * pair. The message body of a valid message is passed to the\n * specified recipient for further processing.\n *\n * @dev Attestation format:\n * A valid attestation is the concatenated 65-byte signature(s) of exactly\n * `thresholdSignature` signatures, in increasing order of attester address.\n * ***If the attester addresses recovered from signatures are not in\n * increasing order, signature verification will fail.***\n * If incorrect number of signatures or duplicate signatures are supplied,\n * signature verification will fail.\n *\n * Message format:\n * Field Bytes Type Index\n * version 4 uint32 0\n * sourceDomain 4 uint32 4\n * destinationDomain 4 uint32 8\n * nonce 8 uint64 12\n * sender 32 bytes32 20\n * recipient 32 bytes32 52\n * messageBody dynamic bytes 84\n * @param message Message bytes\n * @param attestation Concatenated 65-byte signature(s) of `message`, in increasing order\n * of the attester address recovered from signatures.\n * @return success bool, true if successful\n */\n function receiveMessage(bytes calldata message, bytes calldata attestation)\n external\n override\n whenNotPaused\n returns (bool success)\n {\n // Validate each signature in the attestation\n _verifyAttestationSignatures(message, attestation);\n\n bytes29 _msg = message.ref(0);\n\n // Validate message format\n _msg._validateMessageFormat();\n\n // Validate domain\n require(\n _msg._destinationDomain() == localDomain,\n \"Invalid destination domain\"\n );\n\n // Validate destination caller\n if (_msg._destinationCaller() != bytes32(0)) {\n require(\n _msg._destinationCaller() ==\n Message.addressToBytes32(msg.sender),\n \"Invalid caller for message\"\n );\n }\n\n // Validate version\n require(_msg._version() == version, \"Invalid message version\");\n\n // Validate nonce is available\n uint32 _sourceDomain = _msg._sourceDomain();\n uint64 _nonce = _msg._nonce();\n bytes32 _sourceAndNonce = _hashSourceAndNonce(_sourceDomain, _nonce);\n require(usedNonces[_sourceAndNonce] == 0, \"Nonce already used\");\n // Mark nonce used\n usedNonces[_sourceAndNonce] = 1;\n\n // Handle receive message\n bytes32 _sender = _msg._sender();\n bytes memory _messageBody = _msg._messageBody().clone();\n require(\n IMessageHandler(Message.bytes32ToAddress(_msg._recipient()))\n .handleReceiveMessage(_sourceDomain, _sender, _messageBody),\n \"handleReceiveMessage() failed\"\n );\n\n // Emit MessageReceived event\n emit MessageReceived(\n msg.sender,\n _sourceDomain,\n _nonce,\n _sender,\n _messageBody\n );\n return true;\n }\n\n /**\n * @notice Sets the max message body size\n * @dev This value should not be reduced without good reason,\n * to avoid impacting users who rely on large messages.\n * @param newMaxMessageBodySize new max message body size, in bytes\n */\n function setMaxMessageBodySize(uint256 newMaxMessageBodySize)\n external\n onlyOwner\n {\n maxMessageBodySize = newMaxMessageBodySize;\n emit MaxMessageBodySizeUpdated(maxMessageBodySize);\n }\n\n // ============ Internal Utils ============\n /**\n * @notice Send the message to the destination domain and recipient. If `_destinationCaller` is not equal to bytes32(0),\n * the message can only be received on the destination chain when called by `_destinationCaller`.\n * @dev Format the message and emit `MessageSent` event with message information.\n * @param _destinationDomain Domain of destination chain\n * @param _recipient Address of message recipient on destination domain as bytes32\n * @param _destinationCaller caller on the destination domain, as bytes32\n * @param _sender message sender, as bytes32\n * @param _nonce nonce reserved for message\n * @param _messageBody Raw bytes content of message\n */\n function _sendMessage(\n uint32 _destinationDomain,\n bytes32 _recipient,\n bytes32 _destinationCaller,\n bytes32 _sender,\n uint64 _nonce,\n bytes calldata _messageBody\n ) internal {\n // Validate message body length\n require(\n _messageBody.length \u003c= maxMessageBodySize,\n \"Message body exceeds max size\"\n );\n\n require(_recipient != bytes32(0), \"Recipient must be nonzero\");\n\n // serialize message\n bytes memory _message = Message._formatMessage(\n version,\n localDomain,\n _destinationDomain,\n _nonce,\n _sender,\n _recipient,\n _destinationCaller,\n _messageBody\n );\n\n // Emit MessageSent event\n emit MessageSent(_message);\n }\n\n /**\n * @notice hashes `_source` and `_nonce`.\n * @param _source Domain of chain where the transfer originated\n * @param _nonce The unique identifier for the message from source to\n destination\n * @return hash of source and nonce\n */\n function _hashSourceAndNonce(uint32 _source, uint64 _nonce)\n internal\n pure\n returns (bytes32)\n {\n return keccak256(abi.encodePacked(_source, _nonce));\n }\n\n /**\n * Reserve and increment next available nonce\n * @return nonce reserved\n */\n function _reserveAndIncrementNonce() internal returns (uint64) {\n uint64 _nonceReserved = nextAvailableNonce;\n nextAvailableNonce = nextAvailableNonce + 1;\n return _nonceReserved;\n }\n}\n","language":"Solidity","languageVersion":"0.7.6","compilerVersion":"0.7.6","compilerOptions":"--combined-json bin,bin-runtime,srcmap,srcmap-runtime,abi,userdoc,devdoc,metadata,hashes --optimize --optimize-runs 10000 --allow-paths ., ./, ../","srcMap":"91976:9808:0:-:0;;;94278:237;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;-1:-1:-1;94278:237:0;49481:32;49500:12;:10;:12::i;:::-;49481:18;:32::i;:::-;94318:31;94338:10;94318:19;:31::i;:::-;94473:1;94452:18;:22;94484:24;94499:8;94484:14;:24::i;:::-;94278:237;91976:9808;;47973:104;48060:10;47973:104;:::o;52482:153::-;52571:13;52564:20;;-1:-1:-1;;;;;;52564:20:0;;;52594:34;52619:8;52594:24;;;;;;;:34;;:::i;:::-;52482:153;:::o;99082:122::-;99159:16;:38;;-1:-1:-1;;;;;;99159:38:0;-1:-1:-1;;;;;99159:38:0;;;;;;;;;;99082:122::o;94777:278::-;93997:16;;-1:-1:-1;;;;;93997:16:0;93983:10;:30;93975:70;;;;;-1:-1:-1;;;93975:70:0;;;;;;;;;;;;;;;;;;;;;;;;;;;;-1:-1:-1;;;;;94867:25:0;::::1;94859:66;;;::::0;;-1:-1:-1;;;94859:66:0;;::::1;;::::0;::::1;::::0;::::1;::::0;;;;::::1;::::0;;;;;;;;;;;;;::::1;;94943:33;94964:11;94943:16;:20;;;;;;:33;;;;:::i;:::-;94935:70;;;::::0;;-1:-1:-1;;;94935:70:0;;::::1;;::::0;::::1;::::0;::::1;::::0;;;;::::1;::::0;;;;;;;;;;;;;::::1;;95020:28;::::0;-1:-1:-1;;;;;95020:28:0;::::1;::::0;::::1;::::0;;;::::1;94777:278:::0;:::o;50569:187::-;50642:16;50661:6;;-1:-1:-1;;;;;50677:17:0;;;-1:-1:-1;;;;;;50677:17:0;;;;;;50709:40;;50661:6;;;;;;;50709:40;;50642:16;50709:40;50569:187;;:::o;85176:150::-;85246:4;85269:50;85274:3;-1:-1:-1;;;;;85294:23:0;;85269:4;:50::i;:::-;85262:57;;85176:150;;;;;:::o;80387:404::-;80450:4;80471:21;80481:3;80486:5;80471:9;:21::i;:::-;80466:319;;-1:-1:-1;80508:23:0;;;;;;;;:11;:23;;;;;;;;;;;;;80688:18;;80666:19;;;:12;;;:19;;;;;;:40;;;;80720:11;;80466:319;-1:-1:-1;80769:5:0;80762:12;;82552:127;82625:4;82648:19;;;:12;;;;;:19;;;;;;:24;;;82552:127::o;91976:9808::-;;;;;;;","srcMapRuntime":"91976:9808:0:-:0;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;96619:667;;;;;;;;;;;;;;;;-1:-1:-1;96619:667:0;;;;:::i;:::-;;95521:113;;;:::i;:::-;;;;;;;;;;;;;;;;52715:240;;;:::i;95270:131::-;;;;;;;;;;;;;;;;-1:-1:-1;95270:131:0;;;;:::i;:::-;;;;;;;;;;;;;;;;;;49746:85;;;:::i;:::-;;;;;;;;;;;;;;;;;;;98502:99;;;:::i;93395:33::-;;;:::i;97598:779::-;;;;;;;;;;;;;;;;-1:-1:-1;97598:779:0;;:::i;98773:125::-;;;;;;;;;;;;;;;;-1:-1:-1;98773:125:0;;:::i;95841:409::-;;;;;;;;;;;;;;;;-1:-1:-1;95841:409:0;;;;:::i;51792:99::-;;;:::i;52084:214::-;;;;;;;;;;;;;;;;-1:-1:-1;52084:214:0;;;;:::i;94777:278::-;;;;;;;;;;;;;;;;-1:-1:-1;94777:278:0;;;;:::i;96619:667::-;93997:16;;;;93983:10;:30;93975:70;;;;;-1:-1:-1;;;93975:70:0;;;;;;;;;;;;;;;;;;;;;;;;;;;;96775:28:::1;96806:24;:22;:24::i;:::-;96775:55;;96872:1;96849:20;:24;96841:62;;;::::0;;-1:-1:-1;;;96841:62:0;;::::1;;::::0;::::1;::::0;::::1;::::0;;;;::::1;::::0;;;;;;;;;;;;;::::1;;97082:18;;97059:20;:41;97038:118;;;::::0;;-1:-1:-1;;;97038:118:0;;::::1;;::::0;::::1;::::0;::::1;::::0;;;;::::1;::::0;;;;;;;;;;;;;::::1;;97175:33;:16;97199:8:::0;97175:23:::1;:33::i;:::-;97167:71;;;::::0;;-1:-1:-1;;;97167:71:0;;::::1;;::::0;::::1;::::0;::::1;::::0;;;;::::1;::::0;;;;;;;;;;;;;::::1;;97253:26;::::0;::::1;::::0;::::1;::::0;::::1;::::0;;;::::1;94055:1;96619:667:::0;:::o;95521:113::-;95576:7;95602:25;:16;:23;:25::i;:::-;95595:32;;95521:113;:::o;52715:240::-;52761:14;52778:12;:10;:12::i;:::-;52761:29;;52839:6;52821:24;;:14;:12;:14::i;:::-;:24;;;52800:112;;;;-1:-1:-1;;;52800:112:0;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;52922:26;52941:6;52922:18;:26::i;:::-;52715:240;:::o;95270:131::-;95336:4;95359:35;:16;95385:8;95359:25;:35::i;:::-;95352:42;95270:131;-1:-1:-1;;95270:131:0:o;49746:85::-;49792:7;49818:6;;;49746:85;:::o;98502:99::-;98578:16;;;;98502:99;:::o;93395:33::-;;;;:::o;97598:779::-;93997:16;;;;93983:10;:30;93975:70;;;;;-1:-1:-1;;;93975:70:0;;;;;;;;;;;;;;;;;;;;;;;;;;;;97727:26;97719:66:::1;;;::::0;;-1:-1:-1;;;97719:66:0;;::::1;;::::0;::::1;::::0;::::1;::::0;;;;::::1;::::0;;;;;;;;;;;;;::::1;;97923:25;:16;:23;:25::i;:::-;97898:21;:50;;97877:129;;;::::0;;-1:-1:-1;;;97877:129:0;;::::1;;::::0;::::1;::::0;;;;;;;::::1;::::0;;;;;;;;;;;;;::::1;;98063:18;;98038:21;:43;;98017:121;;;::::0;;-1:-1:-1;;;98017:121:0;;::::1;;::::0;::::1;::::0;::::1;::::0;;;;::::1;::::0;;;;;;;;;;;;;::::1;;98182:18;::::0;;98210:42;;;;98267:103:::1;::::0;;;;;::::1;::::0;::::1;::::0;;;;;::::1;::::0;;;;;;;;;::::1;94055:1;97598:779:::0;:::o;98773:125::-;98839:7;98865:26;:16;98885:5;98865:19;:26::i;95841:409::-;49639:13;:11;:13::i;:::-;95970:32:::1;::::0;::::1;95949:111;;;::::0;;-1:-1:-1;;;95949:111:0;;::::1;;::::0;::::1;::::0;;;;;;;::::1;::::0;;;;;;;;;;;;;::::1;;96100:16;::::0;::::1;;96126:39;96146:18:::0;96126:19:::1;:39::i;:::-;96224:18;96180:63;;96203:19;96180:63;;;;;;;;;;;;49662:1;95841:409:::0;:::o;51792:99::-;51871:13;;;;51792:99;:::o;52084:214::-;49639:13;:11;:13::i;:::-;52209::::1;:24:::0;;;::::1;;::::0;::::1;::::0;;::::1;::::0;;;52273:7:::1;:5;:7::i;:::-;52248:43;;;;;;;;;;;;52084:214:::0;:::o;94777:278::-;93997:16;;;;93983:10;:30;93975:70;;;;;-1:-1:-1;;;93975:70:0;;;;;;;;;;;;;;;;;;;;;;;;;;;;94867:25:::1;::::0;::::1;94859:66;;;::::0;;-1:-1:-1;;;94859:66:0;;::::1;;::::0;::::1;::::0;::::1;::::0;;;;::::1;::::0;;;;;;;;;;;;;::::1;;94943:33;:16;94964:11:::0;94943:20:::1;:33::i;:::-;94935:70;;;::::0;;-1:-1:-1;;;94935:70:0;;::::1;;::::0;::::1;::::0;::::1;::::0;;;;::::1;::::0;;;;;;;;;;;;;::::1;;95020:28;::::0;::::1;::::0;::::1;::::0;::::1;::::0;;;::::1;94777:278:::0;:::o;50569:187::-;50642:16;50661:6;;;50677:17;;;;;;;;;;50709:40;;50661:6;;;;;;;50709:40;;50642:16;50709:40;50569:187;;:::o;85176:150::-;85246:4;85269:50;85274:3;85294:23;;;85269:4;:50::i;:::-;85262:57;85176:150;-1:-1:-1;;;85176:150:0:o;85494:156::-;85567:4;85590:53;85598:3;85618:23;;;85590:7;:53::i;85977:115::-;86040:7;86066:19;86074:3;86066:7;:19::i;47973:104::-;48060:10;47973:104;:::o;52482:153::-;52571:13;52564:20;;;;;;52594:34;52619:8;52594:24;:34::i;85731:165::-;85811:4;85834:55;85844:3;85864:23;;;85834:9;:55::i;86424:156::-;86498:7;86548:22;86552:3;86564:5;86548:3;:22::i;49904:130::-;49978:12;:10;:12::i;:::-;49967:23;;:7;:5;:7::i;:::-;:23;;;49959:68;;;;;-1:-1:-1;;;49959:68:0;;;;;;;;;;;;;;;;;;;;;;;;;;;;;49904:130::o;99082:122::-;99159:16;:38;;;;;;;;;;;;;;;99082:122::o;80387:404::-;80450:4;80471:21;80481:3;80486:5;80471:9;:21::i;:::-;80466:319;;-1:-1:-1;80508:23:0;;;;;;;;:11;:23;;;;;;;;;;;;;80688:18;;80666:19;;;:12;;;:19;;;;;;:40;;;;80720:11;;80466:319;-1:-1:-1;80769:5:0;80762:12;;80959:1512;81025:4;81162:19;;;:12;;;:19;;;;;;81196:15;;81192:1273;;81625:18;;81577:14;;;;;81625:22;;;;81553:21;;81625:3;;:22;;81907;;;;;;;;;;;;;;81887:42;;82050:9;82021:3;:11;;82033:13;82021:26;;;;;;;;;;;;;;;;;;;:38;;;;82125:23;;;82167:1;82125:12;;;:23;;;;;;82151:17;;;82125:43;;82274:17;;82125:3;;82274:17;;;;;;;;;;;;;;;;;;;;;;82366:3;:12;;:19;82379:5;82366:19;;;;;;;;;;;82359:26;;;82407:4;82400:11;;;;;;;;81192:1273;82449:5;82442:12;;;;;82760:107;82842:18;;82760:107::o;82552:127::-;82625:4;82648:19;;;:12;;;;;:19;;;;;;:24;;;82552:127::o;83199:201::-;83293:18;;83266:7;;83293:26;-1:-1:-1;83285:73:0;;;;-1:-1:-1;;;83285:73:0;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;83375:3;:11;;83387:5;83375:18;;;;;;;;;;;;;;;;83368:25;;83199:201;;;;:::o","abiDefinition":[{"inputs":[{"internalType":"address","name":"attester","type":"address"}],"stateMutability":"nonpayable","type":"constructor"},{"anonymous":false,"inputs":[{"indexed":true,"internalType":"address","name":"attester","type":"address"}],"name":"AttesterDisabled","type":"event"},{"anonymous":false,"inputs":[{"indexed":true,"internalType":"address","name":"attester","type":"address"}],"name":"AttesterEnabled","type":"event"},{"anonymous":false,"inputs":[{"indexed":true,"internalType":"address","name":"previousAttesterManager","type":"address"},{"indexed":true,"internalType":"address","name":"newAttesterManager","type":"address"}],"name":"AttesterManagerUpdated","type":"event"},{"anonymous":false,"inputs":[{"indexed":true,"internalType":"address","name":"previousOwner","type":"address"},{"indexed":true,"internalType":"address","name":"newOwner","type":"address"}],"name":"OwnershipTransferStarted","type":"event"},{"anonymous":false,"inputs":[{"indexed":true,"internalType":"address","name":"previousOwner","type":"address"},{"indexed":true,"internalType":"address","name":"newOwner","type":"address"}],"name":"OwnershipTransferred","type":"event"},{"anonymous":false,"inputs":[{"indexed":false,"internalType":"uint256","name":"oldSignatureThreshold","type":"uint256"},{"indexed":false,"internalType":"uint256","name":"newSignatureThreshold","type":"uint256"}],"name":"SignatureThresholdUpdated","type":"event"},{"inputs":[],"name":"acceptOwnership","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[],"name":"attesterManager","outputs":[{"internalType":"address","name":"","type":"address"}],"stateMutability":"view","type":"function"},{"inputs":[{"internalType":"address","name":"attester","type":"address"}],"name":"disableAttester","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[{"internalType":"address","name":"newAttester","type":"address"}],"name":"enableAttester","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[{"internalType":"uint256","name":"index","type":"uint256"}],"name":"getEnabledAttester","outputs":[{"internalType":"address","name":"","type":"address"}],"stateMutability":"view","type":"function"},{"inputs":[],"name":"getNumEnabledAttesters","outputs":[{"internalType":"uint256","name":"","type":"uint256"}],"stateMutability":"view","type":"function"},{"inputs":[{"internalType":"address","name":"attester","type":"address"}],"name":"isEnabledAttester","outputs":[{"internalType":"bool","name":"","type":"bool"}],"stateMutability":"view","type":"function"},{"inputs":[],"name":"owner","outputs":[{"internalType":"address","name":"","type":"address"}],"stateMutability":"view","type":"function"},{"inputs":[],"name":"pendingOwner","outputs":[{"internalType":"address","name":"","type":"address"}],"stateMutability":"view","type":"function"},{"inputs":[{"internalType":"uint256","name":"newSignatureThreshold","type":"uint256"}],"name":"setSignatureThreshold","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[],"name":"signatureThreshold","outputs":[{"internalType":"uint256","name":"","type":"uint256"}],"stateMutability":"view","type":"function"},{"inputs":[{"internalType":"address","name":"newOwner","type":"address"}],"name":"transferOwnership","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[{"internalType":"address","name":"newAttesterManager","type":"address"}],"name":"updateAttesterManager","outputs":[],"stateMutability":"nonpayable","type":"function"}],"userDoc":{"events":{"AttesterDisabled(address)":{"notice":"Emitted when an attester is disabled"},"AttesterEnabled(address)":{"notice":"Emitted when an attester is enabled"},"SignatureThresholdUpdated(uint256,uint256)":{"notice":"Emitted when threshold number of attestations (m in m/n multisig) is updated"}},"kind":"user","methods":{"disableAttester(address)":{"notice":"Disables an attester"},"enableAttester(address)":{"notice":"Enables an attester"},"getEnabledAttester(uint256)":{"notice":"gets enabled attester at given `index`"},"getNumEnabledAttesters()":{"notice":"returns the number of enabled attesters"},"isEnabledAttester(address)":{"notice":"returns true if given `attester` is enabled, else false"},"setSignatureThreshold(uint256)":{"notice":"Sets the threshold of signatures required to attest to a message. (This is the m in m/n multisig.)"}},"version":1},"developerDoc":{"events":{"AttesterDisabled(address)":{"params":{"attester":"newly disabled attester"}},"AttesterEnabled(address)":{"params":{"attester":"newly enabled attester"}},"AttesterManagerUpdated(address,address)":{"details":"Emitted when attester manager address is updated","params":{"newAttesterManager":"representing the address of the new attester manager","previousAttesterManager":"representing the address of the previous attester manager"}},"SignatureThresholdUpdated(uint256,uint256)":{"params":{"newSignatureThreshold":"new signature threshold","oldSignatureThreshold":"old signature threshold"}}},"kind":"dev","methods":{"acceptOwnership()":{"details":"The new owner accepts the ownership transfer."},"attesterManager()":{"details":"Returns the address of the attester manager","returns":{"_0":"address of the attester manager"}},"constructor":{"details":"The constructor sets the original attester manager of the contract to the sender account.","params":{"attester":"attester to initialize"}},"disableAttester(address)":{"details":"Only callable by attesterManager. Disabling the attester is not allowed if there is only one attester enabled, or if it would cause the number of enabled attesters to become less than signatureThreshold. (Attester must be currently enabled.)","params":{"attester":"attester to disable"}},"enableAttester(address)":{"details":"Only callable by attesterManager. New attester must be nonzero, and currently disabled.","params":{"newAttester":"attester to enable"}},"getEnabledAttester(uint256)":{"params":{"index":"index of attester to check"},"returns":{"_0":"enabled attester at given `index`"}},"getNumEnabledAttesters()":{"returns":{"_0":"number of enabled attesters"}},"isEnabledAttester(address)":{"params":{"attester":"attester to check enabled status of"},"returns":{"_0":"true if given `attester` is enabled, else false"}},"owner()":{"details":"Returns the address of the current owner."},"pendingOwner()":{"details":"Returns the address of the pending owner."},"setSignatureThreshold(uint256)":{"details":"new signature threshold must be nonzero, and must not exceed number of enabled attesters.","params":{"newSignatureThreshold":"new signature threshold"}},"transferOwnership(address)":{"details":"Starts the ownership transfer of the contract to a new account. Replaces the pending transfer if there is one. Can only be called by the current owner."},"updateAttesterManager(address)":{"details":"Allows the current attester manager to transfer control of the contract to a newAttesterManager.","params":{"newAttesterManager":"The address to update attester manager to."}}},"version":1},"metadata":"{\"compiler\":{\"version\":\"0.7.6+commit.7338295f\"},\"language\":\"Solidity\",\"output\":{\"abi\":[{\"inputs\":[{\"internalType\":\"address\",\"name\":\"attester\",\"type\":\"address\"}],\"stateMutability\":\"nonpayable\",\"type\":\"constructor\"},{\"anonymous\":false,\"inputs\":[{\"indexed\":true,\"internalType\":\"address\",\"name\":\"attester\",\"type\":\"address\"}],\"name\":\"AttesterDisabled\",\"type\":\"event\"},{\"anonymous\":false,\"inputs\":[{\"indexed\":true,\"internalType\":\"address\",\"name\":\"attester\",\"type\":\"address\"}],\"name\":\"AttesterEnabled\",\"type\":\"event\"},{\"anonymous\":false,\"inputs\":[{\"indexed\":true,\"internalType\":\"address\",\"name\":\"previousAttesterManager\",\"type\":\"address\"},{\"indexed\":true,\"internalType\":\"address\",\"name\":\"newAttesterManager\",\"type\":\"address\"}],\"name\":\"AttesterManagerUpdated\",\"type\":\"event\"},{\"anonymous\":false,\"inputs\":[{\"indexed\":true,\"internalType\":\"address\",\"name\":\"previousOwner\",\"type\":\"address\"},{\"indexed\":true,\"internalType\":\"address\",\"name\":\"newOwner\",\"type\":\"address\"}],\"name\":\"OwnershipTransferStarted\",\"type\":\"event\"},{\"anonymous\":false,\"inputs\":[{\"indexed\":true,\"internalType\":\"address\",\"name\":\"previousOwner\",\"type\":\"address\"},{\"indexed\":true,\"internalType\":\"address\",\"name\":\"newOwner\",\"type\":\"address\"}],\"name\":\"OwnershipTransferred\",\"type\":\"event\"},{\"anonymous\":false,\"inputs\":[{\"indexed\":false,\"internalType\":\"uint256\",\"name\":\"oldSignatureThreshold\",\"type\":\"uint256\"},{\"indexed\":false,\"internalType\":\"uint256\",\"name\":\"newSignatureThreshold\",\"type\":\"uint256\"}],\"name\":\"SignatureThresholdUpdated\",\"type\":\"event\"},{\"inputs\":[],\"name\":\"acceptOwnership\",\"outputs\":[],\"stateMutability\":\"nonpayable\",\"type\":\"function\"},{\"inputs\":[],\"name\":\"attesterManager\",\"outputs\":[{\"internalType\":\"address\",\"name\":\"\",\"type\":\"address\"}],\"stateMutability\":\"view\",\"type\":\"function\"},{\"inputs\":[{\"internalType\":\"address\",\"name\":\"attester\",\"type\":\"address\"}],\"name\":\"disableAttester\",\"outputs\":[],\"stateMutability\":\"nonpayable\",\"type\":\"function\"},{\"inputs\":[{\"internalType\":\"address\",\"name\":\"newAttester\",\"type\":\"address\"}],\"name\":\"enableAttester\",\"outputs\":[],\"stateMutability\":\"nonpayable\",\"type\":\"function\"},{\"inputs\":[{\"internalType\":\"uint256\",\"name\":\"index\",\"type\":\"uint256\"}],\"name\":\"getEnabledAttester\",\"outputs\":[{\"internalType\":\"address\",\"name\":\"\",\"type\":\"address\"}],\"stateMutability\":\"view\",\"type\":\"function\"},{\"inputs\":[],\"name\":\"getNumEnabledAttesters\",\"outputs\":[{\"internalType\":\"uint256\",\"name\":\"\",\"type\":\"uint256\"}],\"stateMutability\":\"view\",\"type\":\"function\"},{\"inputs\":[{\"internalType\":\"address\",\"name\":\"attester\",\"type\":\"address\"}],\"name\":\"isEnabledAttester\",\"outputs\":[{\"internalType\":\"bool\",\"name\":\"\",\"type\":\"bool\"}],\"stateMutability\":\"view\",\"type\":\"function\"},{\"inputs\":[],\"name\":\"owner\",\"outputs\":[{\"internalType\":\"address\",\"name\":\"\",\"type\":\"address\"}],\"stateMutability\":\"view\",\"type\":\"function\"},{\"inputs\":[],\"name\":\"pendingOwner\",\"outputs\":[{\"internalType\":\"address\",\"name\":\"\",\"type\":\"address\"}],\"stateMutability\":\"view\",\"type\":\"function\"},{\"inputs\":[{\"internalType\":\"uint256\",\"name\":\"newSignatureThreshold\",\"type\":\"uint256\"}],\"name\":\"setSignatureThreshold\",\"outputs\":[],\"stateMutability\":\"nonpayable\",\"type\":\"function\"},{\"inputs\":[],\"name\":\"signatureThreshold\",\"outputs\":[{\"internalType\":\"uint256\",\"name\":\"\",\"type\":\"uint256\"}],\"stateMutability\":\"view\",\"type\":\"function\"},{\"inputs\":[{\"internalType\":\"address\",\"name\":\"newOwner\",\"type\":\"address\"}],\"name\":\"transferOwnership\",\"outputs\":[],\"stateMutability\":\"nonpayable\",\"type\":\"function\"},{\"inputs\":[{\"internalType\":\"address\",\"name\":\"newAttesterManager\",\"type\":\"address\"}],\"name\":\"updateAttesterManager\",\"outputs\":[],\"stateMutability\":\"nonpayable\",\"type\":\"function\"}],\"devdoc\":{\"events\":{\"AttesterDisabled(address)\":{\"params\":{\"attester\":\"newly disabled attester\"}},\"AttesterEnabled(address)\":{\"params\":{\"attester\":\"newly enabled attester\"}},\"AttesterManagerUpdated(address,address)\":{\"details\":\"Emitted when attester manager address is updated\",\"params\":{\"newAttesterManager\":\"representing the address of the new attester manager\",\"previousAttesterManager\":\"representing the address of the previous attester manager\"}},\"SignatureThresholdUpdated(uint256,uint256)\":{\"params\":{\"newSignatureThreshold\":\"new signature threshold\",\"oldSignatureThreshold\":\"old signature threshold\"}}},\"kind\":\"dev\",\"methods\":{\"acceptOwnership()\":{\"details\":\"The new owner accepts the ownership transfer.\"},\"attesterManager()\":{\"details\":\"Returns the address of the attester manager\",\"returns\":{\"_0\":\"address of the attester manager\"}},\"constructor\":{\"details\":\"The constructor sets the original attester manager of the contract to the sender account.\",\"params\":{\"attester\":\"attester to initialize\"}},\"disableAttester(address)\":{\"details\":\"Only callable by attesterManager. Disabling the attester is not allowed if there is only one attester enabled, or if it would cause the number of enabled attesters to become less than signatureThreshold. (Attester must be currently enabled.)\",\"params\":{\"attester\":\"attester to disable\"}},\"enableAttester(address)\":{\"details\":\"Only callable by attesterManager. New attester must be nonzero, and currently disabled.\",\"params\":{\"newAttester\":\"attester to enable\"}},\"getEnabledAttester(uint256)\":{\"params\":{\"index\":\"index of attester to check\"},\"returns\":{\"_0\":\"enabled attester at given `index`\"}},\"getNumEnabledAttesters()\":{\"returns\":{\"_0\":\"number of enabled attesters\"}},\"isEnabledAttester(address)\":{\"params\":{\"attester\":\"attester to check enabled status of\"},\"returns\":{\"_0\":\"true if given `attester` is enabled, else false\"}},\"owner()\":{\"details\":\"Returns the address of the current owner.\"},\"pendingOwner()\":{\"details\":\"Returns the address of the pending owner.\"},\"setSignatureThreshold(uint256)\":{\"details\":\"new signature threshold must be nonzero, and must not exceed number of enabled attesters.\",\"params\":{\"newSignatureThreshold\":\"new signature threshold\"}},\"transferOwnership(address)\":{\"details\":\"Starts the ownership transfer of the contract to a new account. Replaces the pending transfer if there is one. Can only be called by the current owner.\"},\"updateAttesterManager(address)\":{\"details\":\"Allows the current attester manager to transfer control of the contract to a newAttesterManager.\",\"params\":{\"newAttesterManager\":\"The address to update attester manager to.\"}}},\"version\":1},\"userdoc\":{\"events\":{\"AttesterDisabled(address)\":{\"notice\":\"Emitted when an attester is disabled\"},\"AttesterEnabled(address)\":{\"notice\":\"Emitted when an attester is enabled\"},\"SignatureThresholdUpdated(uint256,uint256)\":{\"notice\":\"Emitted when threshold number of attestations (m in m/n multisig) is updated\"}},\"kind\":\"user\",\"methods\":{\"disableAttester(address)\":{\"notice\":\"Disables an attester\"},\"enableAttester(address)\":{\"notice\":\"Enables an attester\"},\"getEnabledAttester(uint256)\":{\"notice\":\"gets enabled attester at given `index`\"},\"getNumEnabledAttesters()\":{\"notice\":\"returns the number of enabled attesters\"},\"isEnabledAttester(address)\":{\"notice\":\"returns true if given `attester` is enabled, else false\"},\"setSignatureThreshold(uint256)\":{\"notice\":\"Sets the threshold of signatures required to attest to a message. (This is the m in m/n multisig.)\"}},\"version\":1}},\"settings\":{\"compilationTarget\":{\"/solidity/MessageTransmitter.sol\":\"Attestable\"},\"evmVersion\":\"istanbul\",\"libraries\":{},\"metadata\":{\"bytecodeHash\":\"ipfs\"},\"optimizer\":{\"enabled\":true,\"runs\":10000},\"remappings\":[]},\"sources\":{\"/solidity/MessageTransmitter.sol\":{\"keccak256\":\"0x66482a7675b7a8f1b856597c0bcce83a042b7f528008def6999bc6ac352490c3\",\"urls\":[\"bzz-raw://1ac50e39d1d55ebb3768c40e3a059e0061a4b3604e6d696b344536449bf54493\",\"dweb:/ipfs/QmVs58APPUCVq74xCsVLCMdfB18yJTqFzgXNL5qEJu7GY6\"]}},\"version\":1}"},"hashes":{"acceptOwnership()":"79ba5097","attesterManager()":"9b0d94b7","disableAttester(address)":"2d025080","enableAttester(address)":"fae36879","getEnabledAttester(uint256)":"beb673d8","getNumEnabledAttesters()":"51079a53","isEnabledAttester(address)":"7af82f60","owner()":"8da5cb5b","pendingOwner()":"e30c3978","setSignatureThreshold(uint256)":"bbde5374","signatureThreshold()":"a82f2e26","transferOwnership(address)":"f2fde38b","updateAttesterManager(address)":"de7769d4"}},"/solidity/MessageTransmitter.sol:Context":{"code":"0x","runtime-code":"0x","info":{"source":"/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npragma solidity 0.7.6;\n\n/*\nThe MIT License (MIT)\n\nCopyright (c) 2016 Smart Contract Solutions, Inc.\n\nPermission is hereby granted, free of charge, to any person obtaining\na copy of this software and associated documentation files (the\n\"Software\"), to deal in the Software without restriction, including\nwithout limitation the rights to use, copy, modify, merge, publish,\ndistribute, sublicense, and/or sell copies of the Software, and to\npermit persons to whom the Software is furnished to do so, subject to\nthe following conditions:\n\nThe above copyright notice and this permission notice shall be included\nin all copies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS\nOR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF\nMERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.\nIN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY\nCLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,\nTORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE\nSOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n*/\n\nlibrary TypedMemView {\n using SafeMath for uint256;\n\n // Why does this exist?\n // the solidity `bytes memory` type has a few weaknesses.\n // 1. You can't index ranges effectively\n // 2. You can't slice without copying\n // 3. The underlying data may represent any type\n // 4. Solidity never deallocates memory, and memory costs grow\n // superlinearly\n\n // By using a memory view instead of a `bytes memory` we get the following\n // advantages:\n // 1. Slices are done on the stack, by manipulating the pointer\n // 2. We can index arbitrary ranges and quickly convert them to stack types\n // 3. We can insert type info into the pointer, and typecheck at runtime\n\n // This makes `TypedMemView` a useful tool for efficient zero-copy\n // algorithms.\n\n // Why bytes29?\n // We want to avoid confusion between views, digests, and other common\n // types so we chose a large and uncommonly used odd number of bytes\n //\n // Note that while bytes are left-aligned in a word, integers and addresses\n // are right-aligned. This means when working in assembly we have to\n // account for the 3 unused bytes on the righthand side\n //\n // First 5 bytes are a type flag.\n // - ff_ffff_fffe is reserved for unknown type.\n // - ff_ffff_ffff is reserved for invalid types/errors.\n // next 12 are memory address\n // next 12 are len\n // bottom 3 bytes are empty\n\n // Assumptions:\n // - non-modification of memory.\n // - No Solidity updates\n // - - wrt free mem point\n // - - wrt bytes representation in memory\n // - - wrt memory addressing in general\n\n // Usage:\n // - create type constants\n // - use `assertType` for runtime type assertions\n // - - unfortunately we can't do this at compile time yet :(\n // - recommended: implement modifiers that perform type checking\n // - - e.g.\n // - - `uint40 constant MY_TYPE = 3;`\n // - - ` modifer onlyMyType(bytes29 myView) { myView.assertType(MY_TYPE); }`\n // - instantiate a typed view from a bytearray using `ref`\n // - use `index` to inspect the contents of the view\n // - use `slice` to create smaller views into the same memory\n // - - `slice` can increase the offset\n // - - `slice can decrease the length`\n // - - must specify the output type of `slice`\n // - - `slice` will return a null view if you try to overrun\n // - - make sure to explicitly check for this with `notNull` or `assertType`\n // - use `equal` for typed comparisons.\n\n // The null view\n bytes29 public constant NULL = hex\"ffffffffffffffffffffffffffffffffffffffffffffffffffffffffff\";\n uint256 constant LOW_12_MASK = 0xffffffffffffffffffffffff;\n uint8 constant TWELVE_BYTES = 96;\n\n /**\n * @notice Returns the encoded hex character that represents the lower 4 bits of the argument.\n * @param _b The byte\n * @return char - The encoded hex character\n */\n function nibbleHex(uint8 _b) internal pure returns (uint8 char) {\n // This can probably be done more efficiently, but it's only in error\n // paths, so we don't really care :)\n uint8 _nibble = _b | 0xf0; // set top 4, keep bottom 4\n if (_nibble == 0xf0) {return 0x30;} // 0\n if (_nibble == 0xf1) {return 0x31;} // 1\n if (_nibble == 0xf2) {return 0x32;} // 2\n if (_nibble == 0xf3) {return 0x33;} // 3\n if (_nibble == 0xf4) {return 0x34;} // 4\n if (_nibble == 0xf5) {return 0x35;} // 5\n if (_nibble == 0xf6) {return 0x36;} // 6\n if (_nibble == 0xf7) {return 0x37;} // 7\n if (_nibble == 0xf8) {return 0x38;} // 8\n if (_nibble == 0xf9) {return 0x39;} // 9\n if (_nibble == 0xfa) {return 0x61;} // a\n if (_nibble == 0xfb) {return 0x62;} // b\n if (_nibble == 0xfc) {return 0x63;} // c\n if (_nibble == 0xfd) {return 0x64;} // d\n if (_nibble == 0xfe) {return 0x65;} // e\n if (_nibble == 0xff) {return 0x66;} // f\n }\n\n /**\n * @notice Returns a uint16 containing the hex-encoded byte.\n * @param _b The byte\n * @return encoded - The hex-encoded byte\n */\n function byteHex(uint8 _b) internal pure returns (uint16 encoded) {\n encoded |= nibbleHex(_b \u003e\u003e 4); // top 4 bits\n encoded \u003c\u003c= 8;\n encoded |= nibbleHex(_b); // lower 4 bits\n }\n\n /**\n * @notice Encodes the uint256 to hex. `first` contains the encoded top 16 bytes.\n * `second` contains the encoded lower 16 bytes.\n *\n * @param _b The 32 bytes as uint256\n * @return first - The top 16 bytes\n * @return second - The bottom 16 bytes\n */\n function encodeHex(uint256 _b) internal pure returns (uint256 first, uint256 second) {\n for (uint8 i = 31; i \u003e 15; i -= 1) {\n uint8 _byte = uint8(_b \u003e\u003e (i * 8));\n first |= byteHex(_byte);\n if (i != 16) {\n first \u003c\u003c= 16;\n }\n }\n\n // abusing underflow here =_=\n for (uint8 i = 15; i \u003c 255 ; i -= 1) {\n uint8 _byte = uint8(_b \u003e\u003e (i * 8));\n second |= byteHex(_byte);\n if (i != 0) {\n second \u003c\u003c= 16;\n }\n }\n }\n\n /**\n * @notice Changes the endianness of a uint256.\n * @dev https://graphics.stanford.edu/~seander/bithacks.html#ReverseParallel\n * @param _b The unsigned integer to reverse\n * @return v - The reversed value\n */\n function reverseUint256(uint256 _b) internal pure returns (uint256 v) {\n v = _b;\n\n // swap bytes\n v = ((v \u003e\u003e 8) \u0026 0x00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF) |\n ((v \u0026 0x00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF) \u003c\u003c 8);\n // swap 2-byte long pairs\n v = ((v \u003e\u003e 16) \u0026 0x0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF) |\n ((v \u0026 0x0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF) \u003c\u003c 16);\n // swap 4-byte long pairs\n v = ((v \u003e\u003e 32) \u0026 0x00000000FFFFFFFF00000000FFFFFFFF00000000FFFFFFFF00000000FFFFFFFF) |\n ((v \u0026 0x00000000FFFFFFFF00000000FFFFFFFF00000000FFFFFFFF00000000FFFFFFFF) \u003c\u003c 32);\n // swap 8-byte long pairs\n v = ((v \u003e\u003e 64) \u0026 0x0000000000000000FFFFFFFFFFFFFFFF0000000000000000FFFFFFFFFFFFFFFF) |\n ((v \u0026 0x0000000000000000FFFFFFFFFFFFFFFF0000000000000000FFFFFFFFFFFFFFFF) \u003c\u003c 64);\n // swap 16-byte long pairs\n v = (v \u003e\u003e 128) | (v \u003c\u003c 128);\n }\n\n /**\n * @notice Create a mask with the highest `_len` bits set.\n * @param _len The length\n * @return mask - The mask\n */\n function leftMask(uint8 _len) private pure returns (uint256 mask) {\n // ugly. redo without assembly?\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n mask := sar(\n sub(_len, 1),\n 0x8000000000000000000000000000000000000000000000000000000000000000\n )\n }\n }\n\n /**\n * @notice Return the null view.\n * @return bytes29 - The null view\n */\n function nullView() internal pure returns (bytes29) {\n return NULL;\n }\n\n /**\n * @notice Check if the view is null.\n * @return bool - True if the view is null\n */\n function isNull(bytes29 memView) internal pure returns (bool) {\n return memView == NULL;\n }\n\n /**\n * @notice Check if the view is not null.\n * @return bool - True if the view is not null\n */\n function notNull(bytes29 memView) internal pure returns (bool) {\n return !isNull(memView);\n }\n\n /**\n * @notice Check if the view is of a valid type and points to a valid location\n * in memory.\n * @dev We perform this check by examining solidity's unallocated memory\n * pointer and ensuring that the view's upper bound is less than that.\n * @param memView The view\n * @return ret - True if the view is valid\n */\n function isValid(bytes29 memView) internal pure returns (bool ret) {\n if (typeOf(memView) == 0xffffffffff) {return false;}\n uint256 _end = end(memView);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n ret := not(gt(_end, mload(0x40)))\n }\n }\n\n /**\n * @notice Require that a typed memory view be valid.\n * @dev Returns the view for easy chaining.\n * @param memView The view\n * @return bytes29 - The validated view\n */\n function assertValid(bytes29 memView) internal pure returns (bytes29) {\n require(isValid(memView), \"Validity assertion failed\");\n return memView;\n }\n\n /**\n * @notice Return true if the memview is of the expected type. Otherwise false.\n * @param memView The view\n * @param _expected The expected type\n * @return bool - True if the memview is of the expected type\n */\n function isType(bytes29 memView, uint40 _expected) internal pure returns (bool) {\n return typeOf(memView) == _expected;\n }\n\n /**\n * @notice Require that a typed memory view has a specific type.\n * @dev Returns the view for easy chaining.\n * @param memView The view\n * @param _expected The expected type\n * @return bytes29 - The view with validated type\n */\n function assertType(bytes29 memView, uint40 _expected) internal pure returns (bytes29) {\n if (!isType(memView, _expected)) {\n (, uint256 g) = encodeHex(uint256(typeOf(memView)));\n (, uint256 e) = encodeHex(uint256(_expected));\n string memory err = string(\n abi.encodePacked(\n \"Type assertion failed. Got 0x\",\n uint80(g),\n \". Expected 0x\",\n uint80(e)\n )\n );\n revert(err);\n }\n return memView;\n }\n\n /**\n * @notice Return an identical view with a different type.\n * @param memView The view\n * @param _newType The new type\n * @return newView - The new view with the specified type\n */\n function castTo(bytes29 memView, uint40 _newType) internal pure returns (bytes29 newView) {\n // then | in the new type\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n // shift off the top 5 bytes\n newView := or(newView, shr(40, shl(40, memView)))\n newView := or(newView, shl(216, _newType))\n }\n }\n\n /**\n * @notice Unsafe raw pointer construction. This should generally not be called\n * directly. Prefer `ref` wherever possible.\n * @dev Unsafe raw pointer construction. This should generally not be called\n * directly. Prefer `ref` wherever possible.\n * @param _type The type\n * @param _loc The memory address\n * @param _len The length\n * @return newView - The new view with the specified type, location and length\n */\n function unsafeBuildUnchecked(uint256 _type, uint256 _loc, uint256 _len) private pure returns (bytes29 newView) {\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n newView := shl(96, or(newView, _type)) // insert type\n newView := shl(96, or(newView, _loc)) // insert loc\n newView := shl(24, or(newView, _len)) // empty bottom 3 bytes\n }\n }\n\n /**\n * @notice Instantiate a new memory view. This should generally not be called\n * directly. Prefer `ref` wherever possible.\n * @dev Instantiate a new memory view. This should generally not be called\n * directly. Prefer `ref` wherever possible.\n * @param _type The type\n * @param _loc The memory address\n * @param _len The length\n * @return newView - The new view with the specified type, location and length\n */\n function build(uint256 _type, uint256 _loc, uint256 _len) internal pure returns (bytes29 newView) {\n uint256 _end = _loc.add(_len);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n if gt(_end, mload(0x40)) {\n _end := 0\n }\n }\n if (_end == 0) {\n return NULL;\n }\n newView = unsafeBuildUnchecked(_type, _loc, _len);\n }\n\n /**\n * @notice Instantiate a memory view from a byte array.\n * @dev Note that due to Solidity memory representation, it is not possible to\n * implement a deref, as the `bytes` type stores its len in memory.\n * @param arr The byte array\n * @param newType The type\n * @return bytes29 - The memory view\n */\n function ref(bytes memory arr, uint40 newType) internal pure returns (bytes29) {\n uint256 _len = arr.length;\n\n uint256 _loc;\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n _loc := add(arr, 0x20) // our view is of the data, not the struct\n }\n\n return build(newType, _loc, _len);\n }\n\n /**\n * @notice Return the associated type information.\n * @param memView The memory view\n * @return _type - The type associated with the view\n */\n function typeOf(bytes29 memView) internal pure returns (uint40 _type) {\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n // 216 == 256 - 40\n _type := shr(216, memView) // shift out lower 24 bytes\n }\n }\n\n /**\n * @notice Optimized type comparison. Checks that the 5-byte type flag is equal.\n * @param left The first view\n * @param right The second view\n * @return bool - True if the 5-byte type flag is equal\n */\n function sameType(bytes29 left, bytes29 right) internal pure returns (bool) {\n return (left ^ right) \u003e\u003e (2 * TWELVE_BYTES) == 0;\n }\n\n /**\n * @notice Return the memory address of the underlying bytes.\n * @param memView The view\n * @return _loc - The memory address\n */\n function loc(bytes29 memView) internal pure returns (uint96 _loc) {\n uint256 _mask = LOW_12_MASK; // assembly can't use globals\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n // 120 bits = 12 bytes (the encoded loc) + 3 bytes (empty low space)\n _loc := and(shr(120, memView), _mask)\n }\n }\n\n /**\n * @notice The number of memory words this memory view occupies, rounded up.\n * @param memView The view\n * @return uint256 - The number of memory words\n */\n function words(bytes29 memView) internal pure returns (uint256) {\n return uint256(len(memView)).add(32) / 32;\n }\n\n /**\n * @notice The in-memory footprint of a fresh copy of the view.\n * @param memView The view\n * @return uint256 - The in-memory footprint of a fresh copy of the view.\n */\n function footprint(bytes29 memView) internal pure returns (uint256) {\n return words(memView) * 32;\n }\n\n /**\n * @notice The number of bytes of the view.\n * @param memView The view\n * @return _len - The length of the view\n */\n function len(bytes29 memView) internal pure returns (uint96 _len) {\n uint256 _mask = LOW_12_MASK; // assembly can't use globals\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n _len := and(shr(24, memView), _mask)\n }\n }\n\n /**\n * @notice Returns the endpoint of `memView`.\n * @param memView The view\n * @return uint256 - The endpoint of `memView`\n */\n function end(bytes29 memView) internal pure returns (uint256) {\n return loc(memView) + len(memView);\n }\n\n /**\n * @notice Safe slicing without memory modification.\n * @param memView The view\n * @param _index The start index\n * @param _len The length\n * @param newType The new type\n * @return bytes29 - The new view\n */\n function slice(bytes29 memView, uint256 _index, uint256 _len, uint40 newType) internal pure returns (bytes29) {\n uint256 _loc = loc(memView);\n\n // Ensure it doesn't overrun the view\n if (_loc.add(_index).add(_len) \u003e end(memView)) {\n return NULL;\n }\n\n _loc = _loc.add(_index);\n return build(newType, _loc, _len);\n }\n\n /**\n * @notice Shortcut to `slice`. Gets a view representing the first `_len` bytes.\n * @param memView The view\n * @param _len The length\n * @param newType The new type\n * @return bytes29 - The new view\n */\n function prefix(bytes29 memView, uint256 _len, uint40 newType) internal pure returns (bytes29) {\n return slice(memView, 0, _len, newType);\n }\n\n /**\n * @notice Shortcut to `slice`. Gets a view representing the last `_len` byte.\n * @param memView The view\n * @param _len The length\n * @param newType The new type\n * @return bytes29 - The new view\n */\n function postfix(bytes29 memView, uint256 _len, uint40 newType) internal pure returns (bytes29) {\n return slice(memView, uint256(len(memView)).sub(_len), _len, newType);\n }\n\n /**\n * @notice Construct an error message for an indexing overrun.\n * @param _loc The memory address\n * @param _len The length\n * @param _index The index\n * @param _slice The slice where the overrun occurred\n * @return err - The err\n */\n function indexErrOverrun(\n uint256 _loc,\n uint256 _len,\n uint256 _index,\n uint256 _slice\n ) internal pure returns (string memory err) {\n (, uint256 a) = encodeHex(_loc);\n (, uint256 b) = encodeHex(_len);\n (, uint256 c) = encodeHex(_index);\n (, uint256 d) = encodeHex(_slice);\n err = string(\n abi.encodePacked(\n \"TypedMemView/index - Overran the view. Slice is at 0x\",\n uint48(a),\n \" with length 0x\",\n uint48(b),\n \". Attempted to index at offset 0x\",\n uint48(c),\n \" with length 0x\",\n uint48(d),\n \".\"\n )\n );\n }\n\n /**\n * @notice Load up to 32 bytes from the view onto the stack.\n * @dev Returns a bytes32 with only the `_bytes` highest bytes set.\n * This can be immediately cast to a smaller fixed-length byte array.\n * To automatically cast to an integer, use `indexUint`.\n * @param memView The view\n * @param _index The index\n * @param _bytes The bytes\n * @return result - The 32 byte result\n */\n function index(bytes29 memView, uint256 _index, uint8 _bytes) internal pure returns (bytes32 result) {\n if (_bytes == 0) {return bytes32(0);}\n if (_index.add(_bytes) \u003e len(memView)) {\n revert(indexErrOverrun(loc(memView), len(memView), _index, uint256(_bytes)));\n }\n require(_bytes \u003c= 32, \"TypedMemView/index - Attempted to index more than 32 bytes\");\n\n uint8 bitLength = _bytes * 8;\n uint256 _loc = loc(memView);\n uint256 _mask = leftMask(bitLength);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n result := and(mload(add(_loc, _index)), _mask)\n }\n }\n\n /**\n * @notice Parse an unsigned integer from the view at `_index`.\n * @dev Requires that the view have \u003e= `_bytes` bytes following that index.\n * @param memView The view\n * @param _index The index\n * @param _bytes The bytes\n * @return result - The unsigned integer\n */\n function indexUint(bytes29 memView, uint256 _index, uint8 _bytes) internal pure returns (uint256 result) {\n return uint256(index(memView, _index, _bytes)) \u003e\u003e ((32 - _bytes) * 8);\n }\n\n /**\n * @notice Parse an unsigned integer from LE bytes.\n * @param memView The view\n * @param _index The index\n * @param _bytes The bytes\n * @return result - The unsigned integer\n */\n function indexLEUint(bytes29 memView, uint256 _index, uint8 _bytes) internal pure returns (uint256 result) {\n return reverseUint256(uint256(index(memView, _index, _bytes)));\n }\n\n /**\n * @notice Parse an address from the view at `_index`. Requires that the view have \u003e= 20 bytes\n * following that index.\n * @param memView The view\n * @param _index The index\n * @return address - The address\n */\n function indexAddress(bytes29 memView, uint256 _index) internal pure returns (address) {\n return address(uint160(indexUint(memView, _index, 20)));\n }\n\n /**\n * @notice Return the keccak256 hash of the underlying memory\n * @param memView The view\n * @return digest - The keccak256 hash of the underlying memory\n */\n function keccak(bytes29 memView) internal pure returns (bytes32 digest) {\n uint256 _loc = loc(memView);\n uint256 _len = len(memView);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n digest := keccak256(_loc, _len)\n }\n }\n\n /**\n * @notice Return the sha2 digest of the underlying memory.\n * @dev We explicitly deallocate memory afterwards.\n * @param memView The view\n * @return digest - The sha2 hash of the underlying memory\n */\n function sha2(bytes29 memView) internal view returns (bytes32 digest) {\n uint256 _loc = loc(memView);\n uint256 _len = len(memView);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n let ptr := mload(0x40)\n pop(staticcall(gas(), 2, _loc, _len, ptr, 0x20)) // sha2 #1\n digest := mload(ptr)\n }\n }\n\n /**\n * @notice Implements bitcoin's hash160 (rmd160(sha2()))\n * @param memView The pre-image\n * @return digest - the Digest\n */\n function hash160(bytes29 memView) internal view returns (bytes20 digest) {\n uint256 _loc = loc(memView);\n uint256 _len = len(memView);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n let ptr := mload(0x40)\n pop(staticcall(gas(), 2, _loc, _len, ptr, 0x20)) // sha2\n pop(staticcall(gas(), 3, ptr, 0x20, ptr, 0x20)) // rmd160\n digest := mload(add(ptr, 0xc)) // return value is 0-prefixed.\n }\n }\n\n /**\n * @notice Implements bitcoin's hash256 (double sha2)\n * @param memView A view of the preimage\n * @return digest - the Digest\n */\n function hash256(bytes29 memView) internal view returns (bytes32 digest) {\n uint256 _loc = loc(memView);\n uint256 _len = len(memView);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n let ptr := mload(0x40)\n pop(staticcall(gas(), 2, _loc, _len, ptr, 0x20)) // sha2 #1\n pop(staticcall(gas(), 2, ptr, 0x20, ptr, 0x20)) // sha2 #2\n digest := mload(ptr)\n }\n }\n\n /**\n * @notice Return true if the underlying memory is equal. Else false.\n * @param left The first view\n * @param right The second view\n * @return bool - True if the underlying memory is equal\n */\n function untypedEqual(bytes29 left, bytes29 right) internal pure returns (bool) {\n return (loc(left) == loc(right) \u0026\u0026 len(left) == len(right)) || keccak(left) == keccak(right);\n }\n\n /**\n * @notice Return false if the underlying memory is equal. Else true.\n * @param left The first view\n * @param right The second view\n * @return bool - False if the underlying memory is equal\n */\n function untypedNotEqual(bytes29 left, bytes29 right) internal pure returns (bool) {\n return !untypedEqual(left, right);\n }\n\n /**\n * @notice Compares type equality.\n * @dev Shortcuts if the pointers are identical, otherwise compares type and digest.\n * @param left The first view\n * @param right The second view\n * @return bool - True if the types are the same\n */\n function equal(bytes29 left, bytes29 right) internal pure returns (bool) {\n return left == right || (typeOf(left) == typeOf(right) \u0026\u0026 keccak(left) == keccak(right));\n }\n\n /**\n * @notice Compares type inequality.\n * @dev Shortcuts if the pointers are identical, otherwise compares type and digest.\n * @param left The first view\n * @param right The second view\n * @return bool - True if the types are not the same\n */\n function notEqual(bytes29 left, bytes29 right) internal pure returns (bool) {\n return !equal(left, right);\n }\n\n /**\n * @notice Copy the view to a location, return an unsafe memory reference\n * @dev Super Dangerous direct memory access.\n *\n * This reference can be overwritten if anything else modifies memory (!!!).\n * As such it MUST be consumed IMMEDIATELY.\n * This function is private to prevent unsafe usage by callers.\n * @param memView The view\n * @param _newLoc The new location\n * @return written - the unsafe memory reference\n */\n function unsafeCopyTo(bytes29 memView, uint256 _newLoc) private view returns (bytes29 written) {\n require(notNull(memView), \"TypedMemView/copyTo - Null pointer deref\");\n require(isValid(memView), \"TypedMemView/copyTo - Invalid pointer deref\");\n uint256 _len = len(memView);\n uint256 _oldLoc = loc(memView);\n\n uint256 ptr;\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n ptr := mload(0x40)\n // revert if we're writing in occupied memory\n if gt(ptr, _newLoc) {\n revert(0x60, 0x20) // empty revert message\n }\n\n // use the identity precompile to copy\n // guaranteed not to fail, so pop the success\n pop(staticcall(gas(), 4, _oldLoc, _len, _newLoc, _len))\n }\n\n written = unsafeBuildUnchecked(typeOf(memView), _newLoc, _len);\n }\n\n /**\n * @notice Copies the referenced memory to a new loc in memory, returning a `bytes` pointing to\n * the new memory\n * @dev Shortcuts if the pointers are identical, otherwise compares type and digest.\n * @param memView The view\n * @return ret - The view pointing to the new memory\n */\n function clone(bytes29 memView) internal view returns (bytes memory ret) {\n uint256 ptr;\n uint256 _len = len(memView);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n ptr := mload(0x40) // load unused memory pointer\n ret := ptr\n }\n unsafeCopyTo(memView, ptr + 0x20);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n mstore(0x40, add(add(ptr, _len), 0x20)) // write new unused pointer\n mstore(ptr, _len) // write len of new array (in bytes)\n }\n }\n\n /**\n * @notice Join the views in memory, return an unsafe reference to the memory.\n * @dev Super Dangerous direct memory access.\n *\n * This reference can be overwritten if anything else modifies memory (!!!).\n * As such it MUST be consumed IMMEDIATELY.\n * This function is private to prevent unsafe usage by callers.\n * @param memViews The views\n * @return unsafeView - The conjoined view pointing to the new memory\n */\n function unsafeJoin(bytes29[] memory memViews, uint256 _location) private view returns (bytes29 unsafeView) {\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n let ptr := mload(0x40)\n // revert if we're writing in occupied memory\n if gt(ptr, _location) {\n revert(0x60, 0x20) // empty revert message\n }\n }\n\n uint256 _offset = 0;\n for (uint256 i = 0; i \u003c memViews.length; i ++) {\n bytes29 memView = memViews[i];\n unsafeCopyTo(memView, _location + _offset);\n _offset += len(memView);\n }\n unsafeView = unsafeBuildUnchecked(0, _location, _offset);\n }\n\n /**\n * @notice Produce the keccak256 digest of the concatenated contents of multiple views.\n * @param memViews The views\n * @return bytes32 - The keccak256 digest\n */\n function joinKeccak(bytes29[] memory memViews) internal view returns (bytes32) {\n uint256 ptr;\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n ptr := mload(0x40) // load unused memory pointer\n }\n return keccak(unsafeJoin(memViews, ptr));\n }\n\n /**\n * @notice Produce the sha256 digest of the concatenated contents of multiple views.\n * @param memViews The views\n * @return bytes32 - The sha256 digest\n */\n function joinSha2(bytes29[] memory memViews) internal view returns (bytes32) {\n uint256 ptr;\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n ptr := mload(0x40) // load unused memory pointer\n }\n return sha2(unsafeJoin(memViews, ptr));\n }\n\n /**\n * @notice copies all views, joins them into a new bytearray.\n * @param memViews The views\n * @return ret - The new byte array\n */\n function join(bytes29[] memory memViews) internal view returns (bytes memory ret) {\n uint256 ptr;\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n ptr := mload(0x40) // load unused memory pointer\n }\n\n bytes29 _newView = unsafeJoin(memViews, ptr + 0x20);\n uint256 _written = len(_newView);\n uint256 _footprint = footprint(_newView);\n\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n // store the legnth\n mstore(ptr, _written)\n // new pointer is old + 0x20 + the footprint of the body\n mstore(0x40, add(add(ptr, _footprint), 0x20))\n ret := ptr\n }\n }\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * @title IRelayer\n * @notice Sends messages from source domain to destination domain\n */\ninterface IRelayer {\n /**\n * @notice Sends an outgoing message from the source domain.\n * @dev Increment nonce, format the message, and emit `MessageSent` event with message information.\n * @param destinationDomain Domain of destination chain\n * @param recipient Address of message recipient on destination domain as bytes32\n * @param messageBody Raw bytes content of message\n * @return nonce reserved by message\n */\n function sendMessage(\n uint32 destinationDomain,\n bytes32 recipient,\n bytes calldata messageBody\n ) external returns (uint64);\n\n /**\n * @notice Sends an outgoing message from the source domain, with a specified caller on the\n * destination domain.\n * @dev Increment nonce, format the message, and emit `MessageSent` event with message information.\n * WARNING: if the `destinationCaller` does not represent a valid address as bytes32, then it will not be possible\n * to broadcast the message on the destination domain. This is an advanced feature, and the standard\n * sendMessage() should be preferred for use cases where a specific destination caller is not required.\n * @param destinationDomain Domain of destination chain\n * @param recipient Address of message recipient on destination domain as bytes32\n * @param destinationCaller caller on the destination domain, as bytes32\n * @param messageBody Raw bytes content of message\n * @return nonce reserved by message\n */\n function sendMessageWithCaller(\n uint32 destinationDomain,\n bytes32 recipient,\n bytes32 destinationCaller,\n bytes calldata messageBody\n ) external returns (uint64);\n\n /**\n * @notice Replace a message with a new message body and/or destination caller.\n * @dev The `originalAttestation` must be a valid attestation of `originalMessage`.\n * @param originalMessage original message to replace\n * @param originalAttestation attestation of `originalMessage`\n * @param newMessageBody new message body of replaced message\n * @param newDestinationCaller the new destination caller\n */\n function replaceMessage(\n bytes calldata originalMessage,\n bytes calldata originalAttestation,\n bytes calldata newMessageBody,\n bytes32 newDestinationCaller\n ) external;\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * @title IReceiver\n * @notice Receives messages on destination chain and forwards them to IMessageDestinationHandler\n */\ninterface IReceiver {\n /**\n * @notice Receives an incoming message, validating the header and passing\n * the body to application-specific handler.\n * @param message The message raw bytes\n * @param signature The message signature\n * @return success bool, true if successful\n */\n function receiveMessage(bytes calldata message, bytes calldata signature)\n external\n returns (bool success);\n}\n\n/**\n * @title IMessageTransmitter\n * @notice Interface for message transmitters, which both relay and receive messages.\n */\ninterface IMessageTransmitter is IRelayer, IReceiver {\n\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * @title IMessageHandler\n * @notice Handles messages on destination domain forwarded from\n * an IReceiver\n */\ninterface IMessageHandler {\n /**\n * @notice handles an incoming message from a Receiver\n * @param sourceDomain the source domain of the message\n * @param sender the sender of the message\n * @param messageBody The message raw bytes\n * @return success bool, true if successful\n */\n function handleReceiveMessage(\n uint32 sourceDomain,\n bytes32 sender,\n bytes calldata messageBody\n ) external returns (bool);\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * @title Message Library\n * @notice Library for formatted messages used by Relayer and Receiver.\n *\n * @dev The message body is dynamically-sized to support custom message body\n * formats. Other fields must be fixed-size to avoid hash collisions.\n * Each other input value has an explicit type to guarantee fixed-size.\n * Padding: uintNN fields are left-padded, and bytesNN fields are right-padded.\n *\n * Field Bytes Type Index\n * version 4 uint32 0\n * sourceDomain 4 uint32 4\n * destinationDomain 4 uint32 8\n * nonce 8 uint64 12\n * sender 32 bytes32 20\n * recipient 32 bytes32 52\n * destinationCaller 32 bytes32 84\n * messageBody dynamic bytes 116\n *\n **/\nlibrary Message {\n using TypedMemView for bytes;\n using TypedMemView for bytes29;\n\n // Indices of each field in message\n uint8 private constant VERSION_INDEX = 0;\n uint8 private constant SOURCE_DOMAIN_INDEX = 4;\n uint8 private constant DESTINATION_DOMAIN_INDEX = 8;\n uint8 private constant NONCE_INDEX = 12;\n uint8 private constant SENDER_INDEX = 20;\n uint8 private constant RECIPIENT_INDEX = 52;\n uint8 private constant DESTINATION_CALLER_INDEX = 84;\n uint8 private constant MESSAGE_BODY_INDEX = 116;\n\n /**\n * @notice Returns formatted (packed) message with provided fields\n * @param _msgVersion the version of the message format\n * @param _msgSourceDomain Domain of home chain\n * @param _msgDestinationDomain Domain of destination chain\n * @param _msgNonce Destination-specific nonce\n * @param _msgSender Address of sender on source chain as bytes32\n * @param _msgRecipient Address of recipient on destination chain as bytes32\n * @param _msgDestinationCaller Address of caller on destination chain as bytes32\n * @param _msgRawBody Raw bytes of message body\n * @return Formatted message\n **/\n function _formatMessage(\n uint32 _msgVersion,\n uint32 _msgSourceDomain,\n uint32 _msgDestinationDomain,\n uint64 _msgNonce,\n bytes32 _msgSender,\n bytes32 _msgRecipient,\n bytes32 _msgDestinationCaller,\n bytes memory _msgRawBody\n ) internal pure returns (bytes memory) {\n return\n abi.encodePacked(\n _msgVersion,\n _msgSourceDomain,\n _msgDestinationDomain,\n _msgNonce,\n _msgSender,\n _msgRecipient,\n _msgDestinationCaller,\n _msgRawBody\n );\n }\n\n // @notice Returns _message's version field\n function _version(bytes29 _message) internal pure returns (uint32) {\n return uint32(_message.indexUint(VERSION_INDEX, 4));\n }\n\n // @notice Returns _message's sourceDomain field\n function _sourceDomain(bytes29 _message) internal pure returns (uint32) {\n return uint32(_message.indexUint(SOURCE_DOMAIN_INDEX, 4));\n }\n\n // @notice Returns _message's destinationDomain field\n function _destinationDomain(bytes29 _message)\n internal\n pure\n returns (uint32)\n {\n return uint32(_message.indexUint(DESTINATION_DOMAIN_INDEX, 4));\n }\n\n // @notice Returns _message's nonce field\n function _nonce(bytes29 _message) internal pure returns (uint64) {\n return uint64(_message.indexUint(NONCE_INDEX, 8));\n }\n\n // @notice Returns _message's sender field\n function _sender(bytes29 _message) internal pure returns (bytes32) {\n return _message.index(SENDER_INDEX, 32);\n }\n\n // @notice Returns _message's recipient field\n function _recipient(bytes29 _message) internal pure returns (bytes32) {\n return _message.index(RECIPIENT_INDEX, 32);\n }\n\n // @notice Returns _message's destinationCaller field\n function _destinationCaller(bytes29 _message)\n internal\n pure\n returns (bytes32)\n {\n return _message.index(DESTINATION_CALLER_INDEX, 32);\n }\n\n // @notice Returns _message's messageBody field\n function _messageBody(bytes29 _message) internal pure returns (bytes29) {\n return\n _message.slice(\n MESSAGE_BODY_INDEX,\n _message.len() - MESSAGE_BODY_INDEX,\n 0\n );\n }\n\n /**\n * @notice converts address to bytes32 (alignment preserving cast.)\n * @param addr the address to convert to bytes32\n */\n function addressToBytes32(address addr) external pure returns (bytes32) {\n return bytes32(uint256(uint160(addr)));\n }\n\n /**\n * @notice converts bytes32 to address (alignment preserving cast.)\n * @dev Warning: it is possible to have different input values _buf map to the same address.\n * For use cases where this is not acceptable, validate that the first 12 bytes of _buf are zero-padding.\n * @param _buf the bytes32 to convert to address\n */\n function bytes32ToAddress(bytes32 _buf) public pure returns (address) {\n return address(uint160(uint256(_buf)));\n }\n\n /**\n * @notice Reverts if message is malformed or incorrect length\n * @param _message The message as bytes29\n */\n function _validateMessageFormat(bytes29 _message) internal pure {\n require(_message.isValid(), \"Malformed message\");\n require(\n _message.len() \u003e= MESSAGE_BODY_INDEX,\n \"Invalid message: too short\"\n );\n }\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/*\n * @dev Provides information about the current execution context, including the\n * sender of the transaction and its data. While these are generally available\n * via msg.sender and msg.data, they should not be accessed in such a direct\n * manner, since when dealing with GSN meta-transactions the account sending and\n * paying for execution may not be the actual sender (as far as an application\n * is concerned).\n *\n * This contract is only required for intermediate, library-like contracts.\n */\nabstract contract Context {\n function _msgSender() internal view virtual returns (address payable) {\n return msg.sender;\n }\n\n function _msgData() internal view virtual returns (bytes memory) {\n this; // silence state mutability warning without generating bytecode - see https://github.com/ethereum/solidity/issues/2691\n return msg.data;\n }\n}\n\n/**\n * @dev forked from https://github.com/OpenZeppelin/openzeppelin-contracts/blob/7c5f6bc2c8743d83443fa46395d75f2f3f99054a/contracts/access/Ownable.sol\n * Modifications:\n * 1. Update Solidity version from 0.8.0 to 0.7.6 (11/9/2022). (v8 was used\n * as base because it includes internal _transferOwnership method.)\n * 2. Remove renounceOwnership function\n *\n * Description\n * Contract module which provides a basic access control mechanism, where\n * there is an account (an owner) that can be granted exclusive access to\n * specific functions.\n *\n * By default, the owner account will be the one that deploys the contract. This\n * can later be changed with {transferOwnership}.\n *\n * This module is used through inheritance. It will make available the modifier\n * `onlyOwner`, which can be applied to your functions to restrict their use to\n * the owner.\n */\nabstract contract Ownable is Context {\n address private _owner;\n\n event OwnershipTransferred(\n address indexed previousOwner,\n address indexed newOwner\n );\n\n /**\n * @dev Initializes the contract setting the deployer as the initial owner.\n */\n constructor() {\n _transferOwnership(_msgSender());\n }\n\n /**\n * @dev Throws if called by any account other than the owner.\n */\n modifier onlyOwner() {\n _checkOwner();\n _;\n }\n\n /**\n * @dev Returns the address of the current owner.\n */\n function owner() public view virtual returns (address) {\n return _owner;\n }\n\n /**\n * @dev Throws if the sender is not the owner.\n */\n function _checkOwner() internal view virtual {\n require(owner() == _msgSender(), \"Ownable: caller is not the owner\");\n }\n\n /**\n * @dev Transfers ownership of the contract to a new account (`newOwner`).\n * Can only be called by the current owner.\n */\n function transferOwnership(address newOwner) public virtual onlyOwner {\n require(\n newOwner != address(0),\n \"Ownable: new owner is the zero address\"\n );\n _transferOwnership(newOwner);\n }\n\n /**\n * @dev Transfers ownership of the contract to a new account (`newOwner`).\n * Internal function without access restriction.\n */\n function _transferOwnership(address newOwner) internal virtual {\n address oldOwner = _owner;\n _owner = newOwner;\n emit OwnershipTransferred(oldOwner, newOwner);\n }\n}\n\n/**\n * @dev forked from https://github.com/OpenZeppelin/openzeppelin-contracts/blob/7c5f6bc2c8743d83443fa46395d75f2f3f99054a/contracts/access/Ownable2Step.sol\n * Modifications:\n * 1. Update Solidity version from 0.8.0 to 0.7.6. Version 0.8.0 was used\n * as base because this contract was added to OZ repo after version 0.8.0.\n *\n * Contract module which provides access control mechanism, where\n * there is an account (an owner) that can be granted exclusive access to\n * specific functions.\n *\n * By default, the owner account will be the one that deploys the contract. This\n * can later be changed with {transferOwnership} and {acceptOwnership}.\n *\n * This module is used through inheritance. It will make available all functions\n * from parent (Ownable).\n */\nabstract contract Ownable2Step is Ownable {\n address private _pendingOwner;\n\n event OwnershipTransferStarted(\n address indexed previousOwner,\n address indexed newOwner\n );\n\n /**\n * @dev Returns the address of the pending owner.\n */\n function pendingOwner() public view virtual returns (address) {\n return _pendingOwner;\n }\n\n /**\n * @dev Starts the ownership transfer of the contract to a new account. Replaces the pending transfer if there is one.\n * Can only be called by the current owner.\n */\n function transferOwnership(address newOwner)\n public\n virtual\n override\n onlyOwner\n {\n _pendingOwner = newOwner;\n emit OwnershipTransferStarted(owner(), newOwner);\n }\n\n /**\n * @dev Transfers ownership of the contract to a new account (`newOwner`) and deletes any pending owner.\n * Internal function without access restriction.\n */\n function _transferOwnership(address newOwner) internal virtual override {\n delete _pendingOwner;\n super._transferOwnership(newOwner);\n }\n\n /**\n * @dev The new owner accepts the ownership transfer.\n */\n function acceptOwnership() external {\n address sender = _msgSender();\n require(\n pendingOwner() == sender,\n \"Ownable2Step: caller is not the new owner\"\n );\n _transferOwnership(sender);\n }\n}\n\n/**\n * @notice Base contract which allows children to implement an emergency stop\n * mechanism\n * @dev Forked from https://github.com/centrehq/centre-tokens/blob/0d3cab14ebd133a83fc834dbd48d0468bdf0b391/contracts/v1/Pausable.sol\n * Modifications:\n * 1. Update Solidity version from 0.6.12 to 0.7.6 (8/23/2022)\n * 2. Change pauser visibility to private, declare external getter (11/19/22)\n */\ncontract Pausable is Ownable2Step {\n event Pause();\n event Unpause();\n event PauserChanged(address indexed newAddress);\n\n address private _pauser;\n bool public paused = false;\n\n /**\n * @dev Modifier to make a function callable only when the contract is not paused.\n */\n modifier whenNotPaused() {\n require(!paused, \"Pausable: paused\");\n _;\n }\n\n /**\n * @dev throws if called by any account other than the pauser\n */\n modifier onlyPauser() {\n require(msg.sender == _pauser, \"Pausable: caller is not the pauser\");\n _;\n }\n\n /**\n * @notice Returns current pauser\n * @return Pauser's address\n */\n function pauser() external view returns (address) {\n return _pauser;\n }\n\n /**\n * @dev called by the owner to pause, triggers stopped state\n */\n function pause() external onlyPauser {\n paused = true;\n emit Pause();\n }\n\n /**\n * @dev called by the owner to unpause, returns to normal state\n */\n function unpause() external onlyPauser {\n paused = false;\n emit Unpause();\n }\n\n /**\n * @dev update the pauser role\n */\n function updatePauser(address _newPauser) external onlyOwner {\n require(\n _newPauser != address(0),\n \"Pausable: new pauser is the zero address\"\n );\n _pauser = _newPauser;\n emit PauserChanged(_pauser);\n }\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * @dev Interface of the ERC20 standard as defined in the EIP.\n */\ninterface IERC20 {\n /**\n * @dev Returns the amount of tokens in existence.\n */\n function totalSupply() external view returns (uint256);\n\n /**\n * @dev Returns the amount of tokens owned by `account`.\n */\n function balanceOf(address account) external view returns (uint256);\n\n /**\n * @dev Moves `amount` tokens from the caller's account to `recipient`.\n *\n * Returns a boolean value indicating whether the operation succeeded.\n *\n * Emits a {Transfer} event.\n */\n function transfer(address recipient, uint256 amount) external returns (bool);\n\n /**\n * @dev Returns the remaining number of tokens that `spender` will be\n * allowed to spend on behalf of `owner` through {transferFrom}. This is\n * zero by default.\n *\n * This value changes when {approve} or {transferFrom} are called.\n */\n function allowance(address owner, address spender) external view returns (uint256);\n\n /**\n * @dev Sets `amount` as the allowance of `spender` over the caller's tokens.\n *\n * Returns a boolean value indicating whether the operation succeeded.\n *\n * IMPORTANT: Beware that changing an allowance with this method brings the risk\n * that someone may use both the old and the new allowance by unfortunate\n * transaction ordering. One possible solution to mitigate this race\n * condition is to first reduce the spender's allowance to 0 and set the\n * desired value afterwards:\n * https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729\n *\n * Emits an {Approval} event.\n */\n function approve(address spender, uint256 amount) external returns (bool);\n\n /**\n * @dev Moves `amount` tokens from `sender` to `recipient` using the\n * allowance mechanism. `amount` is then deducted from the caller's\n * allowance.\n *\n * Returns a boolean value indicating whether the operation succeeded.\n *\n * Emits a {Transfer} event.\n */\n function transferFrom(address sender, address recipient, uint256 amount) external returns (bool);\n\n /**\n * @dev Emitted when `value` tokens are moved from one account (`from`) to\n * another (`to`).\n *\n * Note that `value` may be zero.\n */\n event Transfer(address indexed from, address indexed to, uint256 value);\n\n /**\n * @dev Emitted when the allowance of a `spender` for an `owner` is set by\n * a call to {approve}. `value` is the new allowance.\n */\n event Approval(address indexed owner, address indexed spender, uint256 value);\n}\n\n/**\n * @dev Wrappers over Solidity's arithmetic operations with added overflow\n * checks.\n *\n * Arithmetic operations in Solidity wrap on overflow. This can easily result\n * in bugs, because programmers usually assume that an overflow raises an\n * error, which is the standard behavior in high level programming languages.\n * `SafeMath` restores this intuition by reverting the transaction when an\n * operation overflows.\n *\n * Using this library instead of the unchecked operations eliminates an entire\n * class of bugs, so it's recommended to use it always.\n */\nlibrary SafeMath {\n /**\n * @dev Returns the addition of two unsigned integers, with an overflow flag.\n *\n * _Available since v3.4._\n */\n function tryAdd(uint256 a, uint256 b) internal pure returns (bool, uint256) {\n uint256 c = a + b;\n if (c \u003c a) return (false, 0);\n return (true, c);\n }\n\n /**\n * @dev Returns the substraction of two unsigned integers, with an overflow flag.\n *\n * _Available since v3.4._\n */\n function trySub(uint256 a, uint256 b) internal pure returns (bool, uint256) {\n if (b \u003e a) return (false, 0);\n return (true, a - b);\n }\n\n /**\n * @dev Returns the multiplication of two unsigned integers, with an overflow flag.\n *\n * _Available since v3.4._\n */\n function tryMul(uint256 a, uint256 b) internal pure returns (bool, uint256) {\n // Gas optimization: this is cheaper than requiring 'a' not being zero, but the\n // benefit is lost if 'b' is also tested.\n // See: https://github.com/OpenZeppelin/openzeppelin-contracts/pull/522\n if (a == 0) return (true, 0);\n uint256 c = a * b;\n if (c / a != b) return (false, 0);\n return (true, c);\n }\n\n /**\n * @dev Returns the division of two unsigned integers, with a division by zero flag.\n *\n * _Available since v3.4._\n */\n function tryDiv(uint256 a, uint256 b) internal pure returns (bool, uint256) {\n if (b == 0) return (false, 0);\n return (true, a / b);\n }\n\n /**\n * @dev Returns the remainder of dividing two unsigned integers, with a division by zero flag.\n *\n * _Available since v3.4._\n */\n function tryMod(uint256 a, uint256 b) internal pure returns (bool, uint256) {\n if (b == 0) return (false, 0);\n return (true, a % b);\n }\n\n /**\n * @dev Returns the addition of two unsigned integers, reverting on\n * overflow.\n *\n * Counterpart to Solidity's `+` operator.\n *\n * Requirements:\n *\n * - Addition cannot overflow.\n */\n function add(uint256 a, uint256 b) internal pure returns (uint256) {\n uint256 c = a + b;\n require(c \u003e= a, \"SafeMath: addition overflow\");\n return c;\n }\n\n /**\n * @dev Returns the subtraction of two unsigned integers, reverting on\n * overflow (when the result is negative).\n *\n * Counterpart to Solidity's `-` operator.\n *\n * Requirements:\n *\n * - Subtraction cannot overflow.\n */\n function sub(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b \u003c= a, \"SafeMath: subtraction overflow\");\n return a - b;\n }\n\n /**\n * @dev Returns the multiplication of two unsigned integers, reverting on\n * overflow.\n *\n * Counterpart to Solidity's `*` operator.\n *\n * Requirements:\n *\n * - Multiplication cannot overflow.\n */\n function mul(uint256 a, uint256 b) internal pure returns (uint256) {\n if (a == 0) return 0;\n uint256 c = a * b;\n require(c / a == b, \"SafeMath: multiplication overflow\");\n return c;\n }\n\n /**\n * @dev Returns the integer division of two unsigned integers, reverting on\n * division by zero. The result is rounded towards zero.\n *\n * Counterpart to Solidity's `/` operator. Note: this function uses a\n * `revert` opcode (which leaves remaining gas untouched) while Solidity\n * uses an invalid opcode to revert (consuming all remaining gas).\n *\n * Requirements:\n *\n * - The divisor cannot be zero.\n */\n function div(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b \u003e 0, \"SafeMath: division by zero\");\n return a / b;\n }\n\n /**\n * @dev Returns the remainder of dividing two unsigned integers. (unsigned integer modulo),\n * reverting when dividing by zero.\n *\n * Counterpart to Solidity's `%` operator. This function uses a `revert`\n * opcode (which leaves remaining gas untouched) while Solidity uses an\n * invalid opcode to revert (consuming all remaining gas).\n *\n * Requirements:\n *\n * - The divisor cannot be zero.\n */\n function mod(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b \u003e 0, \"SafeMath: modulo by zero\");\n return a % b;\n }\n\n /**\n * @dev Returns the subtraction of two unsigned integers, reverting with custom message on\n * overflow (when the result is negative).\n *\n * CAUTION: This function is deprecated because it requires allocating memory for the error\n * message unnecessarily. For custom revert reasons use {trySub}.\n *\n * Counterpart to Solidity's `-` operator.\n *\n * Requirements:\n *\n * - Subtraction cannot overflow.\n */\n function sub(uint256 a, uint256 b, string memory errorMessage) internal pure returns (uint256) {\n require(b \u003c= a, errorMessage);\n return a - b;\n }\n\n /**\n * @dev Returns the integer division of two unsigned integers, reverting with custom message on\n * division by zero. The result is rounded towards zero.\n *\n * CAUTION: This function is deprecated because it requires allocating memory for the error\n * message unnecessarily. For custom revert reasons use {tryDiv}.\n *\n * Counterpart to Solidity's `/` operator. Note: this function uses a\n * `revert` opcode (which leaves remaining gas untouched) while Solidity\n * uses an invalid opcode to revert (consuming all remaining gas).\n *\n * Requirements:\n *\n * - The divisor cannot be zero.\n */\n function div(uint256 a, uint256 b, string memory errorMessage) internal pure returns (uint256) {\n require(b \u003e 0, errorMessage);\n return a / b;\n }\n\n /**\n * @dev Returns the remainder of dividing two unsigned integers. (unsigned integer modulo),\n * reverting with custom message when dividing by zero.\n *\n * CAUTION: This function is deprecated because it requires allocating memory for the error\n * message unnecessarily. For custom revert reasons use {tryMod}.\n *\n * Counterpart to Solidity's `%` operator. This function uses a `revert`\n * opcode (which leaves remaining gas untouched) while Solidity uses an\n * invalid opcode to revert (consuming all remaining gas).\n *\n * Requirements:\n *\n * - The divisor cannot be zero.\n */\n function mod(uint256 a, uint256 b, string memory errorMessage) internal pure returns (uint256) {\n require(b \u003e 0, errorMessage);\n return a % b;\n }\n}\n\n/**\n * @dev Collection of functions related to the address type\n */\nlibrary Address {\n /**\n * @dev Returns true if `account` is a contract.\n *\n * [IMPORTANT]\n * ====\n * It is unsafe to assume that an address for which this function returns\n * false is an externally-owned account (EOA) and not a contract.\n *\n * Among others, `isContract` will return false for the following\n * types of addresses:\n *\n * - an externally-owned account\n * - a contract in construction\n * - an address where a contract will be created\n * - an address where a contract lived, but was destroyed\n * ====\n */\n function isContract(address account) internal view returns (bool) {\n // This method relies on extcodesize, which returns 0 for contracts in\n // construction, since the code is only stored at the end of the\n // constructor execution.\n\n uint256 size;\n // solhint-disable-next-line no-inline-assembly\n assembly { size := extcodesize(account) }\n return size \u003e 0;\n }\n\n /**\n * @dev Replacement for Solidity's `transfer`: sends `amount` wei to\n * `recipient`, forwarding all available gas and reverting on errors.\n *\n * https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost\n * of certain opcodes, possibly making contracts go over the 2300 gas limit\n * imposed by `transfer`, making them unable to receive funds via\n * `transfer`. {sendValue} removes this limitation.\n *\n * https://diligence.consensys.net/posts/2019/09/stop-using-soliditys-transfer-now/[Learn more].\n *\n * IMPORTANT: because control is transferred to `recipient`, care must be\n * taken to not create reentrancy vulnerabilities. Consider using\n * {ReentrancyGuard} or the\n * https://solidity.readthedocs.io/en/v0.5.11/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern].\n */\n function sendValue(address payable recipient, uint256 amount) internal {\n require(address(this).balance \u003e= amount, \"Address: insufficient balance\");\n\n // solhint-disable-next-line avoid-low-level-calls, avoid-call-value\n (bool success, ) = recipient.call{ value: amount }(\"\");\n require(success, \"Address: unable to send value, recipient may have reverted\");\n }\n\n /**\n * @dev Performs a Solidity function call using a low level `call`. A\n * plain`call` is an unsafe replacement for a function call: use this\n * function instead.\n *\n * If `target` reverts with a revert reason, it is bubbled up by this\n * function (like regular Solidity function calls).\n *\n * Returns the raw returned data. To convert to the expected return value,\n * use https://solidity.readthedocs.io/en/latest/units-and-global-variables.html?highlight=abi.decode#abi-encoding-and-decoding-functions[`abi.decode`].\n *\n * Requirements:\n *\n * - `target` must be a contract.\n * - calling `target` with `data` must not revert.\n *\n * _Available since v3.1._\n */\n function functionCall(address target, bytes memory data) internal returns (bytes memory) {\n return functionCall(target, data, \"Address: low-level call failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], but with\n * `errorMessage` as a fallback revert reason when `target` reverts.\n *\n * _Available since v3.1._\n */\n function functionCall(address target, bytes memory data, string memory errorMessage) internal returns (bytes memory) {\n return functionCallWithValue(target, data, 0, errorMessage);\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\n * but also transferring `value` wei to `target`.\n *\n * Requirements:\n *\n * - the calling contract must have an ETH balance of at least `value`.\n * - the called Solidity function must be `payable`.\n *\n * _Available since v3.1._\n */\n function functionCallWithValue(address target, bytes memory data, uint256 value) internal returns (bytes memory) {\n return functionCallWithValue(target, data, value, \"Address: low-level call with value failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCallWithValue-address-bytes-uint256-}[`functionCallWithValue`], but\n * with `errorMessage` as a fallback revert reason when `target` reverts.\n *\n * _Available since v3.1._\n */\n function functionCallWithValue(address target, bytes memory data, uint256 value, string memory errorMessage) internal returns (bytes memory) {\n require(address(this).balance \u003e= value, \"Address: insufficient balance for call\");\n require(isContract(target), \"Address: call to non-contract\");\n\n // solhint-disable-next-line avoid-low-level-calls\n (bool success, bytes memory returndata) = target.call{ value: value }(data);\n return _verifyCallResult(success, returndata, errorMessage);\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\n * but performing a static call.\n *\n * _Available since v3.3._\n */\n function functionStaticCall(address target, bytes memory data) internal view returns (bytes memory) {\n return functionStaticCall(target, data, \"Address: low-level static call failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],\n * but performing a static call.\n *\n * _Available since v3.3._\n */\n function functionStaticCall(address target, bytes memory data, string memory errorMessage) internal view returns (bytes memory) {\n require(isContract(target), \"Address: static call to non-contract\");\n\n // solhint-disable-next-line avoid-low-level-calls\n (bool success, bytes memory returndata) = target.staticcall(data);\n return _verifyCallResult(success, returndata, errorMessage);\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\n * but performing a delegate call.\n *\n * _Available since v3.4._\n */\n function functionDelegateCall(address target, bytes memory data) internal returns (bytes memory) {\n return functionDelegateCall(target, data, \"Address: low-level delegate call failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],\n * but performing a delegate call.\n *\n * _Available since v3.4._\n */\n function functionDelegateCall(address target, bytes memory data, string memory errorMessage) internal returns (bytes memory) {\n require(isContract(target), \"Address: delegate call to non-contract\");\n\n // solhint-disable-next-line avoid-low-level-calls\n (bool success, bytes memory returndata) = target.delegatecall(data);\n return _verifyCallResult(success, returndata, errorMessage);\n }\n\n function _verifyCallResult(bool success, bytes memory returndata, string memory errorMessage) private pure returns(bytes memory) {\n if (success) {\n return returndata;\n } else {\n // Look for revert reason and bubble it up if present\n if (returndata.length \u003e 0) {\n // The easiest way to bubble the revert reason is using memory via assembly\n\n // solhint-disable-next-line no-inline-assembly\n assembly {\n let returndata_size := mload(returndata)\n revert(add(32, returndata), returndata_size)\n }\n } else {\n revert(errorMessage);\n }\n }\n }\n}\n\n/**\n * @title SafeERC20\n * @dev Wrappers around ERC20 operations that throw on failure (when the token\n * contract returns false). Tokens that return no value (and instead revert or\n * throw on failure) are also supported, non-reverting calls are assumed to be\n * successful.\n * To use this library you can add a `using SafeERC20 for IERC20;` statement to your contract,\n * which allows you to call the safe operations as `token.safeTransfer(...)`, etc.\n */\nlibrary SafeERC20 {\n using SafeMath for uint256;\n using Address for address;\n\n function safeTransfer(IERC20 token, address to, uint256 value) internal {\n _callOptionalReturn(token, abi.encodeWithSelector(token.transfer.selector, to, value));\n }\n\n function safeTransferFrom(IERC20 token, address from, address to, uint256 value) internal {\n _callOptionalReturn(token, abi.encodeWithSelector(token.transferFrom.selector, from, to, value));\n }\n\n /**\n * @dev Deprecated. This function has issues similar to the ones found in\n * {IERC20-approve}, and its usage is discouraged.\n *\n * Whenever possible, use {safeIncreaseAllowance} and\n * {safeDecreaseAllowance} instead.\n */\n function safeApprove(IERC20 token, address spender, uint256 value) internal {\n // safeApprove should only be called when setting an initial allowance,\n // or when resetting it to zero. To increase and decrease it, use\n // 'safeIncreaseAllowance' and 'safeDecreaseAllowance'\n // solhint-disable-next-line max-line-length\n require((value == 0) || (token.allowance(address(this), spender) == 0),\n \"SafeERC20: approve from non-zero to non-zero allowance\"\n );\n _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, value));\n }\n\n function safeIncreaseAllowance(IERC20 token, address spender, uint256 value) internal {\n uint256 newAllowance = token.allowance(address(this), spender).add(value);\n _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, newAllowance));\n }\n\n function safeDecreaseAllowance(IERC20 token, address spender, uint256 value) internal {\n uint256 newAllowance = token.allowance(address(this), spender).sub(value, \"SafeERC20: decreased allowance below zero\");\n _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, newAllowance));\n }\n\n /**\n * @dev Imitates a Solidity high-level call (i.e. a regular function call to a contract), relaxing the requirement\n * on the return value: the return value is optional (but if data is returned, it must not be false).\n * @param token The token targeted by the call.\n * @param data The call data (encoded using abi.encode or one of its variants).\n */\n function _callOptionalReturn(IERC20 token, bytes memory data) private {\n // We need to perform a low level call here, to bypass Solidity's return data size checking mechanism, since\n // we're implementing it ourselves. We use {Address.functionCall} to perform this call, which verifies that\n // the target address contains contract code and also asserts for success in the low-level call.\n\n bytes memory returndata = address(token).functionCall(data, \"SafeERC20: low-level call failed\");\n if (returndata.length \u003e 0) { // Return data is optional\n // solhint-disable-next-line max-line-length\n require(abi.decode(returndata, (bool)), \"SafeERC20: ERC20 operation did not succeed\");\n }\n }\n}\n\n/**\n * @notice Base contract which allows children to rescue ERC20 locked in their contract.\n * @dev Forked from https://github.com/centrehq/centre-tokens/blob/0d3cab14ebd133a83fc834dbd48d0468bdf0b391/contracts/v1.1/Rescuable.sol\n * Modifications:\n * 1. Update Solidity version from 0.6.12 to 0.7.6 (8/23/2022)\n */\ncontract Rescuable is Ownable2Step {\n using SafeERC20 for IERC20;\n\n address private _rescuer;\n\n event RescuerChanged(address indexed newRescuer);\n\n /**\n * @notice Returns current rescuer\n * @return Rescuer's address\n */\n function rescuer() external view returns (address) {\n return _rescuer;\n }\n\n /**\n * @notice Revert if called by any account other than the rescuer.\n */\n modifier onlyRescuer() {\n require(msg.sender == _rescuer, \"Rescuable: caller is not the rescuer\");\n _;\n }\n\n /**\n * @notice Rescue ERC20 tokens locked up in this contract.\n * @param tokenContract ERC20 token contract address\n * @param to Recipient address\n * @param amount Amount to withdraw\n */\n function rescueERC20(\n IERC20 tokenContract,\n address to,\n uint256 amount\n ) external onlyRescuer {\n tokenContract.safeTransfer(to, amount);\n }\n\n /**\n * @notice Assign the rescuer role to a given address.\n * @param newRescuer New rescuer's address\n */\n function updateRescuer(address newRescuer) external onlyOwner {\n require(\n newRescuer != address(0),\n \"Rescuable: new rescuer is the zero address\"\n );\n _rescuer = newRescuer;\n emit RescuerChanged(newRescuer);\n }\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * @dev Library for managing\n * https://en.wikipedia.org/wiki/Set_(abstract_data_type)[sets] of primitive\n * types.\n *\n * Sets have the following properties:\n *\n * - Elements are added, removed, and checked for existence in constant time\n * (O(1)).\n * - Elements are enumerated in O(n). No guarantees are made on the ordering.\n *\n * ```\n * contract Example {\n * // Add the library methods\n * using EnumerableSet for EnumerableSet.AddressSet;\n *\n * // Declare a set state variable\n * EnumerableSet.AddressSet private mySet;\n * }\n * ```\n *\n * As of v3.3.0, sets of type `bytes32` (`Bytes32Set`), `address` (`AddressSet`)\n * and `uint256` (`UintSet`) are supported.\n */\nlibrary EnumerableSet {\n // To implement this library for multiple types with as little code\n // repetition as possible, we write it in terms of a generic Set type with\n // bytes32 values.\n // The Set implementation uses private functions, and user-facing\n // implementations (such as AddressSet) are just wrappers around the\n // underlying Set.\n // This means that we can only create new EnumerableSets for types that fit\n // in bytes32.\n\n struct Set {\n // Storage of set values\n bytes32[] _values;\n\n // Position of the value in the `values` array, plus 1 because index 0\n // means a value is not in the set.\n mapping (bytes32 =\u003e uint256) _indexes;\n }\n\n /**\n * @dev Add a value to a set. O(1).\n *\n * Returns true if the value was added to the set, that is if it was not\n * already present.\n */\n function _add(Set storage set, bytes32 value) private returns (bool) {\n if (!_contains(set, value)) {\n set._values.push(value);\n // The value is stored at length-1, but we add 1 to all indexes\n // and use 0 as a sentinel value\n set._indexes[value] = set._values.length;\n return true;\n } else {\n return false;\n }\n }\n\n /**\n * @dev Removes a value from a set. O(1).\n *\n * Returns true if the value was removed from the set, that is if it was\n * present.\n */\n function _remove(Set storage set, bytes32 value) private returns (bool) {\n // We read and store the value's index to prevent multiple reads from the same storage slot\n uint256 valueIndex = set._indexes[value];\n\n if (valueIndex != 0) { // Equivalent to contains(set, value)\n // To delete an element from the _values array in O(1), we swap the element to delete with the last one in\n // the array, and then remove the last element (sometimes called as 'swap and pop').\n // This modifies the order of the array, as noted in {at}.\n\n uint256 toDeleteIndex = valueIndex - 1;\n uint256 lastIndex = set._values.length - 1;\n\n // When the value to delete is the last one, the swap operation is unnecessary. However, since this occurs\n // so rarely, we still do the swap anyway to avoid the gas cost of adding an 'if' statement.\n\n bytes32 lastvalue = set._values[lastIndex];\n\n // Move the last value to the index where the value to delete is\n set._values[toDeleteIndex] = lastvalue;\n // Update the index for the moved value\n set._indexes[lastvalue] = toDeleteIndex + 1; // All indexes are 1-based\n\n // Delete the slot where the moved value was stored\n set._values.pop();\n\n // Delete the index for the deleted slot\n delete set._indexes[value];\n\n return true;\n } else {\n return false;\n }\n }\n\n /**\n * @dev Returns true if the value is in the set. O(1).\n */\n function _contains(Set storage set, bytes32 value) private view returns (bool) {\n return set._indexes[value] != 0;\n }\n\n /**\n * @dev Returns the number of values on the set. O(1).\n */\n function _length(Set storage set) private view returns (uint256) {\n return set._values.length;\n }\n\n /**\n * @dev Returns the value stored at position `index` in the set. O(1).\n *\n * Note that there are no guarantees on the ordering of values inside the\n * array, and it may change when more values are added or removed.\n *\n * Requirements:\n *\n * - `index` must be strictly less than {length}.\n */\n function _at(Set storage set, uint256 index) private view returns (bytes32) {\n require(set._values.length \u003e index, \"EnumerableSet: index out of bounds\");\n return set._values[index];\n }\n\n // Bytes32Set\n\n struct Bytes32Set {\n Set _inner;\n }\n\n /**\n * @dev Add a value to a set. O(1).\n *\n * Returns true if the value was added to the set, that is if it was not\n * already present.\n */\n function add(Bytes32Set storage set, bytes32 value) internal returns (bool) {\n return _add(set._inner, value);\n }\n\n /**\n * @dev Removes a value from a set. O(1).\n *\n * Returns true if the value was removed from the set, that is if it was\n * present.\n */\n function remove(Bytes32Set storage set, bytes32 value) internal returns (bool) {\n return _remove(set._inner, value);\n }\n\n /**\n * @dev Returns true if the value is in the set. O(1).\n */\n function contains(Bytes32Set storage set, bytes32 value) internal view returns (bool) {\n return _contains(set._inner, value);\n }\n\n /**\n * @dev Returns the number of values in the set. O(1).\n */\n function length(Bytes32Set storage set) internal view returns (uint256) {\n return _length(set._inner);\n }\n\n /**\n * @dev Returns the value stored at position `index` in the set. O(1).\n *\n * Note that there are no guarantees on the ordering of values inside the\n * array, and it may change when more values are added or removed.\n *\n * Requirements:\n *\n * - `index` must be strictly less than {length}.\n */\n function at(Bytes32Set storage set, uint256 index) internal view returns (bytes32) {\n return _at(set._inner, index);\n }\n\n // AddressSet\n\n struct AddressSet {\n Set _inner;\n }\n\n /**\n * @dev Add a value to a set. O(1).\n *\n * Returns true if the value was added to the set, that is if it was not\n * already present.\n */\n function add(AddressSet storage set, address value) internal returns (bool) {\n return _add(set._inner, bytes32(uint256(uint160(value))));\n }\n\n /**\n * @dev Removes a value from a set. O(1).\n *\n * Returns true if the value was removed from the set, that is if it was\n * present.\n */\n function remove(AddressSet storage set, address value) internal returns (bool) {\n return _remove(set._inner, bytes32(uint256(uint160(value))));\n }\n\n /**\n * @dev Returns true if the value is in the set. O(1).\n */\n function contains(AddressSet storage set, address value) internal view returns (bool) {\n return _contains(set._inner, bytes32(uint256(uint160(value))));\n }\n\n /**\n * @dev Returns the number of values in the set. O(1).\n */\n function length(AddressSet storage set) internal view returns (uint256) {\n return _length(set._inner);\n }\n\n /**\n * @dev Returns the value stored at position `index` in the set. O(1).\n *\n * Note that there are no guarantees on the ordering of values inside the\n * array, and it may change when more values are added or removed.\n *\n * Requirements:\n *\n * - `index` must be strictly less than {length}.\n */\n function at(AddressSet storage set, uint256 index) internal view returns (address) {\n return address(uint160(uint256(_at(set._inner, index))));\n }\n\n // UintSet\n\n struct UintSet {\n Set _inner;\n }\n\n /**\n * @dev Add a value to a set. O(1).\n *\n * Returns true if the value was added to the set, that is if it was not\n * already present.\n */\n function add(UintSet storage set, uint256 value) internal returns (bool) {\n return _add(set._inner, bytes32(value));\n }\n\n /**\n * @dev Removes a value from a set. O(1).\n *\n * Returns true if the value was removed from the set, that is if it was\n * present.\n */\n function remove(UintSet storage set, uint256 value) internal returns (bool) {\n return _remove(set._inner, bytes32(value));\n }\n\n /**\n * @dev Returns true if the value is in the set. O(1).\n */\n function contains(UintSet storage set, uint256 value) internal view returns (bool) {\n return _contains(set._inner, bytes32(value));\n }\n\n /**\n * @dev Returns the number of values on the set. O(1).\n */\n function length(UintSet storage set) internal view returns (uint256) {\n return _length(set._inner);\n }\n\n /**\n * @dev Returns the value stored at position `index` in the set. O(1).\n *\n * Note that there are no guarantees on the ordering of values inside the\n * array, and it may change when more values are added or removed.\n *\n * Requirements:\n *\n * - `index` must be strictly less than {length}.\n */\n function at(UintSet storage set, uint256 index) internal view returns (uint256) {\n return uint256(_at(set._inner, index));\n }\n}\n\n/**\n * @dev Elliptic Curve Digital Signature Algorithm (ECDSA) operations.\n *\n * These functions can be used to verify that a message was signed by the holder\n * of the private keys of a given address.\n */\nlibrary ECDSA {\n /**\n * @dev Returns the address that signed a hashed message (`hash`) with\n * `signature`. This address can then be used for verification purposes.\n *\n * The `ecrecover` EVM opcode allows for malleable (non-unique) signatures:\n * this function rejects them by requiring the `s` value to be in the lower\n * half order, and the `v` value to be either 27 or 28.\n *\n * IMPORTANT: `hash` _must_ be the result of a hash operation for the\n * verification to be secure: it is possible to craft signatures that\n * recover to arbitrary addresses for non-hashed data. A safe way to ensure\n * this is by receiving a hash of the original message (which may otherwise\n * be too long), and then calling {toEthSignedMessageHash} on it.\n */\n function recover(bytes32 hash, bytes memory signature) internal pure returns (address) {\n // Check the signature length\n if (signature.length != 65) {\n revert(\"ECDSA: invalid signature length\");\n }\n\n // Divide the signature in r, s and v variables\n bytes32 r;\n bytes32 s;\n uint8 v;\n\n // ecrecover takes the signature parameters, and the only way to get them\n // currently is to use assembly.\n // solhint-disable-next-line no-inline-assembly\n assembly {\n r := mload(add(signature, 0x20))\n s := mload(add(signature, 0x40))\n v := byte(0, mload(add(signature, 0x60)))\n }\n\n return recover(hash, v, r, s);\n }\n\n /**\n * @dev Overload of {ECDSA-recover-bytes32-bytes-} that receives the `v`,\n * `r` and `s` signature fields separately.\n */\n function recover(bytes32 hash, uint8 v, bytes32 r, bytes32 s) internal pure returns (address) {\n // EIP-2 still allows signature malleability for ecrecover(). Remove this possibility and make the signature\n // unique. Appendix F in the Ethereum Yellow paper (https://ethereum.github.io/yellowpaper/paper.pdf), defines\n // the valid range for s in (281): 0 \u003c s \u003c secp256k1n ÷ 2 + 1, and for v in (282): v ∈ {27, 28}. Most\n // signatures from current libraries generate a unique signature with an s-value in the lower half order.\n //\n // If your library generates malleable signatures, such as s-values in the upper range, calculate a new s-value\n // with 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141 - s1 and flip v from 27 to 28 or\n // vice versa. If your library also generates signatures with 0/1 for v instead 27/28, add 27 to v to accept\n // these malleable signatures as well.\n require(uint256(s) \u003c= 0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0, \"ECDSA: invalid signature 's' value\");\n require(v == 27 || v == 28, \"ECDSA: invalid signature 'v' value\");\n\n // If the signature is valid (and not malleable), return the signer address\n address signer = ecrecover(hash, v, r, s);\n require(signer != address(0), \"ECDSA: invalid signature\");\n\n return signer;\n }\n\n /**\n * @dev Returns an Ethereum Signed Message, created from a `hash`. This\n * replicates the behavior of the\n * https://github.com/ethereum/wiki/wiki/JSON-RPC#eth_sign[`eth_sign`]\n * JSON-RPC method.\n *\n * See {recover}.\n */\n function toEthSignedMessageHash(bytes32 hash) internal pure returns (bytes32) {\n // 32 is the length in bytes of hash,\n // enforced by the type signature above\n return keccak256(abi.encodePacked(\"\\x19Ethereum Signed Message:\\n32\", hash));\n }\n}\n\ncontract Attestable is Ownable2Step {\n // ============ Events ============\n /**\n * @notice Emitted when an attester is enabled\n * @param attester newly enabled attester\n */\n event AttesterEnabled(address indexed attester);\n\n /**\n * @notice Emitted when an attester is disabled\n * @param attester newly disabled attester\n */\n event AttesterDisabled(address indexed attester);\n\n /**\n * @notice Emitted when threshold number of attestations (m in m/n multisig) is updated\n * @param oldSignatureThreshold old signature threshold\n * @param newSignatureThreshold new signature threshold\n */\n event SignatureThresholdUpdated(\n uint256 oldSignatureThreshold,\n uint256 newSignatureThreshold\n );\n\n /**\n * @dev Emitted when attester manager address is updated\n * @param previousAttesterManager representing the address of the previous attester manager\n * @param newAttesterManager representing the address of the new attester manager\n */\n event AttesterManagerUpdated(\n address indexed previousAttesterManager,\n address indexed newAttesterManager\n );\n\n // ============ Libraries ============\n using EnumerableSet for EnumerableSet.AddressSet;\n\n // ============ State Variables ============\n // number of signatures from distinct attesters required for a message to be received (m in m/n multisig)\n uint256 public signatureThreshold;\n\n // 65-byte ECDSA signature: v (32) + r (32) + s (1)\n uint256 internal constant signatureLength = 65;\n\n // enabled attesters (message signers)\n // (length of enabledAttesters is n in m/n multisig of message signers)\n EnumerableSet.AddressSet private enabledAttesters;\n\n // Attester Manager of the contract\n address private _attesterManager;\n\n // ============ Modifiers ============\n /**\n * @dev Throws if called by any account other than the attester manager.\n */\n modifier onlyAttesterManager() {\n require(msg.sender == _attesterManager, \"Caller not attester manager\");\n _;\n }\n\n // ============ Constructor ============\n /**\n * @dev The constructor sets the original attester manager of the contract to the sender account.\n * @param attester attester to initialize\n */\n constructor(address attester) {\n _setAttesterManager(msg.sender);\n // Initially 1 signature is required. Threshold can be increased by attesterManager.\n signatureThreshold = 1;\n enableAttester(attester);\n }\n\n // ============ Public/External Functions ============\n /**\n * @notice Enables an attester\n * @dev Only callable by attesterManager. New attester must be nonzero, and currently disabled.\n * @param newAttester attester to enable\n */\n function enableAttester(address newAttester) public onlyAttesterManager {\n require(newAttester != address(0), \"New attester must be nonzero\");\n require(enabledAttesters.add(newAttester), \"Attester already enabled\");\n emit AttesterEnabled(newAttester);\n }\n\n /**\n * @notice returns true if given `attester` is enabled, else false\n * @param attester attester to check enabled status of\n * @return true if given `attester` is enabled, else false\n */\n function isEnabledAttester(address attester) public view returns (bool) {\n return enabledAttesters.contains(attester);\n }\n\n /**\n * @notice returns the number of enabled attesters\n * @return number of enabled attesters\n */\n function getNumEnabledAttesters() public view returns (uint256) {\n return enabledAttesters.length();\n }\n\n /**\n * @dev Allows the current attester manager to transfer control of the contract to a newAttesterManager.\n * @param newAttesterManager The address to update attester manager to.\n */\n function updateAttesterManager(address newAttesterManager)\n external\n onlyOwner\n {\n require(\n newAttesterManager != address(0),\n \"Invalid attester manager address\"\n );\n address _oldAttesterManager = _attesterManager;\n _setAttesterManager(newAttesterManager);\n emit AttesterManagerUpdated(_oldAttesterManager, newAttesterManager);\n }\n\n /**\n * @notice Disables an attester\n * @dev Only callable by attesterManager. Disabling the attester is not allowed if there is only one attester\n * enabled, or if it would cause the number of enabled attesters to become less than signatureThreshold.\n * (Attester must be currently enabled.)\n * @param attester attester to disable\n */\n function disableAttester(address attester) external onlyAttesterManager {\n // Disallow disabling attester if there is only 1 active attester\n uint256 _numEnabledAttesters = getNumEnabledAttesters();\n\n require(_numEnabledAttesters \u003e 1, \"Too few enabled attesters\");\n\n // Disallow disabling an attester if it would cause the n in m/n multisig to fall below m (threshold # of signers).\n require(\n _numEnabledAttesters \u003e signatureThreshold,\n \"Signature threshold is too low\"\n );\n\n require(enabledAttesters.remove(attester), \"Attester already disabled\");\n emit AttesterDisabled(attester);\n }\n\n /**\n * @notice Sets the threshold of signatures required to attest to a message.\n * (This is the m in m/n multisig.)\n * @dev new signature threshold must be nonzero, and must not exceed number\n * of enabled attesters.\n * @param newSignatureThreshold new signature threshold\n */\n function setSignatureThreshold(uint256 newSignatureThreshold)\n external\n onlyAttesterManager\n {\n require(newSignatureThreshold != 0, \"Invalid signature threshold\");\n\n // New signature threshold cannot exceed the number of enabled attesters\n require(\n newSignatureThreshold \u003c= enabledAttesters.length(),\n \"New signature threshold too high\"\n );\n\n require(\n newSignatureThreshold != signatureThreshold,\n \"Signature threshold already set\"\n );\n\n uint256 _oldSignatureThreshold = signatureThreshold;\n signatureThreshold = newSignatureThreshold;\n emit SignatureThresholdUpdated(\n _oldSignatureThreshold,\n signatureThreshold\n );\n }\n\n /**\n * @dev Returns the address of the attester manager\n * @return address of the attester manager\n */\n function attesterManager() external view returns (address) {\n return _attesterManager;\n }\n\n /**\n * @notice gets enabled attester at given `index`\n * @param index index of attester to check\n * @return enabled attester at given `index`\n */\n function getEnabledAttester(uint256 index) external view returns (address) {\n return enabledAttesters.at(index);\n }\n\n // ============ Internal Utils ============\n /**\n * @dev Sets a new attester manager address\n * @param _newAttesterManager attester manager address to set\n */\n function _setAttesterManager(address _newAttesterManager) internal {\n _attesterManager = _newAttesterManager;\n }\n\n /**\n * @notice reverts if the attestation, which is comprised of one or more concatenated 65-byte signatures, is invalid.\n * @dev Rules for valid attestation:\n * 1. length of `_attestation` == 65 (signature length) * signatureThreshold\n * 2. addresses recovered from attestation must be in increasing order.\n * For example, if signature A is signed by address 0x1..., and signature B\n * is signed by address 0x2..., attestation must be passed as AB.\n * 3. no duplicate signers\n * 4. all signers must be enabled attesters\n *\n * Based on Christian Lundkvist's Simple Multisig\n * (https://github.com/christianlundkvist/simple-multisig/tree/560c463c8651e0a4da331bd8f245ccd2a48ab63d)\n * @param _message message to verify attestation of\n * @param _attestation attestation of `_message`\n */\n function _verifyAttestationSignatures(\n bytes calldata _message,\n bytes calldata _attestation\n ) internal view {\n require(\n _attestation.length == signatureLength * signatureThreshold,\n \"Invalid attestation length\"\n );\n\n // (Attesters cannot be address(0))\n address _latestAttesterAddress = address(0);\n // Address recovered from signatures must be in increasing order, to prevent duplicates\n\n bytes32 _digest = keccak256(_message);\n\n for (uint256 i; i \u003c signatureThreshold; ++i) {\n bytes memory _signature = _attestation[i * signatureLength:i *\n signatureLength +\n signatureLength];\n\n address _recoveredAttester = _recoverAttesterSignature(\n _digest,\n _signature\n );\n\n // Signatures must be in increasing order of address, and may not duplicate signatures from same address\n require(\n _recoveredAttester \u003e _latestAttesterAddress,\n \"Invalid signature order or dupe\"\n );\n require(\n isEnabledAttester(_recoveredAttester),\n \"Invalid signature: not attester\"\n );\n _latestAttesterAddress = _recoveredAttester;\n }\n }\n\n /**\n * @notice Checks that signature was signed by attester\n * @param _digest message hash\n * @param _signature message signature\n * @return address of recovered signer\n **/\n function _recoverAttesterSignature(bytes32 _digest, bytes memory _signature)\n internal\n pure\n returns (address)\n {\n return (ECDSA.recover(_digest, _signature));\n }\n}\n\n/**\n * @title MessageTransmitter\n * @notice Contract responsible for sending and receiving messages across chains.\n */\ncontract MessageTransmitter is\n IMessageTransmitter,\n Pausable,\n Rescuable,\n Attestable\n{\n // ============ Events ============\n /**\n * @notice Emitted when a new message is dispatched\n * @param message Raw bytes of message\n */\n event MessageSent(bytes message);\n\n /**\n * @notice Emitted when a new message is received\n * @param caller Caller (msg.sender) on destination domain\n * @param sourceDomain The source domain this message originated from\n * @param nonce The nonce unique to this message\n * @param sender The sender of this message\n * @param messageBody message body bytes\n */\n event MessageReceived(\n address indexed caller,\n uint32 sourceDomain,\n uint64 indexed nonce,\n bytes32 sender,\n bytes messageBody\n );\n\n /**\n * @notice Emitted when max message body size is updated\n * @param newMaxMessageBodySize new maximum message body size, in bytes\n */\n event MaxMessageBodySizeUpdated(uint256 newMaxMessageBodySize);\n\n // ============ Libraries ============\n using TypedMemView for bytes;\n using TypedMemView for bytes29;\n using Message for bytes29;\n\n // ============ State Variables ============\n // Domain of chain on which the contract is deployed\n uint32 public immutable localDomain;\n\n // Message Format version\n uint32 public immutable version;\n\n // Maximum size of message body, in bytes.\n // This value is set by owner.\n uint256 public maxMessageBodySize;\n\n // Next available nonce from this source domain\n uint64 public nextAvailableNonce;\n\n // Maps a bytes32 hash of (sourceDomain, nonce) -\u003e uint256 (0 if unused, 1 if used)\n mapping(bytes32 =\u003e uint256) public usedNonces;\n\n // ============ Constructor ============\n constructor(\n uint32 _localDomain,\n address _attester,\n uint32 _maxMessageBodySize,\n uint32 _version\n ) Attestable(_attester) {\n localDomain = _localDomain;\n maxMessageBodySize = _maxMessageBodySize;\n version = _version;\n }\n\n // ============ External Functions ============\n /**\n * @notice Send the message to the destination domain and recipient\n * @dev Increment nonce, format the message, and emit `MessageSent` event with message information.\n * @param destinationDomain Domain of destination chain\n * @param recipient Address of message recipient on destination chain as bytes32\n * @param messageBody Raw bytes content of message\n * @return nonce reserved by message\n */\n function sendMessage(\n uint32 destinationDomain,\n bytes32 recipient,\n bytes calldata messageBody\n ) external override whenNotPaused returns (uint64) {\n bytes32 _emptyDestinationCaller = bytes32(0);\n uint64 _nonce = _reserveAndIncrementNonce();\n bytes32 _messageSender = Message.addressToBytes32(msg.sender);\n\n _sendMessage(\n destinationDomain,\n recipient,\n _emptyDestinationCaller,\n _messageSender,\n _nonce,\n messageBody\n );\n\n return _nonce;\n }\n\n /**\n * @notice Replace a message with a new message body and/or destination caller.\n * @dev The `originalAttestation` must be a valid attestation of `originalMessage`.\n * Reverts if msg.sender does not match sender of original message, or if the source domain of the original message\n * does not match this MessageTransmitter's local domain.\n * @param originalMessage original message to replace\n * @param originalAttestation attestation of `originalMessage`\n * @param newMessageBody new message body of replaced message\n * @param newDestinationCaller the new destination caller, which may be the\n * same as the original destination caller, a new destination caller, or an empty\n * destination caller (bytes32(0), indicating that any destination caller is valid.)\n */\n function replaceMessage(\n bytes calldata originalMessage,\n bytes calldata originalAttestation,\n bytes calldata newMessageBody,\n bytes32 newDestinationCaller\n ) external override whenNotPaused {\n // Validate each signature in the attestation\n _verifyAttestationSignatures(originalMessage, originalAttestation);\n\n bytes29 _originalMsg = originalMessage.ref(0);\n\n // Validate message format\n _originalMsg._validateMessageFormat();\n\n // Validate message sender\n bytes32 _sender = _originalMsg._sender();\n require(\n msg.sender == Message.bytes32ToAddress(_sender),\n \"Sender not permitted to use nonce\"\n );\n\n // Validate source domain\n uint32 _sourceDomain = _originalMsg._sourceDomain();\n require(\n _sourceDomain == localDomain,\n \"Message not originally sent from this domain\"\n );\n\n uint32 _destinationDomain = _originalMsg._destinationDomain();\n bytes32 _recipient = _originalMsg._recipient();\n uint64 _nonce = _originalMsg._nonce();\n\n _sendMessage(\n _destinationDomain,\n _recipient,\n newDestinationCaller,\n _sender,\n _nonce,\n newMessageBody\n );\n }\n\n /**\n * @notice Send the message to the destination domain and recipient, for a specified `destinationCaller` on the\n * destination domain.\n * @dev Increment nonce, format the message, and emit `MessageSent` event with message information.\n * WARNING: if the `destinationCaller` does not represent a valid address, then it will not be possible\n * to broadcast the message on the destination domain. This is an advanced feature, and the standard\n * sendMessage() should be preferred for use cases where a specific destination caller is not required.\n * @param destinationDomain Domain of destination chain\n * @param recipient Address of message recipient on destination domain as bytes32\n * @param destinationCaller caller on the destination domain, as bytes32\n * @param messageBody Raw bytes content of message\n * @return nonce reserved by message\n */\n function sendMessageWithCaller(\n uint32 destinationDomain,\n bytes32 recipient,\n bytes32 destinationCaller,\n bytes calldata messageBody\n ) external override whenNotPaused returns (uint64) {\n require(\n destinationCaller != bytes32(0),\n \"Destination caller must be nonzero\"\n );\n\n uint64 _nonce = _reserveAndIncrementNonce();\n bytes32 _messageSender = Message.addressToBytes32(msg.sender);\n\n _sendMessage(\n destinationDomain,\n recipient,\n destinationCaller,\n _messageSender,\n _nonce,\n messageBody\n );\n\n return _nonce;\n }\n\n /**\n * @notice Receive a message. Messages with a given nonce\n * can only be broadcast once for a (sourceDomain, destinationDomain)\n * pair. The message body of a valid message is passed to the\n * specified recipient for further processing.\n *\n * @dev Attestation format:\n * A valid attestation is the concatenated 65-byte signature(s) of exactly\n * `thresholdSignature` signatures, in increasing order of attester address.\n * ***If the attester addresses recovered from signatures are not in\n * increasing order, signature verification will fail.***\n * If incorrect number of signatures or duplicate signatures are supplied,\n * signature verification will fail.\n *\n * Message format:\n * Field Bytes Type Index\n * version 4 uint32 0\n * sourceDomain 4 uint32 4\n * destinationDomain 4 uint32 8\n * nonce 8 uint64 12\n * sender 32 bytes32 20\n * recipient 32 bytes32 52\n * messageBody dynamic bytes 84\n * @param message Message bytes\n * @param attestation Concatenated 65-byte signature(s) of `message`, in increasing order\n * of the attester address recovered from signatures.\n * @return success bool, true if successful\n */\n function receiveMessage(bytes calldata message, bytes calldata attestation)\n external\n override\n whenNotPaused\n returns (bool success)\n {\n // Validate each signature in the attestation\n _verifyAttestationSignatures(message, attestation);\n\n bytes29 _msg = message.ref(0);\n\n // Validate message format\n _msg._validateMessageFormat();\n\n // Validate domain\n require(\n _msg._destinationDomain() == localDomain,\n \"Invalid destination domain\"\n );\n\n // Validate destination caller\n if (_msg._destinationCaller() != bytes32(0)) {\n require(\n _msg._destinationCaller() ==\n Message.addressToBytes32(msg.sender),\n \"Invalid caller for message\"\n );\n }\n\n // Validate version\n require(_msg._version() == version, \"Invalid message version\");\n\n // Validate nonce is available\n uint32 _sourceDomain = _msg._sourceDomain();\n uint64 _nonce = _msg._nonce();\n bytes32 _sourceAndNonce = _hashSourceAndNonce(_sourceDomain, _nonce);\n require(usedNonces[_sourceAndNonce] == 0, \"Nonce already used\");\n // Mark nonce used\n usedNonces[_sourceAndNonce] = 1;\n\n // Handle receive message\n bytes32 _sender = _msg._sender();\n bytes memory _messageBody = _msg._messageBody().clone();\n require(\n IMessageHandler(Message.bytes32ToAddress(_msg._recipient()))\n .handleReceiveMessage(_sourceDomain, _sender, _messageBody),\n \"handleReceiveMessage() failed\"\n );\n\n // Emit MessageReceived event\n emit MessageReceived(\n msg.sender,\n _sourceDomain,\n _nonce,\n _sender,\n _messageBody\n );\n return true;\n }\n\n /**\n * @notice Sets the max message body size\n * @dev This value should not be reduced without good reason,\n * to avoid impacting users who rely on large messages.\n * @param newMaxMessageBodySize new max message body size, in bytes\n */\n function setMaxMessageBodySize(uint256 newMaxMessageBodySize)\n external\n onlyOwner\n {\n maxMessageBodySize = newMaxMessageBodySize;\n emit MaxMessageBodySizeUpdated(maxMessageBodySize);\n }\n\n // ============ Internal Utils ============\n /**\n * @notice Send the message to the destination domain and recipient. If `_destinationCaller` is not equal to bytes32(0),\n * the message can only be received on the destination chain when called by `_destinationCaller`.\n * @dev Format the message and emit `MessageSent` event with message information.\n * @param _destinationDomain Domain of destination chain\n * @param _recipient Address of message recipient on destination domain as bytes32\n * @param _destinationCaller caller on the destination domain, as bytes32\n * @param _sender message sender, as bytes32\n * @param _nonce nonce reserved for message\n * @param _messageBody Raw bytes content of message\n */\n function _sendMessage(\n uint32 _destinationDomain,\n bytes32 _recipient,\n bytes32 _destinationCaller,\n bytes32 _sender,\n uint64 _nonce,\n bytes calldata _messageBody\n ) internal {\n // Validate message body length\n require(\n _messageBody.length \u003c= maxMessageBodySize,\n \"Message body exceeds max size\"\n );\n\n require(_recipient != bytes32(0), \"Recipient must be nonzero\");\n\n // serialize message\n bytes memory _message = Message._formatMessage(\n version,\n localDomain,\n _destinationDomain,\n _nonce,\n _sender,\n _recipient,\n _destinationCaller,\n _messageBody\n );\n\n // Emit MessageSent event\n emit MessageSent(_message);\n }\n\n /**\n * @notice hashes `_source` and `_nonce`.\n * @param _source Domain of chain where the transfer originated\n * @param _nonce The unique identifier for the message from source to\n destination\n * @return hash of source and nonce\n */\n function _hashSourceAndNonce(uint32 _source, uint64 _nonce)\n internal\n pure\n returns (bytes32)\n {\n return keccak256(abi.encodePacked(_source, _nonce));\n }\n\n /**\n * Reserve and increment next available nonce\n * @return nonce reserved\n */\n function _reserveAndIncrementNonce() internal returns (uint64) {\n uint64 _nonceReserved = nextAvailableNonce;\n nextAvailableNonce = nextAvailableNonce + 1;\n return _nonceReserved;\n }\n}\n","language":"Solidity","languageVersion":"0.7.6","compilerVersion":"0.7.6","compilerOptions":"--combined-json bin,bin-runtime,srcmap,srcmap-runtime,abi,userdoc,devdoc,metadata,hashes --optimize --optimize-runs 10000 --allow-paths ., ./, ../","srcMap":"","srcMapRuntime":"","abiDefinition":[],"userDoc":{"kind":"user","methods":{},"version":1},"developerDoc":{"kind":"dev","methods":{},"version":1},"metadata":"{\"compiler\":{\"version\":\"0.7.6+commit.7338295f\"},\"language\":\"Solidity\",\"output\":{\"abi\":[],\"devdoc\":{\"kind\":\"dev\",\"methods\":{},\"version\":1},\"userdoc\":{\"kind\":\"user\",\"methods\":{},\"version\":1}},\"settings\":{\"compilationTarget\":{\"/solidity/MessageTransmitter.sol\":\"Context\"},\"evmVersion\":\"istanbul\",\"libraries\":{},\"metadata\":{\"bytecodeHash\":\"ipfs\"},\"optimizer\":{\"enabled\":true,\"runs\":10000},\"remappings\":[]},\"sources\":{\"/solidity/MessageTransmitter.sol\":{\"keccak256\":\"0x66482a7675b7a8f1b856597c0bcce83a042b7f528008def6999bc6ac352490c3\",\"urls\":[\"bzz-raw://1ac50e39d1d55ebb3768c40e3a059e0061a4b3604e6d696b344536449bf54493\",\"dweb:/ipfs/QmVs58APPUCVq74xCsVLCMdfB18yJTqFzgXNL5qEJu7GY6\"]}},\"version\":1}"},"hashes":{}},"/solidity/MessageTransmitter.sol:ECDSA":{"code":"0x60566023600b82828239805160001a607314601657fe5b30600052607381538281f3fe73000000000000000000000000000000000000000030146080604052600080fdfea26469706673582212200a7b516bf5eddb7944fe18e5df7b8aa4bb3648fc7ef05cc98b893dd073c4af2264736f6c63430007060033","runtime-code":"0x73000000000000000000000000000000000000000030146080604052600080fdfea26469706673582212200a7b516bf5eddb7944fe18e5df7b8aa4bb3648fc7ef05cc98b893dd073c4af2264736f6c63430007060033","info":{"source":"/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npragma solidity 0.7.6;\n\n/*\nThe MIT License (MIT)\n\nCopyright (c) 2016 Smart Contract Solutions, Inc.\n\nPermission is hereby granted, free of charge, to any person obtaining\na copy of this software and associated documentation files (the\n\"Software\"), to deal in the Software without restriction, including\nwithout limitation the rights to use, copy, modify, merge, publish,\ndistribute, sublicense, and/or sell copies of the Software, and to\npermit persons to whom the Software is furnished to do so, subject to\nthe following conditions:\n\nThe above copyright notice and this permission notice shall be included\nin all copies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS\nOR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF\nMERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.\nIN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY\nCLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,\nTORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE\nSOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n*/\n\nlibrary TypedMemView {\n using SafeMath for uint256;\n\n // Why does this exist?\n // the solidity `bytes memory` type has a few weaknesses.\n // 1. You can't index ranges effectively\n // 2. You can't slice without copying\n // 3. The underlying data may represent any type\n // 4. Solidity never deallocates memory, and memory costs grow\n // superlinearly\n\n // By using a memory view instead of a `bytes memory` we get the following\n // advantages:\n // 1. Slices are done on the stack, by manipulating the pointer\n // 2. We can index arbitrary ranges and quickly convert them to stack types\n // 3. We can insert type info into the pointer, and typecheck at runtime\n\n // This makes `TypedMemView` a useful tool for efficient zero-copy\n // algorithms.\n\n // Why bytes29?\n // We want to avoid confusion between views, digests, and other common\n // types so we chose a large and uncommonly used odd number of bytes\n //\n // Note that while bytes are left-aligned in a word, integers and addresses\n // are right-aligned. This means when working in assembly we have to\n // account for the 3 unused bytes on the righthand side\n //\n // First 5 bytes are a type flag.\n // - ff_ffff_fffe is reserved for unknown type.\n // - ff_ffff_ffff is reserved for invalid types/errors.\n // next 12 are memory address\n // next 12 are len\n // bottom 3 bytes are empty\n\n // Assumptions:\n // - non-modification of memory.\n // - No Solidity updates\n // - - wrt free mem point\n // - - wrt bytes representation in memory\n // - - wrt memory addressing in general\n\n // Usage:\n // - create type constants\n // - use `assertType` for runtime type assertions\n // - - unfortunately we can't do this at compile time yet :(\n // - recommended: implement modifiers that perform type checking\n // - - e.g.\n // - - `uint40 constant MY_TYPE = 3;`\n // - - ` modifer onlyMyType(bytes29 myView) { myView.assertType(MY_TYPE); }`\n // - instantiate a typed view from a bytearray using `ref`\n // - use `index` to inspect the contents of the view\n // - use `slice` to create smaller views into the same memory\n // - - `slice` can increase the offset\n // - - `slice can decrease the length`\n // - - must specify the output type of `slice`\n // - - `slice` will return a null view if you try to overrun\n // - - make sure to explicitly check for this with `notNull` or `assertType`\n // - use `equal` for typed comparisons.\n\n // The null view\n bytes29 public constant NULL = hex\"ffffffffffffffffffffffffffffffffffffffffffffffffffffffffff\";\n uint256 constant LOW_12_MASK = 0xffffffffffffffffffffffff;\n uint8 constant TWELVE_BYTES = 96;\n\n /**\n * @notice Returns the encoded hex character that represents the lower 4 bits of the argument.\n * @param _b The byte\n * @return char - The encoded hex character\n */\n function nibbleHex(uint8 _b) internal pure returns (uint8 char) {\n // This can probably be done more efficiently, but it's only in error\n // paths, so we don't really care :)\n uint8 _nibble = _b | 0xf0; // set top 4, keep bottom 4\n if (_nibble == 0xf0) {return 0x30;} // 0\n if (_nibble == 0xf1) {return 0x31;} // 1\n if (_nibble == 0xf2) {return 0x32;} // 2\n if (_nibble == 0xf3) {return 0x33;} // 3\n if (_nibble == 0xf4) {return 0x34;} // 4\n if (_nibble == 0xf5) {return 0x35;} // 5\n if (_nibble == 0xf6) {return 0x36;} // 6\n if (_nibble == 0xf7) {return 0x37;} // 7\n if (_nibble == 0xf8) {return 0x38;} // 8\n if (_nibble == 0xf9) {return 0x39;} // 9\n if (_nibble == 0xfa) {return 0x61;} // a\n if (_nibble == 0xfb) {return 0x62;} // b\n if (_nibble == 0xfc) {return 0x63;} // c\n if (_nibble == 0xfd) {return 0x64;} // d\n if (_nibble == 0xfe) {return 0x65;} // e\n if (_nibble == 0xff) {return 0x66;} // f\n }\n\n /**\n * @notice Returns a uint16 containing the hex-encoded byte.\n * @param _b The byte\n * @return encoded - The hex-encoded byte\n */\n function byteHex(uint8 _b) internal pure returns (uint16 encoded) {\n encoded |= nibbleHex(_b \u003e\u003e 4); // top 4 bits\n encoded \u003c\u003c= 8;\n encoded |= nibbleHex(_b); // lower 4 bits\n }\n\n /**\n * @notice Encodes the uint256 to hex. `first` contains the encoded top 16 bytes.\n * `second` contains the encoded lower 16 bytes.\n *\n * @param _b The 32 bytes as uint256\n * @return first - The top 16 bytes\n * @return second - The bottom 16 bytes\n */\n function encodeHex(uint256 _b) internal pure returns (uint256 first, uint256 second) {\n for (uint8 i = 31; i \u003e 15; i -= 1) {\n uint8 _byte = uint8(_b \u003e\u003e (i * 8));\n first |= byteHex(_byte);\n if (i != 16) {\n first \u003c\u003c= 16;\n }\n }\n\n // abusing underflow here =_=\n for (uint8 i = 15; i \u003c 255 ; i -= 1) {\n uint8 _byte = uint8(_b \u003e\u003e (i * 8));\n second |= byteHex(_byte);\n if (i != 0) {\n second \u003c\u003c= 16;\n }\n }\n }\n\n /**\n * @notice Changes the endianness of a uint256.\n * @dev https://graphics.stanford.edu/~seander/bithacks.html#ReverseParallel\n * @param _b The unsigned integer to reverse\n * @return v - The reversed value\n */\n function reverseUint256(uint256 _b) internal pure returns (uint256 v) {\n v = _b;\n\n // swap bytes\n v = ((v \u003e\u003e 8) \u0026 0x00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF) |\n ((v \u0026 0x00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF) \u003c\u003c 8);\n // swap 2-byte long pairs\n v = ((v \u003e\u003e 16) \u0026 0x0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF) |\n ((v \u0026 0x0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF) \u003c\u003c 16);\n // swap 4-byte long pairs\n v = ((v \u003e\u003e 32) \u0026 0x00000000FFFFFFFF00000000FFFFFFFF00000000FFFFFFFF00000000FFFFFFFF) |\n ((v \u0026 0x00000000FFFFFFFF00000000FFFFFFFF00000000FFFFFFFF00000000FFFFFFFF) \u003c\u003c 32);\n // swap 8-byte long pairs\n v = ((v \u003e\u003e 64) \u0026 0x0000000000000000FFFFFFFFFFFFFFFF0000000000000000FFFFFFFFFFFFFFFF) |\n ((v \u0026 0x0000000000000000FFFFFFFFFFFFFFFF0000000000000000FFFFFFFFFFFFFFFF) \u003c\u003c 64);\n // swap 16-byte long pairs\n v = (v \u003e\u003e 128) | (v \u003c\u003c 128);\n }\n\n /**\n * @notice Create a mask with the highest `_len` bits set.\n * @param _len The length\n * @return mask - The mask\n */\n function leftMask(uint8 _len) private pure returns (uint256 mask) {\n // ugly. redo without assembly?\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n mask := sar(\n sub(_len, 1),\n 0x8000000000000000000000000000000000000000000000000000000000000000\n )\n }\n }\n\n /**\n * @notice Return the null view.\n * @return bytes29 - The null view\n */\n function nullView() internal pure returns (bytes29) {\n return NULL;\n }\n\n /**\n * @notice Check if the view is null.\n * @return bool - True if the view is null\n */\n function isNull(bytes29 memView) internal pure returns (bool) {\n return memView == NULL;\n }\n\n /**\n * @notice Check if the view is not null.\n * @return bool - True if the view is not null\n */\n function notNull(bytes29 memView) internal pure returns (bool) {\n return !isNull(memView);\n }\n\n /**\n * @notice Check if the view is of a valid type and points to a valid location\n * in memory.\n * @dev We perform this check by examining solidity's unallocated memory\n * pointer and ensuring that the view's upper bound is less than that.\n * @param memView The view\n * @return ret - True if the view is valid\n */\n function isValid(bytes29 memView) internal pure returns (bool ret) {\n if (typeOf(memView) == 0xffffffffff) {return false;}\n uint256 _end = end(memView);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n ret := not(gt(_end, mload(0x40)))\n }\n }\n\n /**\n * @notice Require that a typed memory view be valid.\n * @dev Returns the view for easy chaining.\n * @param memView The view\n * @return bytes29 - The validated view\n */\n function assertValid(bytes29 memView) internal pure returns (bytes29) {\n require(isValid(memView), \"Validity assertion failed\");\n return memView;\n }\n\n /**\n * @notice Return true if the memview is of the expected type. Otherwise false.\n * @param memView The view\n * @param _expected The expected type\n * @return bool - True if the memview is of the expected type\n */\n function isType(bytes29 memView, uint40 _expected) internal pure returns (bool) {\n return typeOf(memView) == _expected;\n }\n\n /**\n * @notice Require that a typed memory view has a specific type.\n * @dev Returns the view for easy chaining.\n * @param memView The view\n * @param _expected The expected type\n * @return bytes29 - The view with validated type\n */\n function assertType(bytes29 memView, uint40 _expected) internal pure returns (bytes29) {\n if (!isType(memView, _expected)) {\n (, uint256 g) = encodeHex(uint256(typeOf(memView)));\n (, uint256 e) = encodeHex(uint256(_expected));\n string memory err = string(\n abi.encodePacked(\n \"Type assertion failed. Got 0x\",\n uint80(g),\n \". Expected 0x\",\n uint80(e)\n )\n );\n revert(err);\n }\n return memView;\n }\n\n /**\n * @notice Return an identical view with a different type.\n * @param memView The view\n * @param _newType The new type\n * @return newView - The new view with the specified type\n */\n function castTo(bytes29 memView, uint40 _newType) internal pure returns (bytes29 newView) {\n // then | in the new type\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n // shift off the top 5 bytes\n newView := or(newView, shr(40, shl(40, memView)))\n newView := or(newView, shl(216, _newType))\n }\n }\n\n /**\n * @notice Unsafe raw pointer construction. This should generally not be called\n * directly. Prefer `ref` wherever possible.\n * @dev Unsafe raw pointer construction. This should generally not be called\n * directly. Prefer `ref` wherever possible.\n * @param _type The type\n * @param _loc The memory address\n * @param _len The length\n * @return newView - The new view with the specified type, location and length\n */\n function unsafeBuildUnchecked(uint256 _type, uint256 _loc, uint256 _len) private pure returns (bytes29 newView) {\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n newView := shl(96, or(newView, _type)) // insert type\n newView := shl(96, or(newView, _loc)) // insert loc\n newView := shl(24, or(newView, _len)) // empty bottom 3 bytes\n }\n }\n\n /**\n * @notice Instantiate a new memory view. This should generally not be called\n * directly. Prefer `ref` wherever possible.\n * @dev Instantiate a new memory view. This should generally not be called\n * directly. Prefer `ref` wherever possible.\n * @param _type The type\n * @param _loc The memory address\n * @param _len The length\n * @return newView - The new view with the specified type, location and length\n */\n function build(uint256 _type, uint256 _loc, uint256 _len) internal pure returns (bytes29 newView) {\n uint256 _end = _loc.add(_len);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n if gt(_end, mload(0x40)) {\n _end := 0\n }\n }\n if (_end == 0) {\n return NULL;\n }\n newView = unsafeBuildUnchecked(_type, _loc, _len);\n }\n\n /**\n * @notice Instantiate a memory view from a byte array.\n * @dev Note that due to Solidity memory representation, it is not possible to\n * implement a deref, as the `bytes` type stores its len in memory.\n * @param arr The byte array\n * @param newType The type\n * @return bytes29 - The memory view\n */\n function ref(bytes memory arr, uint40 newType) internal pure returns (bytes29) {\n uint256 _len = arr.length;\n\n uint256 _loc;\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n _loc := add(arr, 0x20) // our view is of the data, not the struct\n }\n\n return build(newType, _loc, _len);\n }\n\n /**\n * @notice Return the associated type information.\n * @param memView The memory view\n * @return _type - The type associated with the view\n */\n function typeOf(bytes29 memView) internal pure returns (uint40 _type) {\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n // 216 == 256 - 40\n _type := shr(216, memView) // shift out lower 24 bytes\n }\n }\n\n /**\n * @notice Optimized type comparison. Checks that the 5-byte type flag is equal.\n * @param left The first view\n * @param right The second view\n * @return bool - True if the 5-byte type flag is equal\n */\n function sameType(bytes29 left, bytes29 right) internal pure returns (bool) {\n return (left ^ right) \u003e\u003e (2 * TWELVE_BYTES) == 0;\n }\n\n /**\n * @notice Return the memory address of the underlying bytes.\n * @param memView The view\n * @return _loc - The memory address\n */\n function loc(bytes29 memView) internal pure returns (uint96 _loc) {\n uint256 _mask = LOW_12_MASK; // assembly can't use globals\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n // 120 bits = 12 bytes (the encoded loc) + 3 bytes (empty low space)\n _loc := and(shr(120, memView), _mask)\n }\n }\n\n /**\n * @notice The number of memory words this memory view occupies, rounded up.\n * @param memView The view\n * @return uint256 - The number of memory words\n */\n function words(bytes29 memView) internal pure returns (uint256) {\n return uint256(len(memView)).add(32) / 32;\n }\n\n /**\n * @notice The in-memory footprint of a fresh copy of the view.\n * @param memView The view\n * @return uint256 - The in-memory footprint of a fresh copy of the view.\n */\n function footprint(bytes29 memView) internal pure returns (uint256) {\n return words(memView) * 32;\n }\n\n /**\n * @notice The number of bytes of the view.\n * @param memView The view\n * @return _len - The length of the view\n */\n function len(bytes29 memView) internal pure returns (uint96 _len) {\n uint256 _mask = LOW_12_MASK; // assembly can't use globals\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n _len := and(shr(24, memView), _mask)\n }\n }\n\n /**\n * @notice Returns the endpoint of `memView`.\n * @param memView The view\n * @return uint256 - The endpoint of `memView`\n */\n function end(bytes29 memView) internal pure returns (uint256) {\n return loc(memView) + len(memView);\n }\n\n /**\n * @notice Safe slicing without memory modification.\n * @param memView The view\n * @param _index The start index\n * @param _len The length\n * @param newType The new type\n * @return bytes29 - The new view\n */\n function slice(bytes29 memView, uint256 _index, uint256 _len, uint40 newType) internal pure returns (bytes29) {\n uint256 _loc = loc(memView);\n\n // Ensure it doesn't overrun the view\n if (_loc.add(_index).add(_len) \u003e end(memView)) {\n return NULL;\n }\n\n _loc = _loc.add(_index);\n return build(newType, _loc, _len);\n }\n\n /**\n * @notice Shortcut to `slice`. Gets a view representing the first `_len` bytes.\n * @param memView The view\n * @param _len The length\n * @param newType The new type\n * @return bytes29 - The new view\n */\n function prefix(bytes29 memView, uint256 _len, uint40 newType) internal pure returns (bytes29) {\n return slice(memView, 0, _len, newType);\n }\n\n /**\n * @notice Shortcut to `slice`. Gets a view representing the last `_len` byte.\n * @param memView The view\n * @param _len The length\n * @param newType The new type\n * @return bytes29 - The new view\n */\n function postfix(bytes29 memView, uint256 _len, uint40 newType) internal pure returns (bytes29) {\n return slice(memView, uint256(len(memView)).sub(_len), _len, newType);\n }\n\n /**\n * @notice Construct an error message for an indexing overrun.\n * @param _loc The memory address\n * @param _len The length\n * @param _index The index\n * @param _slice The slice where the overrun occurred\n * @return err - The err\n */\n function indexErrOverrun(\n uint256 _loc,\n uint256 _len,\n uint256 _index,\n uint256 _slice\n ) internal pure returns (string memory err) {\n (, uint256 a) = encodeHex(_loc);\n (, uint256 b) = encodeHex(_len);\n (, uint256 c) = encodeHex(_index);\n (, uint256 d) = encodeHex(_slice);\n err = string(\n abi.encodePacked(\n \"TypedMemView/index - Overran the view. Slice is at 0x\",\n uint48(a),\n \" with length 0x\",\n uint48(b),\n \". Attempted to index at offset 0x\",\n uint48(c),\n \" with length 0x\",\n uint48(d),\n \".\"\n )\n );\n }\n\n /**\n * @notice Load up to 32 bytes from the view onto the stack.\n * @dev Returns a bytes32 with only the `_bytes` highest bytes set.\n * This can be immediately cast to a smaller fixed-length byte array.\n * To automatically cast to an integer, use `indexUint`.\n * @param memView The view\n * @param _index The index\n * @param _bytes The bytes\n * @return result - The 32 byte result\n */\n function index(bytes29 memView, uint256 _index, uint8 _bytes) internal pure returns (bytes32 result) {\n if (_bytes == 0) {return bytes32(0);}\n if (_index.add(_bytes) \u003e len(memView)) {\n revert(indexErrOverrun(loc(memView), len(memView), _index, uint256(_bytes)));\n }\n require(_bytes \u003c= 32, \"TypedMemView/index - Attempted to index more than 32 bytes\");\n\n uint8 bitLength = _bytes * 8;\n uint256 _loc = loc(memView);\n uint256 _mask = leftMask(bitLength);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n result := and(mload(add(_loc, _index)), _mask)\n }\n }\n\n /**\n * @notice Parse an unsigned integer from the view at `_index`.\n * @dev Requires that the view have \u003e= `_bytes` bytes following that index.\n * @param memView The view\n * @param _index The index\n * @param _bytes The bytes\n * @return result - The unsigned integer\n */\n function indexUint(bytes29 memView, uint256 _index, uint8 _bytes) internal pure returns (uint256 result) {\n return uint256(index(memView, _index, _bytes)) \u003e\u003e ((32 - _bytes) * 8);\n }\n\n /**\n * @notice Parse an unsigned integer from LE bytes.\n * @param memView The view\n * @param _index The index\n * @param _bytes The bytes\n * @return result - The unsigned integer\n */\n function indexLEUint(bytes29 memView, uint256 _index, uint8 _bytes) internal pure returns (uint256 result) {\n return reverseUint256(uint256(index(memView, _index, _bytes)));\n }\n\n /**\n * @notice Parse an address from the view at `_index`. Requires that the view have \u003e= 20 bytes\n * following that index.\n * @param memView The view\n * @param _index The index\n * @return address - The address\n */\n function indexAddress(bytes29 memView, uint256 _index) internal pure returns (address) {\n return address(uint160(indexUint(memView, _index, 20)));\n }\n\n /**\n * @notice Return the keccak256 hash of the underlying memory\n * @param memView The view\n * @return digest - The keccak256 hash of the underlying memory\n */\n function keccak(bytes29 memView) internal pure returns (bytes32 digest) {\n uint256 _loc = loc(memView);\n uint256 _len = len(memView);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n digest := keccak256(_loc, _len)\n }\n }\n\n /**\n * @notice Return the sha2 digest of the underlying memory.\n * @dev We explicitly deallocate memory afterwards.\n * @param memView The view\n * @return digest - The sha2 hash of the underlying memory\n */\n function sha2(bytes29 memView) internal view returns (bytes32 digest) {\n uint256 _loc = loc(memView);\n uint256 _len = len(memView);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n let ptr := mload(0x40)\n pop(staticcall(gas(), 2, _loc, _len, ptr, 0x20)) // sha2 #1\n digest := mload(ptr)\n }\n }\n\n /**\n * @notice Implements bitcoin's hash160 (rmd160(sha2()))\n * @param memView The pre-image\n * @return digest - the Digest\n */\n function hash160(bytes29 memView) internal view returns (bytes20 digest) {\n uint256 _loc = loc(memView);\n uint256 _len = len(memView);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n let ptr := mload(0x40)\n pop(staticcall(gas(), 2, _loc, _len, ptr, 0x20)) // sha2\n pop(staticcall(gas(), 3, ptr, 0x20, ptr, 0x20)) // rmd160\n digest := mload(add(ptr, 0xc)) // return value is 0-prefixed.\n }\n }\n\n /**\n * @notice Implements bitcoin's hash256 (double sha2)\n * @param memView A view of the preimage\n * @return digest - the Digest\n */\n function hash256(bytes29 memView) internal view returns (bytes32 digest) {\n uint256 _loc = loc(memView);\n uint256 _len = len(memView);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n let ptr := mload(0x40)\n pop(staticcall(gas(), 2, _loc, _len, ptr, 0x20)) // sha2 #1\n pop(staticcall(gas(), 2, ptr, 0x20, ptr, 0x20)) // sha2 #2\n digest := mload(ptr)\n }\n }\n\n /**\n * @notice Return true if the underlying memory is equal. Else false.\n * @param left The first view\n * @param right The second view\n * @return bool - True if the underlying memory is equal\n */\n function untypedEqual(bytes29 left, bytes29 right) internal pure returns (bool) {\n return (loc(left) == loc(right) \u0026\u0026 len(left) == len(right)) || keccak(left) == keccak(right);\n }\n\n /**\n * @notice Return false if the underlying memory is equal. Else true.\n * @param left The first view\n * @param right The second view\n * @return bool - False if the underlying memory is equal\n */\n function untypedNotEqual(bytes29 left, bytes29 right) internal pure returns (bool) {\n return !untypedEqual(left, right);\n }\n\n /**\n * @notice Compares type equality.\n * @dev Shortcuts if the pointers are identical, otherwise compares type and digest.\n * @param left The first view\n * @param right The second view\n * @return bool - True if the types are the same\n */\n function equal(bytes29 left, bytes29 right) internal pure returns (bool) {\n return left == right || (typeOf(left) == typeOf(right) \u0026\u0026 keccak(left) == keccak(right));\n }\n\n /**\n * @notice Compares type inequality.\n * @dev Shortcuts if the pointers are identical, otherwise compares type and digest.\n * @param left The first view\n * @param right The second view\n * @return bool - True if the types are not the same\n */\n function notEqual(bytes29 left, bytes29 right) internal pure returns (bool) {\n return !equal(left, right);\n }\n\n /**\n * @notice Copy the view to a location, return an unsafe memory reference\n * @dev Super Dangerous direct memory access.\n *\n * This reference can be overwritten if anything else modifies memory (!!!).\n * As such it MUST be consumed IMMEDIATELY.\n * This function is private to prevent unsafe usage by callers.\n * @param memView The view\n * @param _newLoc The new location\n * @return written - the unsafe memory reference\n */\n function unsafeCopyTo(bytes29 memView, uint256 _newLoc) private view returns (bytes29 written) {\n require(notNull(memView), \"TypedMemView/copyTo - Null pointer deref\");\n require(isValid(memView), \"TypedMemView/copyTo - Invalid pointer deref\");\n uint256 _len = len(memView);\n uint256 _oldLoc = loc(memView);\n\n uint256 ptr;\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n ptr := mload(0x40)\n // revert if we're writing in occupied memory\n if gt(ptr, _newLoc) {\n revert(0x60, 0x20) // empty revert message\n }\n\n // use the identity precompile to copy\n // guaranteed not to fail, so pop the success\n pop(staticcall(gas(), 4, _oldLoc, _len, _newLoc, _len))\n }\n\n written = unsafeBuildUnchecked(typeOf(memView), _newLoc, _len);\n }\n\n /**\n * @notice Copies the referenced memory to a new loc in memory, returning a `bytes` pointing to\n * the new memory\n * @dev Shortcuts if the pointers are identical, otherwise compares type and digest.\n * @param memView The view\n * @return ret - The view pointing to the new memory\n */\n function clone(bytes29 memView) internal view returns (bytes memory ret) {\n uint256 ptr;\n uint256 _len = len(memView);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n ptr := mload(0x40) // load unused memory pointer\n ret := ptr\n }\n unsafeCopyTo(memView, ptr + 0x20);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n mstore(0x40, add(add(ptr, _len), 0x20)) // write new unused pointer\n mstore(ptr, _len) // write len of new array (in bytes)\n }\n }\n\n /**\n * @notice Join the views in memory, return an unsafe reference to the memory.\n * @dev Super Dangerous direct memory access.\n *\n * This reference can be overwritten if anything else modifies memory (!!!).\n * As such it MUST be consumed IMMEDIATELY.\n * This function is private to prevent unsafe usage by callers.\n * @param memViews The views\n * @return unsafeView - The conjoined view pointing to the new memory\n */\n function unsafeJoin(bytes29[] memory memViews, uint256 _location) private view returns (bytes29 unsafeView) {\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n let ptr := mload(0x40)\n // revert if we're writing in occupied memory\n if gt(ptr, _location) {\n revert(0x60, 0x20) // empty revert message\n }\n }\n\n uint256 _offset = 0;\n for (uint256 i = 0; i \u003c memViews.length; i ++) {\n bytes29 memView = memViews[i];\n unsafeCopyTo(memView, _location + _offset);\n _offset += len(memView);\n }\n unsafeView = unsafeBuildUnchecked(0, _location, _offset);\n }\n\n /**\n * @notice Produce the keccak256 digest of the concatenated contents of multiple views.\n * @param memViews The views\n * @return bytes32 - The keccak256 digest\n */\n function joinKeccak(bytes29[] memory memViews) internal view returns (bytes32) {\n uint256 ptr;\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n ptr := mload(0x40) // load unused memory pointer\n }\n return keccak(unsafeJoin(memViews, ptr));\n }\n\n /**\n * @notice Produce the sha256 digest of the concatenated contents of multiple views.\n * @param memViews The views\n * @return bytes32 - The sha256 digest\n */\n function joinSha2(bytes29[] memory memViews) internal view returns (bytes32) {\n uint256 ptr;\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n ptr := mload(0x40) // load unused memory pointer\n }\n return sha2(unsafeJoin(memViews, ptr));\n }\n\n /**\n * @notice copies all views, joins them into a new bytearray.\n * @param memViews The views\n * @return ret - The new byte array\n */\n function join(bytes29[] memory memViews) internal view returns (bytes memory ret) {\n uint256 ptr;\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n ptr := mload(0x40) // load unused memory pointer\n }\n\n bytes29 _newView = unsafeJoin(memViews, ptr + 0x20);\n uint256 _written = len(_newView);\n uint256 _footprint = footprint(_newView);\n\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n // store the legnth\n mstore(ptr, _written)\n // new pointer is old + 0x20 + the footprint of the body\n mstore(0x40, add(add(ptr, _footprint), 0x20))\n ret := ptr\n }\n }\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * @title IRelayer\n * @notice Sends messages from source domain to destination domain\n */\ninterface IRelayer {\n /**\n * @notice Sends an outgoing message from the source domain.\n * @dev Increment nonce, format the message, and emit `MessageSent` event with message information.\n * @param destinationDomain Domain of destination chain\n * @param recipient Address of message recipient on destination domain as bytes32\n * @param messageBody Raw bytes content of message\n * @return nonce reserved by message\n */\n function sendMessage(\n uint32 destinationDomain,\n bytes32 recipient,\n bytes calldata messageBody\n ) external returns (uint64);\n\n /**\n * @notice Sends an outgoing message from the source domain, with a specified caller on the\n * destination domain.\n * @dev Increment nonce, format the message, and emit `MessageSent` event with message information.\n * WARNING: if the `destinationCaller` does not represent a valid address as bytes32, then it will not be possible\n * to broadcast the message on the destination domain. This is an advanced feature, and the standard\n * sendMessage() should be preferred for use cases where a specific destination caller is not required.\n * @param destinationDomain Domain of destination chain\n * @param recipient Address of message recipient on destination domain as bytes32\n * @param destinationCaller caller on the destination domain, as bytes32\n * @param messageBody Raw bytes content of message\n * @return nonce reserved by message\n */\n function sendMessageWithCaller(\n uint32 destinationDomain,\n bytes32 recipient,\n bytes32 destinationCaller,\n bytes calldata messageBody\n ) external returns (uint64);\n\n /**\n * @notice Replace a message with a new message body and/or destination caller.\n * @dev The `originalAttestation` must be a valid attestation of `originalMessage`.\n * @param originalMessage original message to replace\n * @param originalAttestation attestation of `originalMessage`\n * @param newMessageBody new message body of replaced message\n * @param newDestinationCaller the new destination caller\n */\n function replaceMessage(\n bytes calldata originalMessage,\n bytes calldata originalAttestation,\n bytes calldata newMessageBody,\n bytes32 newDestinationCaller\n ) external;\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * @title IReceiver\n * @notice Receives messages on destination chain and forwards them to IMessageDestinationHandler\n */\ninterface IReceiver {\n /**\n * @notice Receives an incoming message, validating the header and passing\n * the body to application-specific handler.\n * @param message The message raw bytes\n * @param signature The message signature\n * @return success bool, true if successful\n */\n function receiveMessage(bytes calldata message, bytes calldata signature)\n external\n returns (bool success);\n}\n\n/**\n * @title IMessageTransmitter\n * @notice Interface for message transmitters, which both relay and receive messages.\n */\ninterface IMessageTransmitter is IRelayer, IReceiver {\n\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * @title IMessageHandler\n * @notice Handles messages on destination domain forwarded from\n * an IReceiver\n */\ninterface IMessageHandler {\n /**\n * @notice handles an incoming message from a Receiver\n * @param sourceDomain the source domain of the message\n * @param sender the sender of the message\n * @param messageBody The message raw bytes\n * @return success bool, true if successful\n */\n function handleReceiveMessage(\n uint32 sourceDomain,\n bytes32 sender,\n bytes calldata messageBody\n ) external returns (bool);\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * @title Message Library\n * @notice Library for formatted messages used by Relayer and Receiver.\n *\n * @dev The message body is dynamically-sized to support custom message body\n * formats. Other fields must be fixed-size to avoid hash collisions.\n * Each other input value has an explicit type to guarantee fixed-size.\n * Padding: uintNN fields are left-padded, and bytesNN fields are right-padded.\n *\n * Field Bytes Type Index\n * version 4 uint32 0\n * sourceDomain 4 uint32 4\n * destinationDomain 4 uint32 8\n * nonce 8 uint64 12\n * sender 32 bytes32 20\n * recipient 32 bytes32 52\n * destinationCaller 32 bytes32 84\n * messageBody dynamic bytes 116\n *\n **/\nlibrary Message {\n using TypedMemView for bytes;\n using TypedMemView for bytes29;\n\n // Indices of each field in message\n uint8 private constant VERSION_INDEX = 0;\n uint8 private constant SOURCE_DOMAIN_INDEX = 4;\n uint8 private constant DESTINATION_DOMAIN_INDEX = 8;\n uint8 private constant NONCE_INDEX = 12;\n uint8 private constant SENDER_INDEX = 20;\n uint8 private constant RECIPIENT_INDEX = 52;\n uint8 private constant DESTINATION_CALLER_INDEX = 84;\n uint8 private constant MESSAGE_BODY_INDEX = 116;\n\n /**\n * @notice Returns formatted (packed) message with provided fields\n * @param _msgVersion the version of the message format\n * @param _msgSourceDomain Domain of home chain\n * @param _msgDestinationDomain Domain of destination chain\n * @param _msgNonce Destination-specific nonce\n * @param _msgSender Address of sender on source chain as bytes32\n * @param _msgRecipient Address of recipient on destination chain as bytes32\n * @param _msgDestinationCaller Address of caller on destination chain as bytes32\n * @param _msgRawBody Raw bytes of message body\n * @return Formatted message\n **/\n function _formatMessage(\n uint32 _msgVersion,\n uint32 _msgSourceDomain,\n uint32 _msgDestinationDomain,\n uint64 _msgNonce,\n bytes32 _msgSender,\n bytes32 _msgRecipient,\n bytes32 _msgDestinationCaller,\n bytes memory _msgRawBody\n ) internal pure returns (bytes memory) {\n return\n abi.encodePacked(\n _msgVersion,\n _msgSourceDomain,\n _msgDestinationDomain,\n _msgNonce,\n _msgSender,\n _msgRecipient,\n _msgDestinationCaller,\n _msgRawBody\n );\n }\n\n // @notice Returns _message's version field\n function _version(bytes29 _message) internal pure returns (uint32) {\n return uint32(_message.indexUint(VERSION_INDEX, 4));\n }\n\n // @notice Returns _message's sourceDomain field\n function _sourceDomain(bytes29 _message) internal pure returns (uint32) {\n return uint32(_message.indexUint(SOURCE_DOMAIN_INDEX, 4));\n }\n\n // @notice Returns _message's destinationDomain field\n function _destinationDomain(bytes29 _message)\n internal\n pure\n returns (uint32)\n {\n return uint32(_message.indexUint(DESTINATION_DOMAIN_INDEX, 4));\n }\n\n // @notice Returns _message's nonce field\n function _nonce(bytes29 _message) internal pure returns (uint64) {\n return uint64(_message.indexUint(NONCE_INDEX, 8));\n }\n\n // @notice Returns _message's sender field\n function _sender(bytes29 _message) internal pure returns (bytes32) {\n return _message.index(SENDER_INDEX, 32);\n }\n\n // @notice Returns _message's recipient field\n function _recipient(bytes29 _message) internal pure returns (bytes32) {\n return _message.index(RECIPIENT_INDEX, 32);\n }\n\n // @notice Returns _message's destinationCaller field\n function _destinationCaller(bytes29 _message)\n internal\n pure\n returns (bytes32)\n {\n return _message.index(DESTINATION_CALLER_INDEX, 32);\n }\n\n // @notice Returns _message's messageBody field\n function _messageBody(bytes29 _message) internal pure returns (bytes29) {\n return\n _message.slice(\n MESSAGE_BODY_INDEX,\n _message.len() - MESSAGE_BODY_INDEX,\n 0\n );\n }\n\n /**\n * @notice converts address to bytes32 (alignment preserving cast.)\n * @param addr the address to convert to bytes32\n */\n function addressToBytes32(address addr) external pure returns (bytes32) {\n return bytes32(uint256(uint160(addr)));\n }\n\n /**\n * @notice converts bytes32 to address (alignment preserving cast.)\n * @dev Warning: it is possible to have different input values _buf map to the same address.\n * For use cases where this is not acceptable, validate that the first 12 bytes of _buf are zero-padding.\n * @param _buf the bytes32 to convert to address\n */\n function bytes32ToAddress(bytes32 _buf) public pure returns (address) {\n return address(uint160(uint256(_buf)));\n }\n\n /**\n * @notice Reverts if message is malformed or incorrect length\n * @param _message The message as bytes29\n */\n function _validateMessageFormat(bytes29 _message) internal pure {\n require(_message.isValid(), \"Malformed message\");\n require(\n _message.len() \u003e= MESSAGE_BODY_INDEX,\n \"Invalid message: too short\"\n );\n }\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/*\n * @dev Provides information about the current execution context, including the\n * sender of the transaction and its data. While these are generally available\n * via msg.sender and msg.data, they should not be accessed in such a direct\n * manner, since when dealing with GSN meta-transactions the account sending and\n * paying for execution may not be the actual sender (as far as an application\n * is concerned).\n *\n * This contract is only required for intermediate, library-like contracts.\n */\nabstract contract Context {\n function _msgSender() internal view virtual returns (address payable) {\n return msg.sender;\n }\n\n function _msgData() internal view virtual returns (bytes memory) {\n this; // silence state mutability warning without generating bytecode - see https://github.com/ethereum/solidity/issues/2691\n return msg.data;\n }\n}\n\n/**\n * @dev forked from https://github.com/OpenZeppelin/openzeppelin-contracts/blob/7c5f6bc2c8743d83443fa46395d75f2f3f99054a/contracts/access/Ownable.sol\n * Modifications:\n * 1. Update Solidity version from 0.8.0 to 0.7.6 (11/9/2022). (v8 was used\n * as base because it includes internal _transferOwnership method.)\n * 2. Remove renounceOwnership function\n *\n * Description\n * Contract module which provides a basic access control mechanism, where\n * there is an account (an owner) that can be granted exclusive access to\n * specific functions.\n *\n * By default, the owner account will be the one that deploys the contract. This\n * can later be changed with {transferOwnership}.\n *\n * This module is used through inheritance. It will make available the modifier\n * `onlyOwner`, which can be applied to your functions to restrict their use to\n * the owner.\n */\nabstract contract Ownable is Context {\n address private _owner;\n\n event OwnershipTransferred(\n address indexed previousOwner,\n address indexed newOwner\n );\n\n /**\n * @dev Initializes the contract setting the deployer as the initial owner.\n */\n constructor() {\n _transferOwnership(_msgSender());\n }\n\n /**\n * @dev Throws if called by any account other than the owner.\n */\n modifier onlyOwner() {\n _checkOwner();\n _;\n }\n\n /**\n * @dev Returns the address of the current owner.\n */\n function owner() public view virtual returns (address) {\n return _owner;\n }\n\n /**\n * @dev Throws if the sender is not the owner.\n */\n function _checkOwner() internal view virtual {\n require(owner() == _msgSender(), \"Ownable: caller is not the owner\");\n }\n\n /**\n * @dev Transfers ownership of the contract to a new account (`newOwner`).\n * Can only be called by the current owner.\n */\n function transferOwnership(address newOwner) public virtual onlyOwner {\n require(\n newOwner != address(0),\n \"Ownable: new owner is the zero address\"\n );\n _transferOwnership(newOwner);\n }\n\n /**\n * @dev Transfers ownership of the contract to a new account (`newOwner`).\n * Internal function without access restriction.\n */\n function _transferOwnership(address newOwner) internal virtual {\n address oldOwner = _owner;\n _owner = newOwner;\n emit OwnershipTransferred(oldOwner, newOwner);\n }\n}\n\n/**\n * @dev forked from https://github.com/OpenZeppelin/openzeppelin-contracts/blob/7c5f6bc2c8743d83443fa46395d75f2f3f99054a/contracts/access/Ownable2Step.sol\n * Modifications:\n * 1. Update Solidity version from 0.8.0 to 0.7.6. Version 0.8.0 was used\n * as base because this contract was added to OZ repo after version 0.8.0.\n *\n * Contract module which provides access control mechanism, where\n * there is an account (an owner) that can be granted exclusive access to\n * specific functions.\n *\n * By default, the owner account will be the one that deploys the contract. This\n * can later be changed with {transferOwnership} and {acceptOwnership}.\n *\n * This module is used through inheritance. It will make available all functions\n * from parent (Ownable).\n */\nabstract contract Ownable2Step is Ownable {\n address private _pendingOwner;\n\n event OwnershipTransferStarted(\n address indexed previousOwner,\n address indexed newOwner\n );\n\n /**\n * @dev Returns the address of the pending owner.\n */\n function pendingOwner() public view virtual returns (address) {\n return _pendingOwner;\n }\n\n /**\n * @dev Starts the ownership transfer of the contract to a new account. Replaces the pending transfer if there is one.\n * Can only be called by the current owner.\n */\n function transferOwnership(address newOwner)\n public\n virtual\n override\n onlyOwner\n {\n _pendingOwner = newOwner;\n emit OwnershipTransferStarted(owner(), newOwner);\n }\n\n /**\n * @dev Transfers ownership of the contract to a new account (`newOwner`) and deletes any pending owner.\n * Internal function without access restriction.\n */\n function _transferOwnership(address newOwner) internal virtual override {\n delete _pendingOwner;\n super._transferOwnership(newOwner);\n }\n\n /**\n * @dev The new owner accepts the ownership transfer.\n */\n function acceptOwnership() external {\n address sender = _msgSender();\n require(\n pendingOwner() == sender,\n \"Ownable2Step: caller is not the new owner\"\n );\n _transferOwnership(sender);\n }\n}\n\n/**\n * @notice Base contract which allows children to implement an emergency stop\n * mechanism\n * @dev Forked from https://github.com/centrehq/centre-tokens/blob/0d3cab14ebd133a83fc834dbd48d0468bdf0b391/contracts/v1/Pausable.sol\n * Modifications:\n * 1. Update Solidity version from 0.6.12 to 0.7.6 (8/23/2022)\n * 2. Change pauser visibility to private, declare external getter (11/19/22)\n */\ncontract Pausable is Ownable2Step {\n event Pause();\n event Unpause();\n event PauserChanged(address indexed newAddress);\n\n address private _pauser;\n bool public paused = false;\n\n /**\n * @dev Modifier to make a function callable only when the contract is not paused.\n */\n modifier whenNotPaused() {\n require(!paused, \"Pausable: paused\");\n _;\n }\n\n /**\n * @dev throws if called by any account other than the pauser\n */\n modifier onlyPauser() {\n require(msg.sender == _pauser, \"Pausable: caller is not the pauser\");\n _;\n }\n\n /**\n * @notice Returns current pauser\n * @return Pauser's address\n */\n function pauser() external view returns (address) {\n return _pauser;\n }\n\n /**\n * @dev called by the owner to pause, triggers stopped state\n */\n function pause() external onlyPauser {\n paused = true;\n emit Pause();\n }\n\n /**\n * @dev called by the owner to unpause, returns to normal state\n */\n function unpause() external onlyPauser {\n paused = false;\n emit Unpause();\n }\n\n /**\n * @dev update the pauser role\n */\n function updatePauser(address _newPauser) external onlyOwner {\n require(\n _newPauser != address(0),\n \"Pausable: new pauser is the zero address\"\n );\n _pauser = _newPauser;\n emit PauserChanged(_pauser);\n }\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * @dev Interface of the ERC20 standard as defined in the EIP.\n */\ninterface IERC20 {\n /**\n * @dev Returns the amount of tokens in existence.\n */\n function totalSupply() external view returns (uint256);\n\n /**\n * @dev Returns the amount of tokens owned by `account`.\n */\n function balanceOf(address account) external view returns (uint256);\n\n /**\n * @dev Moves `amount` tokens from the caller's account to `recipient`.\n *\n * Returns a boolean value indicating whether the operation succeeded.\n *\n * Emits a {Transfer} event.\n */\n function transfer(address recipient, uint256 amount) external returns (bool);\n\n /**\n * @dev Returns the remaining number of tokens that `spender` will be\n * allowed to spend on behalf of `owner` through {transferFrom}. This is\n * zero by default.\n *\n * This value changes when {approve} or {transferFrom} are called.\n */\n function allowance(address owner, address spender) external view returns (uint256);\n\n /**\n * @dev Sets `amount` as the allowance of `spender` over the caller's tokens.\n *\n * Returns a boolean value indicating whether the operation succeeded.\n *\n * IMPORTANT: Beware that changing an allowance with this method brings the risk\n * that someone may use both the old and the new allowance by unfortunate\n * transaction ordering. One possible solution to mitigate this race\n * condition is to first reduce the spender's allowance to 0 and set the\n * desired value afterwards:\n * https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729\n *\n * Emits an {Approval} event.\n */\n function approve(address spender, uint256 amount) external returns (bool);\n\n /**\n * @dev Moves `amount` tokens from `sender` to `recipient` using the\n * allowance mechanism. `amount` is then deducted from the caller's\n * allowance.\n *\n * Returns a boolean value indicating whether the operation succeeded.\n *\n * Emits a {Transfer} event.\n */\n function transferFrom(address sender, address recipient, uint256 amount) external returns (bool);\n\n /**\n * @dev Emitted when `value` tokens are moved from one account (`from`) to\n * another (`to`).\n *\n * Note that `value` may be zero.\n */\n event Transfer(address indexed from, address indexed to, uint256 value);\n\n /**\n * @dev Emitted when the allowance of a `spender` for an `owner` is set by\n * a call to {approve}. `value` is the new allowance.\n */\n event Approval(address indexed owner, address indexed spender, uint256 value);\n}\n\n/**\n * @dev Wrappers over Solidity's arithmetic operations with added overflow\n * checks.\n *\n * Arithmetic operations in Solidity wrap on overflow. This can easily result\n * in bugs, because programmers usually assume that an overflow raises an\n * error, which is the standard behavior in high level programming languages.\n * `SafeMath` restores this intuition by reverting the transaction when an\n * operation overflows.\n *\n * Using this library instead of the unchecked operations eliminates an entire\n * class of bugs, so it's recommended to use it always.\n */\nlibrary SafeMath {\n /**\n * @dev Returns the addition of two unsigned integers, with an overflow flag.\n *\n * _Available since v3.4._\n */\n function tryAdd(uint256 a, uint256 b) internal pure returns (bool, uint256) {\n uint256 c = a + b;\n if (c \u003c a) return (false, 0);\n return (true, c);\n }\n\n /**\n * @dev Returns the substraction of two unsigned integers, with an overflow flag.\n *\n * _Available since v3.4._\n */\n function trySub(uint256 a, uint256 b) internal pure returns (bool, uint256) {\n if (b \u003e a) return (false, 0);\n return (true, a - b);\n }\n\n /**\n * @dev Returns the multiplication of two unsigned integers, with an overflow flag.\n *\n * _Available since v3.4._\n */\n function tryMul(uint256 a, uint256 b) internal pure returns (bool, uint256) {\n // Gas optimization: this is cheaper than requiring 'a' not being zero, but the\n // benefit is lost if 'b' is also tested.\n // See: https://github.com/OpenZeppelin/openzeppelin-contracts/pull/522\n if (a == 0) return (true, 0);\n uint256 c = a * b;\n if (c / a != b) return (false, 0);\n return (true, c);\n }\n\n /**\n * @dev Returns the division of two unsigned integers, with a division by zero flag.\n *\n * _Available since v3.4._\n */\n function tryDiv(uint256 a, uint256 b) internal pure returns (bool, uint256) {\n if (b == 0) return (false, 0);\n return (true, a / b);\n }\n\n /**\n * @dev Returns the remainder of dividing two unsigned integers, with a division by zero flag.\n *\n * _Available since v3.4._\n */\n function tryMod(uint256 a, uint256 b) internal pure returns (bool, uint256) {\n if (b == 0) return (false, 0);\n return (true, a % b);\n }\n\n /**\n * @dev Returns the addition of two unsigned integers, reverting on\n * overflow.\n *\n * Counterpart to Solidity's `+` operator.\n *\n * Requirements:\n *\n * - Addition cannot overflow.\n */\n function add(uint256 a, uint256 b) internal pure returns (uint256) {\n uint256 c = a + b;\n require(c \u003e= a, \"SafeMath: addition overflow\");\n return c;\n }\n\n /**\n * @dev Returns the subtraction of two unsigned integers, reverting on\n * overflow (when the result is negative).\n *\n * Counterpart to Solidity's `-` operator.\n *\n * Requirements:\n *\n * - Subtraction cannot overflow.\n */\n function sub(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b \u003c= a, \"SafeMath: subtraction overflow\");\n return a - b;\n }\n\n /**\n * @dev Returns the multiplication of two unsigned integers, reverting on\n * overflow.\n *\n * Counterpart to Solidity's `*` operator.\n *\n * Requirements:\n *\n * - Multiplication cannot overflow.\n */\n function mul(uint256 a, uint256 b) internal pure returns (uint256) {\n if (a == 0) return 0;\n uint256 c = a * b;\n require(c / a == b, \"SafeMath: multiplication overflow\");\n return c;\n }\n\n /**\n * @dev Returns the integer division of two unsigned integers, reverting on\n * division by zero. The result is rounded towards zero.\n *\n * Counterpart to Solidity's `/` operator. Note: this function uses a\n * `revert` opcode (which leaves remaining gas untouched) while Solidity\n * uses an invalid opcode to revert (consuming all remaining gas).\n *\n * Requirements:\n *\n * - The divisor cannot be zero.\n */\n function div(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b \u003e 0, \"SafeMath: division by zero\");\n return a / b;\n }\n\n /**\n * @dev Returns the remainder of dividing two unsigned integers. (unsigned integer modulo),\n * reverting when dividing by zero.\n *\n * Counterpart to Solidity's `%` operator. This function uses a `revert`\n * opcode (which leaves remaining gas untouched) while Solidity uses an\n * invalid opcode to revert (consuming all remaining gas).\n *\n * Requirements:\n *\n * - The divisor cannot be zero.\n */\n function mod(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b \u003e 0, \"SafeMath: modulo by zero\");\n return a % b;\n }\n\n /**\n * @dev Returns the subtraction of two unsigned integers, reverting with custom message on\n * overflow (when the result is negative).\n *\n * CAUTION: This function is deprecated because it requires allocating memory for the error\n * message unnecessarily. For custom revert reasons use {trySub}.\n *\n * Counterpart to Solidity's `-` operator.\n *\n * Requirements:\n *\n * - Subtraction cannot overflow.\n */\n function sub(uint256 a, uint256 b, string memory errorMessage) internal pure returns (uint256) {\n require(b \u003c= a, errorMessage);\n return a - b;\n }\n\n /**\n * @dev Returns the integer division of two unsigned integers, reverting with custom message on\n * division by zero. The result is rounded towards zero.\n *\n * CAUTION: This function is deprecated because it requires allocating memory for the error\n * message unnecessarily. For custom revert reasons use {tryDiv}.\n *\n * Counterpart to Solidity's `/` operator. Note: this function uses a\n * `revert` opcode (which leaves remaining gas untouched) while Solidity\n * uses an invalid opcode to revert (consuming all remaining gas).\n *\n * Requirements:\n *\n * - The divisor cannot be zero.\n */\n function div(uint256 a, uint256 b, string memory errorMessage) internal pure returns (uint256) {\n require(b \u003e 0, errorMessage);\n return a / b;\n }\n\n /**\n * @dev Returns the remainder of dividing two unsigned integers. (unsigned integer modulo),\n * reverting with custom message when dividing by zero.\n *\n * CAUTION: This function is deprecated because it requires allocating memory for the error\n * message unnecessarily. For custom revert reasons use {tryMod}.\n *\n * Counterpart to Solidity's `%` operator. This function uses a `revert`\n * opcode (which leaves remaining gas untouched) while Solidity uses an\n * invalid opcode to revert (consuming all remaining gas).\n *\n * Requirements:\n *\n * - The divisor cannot be zero.\n */\n function mod(uint256 a, uint256 b, string memory errorMessage) internal pure returns (uint256) {\n require(b \u003e 0, errorMessage);\n return a % b;\n }\n}\n\n/**\n * @dev Collection of functions related to the address type\n */\nlibrary Address {\n /**\n * @dev Returns true if `account` is a contract.\n *\n * [IMPORTANT]\n * ====\n * It is unsafe to assume that an address for which this function returns\n * false is an externally-owned account (EOA) and not a contract.\n *\n * Among others, `isContract` will return false for the following\n * types of addresses:\n *\n * - an externally-owned account\n * - a contract in construction\n * - an address where a contract will be created\n * - an address where a contract lived, but was destroyed\n * ====\n */\n function isContract(address account) internal view returns (bool) {\n // This method relies on extcodesize, which returns 0 for contracts in\n // construction, since the code is only stored at the end of the\n // constructor execution.\n\n uint256 size;\n // solhint-disable-next-line no-inline-assembly\n assembly { size := extcodesize(account) }\n return size \u003e 0;\n }\n\n /**\n * @dev Replacement for Solidity's `transfer`: sends `amount` wei to\n * `recipient`, forwarding all available gas and reverting on errors.\n *\n * https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost\n * of certain opcodes, possibly making contracts go over the 2300 gas limit\n * imposed by `transfer`, making them unable to receive funds via\n * `transfer`. {sendValue} removes this limitation.\n *\n * https://diligence.consensys.net/posts/2019/09/stop-using-soliditys-transfer-now/[Learn more].\n *\n * IMPORTANT: because control is transferred to `recipient`, care must be\n * taken to not create reentrancy vulnerabilities. Consider using\n * {ReentrancyGuard} or the\n * https://solidity.readthedocs.io/en/v0.5.11/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern].\n */\n function sendValue(address payable recipient, uint256 amount) internal {\n require(address(this).balance \u003e= amount, \"Address: insufficient balance\");\n\n // solhint-disable-next-line avoid-low-level-calls, avoid-call-value\n (bool success, ) = recipient.call{ value: amount }(\"\");\n require(success, \"Address: unable to send value, recipient may have reverted\");\n }\n\n /**\n * @dev Performs a Solidity function call using a low level `call`. A\n * plain`call` is an unsafe replacement for a function call: use this\n * function instead.\n *\n * If `target` reverts with a revert reason, it is bubbled up by this\n * function (like regular Solidity function calls).\n *\n * Returns the raw returned data. To convert to the expected return value,\n * use https://solidity.readthedocs.io/en/latest/units-and-global-variables.html?highlight=abi.decode#abi-encoding-and-decoding-functions[`abi.decode`].\n *\n * Requirements:\n *\n * - `target` must be a contract.\n * - calling `target` with `data` must not revert.\n *\n * _Available since v3.1._\n */\n function functionCall(address target, bytes memory data) internal returns (bytes memory) {\n return functionCall(target, data, \"Address: low-level call failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], but with\n * `errorMessage` as a fallback revert reason when `target` reverts.\n *\n * _Available since v3.1._\n */\n function functionCall(address target, bytes memory data, string memory errorMessage) internal returns (bytes memory) {\n return functionCallWithValue(target, data, 0, errorMessage);\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\n * but also transferring `value` wei to `target`.\n *\n * Requirements:\n *\n * - the calling contract must have an ETH balance of at least `value`.\n * - the called Solidity function must be `payable`.\n *\n * _Available since v3.1._\n */\n function functionCallWithValue(address target, bytes memory data, uint256 value) internal returns (bytes memory) {\n return functionCallWithValue(target, data, value, \"Address: low-level call with value failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCallWithValue-address-bytes-uint256-}[`functionCallWithValue`], but\n * with `errorMessage` as a fallback revert reason when `target` reverts.\n *\n * _Available since v3.1._\n */\n function functionCallWithValue(address target, bytes memory data, uint256 value, string memory errorMessage) internal returns (bytes memory) {\n require(address(this).balance \u003e= value, \"Address: insufficient balance for call\");\n require(isContract(target), \"Address: call to non-contract\");\n\n // solhint-disable-next-line avoid-low-level-calls\n (bool success, bytes memory returndata) = target.call{ value: value }(data);\n return _verifyCallResult(success, returndata, errorMessage);\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\n * but performing a static call.\n *\n * _Available since v3.3._\n */\n function functionStaticCall(address target, bytes memory data) internal view returns (bytes memory) {\n return functionStaticCall(target, data, \"Address: low-level static call failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],\n * but performing a static call.\n *\n * _Available since v3.3._\n */\n function functionStaticCall(address target, bytes memory data, string memory errorMessage) internal view returns (bytes memory) {\n require(isContract(target), \"Address: static call to non-contract\");\n\n // solhint-disable-next-line avoid-low-level-calls\n (bool success, bytes memory returndata) = target.staticcall(data);\n return _verifyCallResult(success, returndata, errorMessage);\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\n * but performing a delegate call.\n *\n * _Available since v3.4._\n */\n function functionDelegateCall(address target, bytes memory data) internal returns (bytes memory) {\n return functionDelegateCall(target, data, \"Address: low-level delegate call failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],\n * but performing a delegate call.\n *\n * _Available since v3.4._\n */\n function functionDelegateCall(address target, bytes memory data, string memory errorMessage) internal returns (bytes memory) {\n require(isContract(target), \"Address: delegate call to non-contract\");\n\n // solhint-disable-next-line avoid-low-level-calls\n (bool success, bytes memory returndata) = target.delegatecall(data);\n return _verifyCallResult(success, returndata, errorMessage);\n }\n\n function _verifyCallResult(bool success, bytes memory returndata, string memory errorMessage) private pure returns(bytes memory) {\n if (success) {\n return returndata;\n } else {\n // Look for revert reason and bubble it up if present\n if (returndata.length \u003e 0) {\n // The easiest way to bubble the revert reason is using memory via assembly\n\n // solhint-disable-next-line no-inline-assembly\n assembly {\n let returndata_size := mload(returndata)\n revert(add(32, returndata), returndata_size)\n }\n } else {\n revert(errorMessage);\n }\n }\n }\n}\n\n/**\n * @title SafeERC20\n * @dev Wrappers around ERC20 operations that throw on failure (when the token\n * contract returns false). Tokens that return no value (and instead revert or\n * throw on failure) are also supported, non-reverting calls are assumed to be\n * successful.\n * To use this library you can add a `using SafeERC20 for IERC20;` statement to your contract,\n * which allows you to call the safe operations as `token.safeTransfer(...)`, etc.\n */\nlibrary SafeERC20 {\n using SafeMath for uint256;\n using Address for address;\n\n function safeTransfer(IERC20 token, address to, uint256 value) internal {\n _callOptionalReturn(token, abi.encodeWithSelector(token.transfer.selector, to, value));\n }\n\n function safeTransferFrom(IERC20 token, address from, address to, uint256 value) internal {\n _callOptionalReturn(token, abi.encodeWithSelector(token.transferFrom.selector, from, to, value));\n }\n\n /**\n * @dev Deprecated. This function has issues similar to the ones found in\n * {IERC20-approve}, and its usage is discouraged.\n *\n * Whenever possible, use {safeIncreaseAllowance} and\n * {safeDecreaseAllowance} instead.\n */\n function safeApprove(IERC20 token, address spender, uint256 value) internal {\n // safeApprove should only be called when setting an initial allowance,\n // or when resetting it to zero. To increase and decrease it, use\n // 'safeIncreaseAllowance' and 'safeDecreaseAllowance'\n // solhint-disable-next-line max-line-length\n require((value == 0) || (token.allowance(address(this), spender) == 0),\n \"SafeERC20: approve from non-zero to non-zero allowance\"\n );\n _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, value));\n }\n\n function safeIncreaseAllowance(IERC20 token, address spender, uint256 value) internal {\n uint256 newAllowance = token.allowance(address(this), spender).add(value);\n _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, newAllowance));\n }\n\n function safeDecreaseAllowance(IERC20 token, address spender, uint256 value) internal {\n uint256 newAllowance = token.allowance(address(this), spender).sub(value, \"SafeERC20: decreased allowance below zero\");\n _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, newAllowance));\n }\n\n /**\n * @dev Imitates a Solidity high-level call (i.e. a regular function call to a contract), relaxing the requirement\n * on the return value: the return value is optional (but if data is returned, it must not be false).\n * @param token The token targeted by the call.\n * @param data The call data (encoded using abi.encode or one of its variants).\n */\n function _callOptionalReturn(IERC20 token, bytes memory data) private {\n // We need to perform a low level call here, to bypass Solidity's return data size checking mechanism, since\n // we're implementing it ourselves. We use {Address.functionCall} to perform this call, which verifies that\n // the target address contains contract code and also asserts for success in the low-level call.\n\n bytes memory returndata = address(token).functionCall(data, \"SafeERC20: low-level call failed\");\n if (returndata.length \u003e 0) { // Return data is optional\n // solhint-disable-next-line max-line-length\n require(abi.decode(returndata, (bool)), \"SafeERC20: ERC20 operation did not succeed\");\n }\n }\n}\n\n/**\n * @notice Base contract which allows children to rescue ERC20 locked in their contract.\n * @dev Forked from https://github.com/centrehq/centre-tokens/blob/0d3cab14ebd133a83fc834dbd48d0468bdf0b391/contracts/v1.1/Rescuable.sol\n * Modifications:\n * 1. Update Solidity version from 0.6.12 to 0.7.6 (8/23/2022)\n */\ncontract Rescuable is Ownable2Step {\n using SafeERC20 for IERC20;\n\n address private _rescuer;\n\n event RescuerChanged(address indexed newRescuer);\n\n /**\n * @notice Returns current rescuer\n * @return Rescuer's address\n */\n function rescuer() external view returns (address) {\n return _rescuer;\n }\n\n /**\n * @notice Revert if called by any account other than the rescuer.\n */\n modifier onlyRescuer() {\n require(msg.sender == _rescuer, \"Rescuable: caller is not the rescuer\");\n _;\n }\n\n /**\n * @notice Rescue ERC20 tokens locked up in this contract.\n * @param tokenContract ERC20 token contract address\n * @param to Recipient address\n * @param amount Amount to withdraw\n */\n function rescueERC20(\n IERC20 tokenContract,\n address to,\n uint256 amount\n ) external onlyRescuer {\n tokenContract.safeTransfer(to, amount);\n }\n\n /**\n * @notice Assign the rescuer role to a given address.\n * @param newRescuer New rescuer's address\n */\n function updateRescuer(address newRescuer) external onlyOwner {\n require(\n newRescuer != address(0),\n \"Rescuable: new rescuer is the zero address\"\n );\n _rescuer = newRescuer;\n emit RescuerChanged(newRescuer);\n }\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * @dev Library for managing\n * https://en.wikipedia.org/wiki/Set_(abstract_data_type)[sets] of primitive\n * types.\n *\n * Sets have the following properties:\n *\n * - Elements are added, removed, and checked for existence in constant time\n * (O(1)).\n * - Elements are enumerated in O(n). No guarantees are made on the ordering.\n *\n * ```\n * contract Example {\n * // Add the library methods\n * using EnumerableSet for EnumerableSet.AddressSet;\n *\n * // Declare a set state variable\n * EnumerableSet.AddressSet private mySet;\n * }\n * ```\n *\n * As of v3.3.0, sets of type `bytes32` (`Bytes32Set`), `address` (`AddressSet`)\n * and `uint256` (`UintSet`) are supported.\n */\nlibrary EnumerableSet {\n // To implement this library for multiple types with as little code\n // repetition as possible, we write it in terms of a generic Set type with\n // bytes32 values.\n // The Set implementation uses private functions, and user-facing\n // implementations (such as AddressSet) are just wrappers around the\n // underlying Set.\n // This means that we can only create new EnumerableSets for types that fit\n // in bytes32.\n\n struct Set {\n // Storage of set values\n bytes32[] _values;\n\n // Position of the value in the `values` array, plus 1 because index 0\n // means a value is not in the set.\n mapping (bytes32 =\u003e uint256) _indexes;\n }\n\n /**\n * @dev Add a value to a set. O(1).\n *\n * Returns true if the value was added to the set, that is if it was not\n * already present.\n */\n function _add(Set storage set, bytes32 value) private returns (bool) {\n if (!_contains(set, value)) {\n set._values.push(value);\n // The value is stored at length-1, but we add 1 to all indexes\n // and use 0 as a sentinel value\n set._indexes[value] = set._values.length;\n return true;\n } else {\n return false;\n }\n }\n\n /**\n * @dev Removes a value from a set. O(1).\n *\n * Returns true if the value was removed from the set, that is if it was\n * present.\n */\n function _remove(Set storage set, bytes32 value) private returns (bool) {\n // We read and store the value's index to prevent multiple reads from the same storage slot\n uint256 valueIndex = set._indexes[value];\n\n if (valueIndex != 0) { // Equivalent to contains(set, value)\n // To delete an element from the _values array in O(1), we swap the element to delete with the last one in\n // the array, and then remove the last element (sometimes called as 'swap and pop').\n // This modifies the order of the array, as noted in {at}.\n\n uint256 toDeleteIndex = valueIndex - 1;\n uint256 lastIndex = set._values.length - 1;\n\n // When the value to delete is the last one, the swap operation is unnecessary. However, since this occurs\n // so rarely, we still do the swap anyway to avoid the gas cost of adding an 'if' statement.\n\n bytes32 lastvalue = set._values[lastIndex];\n\n // Move the last value to the index where the value to delete is\n set._values[toDeleteIndex] = lastvalue;\n // Update the index for the moved value\n set._indexes[lastvalue] = toDeleteIndex + 1; // All indexes are 1-based\n\n // Delete the slot where the moved value was stored\n set._values.pop();\n\n // Delete the index for the deleted slot\n delete set._indexes[value];\n\n return true;\n } else {\n return false;\n }\n }\n\n /**\n * @dev Returns true if the value is in the set. O(1).\n */\n function _contains(Set storage set, bytes32 value) private view returns (bool) {\n return set._indexes[value] != 0;\n }\n\n /**\n * @dev Returns the number of values on the set. O(1).\n */\n function _length(Set storage set) private view returns (uint256) {\n return set._values.length;\n }\n\n /**\n * @dev Returns the value stored at position `index` in the set. O(1).\n *\n * Note that there are no guarantees on the ordering of values inside the\n * array, and it may change when more values are added or removed.\n *\n * Requirements:\n *\n * - `index` must be strictly less than {length}.\n */\n function _at(Set storage set, uint256 index) private view returns (bytes32) {\n require(set._values.length \u003e index, \"EnumerableSet: index out of bounds\");\n return set._values[index];\n }\n\n // Bytes32Set\n\n struct Bytes32Set {\n Set _inner;\n }\n\n /**\n * @dev Add a value to a set. O(1).\n *\n * Returns true if the value was added to the set, that is if it was not\n * already present.\n */\n function add(Bytes32Set storage set, bytes32 value) internal returns (bool) {\n return _add(set._inner, value);\n }\n\n /**\n * @dev Removes a value from a set. O(1).\n *\n * Returns true if the value was removed from the set, that is if it was\n * present.\n */\n function remove(Bytes32Set storage set, bytes32 value) internal returns (bool) {\n return _remove(set._inner, value);\n }\n\n /**\n * @dev Returns true if the value is in the set. O(1).\n */\n function contains(Bytes32Set storage set, bytes32 value) internal view returns (bool) {\n return _contains(set._inner, value);\n }\n\n /**\n * @dev Returns the number of values in the set. O(1).\n */\n function length(Bytes32Set storage set) internal view returns (uint256) {\n return _length(set._inner);\n }\n\n /**\n * @dev Returns the value stored at position `index` in the set. O(1).\n *\n * Note that there are no guarantees on the ordering of values inside the\n * array, and it may change when more values are added or removed.\n *\n * Requirements:\n *\n * - `index` must be strictly less than {length}.\n */\n function at(Bytes32Set storage set, uint256 index) internal view returns (bytes32) {\n return _at(set._inner, index);\n }\n\n // AddressSet\n\n struct AddressSet {\n Set _inner;\n }\n\n /**\n * @dev Add a value to a set. O(1).\n *\n * Returns true if the value was added to the set, that is if it was not\n * already present.\n */\n function add(AddressSet storage set, address value) internal returns (bool) {\n return _add(set._inner, bytes32(uint256(uint160(value))));\n }\n\n /**\n * @dev Removes a value from a set. O(1).\n *\n * Returns true if the value was removed from the set, that is if it was\n * present.\n */\n function remove(AddressSet storage set, address value) internal returns (bool) {\n return _remove(set._inner, bytes32(uint256(uint160(value))));\n }\n\n /**\n * @dev Returns true if the value is in the set. O(1).\n */\n function contains(AddressSet storage set, address value) internal view returns (bool) {\n return _contains(set._inner, bytes32(uint256(uint160(value))));\n }\n\n /**\n * @dev Returns the number of values in the set. O(1).\n */\n function length(AddressSet storage set) internal view returns (uint256) {\n return _length(set._inner);\n }\n\n /**\n * @dev Returns the value stored at position `index` in the set. O(1).\n *\n * Note that there are no guarantees on the ordering of values inside the\n * array, and it may change when more values are added or removed.\n *\n * Requirements:\n *\n * - `index` must be strictly less than {length}.\n */\n function at(AddressSet storage set, uint256 index) internal view returns (address) {\n return address(uint160(uint256(_at(set._inner, index))));\n }\n\n // UintSet\n\n struct UintSet {\n Set _inner;\n }\n\n /**\n * @dev Add a value to a set. O(1).\n *\n * Returns true if the value was added to the set, that is if it was not\n * already present.\n */\n function add(UintSet storage set, uint256 value) internal returns (bool) {\n return _add(set._inner, bytes32(value));\n }\n\n /**\n * @dev Removes a value from a set. O(1).\n *\n * Returns true if the value was removed from the set, that is if it was\n * present.\n */\n function remove(UintSet storage set, uint256 value) internal returns (bool) {\n return _remove(set._inner, bytes32(value));\n }\n\n /**\n * @dev Returns true if the value is in the set. O(1).\n */\n function contains(UintSet storage set, uint256 value) internal view returns (bool) {\n return _contains(set._inner, bytes32(value));\n }\n\n /**\n * @dev Returns the number of values on the set. O(1).\n */\n function length(UintSet storage set) internal view returns (uint256) {\n return _length(set._inner);\n }\n\n /**\n * @dev Returns the value stored at position `index` in the set. O(1).\n *\n * Note that there are no guarantees on the ordering of values inside the\n * array, and it may change when more values are added or removed.\n *\n * Requirements:\n *\n * - `index` must be strictly less than {length}.\n */\n function at(UintSet storage set, uint256 index) internal view returns (uint256) {\n return uint256(_at(set._inner, index));\n }\n}\n\n/**\n * @dev Elliptic Curve Digital Signature Algorithm (ECDSA) operations.\n *\n * These functions can be used to verify that a message was signed by the holder\n * of the private keys of a given address.\n */\nlibrary ECDSA {\n /**\n * @dev Returns the address that signed a hashed message (`hash`) with\n * `signature`. This address can then be used for verification purposes.\n *\n * The `ecrecover` EVM opcode allows for malleable (non-unique) signatures:\n * this function rejects them by requiring the `s` value to be in the lower\n * half order, and the `v` value to be either 27 or 28.\n *\n * IMPORTANT: `hash` _must_ be the result of a hash operation for the\n * verification to be secure: it is possible to craft signatures that\n * recover to arbitrary addresses for non-hashed data. A safe way to ensure\n * this is by receiving a hash of the original message (which may otherwise\n * be too long), and then calling {toEthSignedMessageHash} on it.\n */\n function recover(bytes32 hash, bytes memory signature) internal pure returns (address) {\n // Check the signature length\n if (signature.length != 65) {\n revert(\"ECDSA: invalid signature length\");\n }\n\n // Divide the signature in r, s and v variables\n bytes32 r;\n bytes32 s;\n uint8 v;\n\n // ecrecover takes the signature parameters, and the only way to get them\n // currently is to use assembly.\n // solhint-disable-next-line no-inline-assembly\n assembly {\n r := mload(add(signature, 0x20))\n s := mload(add(signature, 0x40))\n v := byte(0, mload(add(signature, 0x60)))\n }\n\n return recover(hash, v, r, s);\n }\n\n /**\n * @dev Overload of {ECDSA-recover-bytes32-bytes-} that receives the `v`,\n * `r` and `s` signature fields separately.\n */\n function recover(bytes32 hash, uint8 v, bytes32 r, bytes32 s) internal pure returns (address) {\n // EIP-2 still allows signature malleability for ecrecover(). Remove this possibility and make the signature\n // unique. Appendix F in the Ethereum Yellow paper (https://ethereum.github.io/yellowpaper/paper.pdf), defines\n // the valid range for s in (281): 0 \u003c s \u003c secp256k1n ÷ 2 + 1, and for v in (282): v ∈ {27, 28}. Most\n // signatures from current libraries generate a unique signature with an s-value in the lower half order.\n //\n // If your library generates malleable signatures, such as s-values in the upper range, calculate a new s-value\n // with 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141 - s1 and flip v from 27 to 28 or\n // vice versa. If your library also generates signatures with 0/1 for v instead 27/28, add 27 to v to accept\n // these malleable signatures as well.\n require(uint256(s) \u003c= 0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0, \"ECDSA: invalid signature 's' value\");\n require(v == 27 || v == 28, \"ECDSA: invalid signature 'v' value\");\n\n // If the signature is valid (and not malleable), return the signer address\n address signer = ecrecover(hash, v, r, s);\n require(signer != address(0), \"ECDSA: invalid signature\");\n\n return signer;\n }\n\n /**\n * @dev Returns an Ethereum Signed Message, created from a `hash`. This\n * replicates the behavior of the\n * https://github.com/ethereum/wiki/wiki/JSON-RPC#eth_sign[`eth_sign`]\n * JSON-RPC method.\n *\n * See {recover}.\n */\n function toEthSignedMessageHash(bytes32 hash) internal pure returns (bytes32) {\n // 32 is the length in bytes of hash,\n // enforced by the type signature above\n return keccak256(abi.encodePacked(\"\\x19Ethereum Signed Message:\\n32\", hash));\n }\n}\n\ncontract Attestable is Ownable2Step {\n // ============ Events ============\n /**\n * @notice Emitted when an attester is enabled\n * @param attester newly enabled attester\n */\n event AttesterEnabled(address indexed attester);\n\n /**\n * @notice Emitted when an attester is disabled\n * @param attester newly disabled attester\n */\n event AttesterDisabled(address indexed attester);\n\n /**\n * @notice Emitted when threshold number of attestations (m in m/n multisig) is updated\n * @param oldSignatureThreshold old signature threshold\n * @param newSignatureThreshold new signature threshold\n */\n event SignatureThresholdUpdated(\n uint256 oldSignatureThreshold,\n uint256 newSignatureThreshold\n );\n\n /**\n * @dev Emitted when attester manager address is updated\n * @param previousAttesterManager representing the address of the previous attester manager\n * @param newAttesterManager representing the address of the new attester manager\n */\n event AttesterManagerUpdated(\n address indexed previousAttesterManager,\n address indexed newAttesterManager\n );\n\n // ============ Libraries ============\n using EnumerableSet for EnumerableSet.AddressSet;\n\n // ============ State Variables ============\n // number of signatures from distinct attesters required for a message to be received (m in m/n multisig)\n uint256 public signatureThreshold;\n\n // 65-byte ECDSA signature: v (32) + r (32) + s (1)\n uint256 internal constant signatureLength = 65;\n\n // enabled attesters (message signers)\n // (length of enabledAttesters is n in m/n multisig of message signers)\n EnumerableSet.AddressSet private enabledAttesters;\n\n // Attester Manager of the contract\n address private _attesterManager;\n\n // ============ Modifiers ============\n /**\n * @dev Throws if called by any account other than the attester manager.\n */\n modifier onlyAttesterManager() {\n require(msg.sender == _attesterManager, \"Caller not attester manager\");\n _;\n }\n\n // ============ Constructor ============\n /**\n * @dev The constructor sets the original attester manager of the contract to the sender account.\n * @param attester attester to initialize\n */\n constructor(address attester) {\n _setAttesterManager(msg.sender);\n // Initially 1 signature is required. Threshold can be increased by attesterManager.\n signatureThreshold = 1;\n enableAttester(attester);\n }\n\n // ============ Public/External Functions ============\n /**\n * @notice Enables an attester\n * @dev Only callable by attesterManager. New attester must be nonzero, and currently disabled.\n * @param newAttester attester to enable\n */\n function enableAttester(address newAttester) public onlyAttesterManager {\n require(newAttester != address(0), \"New attester must be nonzero\");\n require(enabledAttesters.add(newAttester), \"Attester already enabled\");\n emit AttesterEnabled(newAttester);\n }\n\n /**\n * @notice returns true if given `attester` is enabled, else false\n * @param attester attester to check enabled status of\n * @return true if given `attester` is enabled, else false\n */\n function isEnabledAttester(address attester) public view returns (bool) {\n return enabledAttesters.contains(attester);\n }\n\n /**\n * @notice returns the number of enabled attesters\n * @return number of enabled attesters\n */\n function getNumEnabledAttesters() public view returns (uint256) {\n return enabledAttesters.length();\n }\n\n /**\n * @dev Allows the current attester manager to transfer control of the contract to a newAttesterManager.\n * @param newAttesterManager The address to update attester manager to.\n */\n function updateAttesterManager(address newAttesterManager)\n external\n onlyOwner\n {\n require(\n newAttesterManager != address(0),\n \"Invalid attester manager address\"\n );\n address _oldAttesterManager = _attesterManager;\n _setAttesterManager(newAttesterManager);\n emit AttesterManagerUpdated(_oldAttesterManager, newAttesterManager);\n }\n\n /**\n * @notice Disables an attester\n * @dev Only callable by attesterManager. Disabling the attester is not allowed if there is only one attester\n * enabled, or if it would cause the number of enabled attesters to become less than signatureThreshold.\n * (Attester must be currently enabled.)\n * @param attester attester to disable\n */\n function disableAttester(address attester) external onlyAttesterManager {\n // Disallow disabling attester if there is only 1 active attester\n uint256 _numEnabledAttesters = getNumEnabledAttesters();\n\n require(_numEnabledAttesters \u003e 1, \"Too few enabled attesters\");\n\n // Disallow disabling an attester if it would cause the n in m/n multisig to fall below m (threshold # of signers).\n require(\n _numEnabledAttesters \u003e signatureThreshold,\n \"Signature threshold is too low\"\n );\n\n require(enabledAttesters.remove(attester), \"Attester already disabled\");\n emit AttesterDisabled(attester);\n }\n\n /**\n * @notice Sets the threshold of signatures required to attest to a message.\n * (This is the m in m/n multisig.)\n * @dev new signature threshold must be nonzero, and must not exceed number\n * of enabled attesters.\n * @param newSignatureThreshold new signature threshold\n */\n function setSignatureThreshold(uint256 newSignatureThreshold)\n external\n onlyAttesterManager\n {\n require(newSignatureThreshold != 0, \"Invalid signature threshold\");\n\n // New signature threshold cannot exceed the number of enabled attesters\n require(\n newSignatureThreshold \u003c= enabledAttesters.length(),\n \"New signature threshold too high\"\n );\n\n require(\n newSignatureThreshold != signatureThreshold,\n \"Signature threshold already set\"\n );\n\n uint256 _oldSignatureThreshold = signatureThreshold;\n signatureThreshold = newSignatureThreshold;\n emit SignatureThresholdUpdated(\n _oldSignatureThreshold,\n signatureThreshold\n );\n }\n\n /**\n * @dev Returns the address of the attester manager\n * @return address of the attester manager\n */\n function attesterManager() external view returns (address) {\n return _attesterManager;\n }\n\n /**\n * @notice gets enabled attester at given `index`\n * @param index index of attester to check\n * @return enabled attester at given `index`\n */\n function getEnabledAttester(uint256 index) external view returns (address) {\n return enabledAttesters.at(index);\n }\n\n // ============ Internal Utils ============\n /**\n * @dev Sets a new attester manager address\n * @param _newAttesterManager attester manager address to set\n */\n function _setAttesterManager(address _newAttesterManager) internal {\n _attesterManager = _newAttesterManager;\n }\n\n /**\n * @notice reverts if the attestation, which is comprised of one or more concatenated 65-byte signatures, is invalid.\n * @dev Rules for valid attestation:\n * 1. length of `_attestation` == 65 (signature length) * signatureThreshold\n * 2. addresses recovered from attestation must be in increasing order.\n * For example, if signature A is signed by address 0x1..., and signature B\n * is signed by address 0x2..., attestation must be passed as AB.\n * 3. no duplicate signers\n * 4. all signers must be enabled attesters\n *\n * Based on Christian Lundkvist's Simple Multisig\n * (https://github.com/christianlundkvist/simple-multisig/tree/560c463c8651e0a4da331bd8f245ccd2a48ab63d)\n * @param _message message to verify attestation of\n * @param _attestation attestation of `_message`\n */\n function _verifyAttestationSignatures(\n bytes calldata _message,\n bytes calldata _attestation\n ) internal view {\n require(\n _attestation.length == signatureLength * signatureThreshold,\n \"Invalid attestation length\"\n );\n\n // (Attesters cannot be address(0))\n address _latestAttesterAddress = address(0);\n // Address recovered from signatures must be in increasing order, to prevent duplicates\n\n bytes32 _digest = keccak256(_message);\n\n for (uint256 i; i \u003c signatureThreshold; ++i) {\n bytes memory _signature = _attestation[i * signatureLength:i *\n signatureLength +\n signatureLength];\n\n address _recoveredAttester = _recoverAttesterSignature(\n _digest,\n _signature\n );\n\n // Signatures must be in increasing order of address, and may not duplicate signatures from same address\n require(\n _recoveredAttester \u003e _latestAttesterAddress,\n \"Invalid signature order or dupe\"\n );\n require(\n isEnabledAttester(_recoveredAttester),\n \"Invalid signature: not attester\"\n );\n _latestAttesterAddress = _recoveredAttester;\n }\n }\n\n /**\n * @notice Checks that signature was signed by attester\n * @param _digest message hash\n * @param _signature message signature\n * @return address of recovered signer\n **/\n function _recoverAttesterSignature(bytes32 _digest, bytes memory _signature)\n internal\n pure\n returns (address)\n {\n return (ECDSA.recover(_digest, _signature));\n }\n}\n\n/**\n * @title MessageTransmitter\n * @notice Contract responsible for sending and receiving messages across chains.\n */\ncontract MessageTransmitter is\n IMessageTransmitter,\n Pausable,\n Rescuable,\n Attestable\n{\n // ============ Events ============\n /**\n * @notice Emitted when a new message is dispatched\n * @param message Raw bytes of message\n */\n event MessageSent(bytes message);\n\n /**\n * @notice Emitted when a new message is received\n * @param caller Caller (msg.sender) on destination domain\n * @param sourceDomain The source domain this message originated from\n * @param nonce The nonce unique to this message\n * @param sender The sender of this message\n * @param messageBody message body bytes\n */\n event MessageReceived(\n address indexed caller,\n uint32 sourceDomain,\n uint64 indexed nonce,\n bytes32 sender,\n bytes messageBody\n );\n\n /**\n * @notice Emitted when max message body size is updated\n * @param newMaxMessageBodySize new maximum message body size, in bytes\n */\n event MaxMessageBodySizeUpdated(uint256 newMaxMessageBodySize);\n\n // ============ Libraries ============\n using TypedMemView for bytes;\n using TypedMemView for bytes29;\n using Message for bytes29;\n\n // ============ State Variables ============\n // Domain of chain on which the contract is deployed\n uint32 public immutable localDomain;\n\n // Message Format version\n uint32 public immutable version;\n\n // Maximum size of message body, in bytes.\n // This value is set by owner.\n uint256 public maxMessageBodySize;\n\n // Next available nonce from this source domain\n uint64 public nextAvailableNonce;\n\n // Maps a bytes32 hash of (sourceDomain, nonce) -\u003e uint256 (0 if unused, 1 if used)\n mapping(bytes32 =\u003e uint256) public usedNonces;\n\n // ============ Constructor ============\n constructor(\n uint32 _localDomain,\n address _attester,\n uint32 _maxMessageBodySize,\n uint32 _version\n ) Attestable(_attester) {\n localDomain = _localDomain;\n maxMessageBodySize = _maxMessageBodySize;\n version = _version;\n }\n\n // ============ External Functions ============\n /**\n * @notice Send the message to the destination domain and recipient\n * @dev Increment nonce, format the message, and emit `MessageSent` event with message information.\n * @param destinationDomain Domain of destination chain\n * @param recipient Address of message recipient on destination chain as bytes32\n * @param messageBody Raw bytes content of message\n * @return nonce reserved by message\n */\n function sendMessage(\n uint32 destinationDomain,\n bytes32 recipient,\n bytes calldata messageBody\n ) external override whenNotPaused returns (uint64) {\n bytes32 _emptyDestinationCaller = bytes32(0);\n uint64 _nonce = _reserveAndIncrementNonce();\n bytes32 _messageSender = Message.addressToBytes32(msg.sender);\n\n _sendMessage(\n destinationDomain,\n recipient,\n _emptyDestinationCaller,\n _messageSender,\n _nonce,\n messageBody\n );\n\n return _nonce;\n }\n\n /**\n * @notice Replace a message with a new message body and/or destination caller.\n * @dev The `originalAttestation` must be a valid attestation of `originalMessage`.\n * Reverts if msg.sender does not match sender of original message, or if the source domain of the original message\n * does not match this MessageTransmitter's local domain.\n * @param originalMessage original message to replace\n * @param originalAttestation attestation of `originalMessage`\n * @param newMessageBody new message body of replaced message\n * @param newDestinationCaller the new destination caller, which may be the\n * same as the original destination caller, a new destination caller, or an empty\n * destination caller (bytes32(0), indicating that any destination caller is valid.)\n */\n function replaceMessage(\n bytes calldata originalMessage,\n bytes calldata originalAttestation,\n bytes calldata newMessageBody,\n bytes32 newDestinationCaller\n ) external override whenNotPaused {\n // Validate each signature in the attestation\n _verifyAttestationSignatures(originalMessage, originalAttestation);\n\n bytes29 _originalMsg = originalMessage.ref(0);\n\n // Validate message format\n _originalMsg._validateMessageFormat();\n\n // Validate message sender\n bytes32 _sender = _originalMsg._sender();\n require(\n msg.sender == Message.bytes32ToAddress(_sender),\n \"Sender not permitted to use nonce\"\n );\n\n // Validate source domain\n uint32 _sourceDomain = _originalMsg._sourceDomain();\n require(\n _sourceDomain == localDomain,\n \"Message not originally sent from this domain\"\n );\n\n uint32 _destinationDomain = _originalMsg._destinationDomain();\n bytes32 _recipient = _originalMsg._recipient();\n uint64 _nonce = _originalMsg._nonce();\n\n _sendMessage(\n _destinationDomain,\n _recipient,\n newDestinationCaller,\n _sender,\n _nonce,\n newMessageBody\n );\n }\n\n /**\n * @notice Send the message to the destination domain and recipient, for a specified `destinationCaller` on the\n * destination domain.\n * @dev Increment nonce, format the message, and emit `MessageSent` event with message information.\n * WARNING: if the `destinationCaller` does not represent a valid address, then it will not be possible\n * to broadcast the message on the destination domain. This is an advanced feature, and the standard\n * sendMessage() should be preferred for use cases where a specific destination caller is not required.\n * @param destinationDomain Domain of destination chain\n * @param recipient Address of message recipient on destination domain as bytes32\n * @param destinationCaller caller on the destination domain, as bytes32\n * @param messageBody Raw bytes content of message\n * @return nonce reserved by message\n */\n function sendMessageWithCaller(\n uint32 destinationDomain,\n bytes32 recipient,\n bytes32 destinationCaller,\n bytes calldata messageBody\n ) external override whenNotPaused returns (uint64) {\n require(\n destinationCaller != bytes32(0),\n \"Destination caller must be nonzero\"\n );\n\n uint64 _nonce = _reserveAndIncrementNonce();\n bytes32 _messageSender = Message.addressToBytes32(msg.sender);\n\n _sendMessage(\n destinationDomain,\n recipient,\n destinationCaller,\n _messageSender,\n _nonce,\n messageBody\n );\n\n return _nonce;\n }\n\n /**\n * @notice Receive a message. Messages with a given nonce\n * can only be broadcast once for a (sourceDomain, destinationDomain)\n * pair. The message body of a valid message is passed to the\n * specified recipient for further processing.\n *\n * @dev Attestation format:\n * A valid attestation is the concatenated 65-byte signature(s) of exactly\n * `thresholdSignature` signatures, in increasing order of attester address.\n * ***If the attester addresses recovered from signatures are not in\n * increasing order, signature verification will fail.***\n * If incorrect number of signatures or duplicate signatures are supplied,\n * signature verification will fail.\n *\n * Message format:\n * Field Bytes Type Index\n * version 4 uint32 0\n * sourceDomain 4 uint32 4\n * destinationDomain 4 uint32 8\n * nonce 8 uint64 12\n * sender 32 bytes32 20\n * recipient 32 bytes32 52\n * messageBody dynamic bytes 84\n * @param message Message bytes\n * @param attestation Concatenated 65-byte signature(s) of `message`, in increasing order\n * of the attester address recovered from signatures.\n * @return success bool, true if successful\n */\n function receiveMessage(bytes calldata message, bytes calldata attestation)\n external\n override\n whenNotPaused\n returns (bool success)\n {\n // Validate each signature in the attestation\n _verifyAttestationSignatures(message, attestation);\n\n bytes29 _msg = message.ref(0);\n\n // Validate message format\n _msg._validateMessageFormat();\n\n // Validate domain\n require(\n _msg._destinationDomain() == localDomain,\n \"Invalid destination domain\"\n );\n\n // Validate destination caller\n if (_msg._destinationCaller() != bytes32(0)) {\n require(\n _msg._destinationCaller() ==\n Message.addressToBytes32(msg.sender),\n \"Invalid caller for message\"\n );\n }\n\n // Validate version\n require(_msg._version() == version, \"Invalid message version\");\n\n // Validate nonce is available\n uint32 _sourceDomain = _msg._sourceDomain();\n uint64 _nonce = _msg._nonce();\n bytes32 _sourceAndNonce = _hashSourceAndNonce(_sourceDomain, _nonce);\n require(usedNonces[_sourceAndNonce] == 0, \"Nonce already used\");\n // Mark nonce used\n usedNonces[_sourceAndNonce] = 1;\n\n // Handle receive message\n bytes32 _sender = _msg._sender();\n bytes memory _messageBody = _msg._messageBody().clone();\n require(\n IMessageHandler(Message.bytes32ToAddress(_msg._recipient()))\n .handleReceiveMessage(_sourceDomain, _sender, _messageBody),\n \"handleReceiveMessage() failed\"\n );\n\n // Emit MessageReceived event\n emit MessageReceived(\n msg.sender,\n _sourceDomain,\n _nonce,\n _sender,\n _messageBody\n );\n return true;\n }\n\n /**\n * @notice Sets the max message body size\n * @dev This value should not be reduced without good reason,\n * to avoid impacting users who rely on large messages.\n * @param newMaxMessageBodySize new max message body size, in bytes\n */\n function setMaxMessageBodySize(uint256 newMaxMessageBodySize)\n external\n onlyOwner\n {\n maxMessageBodySize = newMaxMessageBodySize;\n emit MaxMessageBodySizeUpdated(maxMessageBodySize);\n }\n\n // ============ Internal Utils ============\n /**\n * @notice Send the message to the destination domain and recipient. If `_destinationCaller` is not equal to bytes32(0),\n * the message can only be received on the destination chain when called by `_destinationCaller`.\n * @dev Format the message and emit `MessageSent` event with message information.\n * @param _destinationDomain Domain of destination chain\n * @param _recipient Address of message recipient on destination domain as bytes32\n * @param _destinationCaller caller on the destination domain, as bytes32\n * @param _sender message sender, as bytes32\n * @param _nonce nonce reserved for message\n * @param _messageBody Raw bytes content of message\n */\n function _sendMessage(\n uint32 _destinationDomain,\n bytes32 _recipient,\n bytes32 _destinationCaller,\n bytes32 _sender,\n uint64 _nonce,\n bytes calldata _messageBody\n ) internal {\n // Validate message body length\n require(\n _messageBody.length \u003c= maxMessageBodySize,\n \"Message body exceeds max size\"\n );\n\n require(_recipient != bytes32(0), \"Recipient must be nonzero\");\n\n // serialize message\n bytes memory _message = Message._formatMessage(\n version,\n localDomain,\n _destinationDomain,\n _nonce,\n _sender,\n _recipient,\n _destinationCaller,\n _messageBody\n );\n\n // Emit MessageSent event\n emit MessageSent(_message);\n }\n\n /**\n * @notice hashes `_source` and `_nonce`.\n * @param _source Domain of chain where the transfer originated\n * @param _nonce The unique identifier for the message from source to\n destination\n * @return hash of source and nonce\n */\n function _hashSourceAndNonce(uint32 _source, uint64 _nonce)\n internal\n pure\n returns (bytes32)\n {\n return keccak256(abi.encodePacked(_source, _nonce));\n }\n\n /**\n * Reserve and increment next available nonce\n * @return nonce reserved\n */\n function _reserveAndIncrementNonce() internal returns (uint64) {\n uint64 _nonceReserved = nextAvailableNonce;\n nextAvailableNonce = nextAvailableNonce + 1;\n return _nonceReserved;\n }\n}\n","language":"Solidity","languageVersion":"0.7.6","compilerVersion":"0.7.6","compilerOptions":"--combined-json bin,bin-runtime,srcmap,srcmap-runtime,abi,userdoc,devdoc,metadata,hashes --optimize --optimize-runs 10000 --allow-paths ., ./, ../","srcMap":"88341:3633:0:-:0;;;;;;;;;;;;;;;;;;;;;;;;;","srcMapRuntime":"88341:3633:0:-:0;;;;;;;;","abiDefinition":[],"userDoc":{"kind":"user","methods":{},"version":1},"developerDoc":{"details":"Elliptic Curve Digital Signature Algorithm (ECDSA) operations. These functions can be used to verify that a message was signed by the holder of the private keys of a given address.","kind":"dev","methods":{},"version":1},"metadata":"{\"compiler\":{\"version\":\"0.7.6+commit.7338295f\"},\"language\":\"Solidity\",\"output\":{\"abi\":[],\"devdoc\":{\"details\":\"Elliptic Curve Digital Signature Algorithm (ECDSA) operations. These functions can be used to verify that a message was signed by the holder of the private keys of a given address.\",\"kind\":\"dev\",\"methods\":{},\"version\":1},\"userdoc\":{\"kind\":\"user\",\"methods\":{},\"version\":1}},\"settings\":{\"compilationTarget\":{\"/solidity/MessageTransmitter.sol\":\"ECDSA\"},\"evmVersion\":\"istanbul\",\"libraries\":{},\"metadata\":{\"bytecodeHash\":\"ipfs\"},\"optimizer\":{\"enabled\":true,\"runs\":10000},\"remappings\":[]},\"sources\":{\"/solidity/MessageTransmitter.sol\":{\"keccak256\":\"0x66482a7675b7a8f1b856597c0bcce83a042b7f528008def6999bc6ac352490c3\",\"urls\":[\"bzz-raw://1ac50e39d1d55ebb3768c40e3a059e0061a4b3604e6d696b344536449bf54493\",\"dweb:/ipfs/QmVs58APPUCVq74xCsVLCMdfB18yJTqFzgXNL5qEJu7GY6\"]}},\"version\":1}"},"hashes":{}},"/solidity/MessageTransmitter.sol:EnumerableSet":{"code":"0x60566023600b82828239805160001a607314601657fe5b30600052607381538281f3fe73000000000000000000000000000000000000000030146080604052600080fdfea264697066735822122083242fa2568cfd593e8dd04016b3ebeb588aa88031a6347dada2680fdcc4a96264736f6c63430007060033","runtime-code":"0x73000000000000000000000000000000000000000030146080604052600080fdfea264697066735822122083242fa2568cfd593e8dd04016b3ebeb588aa88031a6347dada2680fdcc4a96264736f6c63430007060033","info":{"source":"/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npragma solidity 0.7.6;\n\n/*\nThe MIT License (MIT)\n\nCopyright (c) 2016 Smart Contract Solutions, Inc.\n\nPermission is hereby granted, free of charge, to any person obtaining\na copy of this software and associated documentation files (the\n\"Software\"), to deal in the Software without restriction, including\nwithout limitation the rights to use, copy, modify, merge, publish,\ndistribute, sublicense, and/or sell copies of the Software, and to\npermit persons to whom the Software is furnished to do so, subject to\nthe following conditions:\n\nThe above copyright notice and this permission notice shall be included\nin all copies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS\nOR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF\nMERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.\nIN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY\nCLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,\nTORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE\nSOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n*/\n\nlibrary TypedMemView {\n using SafeMath for uint256;\n\n // Why does this exist?\n // the solidity `bytes memory` type has a few weaknesses.\n // 1. You can't index ranges effectively\n // 2. You can't slice without copying\n // 3. The underlying data may represent any type\n // 4. Solidity never deallocates memory, and memory costs grow\n // superlinearly\n\n // By using a memory view instead of a `bytes memory` we get the following\n // advantages:\n // 1. Slices are done on the stack, by manipulating the pointer\n // 2. We can index arbitrary ranges and quickly convert them to stack types\n // 3. We can insert type info into the pointer, and typecheck at runtime\n\n // This makes `TypedMemView` a useful tool for efficient zero-copy\n // algorithms.\n\n // Why bytes29?\n // We want to avoid confusion between views, digests, and other common\n // types so we chose a large and uncommonly used odd number of bytes\n //\n // Note that while bytes are left-aligned in a word, integers and addresses\n // are right-aligned. This means when working in assembly we have to\n // account for the 3 unused bytes on the righthand side\n //\n // First 5 bytes are a type flag.\n // - ff_ffff_fffe is reserved for unknown type.\n // - ff_ffff_ffff is reserved for invalid types/errors.\n // next 12 are memory address\n // next 12 are len\n // bottom 3 bytes are empty\n\n // Assumptions:\n // - non-modification of memory.\n // - No Solidity updates\n // - - wrt free mem point\n // - - wrt bytes representation in memory\n // - - wrt memory addressing in general\n\n // Usage:\n // - create type constants\n // - use `assertType` for runtime type assertions\n // - - unfortunately we can't do this at compile time yet :(\n // - recommended: implement modifiers that perform type checking\n // - - e.g.\n // - - `uint40 constant MY_TYPE = 3;`\n // - - ` modifer onlyMyType(bytes29 myView) { myView.assertType(MY_TYPE); }`\n // - instantiate a typed view from a bytearray using `ref`\n // - use `index` to inspect the contents of the view\n // - use `slice` to create smaller views into the same memory\n // - - `slice` can increase the offset\n // - - `slice can decrease the length`\n // - - must specify the output type of `slice`\n // - - `slice` will return a null view if you try to overrun\n // - - make sure to explicitly check for this with `notNull` or `assertType`\n // - use `equal` for typed comparisons.\n\n // The null view\n bytes29 public constant NULL = hex\"ffffffffffffffffffffffffffffffffffffffffffffffffffffffffff\";\n uint256 constant LOW_12_MASK = 0xffffffffffffffffffffffff;\n uint8 constant TWELVE_BYTES = 96;\n\n /**\n * @notice Returns the encoded hex character that represents the lower 4 bits of the argument.\n * @param _b The byte\n * @return char - The encoded hex character\n */\n function nibbleHex(uint8 _b) internal pure returns (uint8 char) {\n // This can probably be done more efficiently, but it's only in error\n // paths, so we don't really care :)\n uint8 _nibble = _b | 0xf0; // set top 4, keep bottom 4\n if (_nibble == 0xf0) {return 0x30;} // 0\n if (_nibble == 0xf1) {return 0x31;} // 1\n if (_nibble == 0xf2) {return 0x32;} // 2\n if (_nibble == 0xf3) {return 0x33;} // 3\n if (_nibble == 0xf4) {return 0x34;} // 4\n if (_nibble == 0xf5) {return 0x35;} // 5\n if (_nibble == 0xf6) {return 0x36;} // 6\n if (_nibble == 0xf7) {return 0x37;} // 7\n if (_nibble == 0xf8) {return 0x38;} // 8\n if (_nibble == 0xf9) {return 0x39;} // 9\n if (_nibble == 0xfa) {return 0x61;} // a\n if (_nibble == 0xfb) {return 0x62;} // b\n if (_nibble == 0xfc) {return 0x63;} // c\n if (_nibble == 0xfd) {return 0x64;} // d\n if (_nibble == 0xfe) {return 0x65;} // e\n if (_nibble == 0xff) {return 0x66;} // f\n }\n\n /**\n * @notice Returns a uint16 containing the hex-encoded byte.\n * @param _b The byte\n * @return encoded - The hex-encoded byte\n */\n function byteHex(uint8 _b) internal pure returns (uint16 encoded) {\n encoded |= nibbleHex(_b \u003e\u003e 4); // top 4 bits\n encoded \u003c\u003c= 8;\n encoded |= nibbleHex(_b); // lower 4 bits\n }\n\n /**\n * @notice Encodes the uint256 to hex. `first` contains the encoded top 16 bytes.\n * `second` contains the encoded lower 16 bytes.\n *\n * @param _b The 32 bytes as uint256\n * @return first - The top 16 bytes\n * @return second - The bottom 16 bytes\n */\n function encodeHex(uint256 _b) internal pure returns (uint256 first, uint256 second) {\n for (uint8 i = 31; i \u003e 15; i -= 1) {\n uint8 _byte = uint8(_b \u003e\u003e (i * 8));\n first |= byteHex(_byte);\n if (i != 16) {\n first \u003c\u003c= 16;\n }\n }\n\n // abusing underflow here =_=\n for (uint8 i = 15; i \u003c 255 ; i -= 1) {\n uint8 _byte = uint8(_b \u003e\u003e (i * 8));\n second |= byteHex(_byte);\n if (i != 0) {\n second \u003c\u003c= 16;\n }\n }\n }\n\n /**\n * @notice Changes the endianness of a uint256.\n * @dev https://graphics.stanford.edu/~seander/bithacks.html#ReverseParallel\n * @param _b The unsigned integer to reverse\n * @return v - The reversed value\n */\n function reverseUint256(uint256 _b) internal pure returns (uint256 v) {\n v = _b;\n\n // swap bytes\n v = ((v \u003e\u003e 8) \u0026 0x00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF) |\n ((v \u0026 0x00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF) \u003c\u003c 8);\n // swap 2-byte long pairs\n v = ((v \u003e\u003e 16) \u0026 0x0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF) |\n ((v \u0026 0x0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF) \u003c\u003c 16);\n // swap 4-byte long pairs\n v = ((v \u003e\u003e 32) \u0026 0x00000000FFFFFFFF00000000FFFFFFFF00000000FFFFFFFF00000000FFFFFFFF) |\n ((v \u0026 0x00000000FFFFFFFF00000000FFFFFFFF00000000FFFFFFFF00000000FFFFFFFF) \u003c\u003c 32);\n // swap 8-byte long pairs\n v = ((v \u003e\u003e 64) \u0026 0x0000000000000000FFFFFFFFFFFFFFFF0000000000000000FFFFFFFFFFFFFFFF) |\n ((v \u0026 0x0000000000000000FFFFFFFFFFFFFFFF0000000000000000FFFFFFFFFFFFFFFF) \u003c\u003c 64);\n // swap 16-byte long pairs\n v = (v \u003e\u003e 128) | (v \u003c\u003c 128);\n }\n\n /**\n * @notice Create a mask with the highest `_len` bits set.\n * @param _len The length\n * @return mask - The mask\n */\n function leftMask(uint8 _len) private pure returns (uint256 mask) {\n // ugly. redo without assembly?\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n mask := sar(\n sub(_len, 1),\n 0x8000000000000000000000000000000000000000000000000000000000000000\n )\n }\n }\n\n /**\n * @notice Return the null view.\n * @return bytes29 - The null view\n */\n function nullView() internal pure returns (bytes29) {\n return NULL;\n }\n\n /**\n * @notice Check if the view is null.\n * @return bool - True if the view is null\n */\n function isNull(bytes29 memView) internal pure returns (bool) {\n return memView == NULL;\n }\n\n /**\n * @notice Check if the view is not null.\n * @return bool - True if the view is not null\n */\n function notNull(bytes29 memView) internal pure returns (bool) {\n return !isNull(memView);\n }\n\n /**\n * @notice Check if the view is of a valid type and points to a valid location\n * in memory.\n * @dev We perform this check by examining solidity's unallocated memory\n * pointer and ensuring that the view's upper bound is less than that.\n * @param memView The view\n * @return ret - True if the view is valid\n */\n function isValid(bytes29 memView) internal pure returns (bool ret) {\n if (typeOf(memView) == 0xffffffffff) {return false;}\n uint256 _end = end(memView);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n ret := not(gt(_end, mload(0x40)))\n }\n }\n\n /**\n * @notice Require that a typed memory view be valid.\n * @dev Returns the view for easy chaining.\n * @param memView The view\n * @return bytes29 - The validated view\n */\n function assertValid(bytes29 memView) internal pure returns (bytes29) {\n require(isValid(memView), \"Validity assertion failed\");\n return memView;\n }\n\n /**\n * @notice Return true if the memview is of the expected type. Otherwise false.\n * @param memView The view\n * @param _expected The expected type\n * @return bool - True if the memview is of the expected type\n */\n function isType(bytes29 memView, uint40 _expected) internal pure returns (bool) {\n return typeOf(memView) == _expected;\n }\n\n /**\n * @notice Require that a typed memory view has a specific type.\n * @dev Returns the view for easy chaining.\n * @param memView The view\n * @param _expected The expected type\n * @return bytes29 - The view with validated type\n */\n function assertType(bytes29 memView, uint40 _expected) internal pure returns (bytes29) {\n if (!isType(memView, _expected)) {\n (, uint256 g) = encodeHex(uint256(typeOf(memView)));\n (, uint256 e) = encodeHex(uint256(_expected));\n string memory err = string(\n abi.encodePacked(\n \"Type assertion failed. Got 0x\",\n uint80(g),\n \". Expected 0x\",\n uint80(e)\n )\n );\n revert(err);\n }\n return memView;\n }\n\n /**\n * @notice Return an identical view with a different type.\n * @param memView The view\n * @param _newType The new type\n * @return newView - The new view with the specified type\n */\n function castTo(bytes29 memView, uint40 _newType) internal pure returns (bytes29 newView) {\n // then | in the new type\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n // shift off the top 5 bytes\n newView := or(newView, shr(40, shl(40, memView)))\n newView := or(newView, shl(216, _newType))\n }\n }\n\n /**\n * @notice Unsafe raw pointer construction. This should generally not be called\n * directly. Prefer `ref` wherever possible.\n * @dev Unsafe raw pointer construction. This should generally not be called\n * directly. Prefer `ref` wherever possible.\n * @param _type The type\n * @param _loc The memory address\n * @param _len The length\n * @return newView - The new view with the specified type, location and length\n */\n function unsafeBuildUnchecked(uint256 _type, uint256 _loc, uint256 _len) private pure returns (bytes29 newView) {\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n newView := shl(96, or(newView, _type)) // insert type\n newView := shl(96, or(newView, _loc)) // insert loc\n newView := shl(24, or(newView, _len)) // empty bottom 3 bytes\n }\n }\n\n /**\n * @notice Instantiate a new memory view. This should generally not be called\n * directly. Prefer `ref` wherever possible.\n * @dev Instantiate a new memory view. This should generally not be called\n * directly. Prefer `ref` wherever possible.\n * @param _type The type\n * @param _loc The memory address\n * @param _len The length\n * @return newView - The new view with the specified type, location and length\n */\n function build(uint256 _type, uint256 _loc, uint256 _len) internal pure returns (bytes29 newView) {\n uint256 _end = _loc.add(_len);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n if gt(_end, mload(0x40)) {\n _end := 0\n }\n }\n if (_end == 0) {\n return NULL;\n }\n newView = unsafeBuildUnchecked(_type, _loc, _len);\n }\n\n /**\n * @notice Instantiate a memory view from a byte array.\n * @dev Note that due to Solidity memory representation, it is not possible to\n * implement a deref, as the `bytes` type stores its len in memory.\n * @param arr The byte array\n * @param newType The type\n * @return bytes29 - The memory view\n */\n function ref(bytes memory arr, uint40 newType) internal pure returns (bytes29) {\n uint256 _len = arr.length;\n\n uint256 _loc;\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n _loc := add(arr, 0x20) // our view is of the data, not the struct\n }\n\n return build(newType, _loc, _len);\n }\n\n /**\n * @notice Return the associated type information.\n * @param memView The memory view\n * @return _type - The type associated with the view\n */\n function typeOf(bytes29 memView) internal pure returns (uint40 _type) {\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n // 216 == 256 - 40\n _type := shr(216, memView) // shift out lower 24 bytes\n }\n }\n\n /**\n * @notice Optimized type comparison. Checks that the 5-byte type flag is equal.\n * @param left The first view\n * @param right The second view\n * @return bool - True if the 5-byte type flag is equal\n */\n function sameType(bytes29 left, bytes29 right) internal pure returns (bool) {\n return (left ^ right) \u003e\u003e (2 * TWELVE_BYTES) == 0;\n }\n\n /**\n * @notice Return the memory address of the underlying bytes.\n * @param memView The view\n * @return _loc - The memory address\n */\n function loc(bytes29 memView) internal pure returns (uint96 _loc) {\n uint256 _mask = LOW_12_MASK; // assembly can't use globals\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n // 120 bits = 12 bytes (the encoded loc) + 3 bytes (empty low space)\n _loc := and(shr(120, memView), _mask)\n }\n }\n\n /**\n * @notice The number of memory words this memory view occupies, rounded up.\n * @param memView The view\n * @return uint256 - The number of memory words\n */\n function words(bytes29 memView) internal pure returns (uint256) {\n return uint256(len(memView)).add(32) / 32;\n }\n\n /**\n * @notice The in-memory footprint of a fresh copy of the view.\n * @param memView The view\n * @return uint256 - The in-memory footprint of a fresh copy of the view.\n */\n function footprint(bytes29 memView) internal pure returns (uint256) {\n return words(memView) * 32;\n }\n\n /**\n * @notice The number of bytes of the view.\n * @param memView The view\n * @return _len - The length of the view\n */\n function len(bytes29 memView) internal pure returns (uint96 _len) {\n uint256 _mask = LOW_12_MASK; // assembly can't use globals\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n _len := and(shr(24, memView), _mask)\n }\n }\n\n /**\n * @notice Returns the endpoint of `memView`.\n * @param memView The view\n * @return uint256 - The endpoint of `memView`\n */\n function end(bytes29 memView) internal pure returns (uint256) {\n return loc(memView) + len(memView);\n }\n\n /**\n * @notice Safe slicing without memory modification.\n * @param memView The view\n * @param _index The start index\n * @param _len The length\n * @param newType The new type\n * @return bytes29 - The new view\n */\n function slice(bytes29 memView, uint256 _index, uint256 _len, uint40 newType) internal pure returns (bytes29) {\n uint256 _loc = loc(memView);\n\n // Ensure it doesn't overrun the view\n if (_loc.add(_index).add(_len) \u003e end(memView)) {\n return NULL;\n }\n\n _loc = _loc.add(_index);\n return build(newType, _loc, _len);\n }\n\n /**\n * @notice Shortcut to `slice`. Gets a view representing the first `_len` bytes.\n * @param memView The view\n * @param _len The length\n * @param newType The new type\n * @return bytes29 - The new view\n */\n function prefix(bytes29 memView, uint256 _len, uint40 newType) internal pure returns (bytes29) {\n return slice(memView, 0, _len, newType);\n }\n\n /**\n * @notice Shortcut to `slice`. Gets a view representing the last `_len` byte.\n * @param memView The view\n * @param _len The length\n * @param newType The new type\n * @return bytes29 - The new view\n */\n function postfix(bytes29 memView, uint256 _len, uint40 newType) internal pure returns (bytes29) {\n return slice(memView, uint256(len(memView)).sub(_len), _len, newType);\n }\n\n /**\n * @notice Construct an error message for an indexing overrun.\n * @param _loc The memory address\n * @param _len The length\n * @param _index The index\n * @param _slice The slice where the overrun occurred\n * @return err - The err\n */\n function indexErrOverrun(\n uint256 _loc,\n uint256 _len,\n uint256 _index,\n uint256 _slice\n ) internal pure returns (string memory err) {\n (, uint256 a) = encodeHex(_loc);\n (, uint256 b) = encodeHex(_len);\n (, uint256 c) = encodeHex(_index);\n (, uint256 d) = encodeHex(_slice);\n err = string(\n abi.encodePacked(\n \"TypedMemView/index - Overran the view. Slice is at 0x\",\n uint48(a),\n \" with length 0x\",\n uint48(b),\n \". Attempted to index at offset 0x\",\n uint48(c),\n \" with length 0x\",\n uint48(d),\n \".\"\n )\n );\n }\n\n /**\n * @notice Load up to 32 bytes from the view onto the stack.\n * @dev Returns a bytes32 with only the `_bytes` highest bytes set.\n * This can be immediately cast to a smaller fixed-length byte array.\n * To automatically cast to an integer, use `indexUint`.\n * @param memView The view\n * @param _index The index\n * @param _bytes The bytes\n * @return result - The 32 byte result\n */\n function index(bytes29 memView, uint256 _index, uint8 _bytes) internal pure returns (bytes32 result) {\n if (_bytes == 0) {return bytes32(0);}\n if (_index.add(_bytes) \u003e len(memView)) {\n revert(indexErrOverrun(loc(memView), len(memView), _index, uint256(_bytes)));\n }\n require(_bytes \u003c= 32, \"TypedMemView/index - Attempted to index more than 32 bytes\");\n\n uint8 bitLength = _bytes * 8;\n uint256 _loc = loc(memView);\n uint256 _mask = leftMask(bitLength);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n result := and(mload(add(_loc, _index)), _mask)\n }\n }\n\n /**\n * @notice Parse an unsigned integer from the view at `_index`.\n * @dev Requires that the view have \u003e= `_bytes` bytes following that index.\n * @param memView The view\n * @param _index The index\n * @param _bytes The bytes\n * @return result - The unsigned integer\n */\n function indexUint(bytes29 memView, uint256 _index, uint8 _bytes) internal pure returns (uint256 result) {\n return uint256(index(memView, _index, _bytes)) \u003e\u003e ((32 - _bytes) * 8);\n }\n\n /**\n * @notice Parse an unsigned integer from LE bytes.\n * @param memView The view\n * @param _index The index\n * @param _bytes The bytes\n * @return result - The unsigned integer\n */\n function indexLEUint(bytes29 memView, uint256 _index, uint8 _bytes) internal pure returns (uint256 result) {\n return reverseUint256(uint256(index(memView, _index, _bytes)));\n }\n\n /**\n * @notice Parse an address from the view at `_index`. Requires that the view have \u003e= 20 bytes\n * following that index.\n * @param memView The view\n * @param _index The index\n * @return address - The address\n */\n function indexAddress(bytes29 memView, uint256 _index) internal pure returns (address) {\n return address(uint160(indexUint(memView, _index, 20)));\n }\n\n /**\n * @notice Return the keccak256 hash of the underlying memory\n * @param memView The view\n * @return digest - The keccak256 hash of the underlying memory\n */\n function keccak(bytes29 memView) internal pure returns (bytes32 digest) {\n uint256 _loc = loc(memView);\n uint256 _len = len(memView);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n digest := keccak256(_loc, _len)\n }\n }\n\n /**\n * @notice Return the sha2 digest of the underlying memory.\n * @dev We explicitly deallocate memory afterwards.\n * @param memView The view\n * @return digest - The sha2 hash of the underlying memory\n */\n function sha2(bytes29 memView) internal view returns (bytes32 digest) {\n uint256 _loc = loc(memView);\n uint256 _len = len(memView);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n let ptr := mload(0x40)\n pop(staticcall(gas(), 2, _loc, _len, ptr, 0x20)) // sha2 #1\n digest := mload(ptr)\n }\n }\n\n /**\n * @notice Implements bitcoin's hash160 (rmd160(sha2()))\n * @param memView The pre-image\n * @return digest - the Digest\n */\n function hash160(bytes29 memView) internal view returns (bytes20 digest) {\n uint256 _loc = loc(memView);\n uint256 _len = len(memView);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n let ptr := mload(0x40)\n pop(staticcall(gas(), 2, _loc, _len, ptr, 0x20)) // sha2\n pop(staticcall(gas(), 3, ptr, 0x20, ptr, 0x20)) // rmd160\n digest := mload(add(ptr, 0xc)) // return value is 0-prefixed.\n }\n }\n\n /**\n * @notice Implements bitcoin's hash256 (double sha2)\n * @param memView A view of the preimage\n * @return digest - the Digest\n */\n function hash256(bytes29 memView) internal view returns (bytes32 digest) {\n uint256 _loc = loc(memView);\n uint256 _len = len(memView);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n let ptr := mload(0x40)\n pop(staticcall(gas(), 2, _loc, _len, ptr, 0x20)) // sha2 #1\n pop(staticcall(gas(), 2, ptr, 0x20, ptr, 0x20)) // sha2 #2\n digest := mload(ptr)\n }\n }\n\n /**\n * @notice Return true if the underlying memory is equal. Else false.\n * @param left The first view\n * @param right The second view\n * @return bool - True if the underlying memory is equal\n */\n function untypedEqual(bytes29 left, bytes29 right) internal pure returns (bool) {\n return (loc(left) == loc(right) \u0026\u0026 len(left) == len(right)) || keccak(left) == keccak(right);\n }\n\n /**\n * @notice Return false if the underlying memory is equal. Else true.\n * @param left The first view\n * @param right The second view\n * @return bool - False if the underlying memory is equal\n */\n function untypedNotEqual(bytes29 left, bytes29 right) internal pure returns (bool) {\n return !untypedEqual(left, right);\n }\n\n /**\n * @notice Compares type equality.\n * @dev Shortcuts if the pointers are identical, otherwise compares type and digest.\n * @param left The first view\n * @param right The second view\n * @return bool - True if the types are the same\n */\n function equal(bytes29 left, bytes29 right) internal pure returns (bool) {\n return left == right || (typeOf(left) == typeOf(right) \u0026\u0026 keccak(left) == keccak(right));\n }\n\n /**\n * @notice Compares type inequality.\n * @dev Shortcuts if the pointers are identical, otherwise compares type and digest.\n * @param left The first view\n * @param right The second view\n * @return bool - True if the types are not the same\n */\n function notEqual(bytes29 left, bytes29 right) internal pure returns (bool) {\n return !equal(left, right);\n }\n\n /**\n * @notice Copy the view to a location, return an unsafe memory reference\n * @dev Super Dangerous direct memory access.\n *\n * This reference can be overwritten if anything else modifies memory (!!!).\n * As such it MUST be consumed IMMEDIATELY.\n * This function is private to prevent unsafe usage by callers.\n * @param memView The view\n * @param _newLoc The new location\n * @return written - the unsafe memory reference\n */\n function unsafeCopyTo(bytes29 memView, uint256 _newLoc) private view returns (bytes29 written) {\n require(notNull(memView), \"TypedMemView/copyTo - Null pointer deref\");\n require(isValid(memView), \"TypedMemView/copyTo - Invalid pointer deref\");\n uint256 _len = len(memView);\n uint256 _oldLoc = loc(memView);\n\n uint256 ptr;\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n ptr := mload(0x40)\n // revert if we're writing in occupied memory\n if gt(ptr, _newLoc) {\n revert(0x60, 0x20) // empty revert message\n }\n\n // use the identity precompile to copy\n // guaranteed not to fail, so pop the success\n pop(staticcall(gas(), 4, _oldLoc, _len, _newLoc, _len))\n }\n\n written = unsafeBuildUnchecked(typeOf(memView), _newLoc, _len);\n }\n\n /**\n * @notice Copies the referenced memory to a new loc in memory, returning a `bytes` pointing to\n * the new memory\n * @dev Shortcuts if the pointers are identical, otherwise compares type and digest.\n * @param memView The view\n * @return ret - The view pointing to the new memory\n */\n function clone(bytes29 memView) internal view returns (bytes memory ret) {\n uint256 ptr;\n uint256 _len = len(memView);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n ptr := mload(0x40) // load unused memory pointer\n ret := ptr\n }\n unsafeCopyTo(memView, ptr + 0x20);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n mstore(0x40, add(add(ptr, _len), 0x20)) // write new unused pointer\n mstore(ptr, _len) // write len of new array (in bytes)\n }\n }\n\n /**\n * @notice Join the views in memory, return an unsafe reference to the memory.\n * @dev Super Dangerous direct memory access.\n *\n * This reference can be overwritten if anything else modifies memory (!!!).\n * As such it MUST be consumed IMMEDIATELY.\n * This function is private to prevent unsafe usage by callers.\n * @param memViews The views\n * @return unsafeView - The conjoined view pointing to the new memory\n */\n function unsafeJoin(bytes29[] memory memViews, uint256 _location) private view returns (bytes29 unsafeView) {\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n let ptr := mload(0x40)\n // revert if we're writing in occupied memory\n if gt(ptr, _location) {\n revert(0x60, 0x20) // empty revert message\n }\n }\n\n uint256 _offset = 0;\n for (uint256 i = 0; i \u003c memViews.length; i ++) {\n bytes29 memView = memViews[i];\n unsafeCopyTo(memView, _location + _offset);\n _offset += len(memView);\n }\n unsafeView = unsafeBuildUnchecked(0, _location, _offset);\n }\n\n /**\n * @notice Produce the keccak256 digest of the concatenated contents of multiple views.\n * @param memViews The views\n * @return bytes32 - The keccak256 digest\n */\n function joinKeccak(bytes29[] memory memViews) internal view returns (bytes32) {\n uint256 ptr;\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n ptr := mload(0x40) // load unused memory pointer\n }\n return keccak(unsafeJoin(memViews, ptr));\n }\n\n /**\n * @notice Produce the sha256 digest of the concatenated contents of multiple views.\n * @param memViews The views\n * @return bytes32 - The sha256 digest\n */\n function joinSha2(bytes29[] memory memViews) internal view returns (bytes32) {\n uint256 ptr;\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n ptr := mload(0x40) // load unused memory pointer\n }\n return sha2(unsafeJoin(memViews, ptr));\n }\n\n /**\n * @notice copies all views, joins them into a new bytearray.\n * @param memViews The views\n * @return ret - The new byte array\n */\n function join(bytes29[] memory memViews) internal view returns (bytes memory ret) {\n uint256 ptr;\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n ptr := mload(0x40) // load unused memory pointer\n }\n\n bytes29 _newView = unsafeJoin(memViews, ptr + 0x20);\n uint256 _written = len(_newView);\n uint256 _footprint = footprint(_newView);\n\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n // store the legnth\n mstore(ptr, _written)\n // new pointer is old + 0x20 + the footprint of the body\n mstore(0x40, add(add(ptr, _footprint), 0x20))\n ret := ptr\n }\n }\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * @title IRelayer\n * @notice Sends messages from source domain to destination domain\n */\ninterface IRelayer {\n /**\n * @notice Sends an outgoing message from the source domain.\n * @dev Increment nonce, format the message, and emit `MessageSent` event with message information.\n * @param destinationDomain Domain of destination chain\n * @param recipient Address of message recipient on destination domain as bytes32\n * @param messageBody Raw bytes content of message\n * @return nonce reserved by message\n */\n function sendMessage(\n uint32 destinationDomain,\n bytes32 recipient,\n bytes calldata messageBody\n ) external returns (uint64);\n\n /**\n * @notice Sends an outgoing message from the source domain, with a specified caller on the\n * destination domain.\n * @dev Increment nonce, format the message, and emit `MessageSent` event with message information.\n * WARNING: if the `destinationCaller` does not represent a valid address as bytes32, then it will not be possible\n * to broadcast the message on the destination domain. This is an advanced feature, and the standard\n * sendMessage() should be preferred for use cases where a specific destination caller is not required.\n * @param destinationDomain Domain of destination chain\n * @param recipient Address of message recipient on destination domain as bytes32\n * @param destinationCaller caller on the destination domain, as bytes32\n * @param messageBody Raw bytes content of message\n * @return nonce reserved by message\n */\n function sendMessageWithCaller(\n uint32 destinationDomain,\n bytes32 recipient,\n bytes32 destinationCaller,\n bytes calldata messageBody\n ) external returns (uint64);\n\n /**\n * @notice Replace a message with a new message body and/or destination caller.\n * @dev The `originalAttestation` must be a valid attestation of `originalMessage`.\n * @param originalMessage original message to replace\n * @param originalAttestation attestation of `originalMessage`\n * @param newMessageBody new message body of replaced message\n * @param newDestinationCaller the new destination caller\n */\n function replaceMessage(\n bytes calldata originalMessage,\n bytes calldata originalAttestation,\n bytes calldata newMessageBody,\n bytes32 newDestinationCaller\n ) external;\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * @title IReceiver\n * @notice Receives messages on destination chain and forwards them to IMessageDestinationHandler\n */\ninterface IReceiver {\n /**\n * @notice Receives an incoming message, validating the header and passing\n * the body to application-specific handler.\n * @param message The message raw bytes\n * @param signature The message signature\n * @return success bool, true if successful\n */\n function receiveMessage(bytes calldata message, bytes calldata signature)\n external\n returns (bool success);\n}\n\n/**\n * @title IMessageTransmitter\n * @notice Interface for message transmitters, which both relay and receive messages.\n */\ninterface IMessageTransmitter is IRelayer, IReceiver {\n\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * @title IMessageHandler\n * @notice Handles messages on destination domain forwarded from\n * an IReceiver\n */\ninterface IMessageHandler {\n /**\n * @notice handles an incoming message from a Receiver\n * @param sourceDomain the source domain of the message\n * @param sender the sender of the message\n * @param messageBody The message raw bytes\n * @return success bool, true if successful\n */\n function handleReceiveMessage(\n uint32 sourceDomain,\n bytes32 sender,\n bytes calldata messageBody\n ) external returns (bool);\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * @title Message Library\n * @notice Library for formatted messages used by Relayer and Receiver.\n *\n * @dev The message body is dynamically-sized to support custom message body\n * formats. Other fields must be fixed-size to avoid hash collisions.\n * Each other input value has an explicit type to guarantee fixed-size.\n * Padding: uintNN fields are left-padded, and bytesNN fields are right-padded.\n *\n * Field Bytes Type Index\n * version 4 uint32 0\n * sourceDomain 4 uint32 4\n * destinationDomain 4 uint32 8\n * nonce 8 uint64 12\n * sender 32 bytes32 20\n * recipient 32 bytes32 52\n * destinationCaller 32 bytes32 84\n * messageBody dynamic bytes 116\n *\n **/\nlibrary Message {\n using TypedMemView for bytes;\n using TypedMemView for bytes29;\n\n // Indices of each field in message\n uint8 private constant VERSION_INDEX = 0;\n uint8 private constant SOURCE_DOMAIN_INDEX = 4;\n uint8 private constant DESTINATION_DOMAIN_INDEX = 8;\n uint8 private constant NONCE_INDEX = 12;\n uint8 private constant SENDER_INDEX = 20;\n uint8 private constant RECIPIENT_INDEX = 52;\n uint8 private constant DESTINATION_CALLER_INDEX = 84;\n uint8 private constant MESSAGE_BODY_INDEX = 116;\n\n /**\n * @notice Returns formatted (packed) message with provided fields\n * @param _msgVersion the version of the message format\n * @param _msgSourceDomain Domain of home chain\n * @param _msgDestinationDomain Domain of destination chain\n * @param _msgNonce Destination-specific nonce\n * @param _msgSender Address of sender on source chain as bytes32\n * @param _msgRecipient Address of recipient on destination chain as bytes32\n * @param _msgDestinationCaller Address of caller on destination chain as bytes32\n * @param _msgRawBody Raw bytes of message body\n * @return Formatted message\n **/\n function _formatMessage(\n uint32 _msgVersion,\n uint32 _msgSourceDomain,\n uint32 _msgDestinationDomain,\n uint64 _msgNonce,\n bytes32 _msgSender,\n bytes32 _msgRecipient,\n bytes32 _msgDestinationCaller,\n bytes memory _msgRawBody\n ) internal pure returns (bytes memory) {\n return\n abi.encodePacked(\n _msgVersion,\n _msgSourceDomain,\n _msgDestinationDomain,\n _msgNonce,\n _msgSender,\n _msgRecipient,\n _msgDestinationCaller,\n _msgRawBody\n );\n }\n\n // @notice Returns _message's version field\n function _version(bytes29 _message) internal pure returns (uint32) {\n return uint32(_message.indexUint(VERSION_INDEX, 4));\n }\n\n // @notice Returns _message's sourceDomain field\n function _sourceDomain(bytes29 _message) internal pure returns (uint32) {\n return uint32(_message.indexUint(SOURCE_DOMAIN_INDEX, 4));\n }\n\n // @notice Returns _message's destinationDomain field\n function _destinationDomain(bytes29 _message)\n internal\n pure\n returns (uint32)\n {\n return uint32(_message.indexUint(DESTINATION_DOMAIN_INDEX, 4));\n }\n\n // @notice Returns _message's nonce field\n function _nonce(bytes29 _message) internal pure returns (uint64) {\n return uint64(_message.indexUint(NONCE_INDEX, 8));\n }\n\n // @notice Returns _message's sender field\n function _sender(bytes29 _message) internal pure returns (bytes32) {\n return _message.index(SENDER_INDEX, 32);\n }\n\n // @notice Returns _message's recipient field\n function _recipient(bytes29 _message) internal pure returns (bytes32) {\n return _message.index(RECIPIENT_INDEX, 32);\n }\n\n // @notice Returns _message's destinationCaller field\n function _destinationCaller(bytes29 _message)\n internal\n pure\n returns (bytes32)\n {\n return _message.index(DESTINATION_CALLER_INDEX, 32);\n }\n\n // @notice Returns _message's messageBody field\n function _messageBody(bytes29 _message) internal pure returns (bytes29) {\n return\n _message.slice(\n MESSAGE_BODY_INDEX,\n _message.len() - MESSAGE_BODY_INDEX,\n 0\n );\n }\n\n /**\n * @notice converts address to bytes32 (alignment preserving cast.)\n * @param addr the address to convert to bytes32\n */\n function addressToBytes32(address addr) external pure returns (bytes32) {\n return bytes32(uint256(uint160(addr)));\n }\n\n /**\n * @notice converts bytes32 to address (alignment preserving cast.)\n * @dev Warning: it is possible to have different input values _buf map to the same address.\n * For use cases where this is not acceptable, validate that the first 12 bytes of _buf are zero-padding.\n * @param _buf the bytes32 to convert to address\n */\n function bytes32ToAddress(bytes32 _buf) public pure returns (address) {\n return address(uint160(uint256(_buf)));\n }\n\n /**\n * @notice Reverts if message is malformed or incorrect length\n * @param _message The message as bytes29\n */\n function _validateMessageFormat(bytes29 _message) internal pure {\n require(_message.isValid(), \"Malformed message\");\n require(\n _message.len() \u003e= MESSAGE_BODY_INDEX,\n \"Invalid message: too short\"\n );\n }\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/*\n * @dev Provides information about the current execution context, including the\n * sender of the transaction and its data. While these are generally available\n * via msg.sender and msg.data, they should not be accessed in such a direct\n * manner, since when dealing with GSN meta-transactions the account sending and\n * paying for execution may not be the actual sender (as far as an application\n * is concerned).\n *\n * This contract is only required for intermediate, library-like contracts.\n */\nabstract contract Context {\n function _msgSender() internal view virtual returns (address payable) {\n return msg.sender;\n }\n\n function _msgData() internal view virtual returns (bytes memory) {\n this; // silence state mutability warning without generating bytecode - see https://github.com/ethereum/solidity/issues/2691\n return msg.data;\n }\n}\n\n/**\n * @dev forked from https://github.com/OpenZeppelin/openzeppelin-contracts/blob/7c5f6bc2c8743d83443fa46395d75f2f3f99054a/contracts/access/Ownable.sol\n * Modifications:\n * 1. Update Solidity version from 0.8.0 to 0.7.6 (11/9/2022). (v8 was used\n * as base because it includes internal _transferOwnership method.)\n * 2. Remove renounceOwnership function\n *\n * Description\n * Contract module which provides a basic access control mechanism, where\n * there is an account (an owner) that can be granted exclusive access to\n * specific functions.\n *\n * By default, the owner account will be the one that deploys the contract. This\n * can later be changed with {transferOwnership}.\n *\n * This module is used through inheritance. It will make available the modifier\n * `onlyOwner`, which can be applied to your functions to restrict their use to\n * the owner.\n */\nabstract contract Ownable is Context {\n address private _owner;\n\n event OwnershipTransferred(\n address indexed previousOwner,\n address indexed newOwner\n );\n\n /**\n * @dev Initializes the contract setting the deployer as the initial owner.\n */\n constructor() {\n _transferOwnership(_msgSender());\n }\n\n /**\n * @dev Throws if called by any account other than the owner.\n */\n modifier onlyOwner() {\n _checkOwner();\n _;\n }\n\n /**\n * @dev Returns the address of the current owner.\n */\n function owner() public view virtual returns (address) {\n return _owner;\n }\n\n /**\n * @dev Throws if the sender is not the owner.\n */\n function _checkOwner() internal view virtual {\n require(owner() == _msgSender(), \"Ownable: caller is not the owner\");\n }\n\n /**\n * @dev Transfers ownership of the contract to a new account (`newOwner`).\n * Can only be called by the current owner.\n */\n function transferOwnership(address newOwner) public virtual onlyOwner {\n require(\n newOwner != address(0),\n \"Ownable: new owner is the zero address\"\n );\n _transferOwnership(newOwner);\n }\n\n /**\n * @dev Transfers ownership of the contract to a new account (`newOwner`).\n * Internal function without access restriction.\n */\n function _transferOwnership(address newOwner) internal virtual {\n address oldOwner = _owner;\n _owner = newOwner;\n emit OwnershipTransferred(oldOwner, newOwner);\n }\n}\n\n/**\n * @dev forked from https://github.com/OpenZeppelin/openzeppelin-contracts/blob/7c5f6bc2c8743d83443fa46395d75f2f3f99054a/contracts/access/Ownable2Step.sol\n * Modifications:\n * 1. Update Solidity version from 0.8.0 to 0.7.6. Version 0.8.0 was used\n * as base because this contract was added to OZ repo after version 0.8.0.\n *\n * Contract module which provides access control mechanism, where\n * there is an account (an owner) that can be granted exclusive access to\n * specific functions.\n *\n * By default, the owner account will be the one that deploys the contract. This\n * can later be changed with {transferOwnership} and {acceptOwnership}.\n *\n * This module is used through inheritance. It will make available all functions\n * from parent (Ownable).\n */\nabstract contract Ownable2Step is Ownable {\n address private _pendingOwner;\n\n event OwnershipTransferStarted(\n address indexed previousOwner,\n address indexed newOwner\n );\n\n /**\n * @dev Returns the address of the pending owner.\n */\n function pendingOwner() public view virtual returns (address) {\n return _pendingOwner;\n }\n\n /**\n * @dev Starts the ownership transfer of the contract to a new account. Replaces the pending transfer if there is one.\n * Can only be called by the current owner.\n */\n function transferOwnership(address newOwner)\n public\n virtual\n override\n onlyOwner\n {\n _pendingOwner = newOwner;\n emit OwnershipTransferStarted(owner(), newOwner);\n }\n\n /**\n * @dev Transfers ownership of the contract to a new account (`newOwner`) and deletes any pending owner.\n * Internal function without access restriction.\n */\n function _transferOwnership(address newOwner) internal virtual override {\n delete _pendingOwner;\n super._transferOwnership(newOwner);\n }\n\n /**\n * @dev The new owner accepts the ownership transfer.\n */\n function acceptOwnership() external {\n address sender = _msgSender();\n require(\n pendingOwner() == sender,\n \"Ownable2Step: caller is not the new owner\"\n );\n _transferOwnership(sender);\n }\n}\n\n/**\n * @notice Base contract which allows children to implement an emergency stop\n * mechanism\n * @dev Forked from https://github.com/centrehq/centre-tokens/blob/0d3cab14ebd133a83fc834dbd48d0468bdf0b391/contracts/v1/Pausable.sol\n * Modifications:\n * 1. Update Solidity version from 0.6.12 to 0.7.6 (8/23/2022)\n * 2. Change pauser visibility to private, declare external getter (11/19/22)\n */\ncontract Pausable is Ownable2Step {\n event Pause();\n event Unpause();\n event PauserChanged(address indexed newAddress);\n\n address private _pauser;\n bool public paused = false;\n\n /**\n * @dev Modifier to make a function callable only when the contract is not paused.\n */\n modifier whenNotPaused() {\n require(!paused, \"Pausable: paused\");\n _;\n }\n\n /**\n * @dev throws if called by any account other than the pauser\n */\n modifier onlyPauser() {\n require(msg.sender == _pauser, \"Pausable: caller is not the pauser\");\n _;\n }\n\n /**\n * @notice Returns current pauser\n * @return Pauser's address\n */\n function pauser() external view returns (address) {\n return _pauser;\n }\n\n /**\n * @dev called by the owner to pause, triggers stopped state\n */\n function pause() external onlyPauser {\n paused = true;\n emit Pause();\n }\n\n /**\n * @dev called by the owner to unpause, returns to normal state\n */\n function unpause() external onlyPauser {\n paused = false;\n emit Unpause();\n }\n\n /**\n * @dev update the pauser role\n */\n function updatePauser(address _newPauser) external onlyOwner {\n require(\n _newPauser != address(0),\n \"Pausable: new pauser is the zero address\"\n );\n _pauser = _newPauser;\n emit PauserChanged(_pauser);\n }\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * @dev Interface of the ERC20 standard as defined in the EIP.\n */\ninterface IERC20 {\n /**\n * @dev Returns the amount of tokens in existence.\n */\n function totalSupply() external view returns (uint256);\n\n /**\n * @dev Returns the amount of tokens owned by `account`.\n */\n function balanceOf(address account) external view returns (uint256);\n\n /**\n * @dev Moves `amount` tokens from the caller's account to `recipient`.\n *\n * Returns a boolean value indicating whether the operation succeeded.\n *\n * Emits a {Transfer} event.\n */\n function transfer(address recipient, uint256 amount) external returns (bool);\n\n /**\n * @dev Returns the remaining number of tokens that `spender` will be\n * allowed to spend on behalf of `owner` through {transferFrom}. This is\n * zero by default.\n *\n * This value changes when {approve} or {transferFrom} are called.\n */\n function allowance(address owner, address spender) external view returns (uint256);\n\n /**\n * @dev Sets `amount` as the allowance of `spender` over the caller's tokens.\n *\n * Returns a boolean value indicating whether the operation succeeded.\n *\n * IMPORTANT: Beware that changing an allowance with this method brings the risk\n * that someone may use both the old and the new allowance by unfortunate\n * transaction ordering. One possible solution to mitigate this race\n * condition is to first reduce the spender's allowance to 0 and set the\n * desired value afterwards:\n * https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729\n *\n * Emits an {Approval} event.\n */\n function approve(address spender, uint256 amount) external returns (bool);\n\n /**\n * @dev Moves `amount` tokens from `sender` to `recipient` using the\n * allowance mechanism. `amount` is then deducted from the caller's\n * allowance.\n *\n * Returns a boolean value indicating whether the operation succeeded.\n *\n * Emits a {Transfer} event.\n */\n function transferFrom(address sender, address recipient, uint256 amount) external returns (bool);\n\n /**\n * @dev Emitted when `value` tokens are moved from one account (`from`) to\n * another (`to`).\n *\n * Note that `value` may be zero.\n */\n event Transfer(address indexed from, address indexed to, uint256 value);\n\n /**\n * @dev Emitted when the allowance of a `spender` for an `owner` is set by\n * a call to {approve}. `value` is the new allowance.\n */\n event Approval(address indexed owner, address indexed spender, uint256 value);\n}\n\n/**\n * @dev Wrappers over Solidity's arithmetic operations with added overflow\n * checks.\n *\n * Arithmetic operations in Solidity wrap on overflow. This can easily result\n * in bugs, because programmers usually assume that an overflow raises an\n * error, which is the standard behavior in high level programming languages.\n * `SafeMath` restores this intuition by reverting the transaction when an\n * operation overflows.\n *\n * Using this library instead of the unchecked operations eliminates an entire\n * class of bugs, so it's recommended to use it always.\n */\nlibrary SafeMath {\n /**\n * @dev Returns the addition of two unsigned integers, with an overflow flag.\n *\n * _Available since v3.4._\n */\n function tryAdd(uint256 a, uint256 b) internal pure returns (bool, uint256) {\n uint256 c = a + b;\n if (c \u003c a) return (false, 0);\n return (true, c);\n }\n\n /**\n * @dev Returns the substraction of two unsigned integers, with an overflow flag.\n *\n * _Available since v3.4._\n */\n function trySub(uint256 a, uint256 b) internal pure returns (bool, uint256) {\n if (b \u003e a) return (false, 0);\n return (true, a - b);\n }\n\n /**\n * @dev Returns the multiplication of two unsigned integers, with an overflow flag.\n *\n * _Available since v3.4._\n */\n function tryMul(uint256 a, uint256 b) internal pure returns (bool, uint256) {\n // Gas optimization: this is cheaper than requiring 'a' not being zero, but the\n // benefit is lost if 'b' is also tested.\n // See: https://github.com/OpenZeppelin/openzeppelin-contracts/pull/522\n if (a == 0) return (true, 0);\n uint256 c = a * b;\n if (c / a != b) return (false, 0);\n return (true, c);\n }\n\n /**\n * @dev Returns the division of two unsigned integers, with a division by zero flag.\n *\n * _Available since v3.4._\n */\n function tryDiv(uint256 a, uint256 b) internal pure returns (bool, uint256) {\n if (b == 0) return (false, 0);\n return (true, a / b);\n }\n\n /**\n * @dev Returns the remainder of dividing two unsigned integers, with a division by zero flag.\n *\n * _Available since v3.4._\n */\n function tryMod(uint256 a, uint256 b) internal pure returns (bool, uint256) {\n if (b == 0) return (false, 0);\n return (true, a % b);\n }\n\n /**\n * @dev Returns the addition of two unsigned integers, reverting on\n * overflow.\n *\n * Counterpart to Solidity's `+` operator.\n *\n * Requirements:\n *\n * - Addition cannot overflow.\n */\n function add(uint256 a, uint256 b) internal pure returns (uint256) {\n uint256 c = a + b;\n require(c \u003e= a, \"SafeMath: addition overflow\");\n return c;\n }\n\n /**\n * @dev Returns the subtraction of two unsigned integers, reverting on\n * overflow (when the result is negative).\n *\n * Counterpart to Solidity's `-` operator.\n *\n * Requirements:\n *\n * - Subtraction cannot overflow.\n */\n function sub(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b \u003c= a, \"SafeMath: subtraction overflow\");\n return a - b;\n }\n\n /**\n * @dev Returns the multiplication of two unsigned integers, reverting on\n * overflow.\n *\n * Counterpart to Solidity's `*` operator.\n *\n * Requirements:\n *\n * - Multiplication cannot overflow.\n */\n function mul(uint256 a, uint256 b) internal pure returns (uint256) {\n if (a == 0) return 0;\n uint256 c = a * b;\n require(c / a == b, \"SafeMath: multiplication overflow\");\n return c;\n }\n\n /**\n * @dev Returns the integer division of two unsigned integers, reverting on\n * division by zero. The result is rounded towards zero.\n *\n * Counterpart to Solidity's `/` operator. Note: this function uses a\n * `revert` opcode (which leaves remaining gas untouched) while Solidity\n * uses an invalid opcode to revert (consuming all remaining gas).\n *\n * Requirements:\n *\n * - The divisor cannot be zero.\n */\n function div(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b \u003e 0, \"SafeMath: division by zero\");\n return a / b;\n }\n\n /**\n * @dev Returns the remainder of dividing two unsigned integers. (unsigned integer modulo),\n * reverting when dividing by zero.\n *\n * Counterpart to Solidity's `%` operator. This function uses a `revert`\n * opcode (which leaves remaining gas untouched) while Solidity uses an\n * invalid opcode to revert (consuming all remaining gas).\n *\n * Requirements:\n *\n * - The divisor cannot be zero.\n */\n function mod(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b \u003e 0, \"SafeMath: modulo by zero\");\n return a % b;\n }\n\n /**\n * @dev Returns the subtraction of two unsigned integers, reverting with custom message on\n * overflow (when the result is negative).\n *\n * CAUTION: This function is deprecated because it requires allocating memory for the error\n * message unnecessarily. For custom revert reasons use {trySub}.\n *\n * Counterpart to Solidity's `-` operator.\n *\n * Requirements:\n *\n * - Subtraction cannot overflow.\n */\n function sub(uint256 a, uint256 b, string memory errorMessage) internal pure returns (uint256) {\n require(b \u003c= a, errorMessage);\n return a - b;\n }\n\n /**\n * @dev Returns the integer division of two unsigned integers, reverting with custom message on\n * division by zero. The result is rounded towards zero.\n *\n * CAUTION: This function is deprecated because it requires allocating memory for the error\n * message unnecessarily. For custom revert reasons use {tryDiv}.\n *\n * Counterpart to Solidity's `/` operator. Note: this function uses a\n * `revert` opcode (which leaves remaining gas untouched) while Solidity\n * uses an invalid opcode to revert (consuming all remaining gas).\n *\n * Requirements:\n *\n * - The divisor cannot be zero.\n */\n function div(uint256 a, uint256 b, string memory errorMessage) internal pure returns (uint256) {\n require(b \u003e 0, errorMessage);\n return a / b;\n }\n\n /**\n * @dev Returns the remainder of dividing two unsigned integers. (unsigned integer modulo),\n * reverting with custom message when dividing by zero.\n *\n * CAUTION: This function is deprecated because it requires allocating memory for the error\n * message unnecessarily. For custom revert reasons use {tryMod}.\n *\n * Counterpart to Solidity's `%` operator. This function uses a `revert`\n * opcode (which leaves remaining gas untouched) while Solidity uses an\n * invalid opcode to revert (consuming all remaining gas).\n *\n * Requirements:\n *\n * - The divisor cannot be zero.\n */\n function mod(uint256 a, uint256 b, string memory errorMessage) internal pure returns (uint256) {\n require(b \u003e 0, errorMessage);\n return a % b;\n }\n}\n\n/**\n * @dev Collection of functions related to the address type\n */\nlibrary Address {\n /**\n * @dev Returns true if `account` is a contract.\n *\n * [IMPORTANT]\n * ====\n * It is unsafe to assume that an address for which this function returns\n * false is an externally-owned account (EOA) and not a contract.\n *\n * Among others, `isContract` will return false for the following\n * types of addresses:\n *\n * - an externally-owned account\n * - a contract in construction\n * - an address where a contract will be created\n * - an address where a contract lived, but was destroyed\n * ====\n */\n function isContract(address account) internal view returns (bool) {\n // This method relies on extcodesize, which returns 0 for contracts in\n // construction, since the code is only stored at the end of the\n // constructor execution.\n\n uint256 size;\n // solhint-disable-next-line no-inline-assembly\n assembly { size := extcodesize(account) }\n return size \u003e 0;\n }\n\n /**\n * @dev Replacement for Solidity's `transfer`: sends `amount` wei to\n * `recipient`, forwarding all available gas and reverting on errors.\n *\n * https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost\n * of certain opcodes, possibly making contracts go over the 2300 gas limit\n * imposed by `transfer`, making them unable to receive funds via\n * `transfer`. {sendValue} removes this limitation.\n *\n * https://diligence.consensys.net/posts/2019/09/stop-using-soliditys-transfer-now/[Learn more].\n *\n * IMPORTANT: because control is transferred to `recipient`, care must be\n * taken to not create reentrancy vulnerabilities. Consider using\n * {ReentrancyGuard} or the\n * https://solidity.readthedocs.io/en/v0.5.11/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern].\n */\n function sendValue(address payable recipient, uint256 amount) internal {\n require(address(this).balance \u003e= amount, \"Address: insufficient balance\");\n\n // solhint-disable-next-line avoid-low-level-calls, avoid-call-value\n (bool success, ) = recipient.call{ value: amount }(\"\");\n require(success, \"Address: unable to send value, recipient may have reverted\");\n }\n\n /**\n * @dev Performs a Solidity function call using a low level `call`. A\n * plain`call` is an unsafe replacement for a function call: use this\n * function instead.\n *\n * If `target` reverts with a revert reason, it is bubbled up by this\n * function (like regular Solidity function calls).\n *\n * Returns the raw returned data. To convert to the expected return value,\n * use https://solidity.readthedocs.io/en/latest/units-and-global-variables.html?highlight=abi.decode#abi-encoding-and-decoding-functions[`abi.decode`].\n *\n * Requirements:\n *\n * - `target` must be a contract.\n * - calling `target` with `data` must not revert.\n *\n * _Available since v3.1._\n */\n function functionCall(address target, bytes memory data) internal returns (bytes memory) {\n return functionCall(target, data, \"Address: low-level call failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], but with\n * `errorMessage` as a fallback revert reason when `target` reverts.\n *\n * _Available since v3.1._\n */\n function functionCall(address target, bytes memory data, string memory errorMessage) internal returns (bytes memory) {\n return functionCallWithValue(target, data, 0, errorMessage);\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\n * but also transferring `value` wei to `target`.\n *\n * Requirements:\n *\n * - the calling contract must have an ETH balance of at least `value`.\n * - the called Solidity function must be `payable`.\n *\n * _Available since v3.1._\n */\n function functionCallWithValue(address target, bytes memory data, uint256 value) internal returns (bytes memory) {\n return functionCallWithValue(target, data, value, \"Address: low-level call with value failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCallWithValue-address-bytes-uint256-}[`functionCallWithValue`], but\n * with `errorMessage` as a fallback revert reason when `target` reverts.\n *\n * _Available since v3.1._\n */\n function functionCallWithValue(address target, bytes memory data, uint256 value, string memory errorMessage) internal returns (bytes memory) {\n require(address(this).balance \u003e= value, \"Address: insufficient balance for call\");\n require(isContract(target), \"Address: call to non-contract\");\n\n // solhint-disable-next-line avoid-low-level-calls\n (bool success, bytes memory returndata) = target.call{ value: value }(data);\n return _verifyCallResult(success, returndata, errorMessage);\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\n * but performing a static call.\n *\n * _Available since v3.3._\n */\n function functionStaticCall(address target, bytes memory data) internal view returns (bytes memory) {\n return functionStaticCall(target, data, \"Address: low-level static call failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],\n * but performing a static call.\n *\n * _Available since v3.3._\n */\n function functionStaticCall(address target, bytes memory data, string memory errorMessage) internal view returns (bytes memory) {\n require(isContract(target), \"Address: static call to non-contract\");\n\n // solhint-disable-next-line avoid-low-level-calls\n (bool success, bytes memory returndata) = target.staticcall(data);\n return _verifyCallResult(success, returndata, errorMessage);\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\n * but performing a delegate call.\n *\n * _Available since v3.4._\n */\n function functionDelegateCall(address target, bytes memory data) internal returns (bytes memory) {\n return functionDelegateCall(target, data, \"Address: low-level delegate call failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],\n * but performing a delegate call.\n *\n * _Available since v3.4._\n */\n function functionDelegateCall(address target, bytes memory data, string memory errorMessage) internal returns (bytes memory) {\n require(isContract(target), \"Address: delegate call to non-contract\");\n\n // solhint-disable-next-line avoid-low-level-calls\n (bool success, bytes memory returndata) = target.delegatecall(data);\n return _verifyCallResult(success, returndata, errorMessage);\n }\n\n function _verifyCallResult(bool success, bytes memory returndata, string memory errorMessage) private pure returns(bytes memory) {\n if (success) {\n return returndata;\n } else {\n // Look for revert reason and bubble it up if present\n if (returndata.length \u003e 0) {\n // The easiest way to bubble the revert reason is using memory via assembly\n\n // solhint-disable-next-line no-inline-assembly\n assembly {\n let returndata_size := mload(returndata)\n revert(add(32, returndata), returndata_size)\n }\n } else {\n revert(errorMessage);\n }\n }\n }\n}\n\n/**\n * @title SafeERC20\n * @dev Wrappers around ERC20 operations that throw on failure (when the token\n * contract returns false). Tokens that return no value (and instead revert or\n * throw on failure) are also supported, non-reverting calls are assumed to be\n * successful.\n * To use this library you can add a `using SafeERC20 for IERC20;` statement to your contract,\n * which allows you to call the safe operations as `token.safeTransfer(...)`, etc.\n */\nlibrary SafeERC20 {\n using SafeMath for uint256;\n using Address for address;\n\n function safeTransfer(IERC20 token, address to, uint256 value) internal {\n _callOptionalReturn(token, abi.encodeWithSelector(token.transfer.selector, to, value));\n }\n\n function safeTransferFrom(IERC20 token, address from, address to, uint256 value) internal {\n _callOptionalReturn(token, abi.encodeWithSelector(token.transferFrom.selector, from, to, value));\n }\n\n /**\n * @dev Deprecated. This function has issues similar to the ones found in\n * {IERC20-approve}, and its usage is discouraged.\n *\n * Whenever possible, use {safeIncreaseAllowance} and\n * {safeDecreaseAllowance} instead.\n */\n function safeApprove(IERC20 token, address spender, uint256 value) internal {\n // safeApprove should only be called when setting an initial allowance,\n // or when resetting it to zero. To increase and decrease it, use\n // 'safeIncreaseAllowance' and 'safeDecreaseAllowance'\n // solhint-disable-next-line max-line-length\n require((value == 0) || (token.allowance(address(this), spender) == 0),\n \"SafeERC20: approve from non-zero to non-zero allowance\"\n );\n _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, value));\n }\n\n function safeIncreaseAllowance(IERC20 token, address spender, uint256 value) internal {\n uint256 newAllowance = token.allowance(address(this), spender).add(value);\n _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, newAllowance));\n }\n\n function safeDecreaseAllowance(IERC20 token, address spender, uint256 value) internal {\n uint256 newAllowance = token.allowance(address(this), spender).sub(value, \"SafeERC20: decreased allowance below zero\");\n _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, newAllowance));\n }\n\n /**\n * @dev Imitates a Solidity high-level call (i.e. a regular function call to a contract), relaxing the requirement\n * on the return value: the return value is optional (but if data is returned, it must not be false).\n * @param token The token targeted by the call.\n * @param data The call data (encoded using abi.encode or one of its variants).\n */\n function _callOptionalReturn(IERC20 token, bytes memory data) private {\n // We need to perform a low level call here, to bypass Solidity's return data size checking mechanism, since\n // we're implementing it ourselves. We use {Address.functionCall} to perform this call, which verifies that\n // the target address contains contract code and also asserts for success in the low-level call.\n\n bytes memory returndata = address(token).functionCall(data, \"SafeERC20: low-level call failed\");\n if (returndata.length \u003e 0) { // Return data is optional\n // solhint-disable-next-line max-line-length\n require(abi.decode(returndata, (bool)), \"SafeERC20: ERC20 operation did not succeed\");\n }\n }\n}\n\n/**\n * @notice Base contract which allows children to rescue ERC20 locked in their contract.\n * @dev Forked from https://github.com/centrehq/centre-tokens/blob/0d3cab14ebd133a83fc834dbd48d0468bdf0b391/contracts/v1.1/Rescuable.sol\n * Modifications:\n * 1. Update Solidity version from 0.6.12 to 0.7.6 (8/23/2022)\n */\ncontract Rescuable is Ownable2Step {\n using SafeERC20 for IERC20;\n\n address private _rescuer;\n\n event RescuerChanged(address indexed newRescuer);\n\n /**\n * @notice Returns current rescuer\n * @return Rescuer's address\n */\n function rescuer() external view returns (address) {\n return _rescuer;\n }\n\n /**\n * @notice Revert if called by any account other than the rescuer.\n */\n modifier onlyRescuer() {\n require(msg.sender == _rescuer, \"Rescuable: caller is not the rescuer\");\n _;\n }\n\n /**\n * @notice Rescue ERC20 tokens locked up in this contract.\n * @param tokenContract ERC20 token contract address\n * @param to Recipient address\n * @param amount Amount to withdraw\n */\n function rescueERC20(\n IERC20 tokenContract,\n address to,\n uint256 amount\n ) external onlyRescuer {\n tokenContract.safeTransfer(to, amount);\n }\n\n /**\n * @notice Assign the rescuer role to a given address.\n * @param newRescuer New rescuer's address\n */\n function updateRescuer(address newRescuer) external onlyOwner {\n require(\n newRescuer != address(0),\n \"Rescuable: new rescuer is the zero address\"\n );\n _rescuer = newRescuer;\n emit RescuerChanged(newRescuer);\n }\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * @dev Library for managing\n * https://en.wikipedia.org/wiki/Set_(abstract_data_type)[sets] of primitive\n * types.\n *\n * Sets have the following properties:\n *\n * - Elements are added, removed, and checked for existence in constant time\n * (O(1)).\n * - Elements are enumerated in O(n). No guarantees are made on the ordering.\n *\n * ```\n * contract Example {\n * // Add the library methods\n * using EnumerableSet for EnumerableSet.AddressSet;\n *\n * // Declare a set state variable\n * EnumerableSet.AddressSet private mySet;\n * }\n * ```\n *\n * As of v3.3.0, sets of type `bytes32` (`Bytes32Set`), `address` (`AddressSet`)\n * and `uint256` (`UintSet`) are supported.\n */\nlibrary EnumerableSet {\n // To implement this library for multiple types with as little code\n // repetition as possible, we write it in terms of a generic Set type with\n // bytes32 values.\n // The Set implementation uses private functions, and user-facing\n // implementations (such as AddressSet) are just wrappers around the\n // underlying Set.\n // This means that we can only create new EnumerableSets for types that fit\n // in bytes32.\n\n struct Set {\n // Storage of set values\n bytes32[] _values;\n\n // Position of the value in the `values` array, plus 1 because index 0\n // means a value is not in the set.\n mapping (bytes32 =\u003e uint256) _indexes;\n }\n\n /**\n * @dev Add a value to a set. O(1).\n *\n * Returns true if the value was added to the set, that is if it was not\n * already present.\n */\n function _add(Set storage set, bytes32 value) private returns (bool) {\n if (!_contains(set, value)) {\n set._values.push(value);\n // The value is stored at length-1, but we add 1 to all indexes\n // and use 0 as a sentinel value\n set._indexes[value] = set._values.length;\n return true;\n } else {\n return false;\n }\n }\n\n /**\n * @dev Removes a value from a set. O(1).\n *\n * Returns true if the value was removed from the set, that is if it was\n * present.\n */\n function _remove(Set storage set, bytes32 value) private returns (bool) {\n // We read and store the value's index to prevent multiple reads from the same storage slot\n uint256 valueIndex = set._indexes[value];\n\n if (valueIndex != 0) { // Equivalent to contains(set, value)\n // To delete an element from the _values array in O(1), we swap the element to delete with the last one in\n // the array, and then remove the last element (sometimes called as 'swap and pop').\n // This modifies the order of the array, as noted in {at}.\n\n uint256 toDeleteIndex = valueIndex - 1;\n uint256 lastIndex = set._values.length - 1;\n\n // When the value to delete is the last one, the swap operation is unnecessary. However, since this occurs\n // so rarely, we still do the swap anyway to avoid the gas cost of adding an 'if' statement.\n\n bytes32 lastvalue = set._values[lastIndex];\n\n // Move the last value to the index where the value to delete is\n set._values[toDeleteIndex] = lastvalue;\n // Update the index for the moved value\n set._indexes[lastvalue] = toDeleteIndex + 1; // All indexes are 1-based\n\n // Delete the slot where the moved value was stored\n set._values.pop();\n\n // Delete the index for the deleted slot\n delete set._indexes[value];\n\n return true;\n } else {\n return false;\n }\n }\n\n /**\n * @dev Returns true if the value is in the set. O(1).\n */\n function _contains(Set storage set, bytes32 value) private view returns (bool) {\n return set._indexes[value] != 0;\n }\n\n /**\n * @dev Returns the number of values on the set. O(1).\n */\n function _length(Set storage set) private view returns (uint256) {\n return set._values.length;\n }\n\n /**\n * @dev Returns the value stored at position `index` in the set. O(1).\n *\n * Note that there are no guarantees on the ordering of values inside the\n * array, and it may change when more values are added or removed.\n *\n * Requirements:\n *\n * - `index` must be strictly less than {length}.\n */\n function _at(Set storage set, uint256 index) private view returns (bytes32) {\n require(set._values.length \u003e index, \"EnumerableSet: index out of bounds\");\n return set._values[index];\n }\n\n // Bytes32Set\n\n struct Bytes32Set {\n Set _inner;\n }\n\n /**\n * @dev Add a value to a set. O(1).\n *\n * Returns true if the value was added to the set, that is if it was not\n * already present.\n */\n function add(Bytes32Set storage set, bytes32 value) internal returns (bool) {\n return _add(set._inner, value);\n }\n\n /**\n * @dev Removes a value from a set. O(1).\n *\n * Returns true if the value was removed from the set, that is if it was\n * present.\n */\n function remove(Bytes32Set storage set, bytes32 value) internal returns (bool) {\n return _remove(set._inner, value);\n }\n\n /**\n * @dev Returns true if the value is in the set. O(1).\n */\n function contains(Bytes32Set storage set, bytes32 value) internal view returns (bool) {\n return _contains(set._inner, value);\n }\n\n /**\n * @dev Returns the number of values in the set. O(1).\n */\n function length(Bytes32Set storage set) internal view returns (uint256) {\n return _length(set._inner);\n }\n\n /**\n * @dev Returns the value stored at position `index` in the set. O(1).\n *\n * Note that there are no guarantees on the ordering of values inside the\n * array, and it may change when more values are added or removed.\n *\n * Requirements:\n *\n * - `index` must be strictly less than {length}.\n */\n function at(Bytes32Set storage set, uint256 index) internal view returns (bytes32) {\n return _at(set._inner, index);\n }\n\n // AddressSet\n\n struct AddressSet {\n Set _inner;\n }\n\n /**\n * @dev Add a value to a set. O(1).\n *\n * Returns true if the value was added to the set, that is if it was not\n * already present.\n */\n function add(AddressSet storage set, address value) internal returns (bool) {\n return _add(set._inner, bytes32(uint256(uint160(value))));\n }\n\n /**\n * @dev Removes a value from a set. O(1).\n *\n * Returns true if the value was removed from the set, that is if it was\n * present.\n */\n function remove(AddressSet storage set, address value) internal returns (bool) {\n return _remove(set._inner, bytes32(uint256(uint160(value))));\n }\n\n /**\n * @dev Returns true if the value is in the set. O(1).\n */\n function contains(AddressSet storage set, address value) internal view returns (bool) {\n return _contains(set._inner, bytes32(uint256(uint160(value))));\n }\n\n /**\n * @dev Returns the number of values in the set. O(1).\n */\n function length(AddressSet storage set) internal view returns (uint256) {\n return _length(set._inner);\n }\n\n /**\n * @dev Returns the value stored at position `index` in the set. O(1).\n *\n * Note that there are no guarantees on the ordering of values inside the\n * array, and it may change when more values are added or removed.\n *\n * Requirements:\n *\n * - `index` must be strictly less than {length}.\n */\n function at(AddressSet storage set, uint256 index) internal view returns (address) {\n return address(uint160(uint256(_at(set._inner, index))));\n }\n\n // UintSet\n\n struct UintSet {\n Set _inner;\n }\n\n /**\n * @dev Add a value to a set. O(1).\n *\n * Returns true if the value was added to the set, that is if it was not\n * already present.\n */\n function add(UintSet storage set, uint256 value) internal returns (bool) {\n return _add(set._inner, bytes32(value));\n }\n\n /**\n * @dev Removes a value from a set. O(1).\n *\n * Returns true if the value was removed from the set, that is if it was\n * present.\n */\n function remove(UintSet storage set, uint256 value) internal returns (bool) {\n return _remove(set._inner, bytes32(value));\n }\n\n /**\n * @dev Returns true if the value is in the set. O(1).\n */\n function contains(UintSet storage set, uint256 value) internal view returns (bool) {\n return _contains(set._inner, bytes32(value));\n }\n\n /**\n * @dev Returns the number of values on the set. O(1).\n */\n function length(UintSet storage set) internal view returns (uint256) {\n return _length(set._inner);\n }\n\n /**\n * @dev Returns the value stored at position `index` in the set. O(1).\n *\n * Note that there are no guarantees on the ordering of values inside the\n * array, and it may change when more values are added or removed.\n *\n * Requirements:\n *\n * - `index` must be strictly less than {length}.\n */\n function at(UintSet storage set, uint256 index) internal view returns (uint256) {\n return uint256(_at(set._inner, index));\n }\n}\n\n/**\n * @dev Elliptic Curve Digital Signature Algorithm (ECDSA) operations.\n *\n * These functions can be used to verify that a message was signed by the holder\n * of the private keys of a given address.\n */\nlibrary ECDSA {\n /**\n * @dev Returns the address that signed a hashed message (`hash`) with\n * `signature`. This address can then be used for verification purposes.\n *\n * The `ecrecover` EVM opcode allows for malleable (non-unique) signatures:\n * this function rejects them by requiring the `s` value to be in the lower\n * half order, and the `v` value to be either 27 or 28.\n *\n * IMPORTANT: `hash` _must_ be the result of a hash operation for the\n * verification to be secure: it is possible to craft signatures that\n * recover to arbitrary addresses for non-hashed data. A safe way to ensure\n * this is by receiving a hash of the original message (which may otherwise\n * be too long), and then calling {toEthSignedMessageHash} on it.\n */\n function recover(bytes32 hash, bytes memory signature) internal pure returns (address) {\n // Check the signature length\n if (signature.length != 65) {\n revert(\"ECDSA: invalid signature length\");\n }\n\n // Divide the signature in r, s and v variables\n bytes32 r;\n bytes32 s;\n uint8 v;\n\n // ecrecover takes the signature parameters, and the only way to get them\n // currently is to use assembly.\n // solhint-disable-next-line no-inline-assembly\n assembly {\n r := mload(add(signature, 0x20))\n s := mload(add(signature, 0x40))\n v := byte(0, mload(add(signature, 0x60)))\n }\n\n return recover(hash, v, r, s);\n }\n\n /**\n * @dev Overload of {ECDSA-recover-bytes32-bytes-} that receives the `v`,\n * `r` and `s` signature fields separately.\n */\n function recover(bytes32 hash, uint8 v, bytes32 r, bytes32 s) internal pure returns (address) {\n // EIP-2 still allows signature malleability for ecrecover(). Remove this possibility and make the signature\n // unique. Appendix F in the Ethereum Yellow paper (https://ethereum.github.io/yellowpaper/paper.pdf), defines\n // the valid range for s in (281): 0 \u003c s \u003c secp256k1n ÷ 2 + 1, and for v in (282): v ∈ {27, 28}. Most\n // signatures from current libraries generate a unique signature with an s-value in the lower half order.\n //\n // If your library generates malleable signatures, such as s-values in the upper range, calculate a new s-value\n // with 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141 - s1 and flip v from 27 to 28 or\n // vice versa. If your library also generates signatures with 0/1 for v instead 27/28, add 27 to v to accept\n // these malleable signatures as well.\n require(uint256(s) \u003c= 0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0, \"ECDSA: invalid signature 's' value\");\n require(v == 27 || v == 28, \"ECDSA: invalid signature 'v' value\");\n\n // If the signature is valid (and not malleable), return the signer address\n address signer = ecrecover(hash, v, r, s);\n require(signer != address(0), \"ECDSA: invalid signature\");\n\n return signer;\n }\n\n /**\n * @dev Returns an Ethereum Signed Message, created from a `hash`. This\n * replicates the behavior of the\n * https://github.com/ethereum/wiki/wiki/JSON-RPC#eth_sign[`eth_sign`]\n * JSON-RPC method.\n *\n * See {recover}.\n */\n function toEthSignedMessageHash(bytes32 hash) internal pure returns (bytes32) {\n // 32 is the length in bytes of hash,\n // enforced by the type signature above\n return keccak256(abi.encodePacked(\"\\x19Ethereum Signed Message:\\n32\", hash));\n }\n}\n\ncontract Attestable is Ownable2Step {\n // ============ Events ============\n /**\n * @notice Emitted when an attester is enabled\n * @param attester newly enabled attester\n */\n event AttesterEnabled(address indexed attester);\n\n /**\n * @notice Emitted when an attester is disabled\n * @param attester newly disabled attester\n */\n event AttesterDisabled(address indexed attester);\n\n /**\n * @notice Emitted when threshold number of attestations (m in m/n multisig) is updated\n * @param oldSignatureThreshold old signature threshold\n * @param newSignatureThreshold new signature threshold\n */\n event SignatureThresholdUpdated(\n uint256 oldSignatureThreshold,\n uint256 newSignatureThreshold\n );\n\n /**\n * @dev Emitted when attester manager address is updated\n * @param previousAttesterManager representing the address of the previous attester manager\n * @param newAttesterManager representing the address of the new attester manager\n */\n event AttesterManagerUpdated(\n address indexed previousAttesterManager,\n address indexed newAttesterManager\n );\n\n // ============ Libraries ============\n using EnumerableSet for EnumerableSet.AddressSet;\n\n // ============ State Variables ============\n // number of signatures from distinct attesters required for a message to be received (m in m/n multisig)\n uint256 public signatureThreshold;\n\n // 65-byte ECDSA signature: v (32) + r (32) + s (1)\n uint256 internal constant signatureLength = 65;\n\n // enabled attesters (message signers)\n // (length of enabledAttesters is n in m/n multisig of message signers)\n EnumerableSet.AddressSet private enabledAttesters;\n\n // Attester Manager of the contract\n address private _attesterManager;\n\n // ============ Modifiers ============\n /**\n * @dev Throws if called by any account other than the attester manager.\n */\n modifier onlyAttesterManager() {\n require(msg.sender == _attesterManager, \"Caller not attester manager\");\n _;\n }\n\n // ============ Constructor ============\n /**\n * @dev The constructor sets the original attester manager of the contract to the sender account.\n * @param attester attester to initialize\n */\n constructor(address attester) {\n _setAttesterManager(msg.sender);\n // Initially 1 signature is required. Threshold can be increased by attesterManager.\n signatureThreshold = 1;\n enableAttester(attester);\n }\n\n // ============ Public/External Functions ============\n /**\n * @notice Enables an attester\n * @dev Only callable by attesterManager. New attester must be nonzero, and currently disabled.\n * @param newAttester attester to enable\n */\n function enableAttester(address newAttester) public onlyAttesterManager {\n require(newAttester != address(0), \"New attester must be nonzero\");\n require(enabledAttesters.add(newAttester), \"Attester already enabled\");\n emit AttesterEnabled(newAttester);\n }\n\n /**\n * @notice returns true if given `attester` is enabled, else false\n * @param attester attester to check enabled status of\n * @return true if given `attester` is enabled, else false\n */\n function isEnabledAttester(address attester) public view returns (bool) {\n return enabledAttesters.contains(attester);\n }\n\n /**\n * @notice returns the number of enabled attesters\n * @return number of enabled attesters\n */\n function getNumEnabledAttesters() public view returns (uint256) {\n return enabledAttesters.length();\n }\n\n /**\n * @dev Allows the current attester manager to transfer control of the contract to a newAttesterManager.\n * @param newAttesterManager The address to update attester manager to.\n */\n function updateAttesterManager(address newAttesterManager)\n external\n onlyOwner\n {\n require(\n newAttesterManager != address(0),\n \"Invalid attester manager address\"\n );\n address _oldAttesterManager = _attesterManager;\n _setAttesterManager(newAttesterManager);\n emit AttesterManagerUpdated(_oldAttesterManager, newAttesterManager);\n }\n\n /**\n * @notice Disables an attester\n * @dev Only callable by attesterManager. Disabling the attester is not allowed if there is only one attester\n * enabled, or if it would cause the number of enabled attesters to become less than signatureThreshold.\n * (Attester must be currently enabled.)\n * @param attester attester to disable\n */\n function disableAttester(address attester) external onlyAttesterManager {\n // Disallow disabling attester if there is only 1 active attester\n uint256 _numEnabledAttesters = getNumEnabledAttesters();\n\n require(_numEnabledAttesters \u003e 1, \"Too few enabled attesters\");\n\n // Disallow disabling an attester if it would cause the n in m/n multisig to fall below m (threshold # of signers).\n require(\n _numEnabledAttesters \u003e signatureThreshold,\n \"Signature threshold is too low\"\n );\n\n require(enabledAttesters.remove(attester), \"Attester already disabled\");\n emit AttesterDisabled(attester);\n }\n\n /**\n * @notice Sets the threshold of signatures required to attest to a message.\n * (This is the m in m/n multisig.)\n * @dev new signature threshold must be nonzero, and must not exceed number\n * of enabled attesters.\n * @param newSignatureThreshold new signature threshold\n */\n function setSignatureThreshold(uint256 newSignatureThreshold)\n external\n onlyAttesterManager\n {\n require(newSignatureThreshold != 0, \"Invalid signature threshold\");\n\n // New signature threshold cannot exceed the number of enabled attesters\n require(\n newSignatureThreshold \u003c= enabledAttesters.length(),\n \"New signature threshold too high\"\n );\n\n require(\n newSignatureThreshold != signatureThreshold,\n \"Signature threshold already set\"\n );\n\n uint256 _oldSignatureThreshold = signatureThreshold;\n signatureThreshold = newSignatureThreshold;\n emit SignatureThresholdUpdated(\n _oldSignatureThreshold,\n signatureThreshold\n );\n }\n\n /**\n * @dev Returns the address of the attester manager\n * @return address of the attester manager\n */\n function attesterManager() external view returns (address) {\n return _attesterManager;\n }\n\n /**\n * @notice gets enabled attester at given `index`\n * @param index index of attester to check\n * @return enabled attester at given `index`\n */\n function getEnabledAttester(uint256 index) external view returns (address) {\n return enabledAttesters.at(index);\n }\n\n // ============ Internal Utils ============\n /**\n * @dev Sets a new attester manager address\n * @param _newAttesterManager attester manager address to set\n */\n function _setAttesterManager(address _newAttesterManager) internal {\n _attesterManager = _newAttesterManager;\n }\n\n /**\n * @notice reverts if the attestation, which is comprised of one or more concatenated 65-byte signatures, is invalid.\n * @dev Rules for valid attestation:\n * 1. length of `_attestation` == 65 (signature length) * signatureThreshold\n * 2. addresses recovered from attestation must be in increasing order.\n * For example, if signature A is signed by address 0x1..., and signature B\n * is signed by address 0x2..., attestation must be passed as AB.\n * 3. no duplicate signers\n * 4. all signers must be enabled attesters\n *\n * Based on Christian Lundkvist's Simple Multisig\n * (https://github.com/christianlundkvist/simple-multisig/tree/560c463c8651e0a4da331bd8f245ccd2a48ab63d)\n * @param _message message to verify attestation of\n * @param _attestation attestation of `_message`\n */\n function _verifyAttestationSignatures(\n bytes calldata _message,\n bytes calldata _attestation\n ) internal view {\n require(\n _attestation.length == signatureLength * signatureThreshold,\n \"Invalid attestation length\"\n );\n\n // (Attesters cannot be address(0))\n address _latestAttesterAddress = address(0);\n // Address recovered from signatures must be in increasing order, to prevent duplicates\n\n bytes32 _digest = keccak256(_message);\n\n for (uint256 i; i \u003c signatureThreshold; ++i) {\n bytes memory _signature = _attestation[i * signatureLength:i *\n signatureLength +\n signatureLength];\n\n address _recoveredAttester = _recoverAttesterSignature(\n _digest,\n _signature\n );\n\n // Signatures must be in increasing order of address, and may not duplicate signatures from same address\n require(\n _recoveredAttester \u003e _latestAttesterAddress,\n \"Invalid signature order or dupe\"\n );\n require(\n isEnabledAttester(_recoveredAttester),\n \"Invalid signature: not attester\"\n );\n _latestAttesterAddress = _recoveredAttester;\n }\n }\n\n /**\n * @notice Checks that signature was signed by attester\n * @param _digest message hash\n * @param _signature message signature\n * @return address of recovered signer\n **/\n function _recoverAttesterSignature(bytes32 _digest, bytes memory _signature)\n internal\n pure\n returns (address)\n {\n return (ECDSA.recover(_digest, _signature));\n }\n}\n\n/**\n * @title MessageTransmitter\n * @notice Contract responsible for sending and receiving messages across chains.\n */\ncontract MessageTransmitter is\n IMessageTransmitter,\n Pausable,\n Rescuable,\n Attestable\n{\n // ============ Events ============\n /**\n * @notice Emitted when a new message is dispatched\n * @param message Raw bytes of message\n */\n event MessageSent(bytes message);\n\n /**\n * @notice Emitted when a new message is received\n * @param caller Caller (msg.sender) on destination domain\n * @param sourceDomain The source domain this message originated from\n * @param nonce The nonce unique to this message\n * @param sender The sender of this message\n * @param messageBody message body bytes\n */\n event MessageReceived(\n address indexed caller,\n uint32 sourceDomain,\n uint64 indexed nonce,\n bytes32 sender,\n bytes messageBody\n );\n\n /**\n * @notice Emitted when max message body size is updated\n * @param newMaxMessageBodySize new maximum message body size, in bytes\n */\n event MaxMessageBodySizeUpdated(uint256 newMaxMessageBodySize);\n\n // ============ Libraries ============\n using TypedMemView for bytes;\n using TypedMemView for bytes29;\n using Message for bytes29;\n\n // ============ State Variables ============\n // Domain of chain on which the contract is deployed\n uint32 public immutable localDomain;\n\n // Message Format version\n uint32 public immutable version;\n\n // Maximum size of message body, in bytes.\n // This value is set by owner.\n uint256 public maxMessageBodySize;\n\n // Next available nonce from this source domain\n uint64 public nextAvailableNonce;\n\n // Maps a bytes32 hash of (sourceDomain, nonce) -\u003e uint256 (0 if unused, 1 if used)\n mapping(bytes32 =\u003e uint256) public usedNonces;\n\n // ============ Constructor ============\n constructor(\n uint32 _localDomain,\n address _attester,\n uint32 _maxMessageBodySize,\n uint32 _version\n ) Attestable(_attester) {\n localDomain = _localDomain;\n maxMessageBodySize = _maxMessageBodySize;\n version = _version;\n }\n\n // ============ External Functions ============\n /**\n * @notice Send the message to the destination domain and recipient\n * @dev Increment nonce, format the message, and emit `MessageSent` event with message information.\n * @param destinationDomain Domain of destination chain\n * @param recipient Address of message recipient on destination chain as bytes32\n * @param messageBody Raw bytes content of message\n * @return nonce reserved by message\n */\n function sendMessage(\n uint32 destinationDomain,\n bytes32 recipient,\n bytes calldata messageBody\n ) external override whenNotPaused returns (uint64) {\n bytes32 _emptyDestinationCaller = bytes32(0);\n uint64 _nonce = _reserveAndIncrementNonce();\n bytes32 _messageSender = Message.addressToBytes32(msg.sender);\n\n _sendMessage(\n destinationDomain,\n recipient,\n _emptyDestinationCaller,\n _messageSender,\n _nonce,\n messageBody\n );\n\n return _nonce;\n }\n\n /**\n * @notice Replace a message with a new message body and/or destination caller.\n * @dev The `originalAttestation` must be a valid attestation of `originalMessage`.\n * Reverts if msg.sender does not match sender of original message, or if the source domain of the original message\n * does not match this MessageTransmitter's local domain.\n * @param originalMessage original message to replace\n * @param originalAttestation attestation of `originalMessage`\n * @param newMessageBody new message body of replaced message\n * @param newDestinationCaller the new destination caller, which may be the\n * same as the original destination caller, a new destination caller, or an empty\n * destination caller (bytes32(0), indicating that any destination caller is valid.)\n */\n function replaceMessage(\n bytes calldata originalMessage,\n bytes calldata originalAttestation,\n bytes calldata newMessageBody,\n bytes32 newDestinationCaller\n ) external override whenNotPaused {\n // Validate each signature in the attestation\n _verifyAttestationSignatures(originalMessage, originalAttestation);\n\n bytes29 _originalMsg = originalMessage.ref(0);\n\n // Validate message format\n _originalMsg._validateMessageFormat();\n\n // Validate message sender\n bytes32 _sender = _originalMsg._sender();\n require(\n msg.sender == Message.bytes32ToAddress(_sender),\n \"Sender not permitted to use nonce\"\n );\n\n // Validate source domain\n uint32 _sourceDomain = _originalMsg._sourceDomain();\n require(\n _sourceDomain == localDomain,\n \"Message not originally sent from this domain\"\n );\n\n uint32 _destinationDomain = _originalMsg._destinationDomain();\n bytes32 _recipient = _originalMsg._recipient();\n uint64 _nonce = _originalMsg._nonce();\n\n _sendMessage(\n _destinationDomain,\n _recipient,\n newDestinationCaller,\n _sender,\n _nonce,\n newMessageBody\n );\n }\n\n /**\n * @notice Send the message to the destination domain and recipient, for a specified `destinationCaller` on the\n * destination domain.\n * @dev Increment nonce, format the message, and emit `MessageSent` event with message information.\n * WARNING: if the `destinationCaller` does not represent a valid address, then it will not be possible\n * to broadcast the message on the destination domain. This is an advanced feature, and the standard\n * sendMessage() should be preferred for use cases where a specific destination caller is not required.\n * @param destinationDomain Domain of destination chain\n * @param recipient Address of message recipient on destination domain as bytes32\n * @param destinationCaller caller on the destination domain, as bytes32\n * @param messageBody Raw bytes content of message\n * @return nonce reserved by message\n */\n function sendMessageWithCaller(\n uint32 destinationDomain,\n bytes32 recipient,\n bytes32 destinationCaller,\n bytes calldata messageBody\n ) external override whenNotPaused returns (uint64) {\n require(\n destinationCaller != bytes32(0),\n \"Destination caller must be nonzero\"\n );\n\n uint64 _nonce = _reserveAndIncrementNonce();\n bytes32 _messageSender = Message.addressToBytes32(msg.sender);\n\n _sendMessage(\n destinationDomain,\n recipient,\n destinationCaller,\n _messageSender,\n _nonce,\n messageBody\n );\n\n return _nonce;\n }\n\n /**\n * @notice Receive a message. Messages with a given nonce\n * can only be broadcast once for a (sourceDomain, destinationDomain)\n * pair. The message body of a valid message is passed to the\n * specified recipient for further processing.\n *\n * @dev Attestation format:\n * A valid attestation is the concatenated 65-byte signature(s) of exactly\n * `thresholdSignature` signatures, in increasing order of attester address.\n * ***If the attester addresses recovered from signatures are not in\n * increasing order, signature verification will fail.***\n * If incorrect number of signatures or duplicate signatures are supplied,\n * signature verification will fail.\n *\n * Message format:\n * Field Bytes Type Index\n * version 4 uint32 0\n * sourceDomain 4 uint32 4\n * destinationDomain 4 uint32 8\n * nonce 8 uint64 12\n * sender 32 bytes32 20\n * recipient 32 bytes32 52\n * messageBody dynamic bytes 84\n * @param message Message bytes\n * @param attestation Concatenated 65-byte signature(s) of `message`, in increasing order\n * of the attester address recovered from signatures.\n * @return success bool, true if successful\n */\n function receiveMessage(bytes calldata message, bytes calldata attestation)\n external\n override\n whenNotPaused\n returns (bool success)\n {\n // Validate each signature in the attestation\n _verifyAttestationSignatures(message, attestation);\n\n bytes29 _msg = message.ref(0);\n\n // Validate message format\n _msg._validateMessageFormat();\n\n // Validate domain\n require(\n _msg._destinationDomain() == localDomain,\n \"Invalid destination domain\"\n );\n\n // Validate destination caller\n if (_msg._destinationCaller() != bytes32(0)) {\n require(\n _msg._destinationCaller() ==\n Message.addressToBytes32(msg.sender),\n \"Invalid caller for message\"\n );\n }\n\n // Validate version\n require(_msg._version() == version, \"Invalid message version\");\n\n // Validate nonce is available\n uint32 _sourceDomain = _msg._sourceDomain();\n uint64 _nonce = _msg._nonce();\n bytes32 _sourceAndNonce = _hashSourceAndNonce(_sourceDomain, _nonce);\n require(usedNonces[_sourceAndNonce] == 0, \"Nonce already used\");\n // Mark nonce used\n usedNonces[_sourceAndNonce] = 1;\n\n // Handle receive message\n bytes32 _sender = _msg._sender();\n bytes memory _messageBody = _msg._messageBody().clone();\n require(\n IMessageHandler(Message.bytes32ToAddress(_msg._recipient()))\n .handleReceiveMessage(_sourceDomain, _sender, _messageBody),\n \"handleReceiveMessage() failed\"\n );\n\n // Emit MessageReceived event\n emit MessageReceived(\n msg.sender,\n _sourceDomain,\n _nonce,\n _sender,\n _messageBody\n );\n return true;\n }\n\n /**\n * @notice Sets the max message body size\n * @dev This value should not be reduced without good reason,\n * to avoid impacting users who rely on large messages.\n * @param newMaxMessageBodySize new max message body size, in bytes\n */\n function setMaxMessageBodySize(uint256 newMaxMessageBodySize)\n external\n onlyOwner\n {\n maxMessageBodySize = newMaxMessageBodySize;\n emit MaxMessageBodySizeUpdated(maxMessageBodySize);\n }\n\n // ============ Internal Utils ============\n /**\n * @notice Send the message to the destination domain and recipient. If `_destinationCaller` is not equal to bytes32(0),\n * the message can only be received on the destination chain when called by `_destinationCaller`.\n * @dev Format the message and emit `MessageSent` event with message information.\n * @param _destinationDomain Domain of destination chain\n * @param _recipient Address of message recipient on destination domain as bytes32\n * @param _destinationCaller caller on the destination domain, as bytes32\n * @param _sender message sender, as bytes32\n * @param _nonce nonce reserved for message\n * @param _messageBody Raw bytes content of message\n */\n function _sendMessage(\n uint32 _destinationDomain,\n bytes32 _recipient,\n bytes32 _destinationCaller,\n bytes32 _sender,\n uint64 _nonce,\n bytes calldata _messageBody\n ) internal {\n // Validate message body length\n require(\n _messageBody.length \u003c= maxMessageBodySize,\n \"Message body exceeds max size\"\n );\n\n require(_recipient != bytes32(0), \"Recipient must be nonzero\");\n\n // serialize message\n bytes memory _message = Message._formatMessage(\n version,\n localDomain,\n _destinationDomain,\n _nonce,\n _sender,\n _recipient,\n _destinationCaller,\n _messageBody\n );\n\n // Emit MessageSent event\n emit MessageSent(_message);\n }\n\n /**\n * @notice hashes `_source` and `_nonce`.\n * @param _source Domain of chain where the transfer originated\n * @param _nonce The unique identifier for the message from source to\n destination\n * @return hash of source and nonce\n */\n function _hashSourceAndNonce(uint32 _source, uint64 _nonce)\n internal\n pure\n returns (bytes32)\n {\n return keccak256(abi.encodePacked(_source, _nonce));\n }\n\n /**\n * Reserve and increment next available nonce\n * @return nonce reserved\n */\n function _reserveAndIncrementNonce() internal returns (uint64) {\n uint64 _nonceReserved = nextAvailableNonce;\n nextAvailableNonce = nextAvailableNonce + 1;\n return _nonceReserved;\n }\n}\n","language":"Solidity","languageVersion":"0.7.6","compilerVersion":"0.7.6","compilerOptions":"--combined-json bin,bin-runtime,srcmap,srcmap-runtime,abi,userdoc,devdoc,metadata,hashes --optimize --optimize-runs 10000 --allow-paths ., ./, ../","srcMap":"79500:8633:0:-:0;;;;;;;;;;;;;;;;;;;;;;;;;","srcMapRuntime":"79500:8633:0:-:0;;;;;;;;","abiDefinition":[],"userDoc":{"kind":"user","methods":{},"version":1},"developerDoc":{"details":"Library for managing https://en.wikipedia.org/wiki/Set_(abstract_data_type)[sets] of primitive types. Sets have the following properties: - Elements are added, removed, and checked for existence in constant time (O(1)). - Elements are enumerated in O(n). No guarantees are made on the ordering. ``` contract Example { // Add the library methods using EnumerableSet for EnumerableSet.AddressSet; // Declare a set state variable EnumerableSet.AddressSet private mySet; } ``` As of v3.3.0, sets of type `bytes32` (`Bytes32Set`), `address` (`AddressSet`) and `uint256` (`UintSet`) are supported.","kind":"dev","methods":{},"version":1},"metadata":"{\"compiler\":{\"version\":\"0.7.6+commit.7338295f\"},\"language\":\"Solidity\",\"output\":{\"abi\":[],\"devdoc\":{\"details\":\"Library for managing https://en.wikipedia.org/wiki/Set_(abstract_data_type)[sets] of primitive types. Sets have the following properties: - Elements are added, removed, and checked for existence in constant time (O(1)). - Elements are enumerated in O(n). No guarantees are made on the ordering. ``` contract Example { // Add the library methods using EnumerableSet for EnumerableSet.AddressSet; // Declare a set state variable EnumerableSet.AddressSet private mySet; } ``` As of v3.3.0, sets of type `bytes32` (`Bytes32Set`), `address` (`AddressSet`) and `uint256` (`UintSet`) are supported.\",\"kind\":\"dev\",\"methods\":{},\"version\":1},\"userdoc\":{\"kind\":\"user\",\"methods\":{},\"version\":1}},\"settings\":{\"compilationTarget\":{\"/solidity/MessageTransmitter.sol\":\"EnumerableSet\"},\"evmVersion\":\"istanbul\",\"libraries\":{},\"metadata\":{\"bytecodeHash\":\"ipfs\"},\"optimizer\":{\"enabled\":true,\"runs\":10000},\"remappings\":[]},\"sources\":{\"/solidity/MessageTransmitter.sol\":{\"keccak256\":\"0x66482a7675b7a8f1b856597c0bcce83a042b7f528008def6999bc6ac352490c3\",\"urls\":[\"bzz-raw://1ac50e39d1d55ebb3768c40e3a059e0061a4b3604e6d696b344536449bf54493\",\"dweb:/ipfs/QmVs58APPUCVq74xCsVLCMdfB18yJTqFzgXNL5qEJu7GY6\"]}},\"version\":1}"},"hashes":{}},"/solidity/MessageTransmitter.sol:IERC20":{"code":"0x","runtime-code":"0x","info":{"source":"/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npragma solidity 0.7.6;\n\n/*\nThe MIT License (MIT)\n\nCopyright (c) 2016 Smart Contract Solutions, Inc.\n\nPermission is hereby granted, free of charge, to any person obtaining\na copy of this software and associated documentation files (the\n\"Software\"), to deal in the Software without restriction, including\nwithout limitation the rights to use, copy, modify, merge, publish,\ndistribute, sublicense, and/or sell copies of the Software, and to\npermit persons to whom the Software is furnished to do so, subject to\nthe following conditions:\n\nThe above copyright notice and this permission notice shall be included\nin all copies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS\nOR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF\nMERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.\nIN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY\nCLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,\nTORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE\nSOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n*/\n\nlibrary TypedMemView {\n using SafeMath for uint256;\n\n // Why does this exist?\n // the solidity `bytes memory` type has a few weaknesses.\n // 1. You can't index ranges effectively\n // 2. You can't slice without copying\n // 3. The underlying data may represent any type\n // 4. Solidity never deallocates memory, and memory costs grow\n // superlinearly\n\n // By using a memory view instead of a `bytes memory` we get the following\n // advantages:\n // 1. Slices are done on the stack, by manipulating the pointer\n // 2. We can index arbitrary ranges and quickly convert them to stack types\n // 3. We can insert type info into the pointer, and typecheck at runtime\n\n // This makes `TypedMemView` a useful tool for efficient zero-copy\n // algorithms.\n\n // Why bytes29?\n // We want to avoid confusion between views, digests, and other common\n // types so we chose a large and uncommonly used odd number of bytes\n //\n // Note that while bytes are left-aligned in a word, integers and addresses\n // are right-aligned. This means when working in assembly we have to\n // account for the 3 unused bytes on the righthand side\n //\n // First 5 bytes are a type flag.\n // - ff_ffff_fffe is reserved for unknown type.\n // - ff_ffff_ffff is reserved for invalid types/errors.\n // next 12 are memory address\n // next 12 are len\n // bottom 3 bytes are empty\n\n // Assumptions:\n // - non-modification of memory.\n // - No Solidity updates\n // - - wrt free mem point\n // - - wrt bytes representation in memory\n // - - wrt memory addressing in general\n\n // Usage:\n // - create type constants\n // - use `assertType` for runtime type assertions\n // - - unfortunately we can't do this at compile time yet :(\n // - recommended: implement modifiers that perform type checking\n // - - e.g.\n // - - `uint40 constant MY_TYPE = 3;`\n // - - ` modifer onlyMyType(bytes29 myView) { myView.assertType(MY_TYPE); }`\n // - instantiate a typed view from a bytearray using `ref`\n // - use `index` to inspect the contents of the view\n // - use `slice` to create smaller views into the same memory\n // - - `slice` can increase the offset\n // - - `slice can decrease the length`\n // - - must specify the output type of `slice`\n // - - `slice` will return a null view if you try to overrun\n // - - make sure to explicitly check for this with `notNull` or `assertType`\n // - use `equal` for typed comparisons.\n\n // The null view\n bytes29 public constant NULL = hex\"ffffffffffffffffffffffffffffffffffffffffffffffffffffffffff\";\n uint256 constant LOW_12_MASK = 0xffffffffffffffffffffffff;\n uint8 constant TWELVE_BYTES = 96;\n\n /**\n * @notice Returns the encoded hex character that represents the lower 4 bits of the argument.\n * @param _b The byte\n * @return char - The encoded hex character\n */\n function nibbleHex(uint8 _b) internal pure returns (uint8 char) {\n // This can probably be done more efficiently, but it's only in error\n // paths, so we don't really care :)\n uint8 _nibble = _b | 0xf0; // set top 4, keep bottom 4\n if (_nibble == 0xf0) {return 0x30;} // 0\n if (_nibble == 0xf1) {return 0x31;} // 1\n if (_nibble == 0xf2) {return 0x32;} // 2\n if (_nibble == 0xf3) {return 0x33;} // 3\n if (_nibble == 0xf4) {return 0x34;} // 4\n if (_nibble == 0xf5) {return 0x35;} // 5\n if (_nibble == 0xf6) {return 0x36;} // 6\n if (_nibble == 0xf7) {return 0x37;} // 7\n if (_nibble == 0xf8) {return 0x38;} // 8\n if (_nibble == 0xf9) {return 0x39;} // 9\n if (_nibble == 0xfa) {return 0x61;} // a\n if (_nibble == 0xfb) {return 0x62;} // b\n if (_nibble == 0xfc) {return 0x63;} // c\n if (_nibble == 0xfd) {return 0x64;} // d\n if (_nibble == 0xfe) {return 0x65;} // e\n if (_nibble == 0xff) {return 0x66;} // f\n }\n\n /**\n * @notice Returns a uint16 containing the hex-encoded byte.\n * @param _b The byte\n * @return encoded - The hex-encoded byte\n */\n function byteHex(uint8 _b) internal pure returns (uint16 encoded) {\n encoded |= nibbleHex(_b \u003e\u003e 4); // top 4 bits\n encoded \u003c\u003c= 8;\n encoded |= nibbleHex(_b); // lower 4 bits\n }\n\n /**\n * @notice Encodes the uint256 to hex. `first` contains the encoded top 16 bytes.\n * `second` contains the encoded lower 16 bytes.\n *\n * @param _b The 32 bytes as uint256\n * @return first - The top 16 bytes\n * @return second - The bottom 16 bytes\n */\n function encodeHex(uint256 _b) internal pure returns (uint256 first, uint256 second) {\n for (uint8 i = 31; i \u003e 15; i -= 1) {\n uint8 _byte = uint8(_b \u003e\u003e (i * 8));\n first |= byteHex(_byte);\n if (i != 16) {\n first \u003c\u003c= 16;\n }\n }\n\n // abusing underflow here =_=\n for (uint8 i = 15; i \u003c 255 ; i -= 1) {\n uint8 _byte = uint8(_b \u003e\u003e (i * 8));\n second |= byteHex(_byte);\n if (i != 0) {\n second \u003c\u003c= 16;\n }\n }\n }\n\n /**\n * @notice Changes the endianness of a uint256.\n * @dev https://graphics.stanford.edu/~seander/bithacks.html#ReverseParallel\n * @param _b The unsigned integer to reverse\n * @return v - The reversed value\n */\n function reverseUint256(uint256 _b) internal pure returns (uint256 v) {\n v = _b;\n\n // swap bytes\n v = ((v \u003e\u003e 8) \u0026 0x00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF) |\n ((v \u0026 0x00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF) \u003c\u003c 8);\n // swap 2-byte long pairs\n v = ((v \u003e\u003e 16) \u0026 0x0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF) |\n ((v \u0026 0x0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF) \u003c\u003c 16);\n // swap 4-byte long pairs\n v = ((v \u003e\u003e 32) \u0026 0x00000000FFFFFFFF00000000FFFFFFFF00000000FFFFFFFF00000000FFFFFFFF) |\n ((v \u0026 0x00000000FFFFFFFF00000000FFFFFFFF00000000FFFFFFFF00000000FFFFFFFF) \u003c\u003c 32);\n // swap 8-byte long pairs\n v = ((v \u003e\u003e 64) \u0026 0x0000000000000000FFFFFFFFFFFFFFFF0000000000000000FFFFFFFFFFFFFFFF) |\n ((v \u0026 0x0000000000000000FFFFFFFFFFFFFFFF0000000000000000FFFFFFFFFFFFFFFF) \u003c\u003c 64);\n // swap 16-byte long pairs\n v = (v \u003e\u003e 128) | (v \u003c\u003c 128);\n }\n\n /**\n * @notice Create a mask with the highest `_len` bits set.\n * @param _len The length\n * @return mask - The mask\n */\n function leftMask(uint8 _len) private pure returns (uint256 mask) {\n // ugly. redo without assembly?\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n mask := sar(\n sub(_len, 1),\n 0x8000000000000000000000000000000000000000000000000000000000000000\n )\n }\n }\n\n /**\n * @notice Return the null view.\n * @return bytes29 - The null view\n */\n function nullView() internal pure returns (bytes29) {\n return NULL;\n }\n\n /**\n * @notice Check if the view is null.\n * @return bool - True if the view is null\n */\n function isNull(bytes29 memView) internal pure returns (bool) {\n return memView == NULL;\n }\n\n /**\n * @notice Check if the view is not null.\n * @return bool - True if the view is not null\n */\n function notNull(bytes29 memView) internal pure returns (bool) {\n return !isNull(memView);\n }\n\n /**\n * @notice Check if the view is of a valid type and points to a valid location\n * in memory.\n * @dev We perform this check by examining solidity's unallocated memory\n * pointer and ensuring that the view's upper bound is less than that.\n * @param memView The view\n * @return ret - True if the view is valid\n */\n function isValid(bytes29 memView) internal pure returns (bool ret) {\n if (typeOf(memView) == 0xffffffffff) {return false;}\n uint256 _end = end(memView);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n ret := not(gt(_end, mload(0x40)))\n }\n }\n\n /**\n * @notice Require that a typed memory view be valid.\n * @dev Returns the view for easy chaining.\n * @param memView The view\n * @return bytes29 - The validated view\n */\n function assertValid(bytes29 memView) internal pure returns (bytes29) {\n require(isValid(memView), \"Validity assertion failed\");\n return memView;\n }\n\n /**\n * @notice Return true if the memview is of the expected type. Otherwise false.\n * @param memView The view\n * @param _expected The expected type\n * @return bool - True if the memview is of the expected type\n */\n function isType(bytes29 memView, uint40 _expected) internal pure returns (bool) {\n return typeOf(memView) == _expected;\n }\n\n /**\n * @notice Require that a typed memory view has a specific type.\n * @dev Returns the view for easy chaining.\n * @param memView The view\n * @param _expected The expected type\n * @return bytes29 - The view with validated type\n */\n function assertType(bytes29 memView, uint40 _expected) internal pure returns (bytes29) {\n if (!isType(memView, _expected)) {\n (, uint256 g) = encodeHex(uint256(typeOf(memView)));\n (, uint256 e) = encodeHex(uint256(_expected));\n string memory err = string(\n abi.encodePacked(\n \"Type assertion failed. Got 0x\",\n uint80(g),\n \". Expected 0x\",\n uint80(e)\n )\n );\n revert(err);\n }\n return memView;\n }\n\n /**\n * @notice Return an identical view with a different type.\n * @param memView The view\n * @param _newType The new type\n * @return newView - The new view with the specified type\n */\n function castTo(bytes29 memView, uint40 _newType) internal pure returns (bytes29 newView) {\n // then | in the new type\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n // shift off the top 5 bytes\n newView := or(newView, shr(40, shl(40, memView)))\n newView := or(newView, shl(216, _newType))\n }\n }\n\n /**\n * @notice Unsafe raw pointer construction. This should generally not be called\n * directly. Prefer `ref` wherever possible.\n * @dev Unsafe raw pointer construction. This should generally not be called\n * directly. Prefer `ref` wherever possible.\n * @param _type The type\n * @param _loc The memory address\n * @param _len The length\n * @return newView - The new view with the specified type, location and length\n */\n function unsafeBuildUnchecked(uint256 _type, uint256 _loc, uint256 _len) private pure returns (bytes29 newView) {\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n newView := shl(96, or(newView, _type)) // insert type\n newView := shl(96, or(newView, _loc)) // insert loc\n newView := shl(24, or(newView, _len)) // empty bottom 3 bytes\n }\n }\n\n /**\n * @notice Instantiate a new memory view. This should generally not be called\n * directly. Prefer `ref` wherever possible.\n * @dev Instantiate a new memory view. This should generally not be called\n * directly. Prefer `ref` wherever possible.\n * @param _type The type\n * @param _loc The memory address\n * @param _len The length\n * @return newView - The new view with the specified type, location and length\n */\n function build(uint256 _type, uint256 _loc, uint256 _len) internal pure returns (bytes29 newView) {\n uint256 _end = _loc.add(_len);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n if gt(_end, mload(0x40)) {\n _end := 0\n }\n }\n if (_end == 0) {\n return NULL;\n }\n newView = unsafeBuildUnchecked(_type, _loc, _len);\n }\n\n /**\n * @notice Instantiate a memory view from a byte array.\n * @dev Note that due to Solidity memory representation, it is not possible to\n * implement a deref, as the `bytes` type stores its len in memory.\n * @param arr The byte array\n * @param newType The type\n * @return bytes29 - The memory view\n */\n function ref(bytes memory arr, uint40 newType) internal pure returns (bytes29) {\n uint256 _len = arr.length;\n\n uint256 _loc;\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n _loc := add(arr, 0x20) // our view is of the data, not the struct\n }\n\n return build(newType, _loc, _len);\n }\n\n /**\n * @notice Return the associated type information.\n * @param memView The memory view\n * @return _type - The type associated with the view\n */\n function typeOf(bytes29 memView) internal pure returns (uint40 _type) {\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n // 216 == 256 - 40\n _type := shr(216, memView) // shift out lower 24 bytes\n }\n }\n\n /**\n * @notice Optimized type comparison. Checks that the 5-byte type flag is equal.\n * @param left The first view\n * @param right The second view\n * @return bool - True if the 5-byte type flag is equal\n */\n function sameType(bytes29 left, bytes29 right) internal pure returns (bool) {\n return (left ^ right) \u003e\u003e (2 * TWELVE_BYTES) == 0;\n }\n\n /**\n * @notice Return the memory address of the underlying bytes.\n * @param memView The view\n * @return _loc - The memory address\n */\n function loc(bytes29 memView) internal pure returns (uint96 _loc) {\n uint256 _mask = LOW_12_MASK; // assembly can't use globals\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n // 120 bits = 12 bytes (the encoded loc) + 3 bytes (empty low space)\n _loc := and(shr(120, memView), _mask)\n }\n }\n\n /**\n * @notice The number of memory words this memory view occupies, rounded up.\n * @param memView The view\n * @return uint256 - The number of memory words\n */\n function words(bytes29 memView) internal pure returns (uint256) {\n return uint256(len(memView)).add(32) / 32;\n }\n\n /**\n * @notice The in-memory footprint of a fresh copy of the view.\n * @param memView The view\n * @return uint256 - The in-memory footprint of a fresh copy of the view.\n */\n function footprint(bytes29 memView) internal pure returns (uint256) {\n return words(memView) * 32;\n }\n\n /**\n * @notice The number of bytes of the view.\n * @param memView The view\n * @return _len - The length of the view\n */\n function len(bytes29 memView) internal pure returns (uint96 _len) {\n uint256 _mask = LOW_12_MASK; // assembly can't use globals\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n _len := and(shr(24, memView), _mask)\n }\n }\n\n /**\n * @notice Returns the endpoint of `memView`.\n * @param memView The view\n * @return uint256 - The endpoint of `memView`\n */\n function end(bytes29 memView) internal pure returns (uint256) {\n return loc(memView) + len(memView);\n }\n\n /**\n * @notice Safe slicing without memory modification.\n * @param memView The view\n * @param _index The start index\n * @param _len The length\n * @param newType The new type\n * @return bytes29 - The new view\n */\n function slice(bytes29 memView, uint256 _index, uint256 _len, uint40 newType) internal pure returns (bytes29) {\n uint256 _loc = loc(memView);\n\n // Ensure it doesn't overrun the view\n if (_loc.add(_index).add(_len) \u003e end(memView)) {\n return NULL;\n }\n\n _loc = _loc.add(_index);\n return build(newType, _loc, _len);\n }\n\n /**\n * @notice Shortcut to `slice`. Gets a view representing the first `_len` bytes.\n * @param memView The view\n * @param _len The length\n * @param newType The new type\n * @return bytes29 - The new view\n */\n function prefix(bytes29 memView, uint256 _len, uint40 newType) internal pure returns (bytes29) {\n return slice(memView, 0, _len, newType);\n }\n\n /**\n * @notice Shortcut to `slice`. Gets a view representing the last `_len` byte.\n * @param memView The view\n * @param _len The length\n * @param newType The new type\n * @return bytes29 - The new view\n */\n function postfix(bytes29 memView, uint256 _len, uint40 newType) internal pure returns (bytes29) {\n return slice(memView, uint256(len(memView)).sub(_len), _len, newType);\n }\n\n /**\n * @notice Construct an error message for an indexing overrun.\n * @param _loc The memory address\n * @param _len The length\n * @param _index The index\n * @param _slice The slice where the overrun occurred\n * @return err - The err\n */\n function indexErrOverrun(\n uint256 _loc,\n uint256 _len,\n uint256 _index,\n uint256 _slice\n ) internal pure returns (string memory err) {\n (, uint256 a) = encodeHex(_loc);\n (, uint256 b) = encodeHex(_len);\n (, uint256 c) = encodeHex(_index);\n (, uint256 d) = encodeHex(_slice);\n err = string(\n abi.encodePacked(\n \"TypedMemView/index - Overran the view. Slice is at 0x\",\n uint48(a),\n \" with length 0x\",\n uint48(b),\n \". Attempted to index at offset 0x\",\n uint48(c),\n \" with length 0x\",\n uint48(d),\n \".\"\n )\n );\n }\n\n /**\n * @notice Load up to 32 bytes from the view onto the stack.\n * @dev Returns a bytes32 with only the `_bytes` highest bytes set.\n * This can be immediately cast to a smaller fixed-length byte array.\n * To automatically cast to an integer, use `indexUint`.\n * @param memView The view\n * @param _index The index\n * @param _bytes The bytes\n * @return result - The 32 byte result\n */\n function index(bytes29 memView, uint256 _index, uint8 _bytes) internal pure returns (bytes32 result) {\n if (_bytes == 0) {return bytes32(0);}\n if (_index.add(_bytes) \u003e len(memView)) {\n revert(indexErrOverrun(loc(memView), len(memView), _index, uint256(_bytes)));\n }\n require(_bytes \u003c= 32, \"TypedMemView/index - Attempted to index more than 32 bytes\");\n\n uint8 bitLength = _bytes * 8;\n uint256 _loc = loc(memView);\n uint256 _mask = leftMask(bitLength);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n result := and(mload(add(_loc, _index)), _mask)\n }\n }\n\n /**\n * @notice Parse an unsigned integer from the view at `_index`.\n * @dev Requires that the view have \u003e= `_bytes` bytes following that index.\n * @param memView The view\n * @param _index The index\n * @param _bytes The bytes\n * @return result - The unsigned integer\n */\n function indexUint(bytes29 memView, uint256 _index, uint8 _bytes) internal pure returns (uint256 result) {\n return uint256(index(memView, _index, _bytes)) \u003e\u003e ((32 - _bytes) * 8);\n }\n\n /**\n * @notice Parse an unsigned integer from LE bytes.\n * @param memView The view\n * @param _index The index\n * @param _bytes The bytes\n * @return result - The unsigned integer\n */\n function indexLEUint(bytes29 memView, uint256 _index, uint8 _bytes) internal pure returns (uint256 result) {\n return reverseUint256(uint256(index(memView, _index, _bytes)));\n }\n\n /**\n * @notice Parse an address from the view at `_index`. Requires that the view have \u003e= 20 bytes\n * following that index.\n * @param memView The view\n * @param _index The index\n * @return address - The address\n */\n function indexAddress(bytes29 memView, uint256 _index) internal pure returns (address) {\n return address(uint160(indexUint(memView, _index, 20)));\n }\n\n /**\n * @notice Return the keccak256 hash of the underlying memory\n * @param memView The view\n * @return digest - The keccak256 hash of the underlying memory\n */\n function keccak(bytes29 memView) internal pure returns (bytes32 digest) {\n uint256 _loc = loc(memView);\n uint256 _len = len(memView);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n digest := keccak256(_loc, _len)\n }\n }\n\n /**\n * @notice Return the sha2 digest of the underlying memory.\n * @dev We explicitly deallocate memory afterwards.\n * @param memView The view\n * @return digest - The sha2 hash of the underlying memory\n */\n function sha2(bytes29 memView) internal view returns (bytes32 digest) {\n uint256 _loc = loc(memView);\n uint256 _len = len(memView);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n let ptr := mload(0x40)\n pop(staticcall(gas(), 2, _loc, _len, ptr, 0x20)) // sha2 #1\n digest := mload(ptr)\n }\n }\n\n /**\n * @notice Implements bitcoin's hash160 (rmd160(sha2()))\n * @param memView The pre-image\n * @return digest - the Digest\n */\n function hash160(bytes29 memView) internal view returns (bytes20 digest) {\n uint256 _loc = loc(memView);\n uint256 _len = len(memView);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n let ptr := mload(0x40)\n pop(staticcall(gas(), 2, _loc, _len, ptr, 0x20)) // sha2\n pop(staticcall(gas(), 3, ptr, 0x20, ptr, 0x20)) // rmd160\n digest := mload(add(ptr, 0xc)) // return value is 0-prefixed.\n }\n }\n\n /**\n * @notice Implements bitcoin's hash256 (double sha2)\n * @param memView A view of the preimage\n * @return digest - the Digest\n */\n function hash256(bytes29 memView) internal view returns (bytes32 digest) {\n uint256 _loc = loc(memView);\n uint256 _len = len(memView);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n let ptr := mload(0x40)\n pop(staticcall(gas(), 2, _loc, _len, ptr, 0x20)) // sha2 #1\n pop(staticcall(gas(), 2, ptr, 0x20, ptr, 0x20)) // sha2 #2\n digest := mload(ptr)\n }\n }\n\n /**\n * @notice Return true if the underlying memory is equal. Else false.\n * @param left The first view\n * @param right The second view\n * @return bool - True if the underlying memory is equal\n */\n function untypedEqual(bytes29 left, bytes29 right) internal pure returns (bool) {\n return (loc(left) == loc(right) \u0026\u0026 len(left) == len(right)) || keccak(left) == keccak(right);\n }\n\n /**\n * @notice Return false if the underlying memory is equal. Else true.\n * @param left The first view\n * @param right The second view\n * @return bool - False if the underlying memory is equal\n */\n function untypedNotEqual(bytes29 left, bytes29 right) internal pure returns (bool) {\n return !untypedEqual(left, right);\n }\n\n /**\n * @notice Compares type equality.\n * @dev Shortcuts if the pointers are identical, otherwise compares type and digest.\n * @param left The first view\n * @param right The second view\n * @return bool - True if the types are the same\n */\n function equal(bytes29 left, bytes29 right) internal pure returns (bool) {\n return left == right || (typeOf(left) == typeOf(right) \u0026\u0026 keccak(left) == keccak(right));\n }\n\n /**\n * @notice Compares type inequality.\n * @dev Shortcuts if the pointers are identical, otherwise compares type and digest.\n * @param left The first view\n * @param right The second view\n * @return bool - True if the types are not the same\n */\n function notEqual(bytes29 left, bytes29 right) internal pure returns (bool) {\n return !equal(left, right);\n }\n\n /**\n * @notice Copy the view to a location, return an unsafe memory reference\n * @dev Super Dangerous direct memory access.\n *\n * This reference can be overwritten if anything else modifies memory (!!!).\n * As such it MUST be consumed IMMEDIATELY.\n * This function is private to prevent unsafe usage by callers.\n * @param memView The view\n * @param _newLoc The new location\n * @return written - the unsafe memory reference\n */\n function unsafeCopyTo(bytes29 memView, uint256 _newLoc) private view returns (bytes29 written) {\n require(notNull(memView), \"TypedMemView/copyTo - Null pointer deref\");\n require(isValid(memView), \"TypedMemView/copyTo - Invalid pointer deref\");\n uint256 _len = len(memView);\n uint256 _oldLoc = loc(memView);\n\n uint256 ptr;\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n ptr := mload(0x40)\n // revert if we're writing in occupied memory\n if gt(ptr, _newLoc) {\n revert(0x60, 0x20) // empty revert message\n }\n\n // use the identity precompile to copy\n // guaranteed not to fail, so pop the success\n pop(staticcall(gas(), 4, _oldLoc, _len, _newLoc, _len))\n }\n\n written = unsafeBuildUnchecked(typeOf(memView), _newLoc, _len);\n }\n\n /**\n * @notice Copies the referenced memory to a new loc in memory, returning a `bytes` pointing to\n * the new memory\n * @dev Shortcuts if the pointers are identical, otherwise compares type and digest.\n * @param memView The view\n * @return ret - The view pointing to the new memory\n */\n function clone(bytes29 memView) internal view returns (bytes memory ret) {\n uint256 ptr;\n uint256 _len = len(memView);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n ptr := mload(0x40) // load unused memory pointer\n ret := ptr\n }\n unsafeCopyTo(memView, ptr + 0x20);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n mstore(0x40, add(add(ptr, _len), 0x20)) // write new unused pointer\n mstore(ptr, _len) // write len of new array (in bytes)\n }\n }\n\n /**\n * @notice Join the views in memory, return an unsafe reference to the memory.\n * @dev Super Dangerous direct memory access.\n *\n * This reference can be overwritten if anything else modifies memory (!!!).\n * As such it MUST be consumed IMMEDIATELY.\n * This function is private to prevent unsafe usage by callers.\n * @param memViews The views\n * @return unsafeView - The conjoined view pointing to the new memory\n */\n function unsafeJoin(bytes29[] memory memViews, uint256 _location) private view returns (bytes29 unsafeView) {\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n let ptr := mload(0x40)\n // revert if we're writing in occupied memory\n if gt(ptr, _location) {\n revert(0x60, 0x20) // empty revert message\n }\n }\n\n uint256 _offset = 0;\n for (uint256 i = 0; i \u003c memViews.length; i ++) {\n bytes29 memView = memViews[i];\n unsafeCopyTo(memView, _location + _offset);\n _offset += len(memView);\n }\n unsafeView = unsafeBuildUnchecked(0, _location, _offset);\n }\n\n /**\n * @notice Produce the keccak256 digest of the concatenated contents of multiple views.\n * @param memViews The views\n * @return bytes32 - The keccak256 digest\n */\n function joinKeccak(bytes29[] memory memViews) internal view returns (bytes32) {\n uint256 ptr;\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n ptr := mload(0x40) // load unused memory pointer\n }\n return keccak(unsafeJoin(memViews, ptr));\n }\n\n /**\n * @notice Produce the sha256 digest of the concatenated contents of multiple views.\n * @param memViews The views\n * @return bytes32 - The sha256 digest\n */\n function joinSha2(bytes29[] memory memViews) internal view returns (bytes32) {\n uint256 ptr;\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n ptr := mload(0x40) // load unused memory pointer\n }\n return sha2(unsafeJoin(memViews, ptr));\n }\n\n /**\n * @notice copies all views, joins them into a new bytearray.\n * @param memViews The views\n * @return ret - The new byte array\n */\n function join(bytes29[] memory memViews) internal view returns (bytes memory ret) {\n uint256 ptr;\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n ptr := mload(0x40) // load unused memory pointer\n }\n\n bytes29 _newView = unsafeJoin(memViews, ptr + 0x20);\n uint256 _written = len(_newView);\n uint256 _footprint = footprint(_newView);\n\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n // store the legnth\n mstore(ptr, _written)\n // new pointer is old + 0x20 + the footprint of the body\n mstore(0x40, add(add(ptr, _footprint), 0x20))\n ret := ptr\n }\n }\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * @title IRelayer\n * @notice Sends messages from source domain to destination domain\n */\ninterface IRelayer {\n /**\n * @notice Sends an outgoing message from the source domain.\n * @dev Increment nonce, format the message, and emit `MessageSent` event with message information.\n * @param destinationDomain Domain of destination chain\n * @param recipient Address of message recipient on destination domain as bytes32\n * @param messageBody Raw bytes content of message\n * @return nonce reserved by message\n */\n function sendMessage(\n uint32 destinationDomain,\n bytes32 recipient,\n bytes calldata messageBody\n ) external returns (uint64);\n\n /**\n * @notice Sends an outgoing message from the source domain, with a specified caller on the\n * destination domain.\n * @dev Increment nonce, format the message, and emit `MessageSent` event with message information.\n * WARNING: if the `destinationCaller` does not represent a valid address as bytes32, then it will not be possible\n * to broadcast the message on the destination domain. This is an advanced feature, and the standard\n * sendMessage() should be preferred for use cases where a specific destination caller is not required.\n * @param destinationDomain Domain of destination chain\n * @param recipient Address of message recipient on destination domain as bytes32\n * @param destinationCaller caller on the destination domain, as bytes32\n * @param messageBody Raw bytes content of message\n * @return nonce reserved by message\n */\n function sendMessageWithCaller(\n uint32 destinationDomain,\n bytes32 recipient,\n bytes32 destinationCaller,\n bytes calldata messageBody\n ) external returns (uint64);\n\n /**\n * @notice Replace a message with a new message body and/or destination caller.\n * @dev The `originalAttestation` must be a valid attestation of `originalMessage`.\n * @param originalMessage original message to replace\n * @param originalAttestation attestation of `originalMessage`\n * @param newMessageBody new message body of replaced message\n * @param newDestinationCaller the new destination caller\n */\n function replaceMessage(\n bytes calldata originalMessage,\n bytes calldata originalAttestation,\n bytes calldata newMessageBody,\n bytes32 newDestinationCaller\n ) external;\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * @title IReceiver\n * @notice Receives messages on destination chain and forwards them to IMessageDestinationHandler\n */\ninterface IReceiver {\n /**\n * @notice Receives an incoming message, validating the header and passing\n * the body to application-specific handler.\n * @param message The message raw bytes\n * @param signature The message signature\n * @return success bool, true if successful\n */\n function receiveMessage(bytes calldata message, bytes calldata signature)\n external\n returns (bool success);\n}\n\n/**\n * @title IMessageTransmitter\n * @notice Interface for message transmitters, which both relay and receive messages.\n */\ninterface IMessageTransmitter is IRelayer, IReceiver {\n\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * @title IMessageHandler\n * @notice Handles messages on destination domain forwarded from\n * an IReceiver\n */\ninterface IMessageHandler {\n /**\n * @notice handles an incoming message from a Receiver\n * @param sourceDomain the source domain of the message\n * @param sender the sender of the message\n * @param messageBody The message raw bytes\n * @return success bool, true if successful\n */\n function handleReceiveMessage(\n uint32 sourceDomain,\n bytes32 sender,\n bytes calldata messageBody\n ) external returns (bool);\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * @title Message Library\n * @notice Library for formatted messages used by Relayer and Receiver.\n *\n * @dev The message body is dynamically-sized to support custom message body\n * formats. Other fields must be fixed-size to avoid hash collisions.\n * Each other input value has an explicit type to guarantee fixed-size.\n * Padding: uintNN fields are left-padded, and bytesNN fields are right-padded.\n *\n * Field Bytes Type Index\n * version 4 uint32 0\n * sourceDomain 4 uint32 4\n * destinationDomain 4 uint32 8\n * nonce 8 uint64 12\n * sender 32 bytes32 20\n * recipient 32 bytes32 52\n * destinationCaller 32 bytes32 84\n * messageBody dynamic bytes 116\n *\n **/\nlibrary Message {\n using TypedMemView for bytes;\n using TypedMemView for bytes29;\n\n // Indices of each field in message\n uint8 private constant VERSION_INDEX = 0;\n uint8 private constant SOURCE_DOMAIN_INDEX = 4;\n uint8 private constant DESTINATION_DOMAIN_INDEX = 8;\n uint8 private constant NONCE_INDEX = 12;\n uint8 private constant SENDER_INDEX = 20;\n uint8 private constant RECIPIENT_INDEX = 52;\n uint8 private constant DESTINATION_CALLER_INDEX = 84;\n uint8 private constant MESSAGE_BODY_INDEX = 116;\n\n /**\n * @notice Returns formatted (packed) message with provided fields\n * @param _msgVersion the version of the message format\n * @param _msgSourceDomain Domain of home chain\n * @param _msgDestinationDomain Domain of destination chain\n * @param _msgNonce Destination-specific nonce\n * @param _msgSender Address of sender on source chain as bytes32\n * @param _msgRecipient Address of recipient on destination chain as bytes32\n * @param _msgDestinationCaller Address of caller on destination chain as bytes32\n * @param _msgRawBody Raw bytes of message body\n * @return Formatted message\n **/\n function _formatMessage(\n uint32 _msgVersion,\n uint32 _msgSourceDomain,\n uint32 _msgDestinationDomain,\n uint64 _msgNonce,\n bytes32 _msgSender,\n bytes32 _msgRecipient,\n bytes32 _msgDestinationCaller,\n bytes memory _msgRawBody\n ) internal pure returns (bytes memory) {\n return\n abi.encodePacked(\n _msgVersion,\n _msgSourceDomain,\n _msgDestinationDomain,\n _msgNonce,\n _msgSender,\n _msgRecipient,\n _msgDestinationCaller,\n _msgRawBody\n );\n }\n\n // @notice Returns _message's version field\n function _version(bytes29 _message) internal pure returns (uint32) {\n return uint32(_message.indexUint(VERSION_INDEX, 4));\n }\n\n // @notice Returns _message's sourceDomain field\n function _sourceDomain(bytes29 _message) internal pure returns (uint32) {\n return uint32(_message.indexUint(SOURCE_DOMAIN_INDEX, 4));\n }\n\n // @notice Returns _message's destinationDomain field\n function _destinationDomain(bytes29 _message)\n internal\n pure\n returns (uint32)\n {\n return uint32(_message.indexUint(DESTINATION_DOMAIN_INDEX, 4));\n }\n\n // @notice Returns _message's nonce field\n function _nonce(bytes29 _message) internal pure returns (uint64) {\n return uint64(_message.indexUint(NONCE_INDEX, 8));\n }\n\n // @notice Returns _message's sender field\n function _sender(bytes29 _message) internal pure returns (bytes32) {\n return _message.index(SENDER_INDEX, 32);\n }\n\n // @notice Returns _message's recipient field\n function _recipient(bytes29 _message) internal pure returns (bytes32) {\n return _message.index(RECIPIENT_INDEX, 32);\n }\n\n // @notice Returns _message's destinationCaller field\n function _destinationCaller(bytes29 _message)\n internal\n pure\n returns (bytes32)\n {\n return _message.index(DESTINATION_CALLER_INDEX, 32);\n }\n\n // @notice Returns _message's messageBody field\n function _messageBody(bytes29 _message) internal pure returns (bytes29) {\n return\n _message.slice(\n MESSAGE_BODY_INDEX,\n _message.len() - MESSAGE_BODY_INDEX,\n 0\n );\n }\n\n /**\n * @notice converts address to bytes32 (alignment preserving cast.)\n * @param addr the address to convert to bytes32\n */\n function addressToBytes32(address addr) external pure returns (bytes32) {\n return bytes32(uint256(uint160(addr)));\n }\n\n /**\n * @notice converts bytes32 to address (alignment preserving cast.)\n * @dev Warning: it is possible to have different input values _buf map to the same address.\n * For use cases where this is not acceptable, validate that the first 12 bytes of _buf are zero-padding.\n * @param _buf the bytes32 to convert to address\n */\n function bytes32ToAddress(bytes32 _buf) public pure returns (address) {\n return address(uint160(uint256(_buf)));\n }\n\n /**\n * @notice Reverts if message is malformed or incorrect length\n * @param _message The message as bytes29\n */\n function _validateMessageFormat(bytes29 _message) internal pure {\n require(_message.isValid(), \"Malformed message\");\n require(\n _message.len() \u003e= MESSAGE_BODY_INDEX,\n \"Invalid message: too short\"\n );\n }\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/*\n * @dev Provides information about the current execution context, including the\n * sender of the transaction and its data. While these are generally available\n * via msg.sender and msg.data, they should not be accessed in such a direct\n * manner, since when dealing with GSN meta-transactions the account sending and\n * paying for execution may not be the actual sender (as far as an application\n * is concerned).\n *\n * This contract is only required for intermediate, library-like contracts.\n */\nabstract contract Context {\n function _msgSender() internal view virtual returns (address payable) {\n return msg.sender;\n }\n\n function _msgData() internal view virtual returns (bytes memory) {\n this; // silence state mutability warning without generating bytecode - see https://github.com/ethereum/solidity/issues/2691\n return msg.data;\n }\n}\n\n/**\n * @dev forked from https://github.com/OpenZeppelin/openzeppelin-contracts/blob/7c5f6bc2c8743d83443fa46395d75f2f3f99054a/contracts/access/Ownable.sol\n * Modifications:\n * 1. Update Solidity version from 0.8.0 to 0.7.6 (11/9/2022). (v8 was used\n * as base because it includes internal _transferOwnership method.)\n * 2. Remove renounceOwnership function\n *\n * Description\n * Contract module which provides a basic access control mechanism, where\n * there is an account (an owner) that can be granted exclusive access to\n * specific functions.\n *\n * By default, the owner account will be the one that deploys the contract. This\n * can later be changed with {transferOwnership}.\n *\n * This module is used through inheritance. It will make available the modifier\n * `onlyOwner`, which can be applied to your functions to restrict their use to\n * the owner.\n */\nabstract contract Ownable is Context {\n address private _owner;\n\n event OwnershipTransferred(\n address indexed previousOwner,\n address indexed newOwner\n );\n\n /**\n * @dev Initializes the contract setting the deployer as the initial owner.\n */\n constructor() {\n _transferOwnership(_msgSender());\n }\n\n /**\n * @dev Throws if called by any account other than the owner.\n */\n modifier onlyOwner() {\n _checkOwner();\n _;\n }\n\n /**\n * @dev Returns the address of the current owner.\n */\n function owner() public view virtual returns (address) {\n return _owner;\n }\n\n /**\n * @dev Throws if the sender is not the owner.\n */\n function _checkOwner() internal view virtual {\n require(owner() == _msgSender(), \"Ownable: caller is not the owner\");\n }\n\n /**\n * @dev Transfers ownership of the contract to a new account (`newOwner`).\n * Can only be called by the current owner.\n */\n function transferOwnership(address newOwner) public virtual onlyOwner {\n require(\n newOwner != address(0),\n \"Ownable: new owner is the zero address\"\n );\n _transferOwnership(newOwner);\n }\n\n /**\n * @dev Transfers ownership of the contract to a new account (`newOwner`).\n * Internal function without access restriction.\n */\n function _transferOwnership(address newOwner) internal virtual {\n address oldOwner = _owner;\n _owner = newOwner;\n emit OwnershipTransferred(oldOwner, newOwner);\n }\n}\n\n/**\n * @dev forked from https://github.com/OpenZeppelin/openzeppelin-contracts/blob/7c5f6bc2c8743d83443fa46395d75f2f3f99054a/contracts/access/Ownable2Step.sol\n * Modifications:\n * 1. Update Solidity version from 0.8.0 to 0.7.6. Version 0.8.0 was used\n * as base because this contract was added to OZ repo after version 0.8.0.\n *\n * Contract module which provides access control mechanism, where\n * there is an account (an owner) that can be granted exclusive access to\n * specific functions.\n *\n * By default, the owner account will be the one that deploys the contract. This\n * can later be changed with {transferOwnership} and {acceptOwnership}.\n *\n * This module is used through inheritance. It will make available all functions\n * from parent (Ownable).\n */\nabstract contract Ownable2Step is Ownable {\n address private _pendingOwner;\n\n event OwnershipTransferStarted(\n address indexed previousOwner,\n address indexed newOwner\n );\n\n /**\n * @dev Returns the address of the pending owner.\n */\n function pendingOwner() public view virtual returns (address) {\n return _pendingOwner;\n }\n\n /**\n * @dev Starts the ownership transfer of the contract to a new account. Replaces the pending transfer if there is one.\n * Can only be called by the current owner.\n */\n function transferOwnership(address newOwner)\n public\n virtual\n override\n onlyOwner\n {\n _pendingOwner = newOwner;\n emit OwnershipTransferStarted(owner(), newOwner);\n }\n\n /**\n * @dev Transfers ownership of the contract to a new account (`newOwner`) and deletes any pending owner.\n * Internal function without access restriction.\n */\n function _transferOwnership(address newOwner) internal virtual override {\n delete _pendingOwner;\n super._transferOwnership(newOwner);\n }\n\n /**\n * @dev The new owner accepts the ownership transfer.\n */\n function acceptOwnership() external {\n address sender = _msgSender();\n require(\n pendingOwner() == sender,\n \"Ownable2Step: caller is not the new owner\"\n );\n _transferOwnership(sender);\n }\n}\n\n/**\n * @notice Base contract which allows children to implement an emergency stop\n * mechanism\n * @dev Forked from https://github.com/centrehq/centre-tokens/blob/0d3cab14ebd133a83fc834dbd48d0468bdf0b391/contracts/v1/Pausable.sol\n * Modifications:\n * 1. Update Solidity version from 0.6.12 to 0.7.6 (8/23/2022)\n * 2. Change pauser visibility to private, declare external getter (11/19/22)\n */\ncontract Pausable is Ownable2Step {\n event Pause();\n event Unpause();\n event PauserChanged(address indexed newAddress);\n\n address private _pauser;\n bool public paused = false;\n\n /**\n * @dev Modifier to make a function callable only when the contract is not paused.\n */\n modifier whenNotPaused() {\n require(!paused, \"Pausable: paused\");\n _;\n }\n\n /**\n * @dev throws if called by any account other than the pauser\n */\n modifier onlyPauser() {\n require(msg.sender == _pauser, \"Pausable: caller is not the pauser\");\n _;\n }\n\n /**\n * @notice Returns current pauser\n * @return Pauser's address\n */\n function pauser() external view returns (address) {\n return _pauser;\n }\n\n /**\n * @dev called by the owner to pause, triggers stopped state\n */\n function pause() external onlyPauser {\n paused = true;\n emit Pause();\n }\n\n /**\n * @dev called by the owner to unpause, returns to normal state\n */\n function unpause() external onlyPauser {\n paused = false;\n emit Unpause();\n }\n\n /**\n * @dev update the pauser role\n */\n function updatePauser(address _newPauser) external onlyOwner {\n require(\n _newPauser != address(0),\n \"Pausable: new pauser is the zero address\"\n );\n _pauser = _newPauser;\n emit PauserChanged(_pauser);\n }\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * @dev Interface of the ERC20 standard as defined in the EIP.\n */\ninterface IERC20 {\n /**\n * @dev Returns the amount of tokens in existence.\n */\n function totalSupply() external view returns (uint256);\n\n /**\n * @dev Returns the amount of tokens owned by `account`.\n */\n function balanceOf(address account) external view returns (uint256);\n\n /**\n * @dev Moves `amount` tokens from the caller's account to `recipient`.\n *\n * Returns a boolean value indicating whether the operation succeeded.\n *\n * Emits a {Transfer} event.\n */\n function transfer(address recipient, uint256 amount) external returns (bool);\n\n /**\n * @dev Returns the remaining number of tokens that `spender` will be\n * allowed to spend on behalf of `owner` through {transferFrom}. This is\n * zero by default.\n *\n * This value changes when {approve} or {transferFrom} are called.\n */\n function allowance(address owner, address spender) external view returns (uint256);\n\n /**\n * @dev Sets `amount` as the allowance of `spender` over the caller's tokens.\n *\n * Returns a boolean value indicating whether the operation succeeded.\n *\n * IMPORTANT: Beware that changing an allowance with this method brings the risk\n * that someone may use both the old and the new allowance by unfortunate\n * transaction ordering. One possible solution to mitigate this race\n * condition is to first reduce the spender's allowance to 0 and set the\n * desired value afterwards:\n * https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729\n *\n * Emits an {Approval} event.\n */\n function approve(address spender, uint256 amount) external returns (bool);\n\n /**\n * @dev Moves `amount` tokens from `sender` to `recipient` using the\n * allowance mechanism. `amount` is then deducted from the caller's\n * allowance.\n *\n * Returns a boolean value indicating whether the operation succeeded.\n *\n * Emits a {Transfer} event.\n */\n function transferFrom(address sender, address recipient, uint256 amount) external returns (bool);\n\n /**\n * @dev Emitted when `value` tokens are moved from one account (`from`) to\n * another (`to`).\n *\n * Note that `value` may be zero.\n */\n event Transfer(address indexed from, address indexed to, uint256 value);\n\n /**\n * @dev Emitted when the allowance of a `spender` for an `owner` is set by\n * a call to {approve}. `value` is the new allowance.\n */\n event Approval(address indexed owner, address indexed spender, uint256 value);\n}\n\n/**\n * @dev Wrappers over Solidity's arithmetic operations with added overflow\n * checks.\n *\n * Arithmetic operations in Solidity wrap on overflow. This can easily result\n * in bugs, because programmers usually assume that an overflow raises an\n * error, which is the standard behavior in high level programming languages.\n * `SafeMath` restores this intuition by reverting the transaction when an\n * operation overflows.\n *\n * Using this library instead of the unchecked operations eliminates an entire\n * class of bugs, so it's recommended to use it always.\n */\nlibrary SafeMath {\n /**\n * @dev Returns the addition of two unsigned integers, with an overflow flag.\n *\n * _Available since v3.4._\n */\n function tryAdd(uint256 a, uint256 b) internal pure returns (bool, uint256) {\n uint256 c = a + b;\n if (c \u003c a) return (false, 0);\n return (true, c);\n }\n\n /**\n * @dev Returns the substraction of two unsigned integers, with an overflow flag.\n *\n * _Available since v3.4._\n */\n function trySub(uint256 a, uint256 b) internal pure returns (bool, uint256) {\n if (b \u003e a) return (false, 0);\n return (true, a - b);\n }\n\n /**\n * @dev Returns the multiplication of two unsigned integers, with an overflow flag.\n *\n * _Available since v3.4._\n */\n function tryMul(uint256 a, uint256 b) internal pure returns (bool, uint256) {\n // Gas optimization: this is cheaper than requiring 'a' not being zero, but the\n // benefit is lost if 'b' is also tested.\n // See: https://github.com/OpenZeppelin/openzeppelin-contracts/pull/522\n if (a == 0) return (true, 0);\n uint256 c = a * b;\n if (c / a != b) return (false, 0);\n return (true, c);\n }\n\n /**\n * @dev Returns the division of two unsigned integers, with a division by zero flag.\n *\n * _Available since v3.4._\n */\n function tryDiv(uint256 a, uint256 b) internal pure returns (bool, uint256) {\n if (b == 0) return (false, 0);\n return (true, a / b);\n }\n\n /**\n * @dev Returns the remainder of dividing two unsigned integers, with a division by zero flag.\n *\n * _Available since v3.4._\n */\n function tryMod(uint256 a, uint256 b) internal pure returns (bool, uint256) {\n if (b == 0) return (false, 0);\n return (true, a % b);\n }\n\n /**\n * @dev Returns the addition of two unsigned integers, reverting on\n * overflow.\n *\n * Counterpart to Solidity's `+` operator.\n *\n * Requirements:\n *\n * - Addition cannot overflow.\n */\n function add(uint256 a, uint256 b) internal pure returns (uint256) {\n uint256 c = a + b;\n require(c \u003e= a, \"SafeMath: addition overflow\");\n return c;\n }\n\n /**\n * @dev Returns the subtraction of two unsigned integers, reverting on\n * overflow (when the result is negative).\n *\n * Counterpart to Solidity's `-` operator.\n *\n * Requirements:\n *\n * - Subtraction cannot overflow.\n */\n function sub(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b \u003c= a, \"SafeMath: subtraction overflow\");\n return a - b;\n }\n\n /**\n * @dev Returns the multiplication of two unsigned integers, reverting on\n * overflow.\n *\n * Counterpart to Solidity's `*` operator.\n *\n * Requirements:\n *\n * - Multiplication cannot overflow.\n */\n function mul(uint256 a, uint256 b) internal pure returns (uint256) {\n if (a == 0) return 0;\n uint256 c = a * b;\n require(c / a == b, \"SafeMath: multiplication overflow\");\n return c;\n }\n\n /**\n * @dev Returns the integer division of two unsigned integers, reverting on\n * division by zero. The result is rounded towards zero.\n *\n * Counterpart to Solidity's `/` operator. Note: this function uses a\n * `revert` opcode (which leaves remaining gas untouched) while Solidity\n * uses an invalid opcode to revert (consuming all remaining gas).\n *\n * Requirements:\n *\n * - The divisor cannot be zero.\n */\n function div(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b \u003e 0, \"SafeMath: division by zero\");\n return a / b;\n }\n\n /**\n * @dev Returns the remainder of dividing two unsigned integers. (unsigned integer modulo),\n * reverting when dividing by zero.\n *\n * Counterpart to Solidity's `%` operator. This function uses a `revert`\n * opcode (which leaves remaining gas untouched) while Solidity uses an\n * invalid opcode to revert (consuming all remaining gas).\n *\n * Requirements:\n *\n * - The divisor cannot be zero.\n */\n function mod(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b \u003e 0, \"SafeMath: modulo by zero\");\n return a % b;\n }\n\n /**\n * @dev Returns the subtraction of two unsigned integers, reverting with custom message on\n * overflow (when the result is negative).\n *\n * CAUTION: This function is deprecated because it requires allocating memory for the error\n * message unnecessarily. For custom revert reasons use {trySub}.\n *\n * Counterpart to Solidity's `-` operator.\n *\n * Requirements:\n *\n * - Subtraction cannot overflow.\n */\n function sub(uint256 a, uint256 b, string memory errorMessage) internal pure returns (uint256) {\n require(b \u003c= a, errorMessage);\n return a - b;\n }\n\n /**\n * @dev Returns the integer division of two unsigned integers, reverting with custom message on\n * division by zero. The result is rounded towards zero.\n *\n * CAUTION: This function is deprecated because it requires allocating memory for the error\n * message unnecessarily. For custom revert reasons use {tryDiv}.\n *\n * Counterpart to Solidity's `/` operator. Note: this function uses a\n * `revert` opcode (which leaves remaining gas untouched) while Solidity\n * uses an invalid opcode to revert (consuming all remaining gas).\n *\n * Requirements:\n *\n * - The divisor cannot be zero.\n */\n function div(uint256 a, uint256 b, string memory errorMessage) internal pure returns (uint256) {\n require(b \u003e 0, errorMessage);\n return a / b;\n }\n\n /**\n * @dev Returns the remainder of dividing two unsigned integers. (unsigned integer modulo),\n * reverting with custom message when dividing by zero.\n *\n * CAUTION: This function is deprecated because it requires allocating memory for the error\n * message unnecessarily. For custom revert reasons use {tryMod}.\n *\n * Counterpart to Solidity's `%` operator. This function uses a `revert`\n * opcode (which leaves remaining gas untouched) while Solidity uses an\n * invalid opcode to revert (consuming all remaining gas).\n *\n * Requirements:\n *\n * - The divisor cannot be zero.\n */\n function mod(uint256 a, uint256 b, string memory errorMessage) internal pure returns (uint256) {\n require(b \u003e 0, errorMessage);\n return a % b;\n }\n}\n\n/**\n * @dev Collection of functions related to the address type\n */\nlibrary Address {\n /**\n * @dev Returns true if `account` is a contract.\n *\n * [IMPORTANT]\n * ====\n * It is unsafe to assume that an address for which this function returns\n * false is an externally-owned account (EOA) and not a contract.\n *\n * Among others, `isContract` will return false for the following\n * types of addresses:\n *\n * - an externally-owned account\n * - a contract in construction\n * - an address where a contract will be created\n * - an address where a contract lived, but was destroyed\n * ====\n */\n function isContract(address account) internal view returns (bool) {\n // This method relies on extcodesize, which returns 0 for contracts in\n // construction, since the code is only stored at the end of the\n // constructor execution.\n\n uint256 size;\n // solhint-disable-next-line no-inline-assembly\n assembly { size := extcodesize(account) }\n return size \u003e 0;\n }\n\n /**\n * @dev Replacement for Solidity's `transfer`: sends `amount` wei to\n * `recipient`, forwarding all available gas and reverting on errors.\n *\n * https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost\n * of certain opcodes, possibly making contracts go over the 2300 gas limit\n * imposed by `transfer`, making them unable to receive funds via\n * `transfer`. {sendValue} removes this limitation.\n *\n * https://diligence.consensys.net/posts/2019/09/stop-using-soliditys-transfer-now/[Learn more].\n *\n * IMPORTANT: because control is transferred to `recipient`, care must be\n * taken to not create reentrancy vulnerabilities. Consider using\n * {ReentrancyGuard} or the\n * https://solidity.readthedocs.io/en/v0.5.11/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern].\n */\n function sendValue(address payable recipient, uint256 amount) internal {\n require(address(this).balance \u003e= amount, \"Address: insufficient balance\");\n\n // solhint-disable-next-line avoid-low-level-calls, avoid-call-value\n (bool success, ) = recipient.call{ value: amount }(\"\");\n require(success, \"Address: unable to send value, recipient may have reverted\");\n }\n\n /**\n * @dev Performs a Solidity function call using a low level `call`. A\n * plain`call` is an unsafe replacement for a function call: use this\n * function instead.\n *\n * If `target` reverts with a revert reason, it is bubbled up by this\n * function (like regular Solidity function calls).\n *\n * Returns the raw returned data. To convert to the expected return value,\n * use https://solidity.readthedocs.io/en/latest/units-and-global-variables.html?highlight=abi.decode#abi-encoding-and-decoding-functions[`abi.decode`].\n *\n * Requirements:\n *\n * - `target` must be a contract.\n * - calling `target` with `data` must not revert.\n *\n * _Available since v3.1._\n */\n function functionCall(address target, bytes memory data) internal returns (bytes memory) {\n return functionCall(target, data, \"Address: low-level call failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], but with\n * `errorMessage` as a fallback revert reason when `target` reverts.\n *\n * _Available since v3.1._\n */\n function functionCall(address target, bytes memory data, string memory errorMessage) internal returns (bytes memory) {\n return functionCallWithValue(target, data, 0, errorMessage);\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\n * but also transferring `value` wei to `target`.\n *\n * Requirements:\n *\n * - the calling contract must have an ETH balance of at least `value`.\n * - the called Solidity function must be `payable`.\n *\n * _Available since v3.1._\n */\n function functionCallWithValue(address target, bytes memory data, uint256 value) internal returns (bytes memory) {\n return functionCallWithValue(target, data, value, \"Address: low-level call with value failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCallWithValue-address-bytes-uint256-}[`functionCallWithValue`], but\n * with `errorMessage` as a fallback revert reason when `target` reverts.\n *\n * _Available since v3.1._\n */\n function functionCallWithValue(address target, bytes memory data, uint256 value, string memory errorMessage) internal returns (bytes memory) {\n require(address(this).balance \u003e= value, \"Address: insufficient balance for call\");\n require(isContract(target), \"Address: call to non-contract\");\n\n // solhint-disable-next-line avoid-low-level-calls\n (bool success, bytes memory returndata) = target.call{ value: value }(data);\n return _verifyCallResult(success, returndata, errorMessage);\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\n * but performing a static call.\n *\n * _Available since v3.3._\n */\n function functionStaticCall(address target, bytes memory data) internal view returns (bytes memory) {\n return functionStaticCall(target, data, \"Address: low-level static call failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],\n * but performing a static call.\n *\n * _Available since v3.3._\n */\n function functionStaticCall(address target, bytes memory data, string memory errorMessage) internal view returns (bytes memory) {\n require(isContract(target), \"Address: static call to non-contract\");\n\n // solhint-disable-next-line avoid-low-level-calls\n (bool success, bytes memory returndata) = target.staticcall(data);\n return _verifyCallResult(success, returndata, errorMessage);\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\n * but performing a delegate call.\n *\n * _Available since v3.4._\n */\n function functionDelegateCall(address target, bytes memory data) internal returns (bytes memory) {\n return functionDelegateCall(target, data, \"Address: low-level delegate call failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],\n * but performing a delegate call.\n *\n * _Available since v3.4._\n */\n function functionDelegateCall(address target, bytes memory data, string memory errorMessage) internal returns (bytes memory) {\n require(isContract(target), \"Address: delegate call to non-contract\");\n\n // solhint-disable-next-line avoid-low-level-calls\n (bool success, bytes memory returndata) = target.delegatecall(data);\n return _verifyCallResult(success, returndata, errorMessage);\n }\n\n function _verifyCallResult(bool success, bytes memory returndata, string memory errorMessage) private pure returns(bytes memory) {\n if (success) {\n return returndata;\n } else {\n // Look for revert reason and bubble it up if present\n if (returndata.length \u003e 0) {\n // The easiest way to bubble the revert reason is using memory via assembly\n\n // solhint-disable-next-line no-inline-assembly\n assembly {\n let returndata_size := mload(returndata)\n revert(add(32, returndata), returndata_size)\n }\n } else {\n revert(errorMessage);\n }\n }\n }\n}\n\n/**\n * @title SafeERC20\n * @dev Wrappers around ERC20 operations that throw on failure (when the token\n * contract returns false). Tokens that return no value (and instead revert or\n * throw on failure) are also supported, non-reverting calls are assumed to be\n * successful.\n * To use this library you can add a `using SafeERC20 for IERC20;` statement to your contract,\n * which allows you to call the safe operations as `token.safeTransfer(...)`, etc.\n */\nlibrary SafeERC20 {\n using SafeMath for uint256;\n using Address for address;\n\n function safeTransfer(IERC20 token, address to, uint256 value) internal {\n _callOptionalReturn(token, abi.encodeWithSelector(token.transfer.selector, to, value));\n }\n\n function safeTransferFrom(IERC20 token, address from, address to, uint256 value) internal {\n _callOptionalReturn(token, abi.encodeWithSelector(token.transferFrom.selector, from, to, value));\n }\n\n /**\n * @dev Deprecated. This function has issues similar to the ones found in\n * {IERC20-approve}, and its usage is discouraged.\n *\n * Whenever possible, use {safeIncreaseAllowance} and\n * {safeDecreaseAllowance} instead.\n */\n function safeApprove(IERC20 token, address spender, uint256 value) internal {\n // safeApprove should only be called when setting an initial allowance,\n // or when resetting it to zero. To increase and decrease it, use\n // 'safeIncreaseAllowance' and 'safeDecreaseAllowance'\n // solhint-disable-next-line max-line-length\n require((value == 0) || (token.allowance(address(this), spender) == 0),\n \"SafeERC20: approve from non-zero to non-zero allowance\"\n );\n _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, value));\n }\n\n function safeIncreaseAllowance(IERC20 token, address spender, uint256 value) internal {\n uint256 newAllowance = token.allowance(address(this), spender).add(value);\n _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, newAllowance));\n }\n\n function safeDecreaseAllowance(IERC20 token, address spender, uint256 value) internal {\n uint256 newAllowance = token.allowance(address(this), spender).sub(value, \"SafeERC20: decreased allowance below zero\");\n _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, newAllowance));\n }\n\n /**\n * @dev Imitates a Solidity high-level call (i.e. a regular function call to a contract), relaxing the requirement\n * on the return value: the return value is optional (but if data is returned, it must not be false).\n * @param token The token targeted by the call.\n * @param data The call data (encoded using abi.encode or one of its variants).\n */\n function _callOptionalReturn(IERC20 token, bytes memory data) private {\n // We need to perform a low level call here, to bypass Solidity's return data size checking mechanism, since\n // we're implementing it ourselves. We use {Address.functionCall} to perform this call, which verifies that\n // the target address contains contract code and also asserts for success in the low-level call.\n\n bytes memory returndata = address(token).functionCall(data, \"SafeERC20: low-level call failed\");\n if (returndata.length \u003e 0) { // Return data is optional\n // solhint-disable-next-line max-line-length\n require(abi.decode(returndata, (bool)), \"SafeERC20: ERC20 operation did not succeed\");\n }\n }\n}\n\n/**\n * @notice Base contract which allows children to rescue ERC20 locked in their contract.\n * @dev Forked from https://github.com/centrehq/centre-tokens/blob/0d3cab14ebd133a83fc834dbd48d0468bdf0b391/contracts/v1.1/Rescuable.sol\n * Modifications:\n * 1. Update Solidity version from 0.6.12 to 0.7.6 (8/23/2022)\n */\ncontract Rescuable is Ownable2Step {\n using SafeERC20 for IERC20;\n\n address private _rescuer;\n\n event RescuerChanged(address indexed newRescuer);\n\n /**\n * @notice Returns current rescuer\n * @return Rescuer's address\n */\n function rescuer() external view returns (address) {\n return _rescuer;\n }\n\n /**\n * @notice Revert if called by any account other than the rescuer.\n */\n modifier onlyRescuer() {\n require(msg.sender == _rescuer, \"Rescuable: caller is not the rescuer\");\n _;\n }\n\n /**\n * @notice Rescue ERC20 tokens locked up in this contract.\n * @param tokenContract ERC20 token contract address\n * @param to Recipient address\n * @param amount Amount to withdraw\n */\n function rescueERC20(\n IERC20 tokenContract,\n address to,\n uint256 amount\n ) external onlyRescuer {\n tokenContract.safeTransfer(to, amount);\n }\n\n /**\n * @notice Assign the rescuer role to a given address.\n * @param newRescuer New rescuer's address\n */\n function updateRescuer(address newRescuer) external onlyOwner {\n require(\n newRescuer != address(0),\n \"Rescuable: new rescuer is the zero address\"\n );\n _rescuer = newRescuer;\n emit RescuerChanged(newRescuer);\n }\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * @dev Library for managing\n * https://en.wikipedia.org/wiki/Set_(abstract_data_type)[sets] of primitive\n * types.\n *\n * Sets have the following properties:\n *\n * - Elements are added, removed, and checked for existence in constant time\n * (O(1)).\n * - Elements are enumerated in O(n). No guarantees are made on the ordering.\n *\n * ```\n * contract Example {\n * // Add the library methods\n * using EnumerableSet for EnumerableSet.AddressSet;\n *\n * // Declare a set state variable\n * EnumerableSet.AddressSet private mySet;\n * }\n * ```\n *\n * As of v3.3.0, sets of type `bytes32` (`Bytes32Set`), `address` (`AddressSet`)\n * and `uint256` (`UintSet`) are supported.\n */\nlibrary EnumerableSet {\n // To implement this library for multiple types with as little code\n // repetition as possible, we write it in terms of a generic Set type with\n // bytes32 values.\n // The Set implementation uses private functions, and user-facing\n // implementations (such as AddressSet) are just wrappers around the\n // underlying Set.\n // This means that we can only create new EnumerableSets for types that fit\n // in bytes32.\n\n struct Set {\n // Storage of set values\n bytes32[] _values;\n\n // Position of the value in the `values` array, plus 1 because index 0\n // means a value is not in the set.\n mapping (bytes32 =\u003e uint256) _indexes;\n }\n\n /**\n * @dev Add a value to a set. O(1).\n *\n * Returns true if the value was added to the set, that is if it was not\n * already present.\n */\n function _add(Set storage set, bytes32 value) private returns (bool) {\n if (!_contains(set, value)) {\n set._values.push(value);\n // The value is stored at length-1, but we add 1 to all indexes\n // and use 0 as a sentinel value\n set._indexes[value] = set._values.length;\n return true;\n } else {\n return false;\n }\n }\n\n /**\n * @dev Removes a value from a set. O(1).\n *\n * Returns true if the value was removed from the set, that is if it was\n * present.\n */\n function _remove(Set storage set, bytes32 value) private returns (bool) {\n // We read and store the value's index to prevent multiple reads from the same storage slot\n uint256 valueIndex = set._indexes[value];\n\n if (valueIndex != 0) { // Equivalent to contains(set, value)\n // To delete an element from the _values array in O(1), we swap the element to delete with the last one in\n // the array, and then remove the last element (sometimes called as 'swap and pop').\n // This modifies the order of the array, as noted in {at}.\n\n uint256 toDeleteIndex = valueIndex - 1;\n uint256 lastIndex = set._values.length - 1;\n\n // When the value to delete is the last one, the swap operation is unnecessary. However, since this occurs\n // so rarely, we still do the swap anyway to avoid the gas cost of adding an 'if' statement.\n\n bytes32 lastvalue = set._values[lastIndex];\n\n // Move the last value to the index where the value to delete is\n set._values[toDeleteIndex] = lastvalue;\n // Update the index for the moved value\n set._indexes[lastvalue] = toDeleteIndex + 1; // All indexes are 1-based\n\n // Delete the slot where the moved value was stored\n set._values.pop();\n\n // Delete the index for the deleted slot\n delete set._indexes[value];\n\n return true;\n } else {\n return false;\n }\n }\n\n /**\n * @dev Returns true if the value is in the set. O(1).\n */\n function _contains(Set storage set, bytes32 value) private view returns (bool) {\n return set._indexes[value] != 0;\n }\n\n /**\n * @dev Returns the number of values on the set. O(1).\n */\n function _length(Set storage set) private view returns (uint256) {\n return set._values.length;\n }\n\n /**\n * @dev Returns the value stored at position `index` in the set. O(1).\n *\n * Note that there are no guarantees on the ordering of values inside the\n * array, and it may change when more values are added or removed.\n *\n * Requirements:\n *\n * - `index` must be strictly less than {length}.\n */\n function _at(Set storage set, uint256 index) private view returns (bytes32) {\n require(set._values.length \u003e index, \"EnumerableSet: index out of bounds\");\n return set._values[index];\n }\n\n // Bytes32Set\n\n struct Bytes32Set {\n Set _inner;\n }\n\n /**\n * @dev Add a value to a set. O(1).\n *\n * Returns true if the value was added to the set, that is if it was not\n * already present.\n */\n function add(Bytes32Set storage set, bytes32 value) internal returns (bool) {\n return _add(set._inner, value);\n }\n\n /**\n * @dev Removes a value from a set. O(1).\n *\n * Returns true if the value was removed from the set, that is if it was\n * present.\n */\n function remove(Bytes32Set storage set, bytes32 value) internal returns (bool) {\n return _remove(set._inner, value);\n }\n\n /**\n * @dev Returns true if the value is in the set. O(1).\n */\n function contains(Bytes32Set storage set, bytes32 value) internal view returns (bool) {\n return _contains(set._inner, value);\n }\n\n /**\n * @dev Returns the number of values in the set. O(1).\n */\n function length(Bytes32Set storage set) internal view returns (uint256) {\n return _length(set._inner);\n }\n\n /**\n * @dev Returns the value stored at position `index` in the set. O(1).\n *\n * Note that there are no guarantees on the ordering of values inside the\n * array, and it may change when more values are added or removed.\n *\n * Requirements:\n *\n * - `index` must be strictly less than {length}.\n */\n function at(Bytes32Set storage set, uint256 index) internal view returns (bytes32) {\n return _at(set._inner, index);\n }\n\n // AddressSet\n\n struct AddressSet {\n Set _inner;\n }\n\n /**\n * @dev Add a value to a set. O(1).\n *\n * Returns true if the value was added to the set, that is if it was not\n * already present.\n */\n function add(AddressSet storage set, address value) internal returns (bool) {\n return _add(set._inner, bytes32(uint256(uint160(value))));\n }\n\n /**\n * @dev Removes a value from a set. O(1).\n *\n * Returns true if the value was removed from the set, that is if it was\n * present.\n */\n function remove(AddressSet storage set, address value) internal returns (bool) {\n return _remove(set._inner, bytes32(uint256(uint160(value))));\n }\n\n /**\n * @dev Returns true if the value is in the set. O(1).\n */\n function contains(AddressSet storage set, address value) internal view returns (bool) {\n return _contains(set._inner, bytes32(uint256(uint160(value))));\n }\n\n /**\n * @dev Returns the number of values in the set. O(1).\n */\n function length(AddressSet storage set) internal view returns (uint256) {\n return _length(set._inner);\n }\n\n /**\n * @dev Returns the value stored at position `index` in the set. O(1).\n *\n * Note that there are no guarantees on the ordering of values inside the\n * array, and it may change when more values are added or removed.\n *\n * Requirements:\n *\n * - `index` must be strictly less than {length}.\n */\n function at(AddressSet storage set, uint256 index) internal view returns (address) {\n return address(uint160(uint256(_at(set._inner, index))));\n }\n\n // UintSet\n\n struct UintSet {\n Set _inner;\n }\n\n /**\n * @dev Add a value to a set. O(1).\n *\n * Returns true if the value was added to the set, that is if it was not\n * already present.\n */\n function add(UintSet storage set, uint256 value) internal returns (bool) {\n return _add(set._inner, bytes32(value));\n }\n\n /**\n * @dev Removes a value from a set. O(1).\n *\n * Returns true if the value was removed from the set, that is if it was\n * present.\n */\n function remove(UintSet storage set, uint256 value) internal returns (bool) {\n return _remove(set._inner, bytes32(value));\n }\n\n /**\n * @dev Returns true if the value is in the set. O(1).\n */\n function contains(UintSet storage set, uint256 value) internal view returns (bool) {\n return _contains(set._inner, bytes32(value));\n }\n\n /**\n * @dev Returns the number of values on the set. O(1).\n */\n function length(UintSet storage set) internal view returns (uint256) {\n return _length(set._inner);\n }\n\n /**\n * @dev Returns the value stored at position `index` in the set. O(1).\n *\n * Note that there are no guarantees on the ordering of values inside the\n * array, and it may change when more values are added or removed.\n *\n * Requirements:\n *\n * - `index` must be strictly less than {length}.\n */\n function at(UintSet storage set, uint256 index) internal view returns (uint256) {\n return uint256(_at(set._inner, index));\n }\n}\n\n/**\n * @dev Elliptic Curve Digital Signature Algorithm (ECDSA) operations.\n *\n * These functions can be used to verify that a message was signed by the holder\n * of the private keys of a given address.\n */\nlibrary ECDSA {\n /**\n * @dev Returns the address that signed a hashed message (`hash`) with\n * `signature`. This address can then be used for verification purposes.\n *\n * The `ecrecover` EVM opcode allows for malleable (non-unique) signatures:\n * this function rejects them by requiring the `s` value to be in the lower\n * half order, and the `v` value to be either 27 or 28.\n *\n * IMPORTANT: `hash` _must_ be the result of a hash operation for the\n * verification to be secure: it is possible to craft signatures that\n * recover to arbitrary addresses for non-hashed data. A safe way to ensure\n * this is by receiving a hash of the original message (which may otherwise\n * be too long), and then calling {toEthSignedMessageHash} on it.\n */\n function recover(bytes32 hash, bytes memory signature) internal pure returns (address) {\n // Check the signature length\n if (signature.length != 65) {\n revert(\"ECDSA: invalid signature length\");\n }\n\n // Divide the signature in r, s and v variables\n bytes32 r;\n bytes32 s;\n uint8 v;\n\n // ecrecover takes the signature parameters, and the only way to get them\n // currently is to use assembly.\n // solhint-disable-next-line no-inline-assembly\n assembly {\n r := mload(add(signature, 0x20))\n s := mload(add(signature, 0x40))\n v := byte(0, mload(add(signature, 0x60)))\n }\n\n return recover(hash, v, r, s);\n }\n\n /**\n * @dev Overload of {ECDSA-recover-bytes32-bytes-} that receives the `v`,\n * `r` and `s` signature fields separately.\n */\n function recover(bytes32 hash, uint8 v, bytes32 r, bytes32 s) internal pure returns (address) {\n // EIP-2 still allows signature malleability for ecrecover(). Remove this possibility and make the signature\n // unique. Appendix F in the Ethereum Yellow paper (https://ethereum.github.io/yellowpaper/paper.pdf), defines\n // the valid range for s in (281): 0 \u003c s \u003c secp256k1n ÷ 2 + 1, and for v in (282): v ∈ {27, 28}. Most\n // signatures from current libraries generate a unique signature with an s-value in the lower half order.\n //\n // If your library generates malleable signatures, such as s-values in the upper range, calculate a new s-value\n // with 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141 - s1 and flip v from 27 to 28 or\n // vice versa. If your library also generates signatures with 0/1 for v instead 27/28, add 27 to v to accept\n // these malleable signatures as well.\n require(uint256(s) \u003c= 0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0, \"ECDSA: invalid signature 's' value\");\n require(v == 27 || v == 28, \"ECDSA: invalid signature 'v' value\");\n\n // If the signature is valid (and not malleable), return the signer address\n address signer = ecrecover(hash, v, r, s);\n require(signer != address(0), \"ECDSA: invalid signature\");\n\n return signer;\n }\n\n /**\n * @dev Returns an Ethereum Signed Message, created from a `hash`. This\n * replicates the behavior of the\n * https://github.com/ethereum/wiki/wiki/JSON-RPC#eth_sign[`eth_sign`]\n * JSON-RPC method.\n *\n * See {recover}.\n */\n function toEthSignedMessageHash(bytes32 hash) internal pure returns (bytes32) {\n // 32 is the length in bytes of hash,\n // enforced by the type signature above\n return keccak256(abi.encodePacked(\"\\x19Ethereum Signed Message:\\n32\", hash));\n }\n}\n\ncontract Attestable is Ownable2Step {\n // ============ Events ============\n /**\n * @notice Emitted when an attester is enabled\n * @param attester newly enabled attester\n */\n event AttesterEnabled(address indexed attester);\n\n /**\n * @notice Emitted when an attester is disabled\n * @param attester newly disabled attester\n */\n event AttesterDisabled(address indexed attester);\n\n /**\n * @notice Emitted when threshold number of attestations (m in m/n multisig) is updated\n * @param oldSignatureThreshold old signature threshold\n * @param newSignatureThreshold new signature threshold\n */\n event SignatureThresholdUpdated(\n uint256 oldSignatureThreshold,\n uint256 newSignatureThreshold\n );\n\n /**\n * @dev Emitted when attester manager address is updated\n * @param previousAttesterManager representing the address of the previous attester manager\n * @param newAttesterManager representing the address of the new attester manager\n */\n event AttesterManagerUpdated(\n address indexed previousAttesterManager,\n address indexed newAttesterManager\n );\n\n // ============ Libraries ============\n using EnumerableSet for EnumerableSet.AddressSet;\n\n // ============ State Variables ============\n // number of signatures from distinct attesters required for a message to be received (m in m/n multisig)\n uint256 public signatureThreshold;\n\n // 65-byte ECDSA signature: v (32) + r (32) + s (1)\n uint256 internal constant signatureLength = 65;\n\n // enabled attesters (message signers)\n // (length of enabledAttesters is n in m/n multisig of message signers)\n EnumerableSet.AddressSet private enabledAttesters;\n\n // Attester Manager of the contract\n address private _attesterManager;\n\n // ============ Modifiers ============\n /**\n * @dev Throws if called by any account other than the attester manager.\n */\n modifier onlyAttesterManager() {\n require(msg.sender == _attesterManager, \"Caller not attester manager\");\n _;\n }\n\n // ============ Constructor ============\n /**\n * @dev The constructor sets the original attester manager of the contract to the sender account.\n * @param attester attester to initialize\n */\n constructor(address attester) {\n _setAttesterManager(msg.sender);\n // Initially 1 signature is required. Threshold can be increased by attesterManager.\n signatureThreshold = 1;\n enableAttester(attester);\n }\n\n // ============ Public/External Functions ============\n /**\n * @notice Enables an attester\n * @dev Only callable by attesterManager. New attester must be nonzero, and currently disabled.\n * @param newAttester attester to enable\n */\n function enableAttester(address newAttester) public onlyAttesterManager {\n require(newAttester != address(0), \"New attester must be nonzero\");\n require(enabledAttesters.add(newAttester), \"Attester already enabled\");\n emit AttesterEnabled(newAttester);\n }\n\n /**\n * @notice returns true if given `attester` is enabled, else false\n * @param attester attester to check enabled status of\n * @return true if given `attester` is enabled, else false\n */\n function isEnabledAttester(address attester) public view returns (bool) {\n return enabledAttesters.contains(attester);\n }\n\n /**\n * @notice returns the number of enabled attesters\n * @return number of enabled attesters\n */\n function getNumEnabledAttesters() public view returns (uint256) {\n return enabledAttesters.length();\n }\n\n /**\n * @dev Allows the current attester manager to transfer control of the contract to a newAttesterManager.\n * @param newAttesterManager The address to update attester manager to.\n */\n function updateAttesterManager(address newAttesterManager)\n external\n onlyOwner\n {\n require(\n newAttesterManager != address(0),\n \"Invalid attester manager address\"\n );\n address _oldAttesterManager = _attesterManager;\n _setAttesterManager(newAttesterManager);\n emit AttesterManagerUpdated(_oldAttesterManager, newAttesterManager);\n }\n\n /**\n * @notice Disables an attester\n * @dev Only callable by attesterManager. Disabling the attester is not allowed if there is only one attester\n * enabled, or if it would cause the number of enabled attesters to become less than signatureThreshold.\n * (Attester must be currently enabled.)\n * @param attester attester to disable\n */\n function disableAttester(address attester) external onlyAttesterManager {\n // Disallow disabling attester if there is only 1 active attester\n uint256 _numEnabledAttesters = getNumEnabledAttesters();\n\n require(_numEnabledAttesters \u003e 1, \"Too few enabled attesters\");\n\n // Disallow disabling an attester if it would cause the n in m/n multisig to fall below m (threshold # of signers).\n require(\n _numEnabledAttesters \u003e signatureThreshold,\n \"Signature threshold is too low\"\n );\n\n require(enabledAttesters.remove(attester), \"Attester already disabled\");\n emit AttesterDisabled(attester);\n }\n\n /**\n * @notice Sets the threshold of signatures required to attest to a message.\n * (This is the m in m/n multisig.)\n * @dev new signature threshold must be nonzero, and must not exceed number\n * of enabled attesters.\n * @param newSignatureThreshold new signature threshold\n */\n function setSignatureThreshold(uint256 newSignatureThreshold)\n external\n onlyAttesterManager\n {\n require(newSignatureThreshold != 0, \"Invalid signature threshold\");\n\n // New signature threshold cannot exceed the number of enabled attesters\n require(\n newSignatureThreshold \u003c= enabledAttesters.length(),\n \"New signature threshold too high\"\n );\n\n require(\n newSignatureThreshold != signatureThreshold,\n \"Signature threshold already set\"\n );\n\n uint256 _oldSignatureThreshold = signatureThreshold;\n signatureThreshold = newSignatureThreshold;\n emit SignatureThresholdUpdated(\n _oldSignatureThreshold,\n signatureThreshold\n );\n }\n\n /**\n * @dev Returns the address of the attester manager\n * @return address of the attester manager\n */\n function attesterManager() external view returns (address) {\n return _attesterManager;\n }\n\n /**\n * @notice gets enabled attester at given `index`\n * @param index index of attester to check\n * @return enabled attester at given `index`\n */\n function getEnabledAttester(uint256 index) external view returns (address) {\n return enabledAttesters.at(index);\n }\n\n // ============ Internal Utils ============\n /**\n * @dev Sets a new attester manager address\n * @param _newAttesterManager attester manager address to set\n */\n function _setAttesterManager(address _newAttesterManager) internal {\n _attesterManager = _newAttesterManager;\n }\n\n /**\n * @notice reverts if the attestation, which is comprised of one or more concatenated 65-byte signatures, is invalid.\n * @dev Rules for valid attestation:\n * 1. length of `_attestation` == 65 (signature length) * signatureThreshold\n * 2. addresses recovered from attestation must be in increasing order.\n * For example, if signature A is signed by address 0x1..., and signature B\n * is signed by address 0x2..., attestation must be passed as AB.\n * 3. no duplicate signers\n * 4. all signers must be enabled attesters\n *\n * Based on Christian Lundkvist's Simple Multisig\n * (https://github.com/christianlundkvist/simple-multisig/tree/560c463c8651e0a4da331bd8f245ccd2a48ab63d)\n * @param _message message to verify attestation of\n * @param _attestation attestation of `_message`\n */\n function _verifyAttestationSignatures(\n bytes calldata _message,\n bytes calldata _attestation\n ) internal view {\n require(\n _attestation.length == signatureLength * signatureThreshold,\n \"Invalid attestation length\"\n );\n\n // (Attesters cannot be address(0))\n address _latestAttesterAddress = address(0);\n // Address recovered from signatures must be in increasing order, to prevent duplicates\n\n bytes32 _digest = keccak256(_message);\n\n for (uint256 i; i \u003c signatureThreshold; ++i) {\n bytes memory _signature = _attestation[i * signatureLength:i *\n signatureLength +\n signatureLength];\n\n address _recoveredAttester = _recoverAttesterSignature(\n _digest,\n _signature\n );\n\n // Signatures must be in increasing order of address, and may not duplicate signatures from same address\n require(\n _recoveredAttester \u003e _latestAttesterAddress,\n \"Invalid signature order or dupe\"\n );\n require(\n isEnabledAttester(_recoveredAttester),\n \"Invalid signature: not attester\"\n );\n _latestAttesterAddress = _recoveredAttester;\n }\n }\n\n /**\n * @notice Checks that signature was signed by attester\n * @param _digest message hash\n * @param _signature message signature\n * @return address of recovered signer\n **/\n function _recoverAttesterSignature(bytes32 _digest, bytes memory _signature)\n internal\n pure\n returns (address)\n {\n return (ECDSA.recover(_digest, _signature));\n }\n}\n\n/**\n * @title MessageTransmitter\n * @notice Contract responsible for sending and receiving messages across chains.\n */\ncontract MessageTransmitter is\n IMessageTransmitter,\n Pausable,\n Rescuable,\n Attestable\n{\n // ============ Events ============\n /**\n * @notice Emitted when a new message is dispatched\n * @param message Raw bytes of message\n */\n event MessageSent(bytes message);\n\n /**\n * @notice Emitted when a new message is received\n * @param caller Caller (msg.sender) on destination domain\n * @param sourceDomain The source domain this message originated from\n * @param nonce The nonce unique to this message\n * @param sender The sender of this message\n * @param messageBody message body bytes\n */\n event MessageReceived(\n address indexed caller,\n uint32 sourceDomain,\n uint64 indexed nonce,\n bytes32 sender,\n bytes messageBody\n );\n\n /**\n * @notice Emitted when max message body size is updated\n * @param newMaxMessageBodySize new maximum message body size, in bytes\n */\n event MaxMessageBodySizeUpdated(uint256 newMaxMessageBodySize);\n\n // ============ Libraries ============\n using TypedMemView for bytes;\n using TypedMemView for bytes29;\n using Message for bytes29;\n\n // ============ State Variables ============\n // Domain of chain on which the contract is deployed\n uint32 public immutable localDomain;\n\n // Message Format version\n uint32 public immutable version;\n\n // Maximum size of message body, in bytes.\n // This value is set by owner.\n uint256 public maxMessageBodySize;\n\n // Next available nonce from this source domain\n uint64 public nextAvailableNonce;\n\n // Maps a bytes32 hash of (sourceDomain, nonce) -\u003e uint256 (0 if unused, 1 if used)\n mapping(bytes32 =\u003e uint256) public usedNonces;\n\n // ============ Constructor ============\n constructor(\n uint32 _localDomain,\n address _attester,\n uint32 _maxMessageBodySize,\n uint32 _version\n ) Attestable(_attester) {\n localDomain = _localDomain;\n maxMessageBodySize = _maxMessageBodySize;\n version = _version;\n }\n\n // ============ External Functions ============\n /**\n * @notice Send the message to the destination domain and recipient\n * @dev Increment nonce, format the message, and emit `MessageSent` event with message information.\n * @param destinationDomain Domain of destination chain\n * @param recipient Address of message recipient on destination chain as bytes32\n * @param messageBody Raw bytes content of message\n * @return nonce reserved by message\n */\n function sendMessage(\n uint32 destinationDomain,\n bytes32 recipient,\n bytes calldata messageBody\n ) external override whenNotPaused returns (uint64) {\n bytes32 _emptyDestinationCaller = bytes32(0);\n uint64 _nonce = _reserveAndIncrementNonce();\n bytes32 _messageSender = Message.addressToBytes32(msg.sender);\n\n _sendMessage(\n destinationDomain,\n recipient,\n _emptyDestinationCaller,\n _messageSender,\n _nonce,\n messageBody\n );\n\n return _nonce;\n }\n\n /**\n * @notice Replace a message with a new message body and/or destination caller.\n * @dev The `originalAttestation` must be a valid attestation of `originalMessage`.\n * Reverts if msg.sender does not match sender of original message, or if the source domain of the original message\n * does not match this MessageTransmitter's local domain.\n * @param originalMessage original message to replace\n * @param originalAttestation attestation of `originalMessage`\n * @param newMessageBody new message body of replaced message\n * @param newDestinationCaller the new destination caller, which may be the\n * same as the original destination caller, a new destination caller, or an empty\n * destination caller (bytes32(0), indicating that any destination caller is valid.)\n */\n function replaceMessage(\n bytes calldata originalMessage,\n bytes calldata originalAttestation,\n bytes calldata newMessageBody,\n bytes32 newDestinationCaller\n ) external override whenNotPaused {\n // Validate each signature in the attestation\n _verifyAttestationSignatures(originalMessage, originalAttestation);\n\n bytes29 _originalMsg = originalMessage.ref(0);\n\n // Validate message format\n _originalMsg._validateMessageFormat();\n\n // Validate message sender\n bytes32 _sender = _originalMsg._sender();\n require(\n msg.sender == Message.bytes32ToAddress(_sender),\n \"Sender not permitted to use nonce\"\n );\n\n // Validate source domain\n uint32 _sourceDomain = _originalMsg._sourceDomain();\n require(\n _sourceDomain == localDomain,\n \"Message not originally sent from this domain\"\n );\n\n uint32 _destinationDomain = _originalMsg._destinationDomain();\n bytes32 _recipient = _originalMsg._recipient();\n uint64 _nonce = _originalMsg._nonce();\n\n _sendMessage(\n _destinationDomain,\n _recipient,\n newDestinationCaller,\n _sender,\n _nonce,\n newMessageBody\n );\n }\n\n /**\n * @notice Send the message to the destination domain and recipient, for a specified `destinationCaller` on the\n * destination domain.\n * @dev Increment nonce, format the message, and emit `MessageSent` event with message information.\n * WARNING: if the `destinationCaller` does not represent a valid address, then it will not be possible\n * to broadcast the message on the destination domain. This is an advanced feature, and the standard\n * sendMessage() should be preferred for use cases where a specific destination caller is not required.\n * @param destinationDomain Domain of destination chain\n * @param recipient Address of message recipient on destination domain as bytes32\n * @param destinationCaller caller on the destination domain, as bytes32\n * @param messageBody Raw bytes content of message\n * @return nonce reserved by message\n */\n function sendMessageWithCaller(\n uint32 destinationDomain,\n bytes32 recipient,\n bytes32 destinationCaller,\n bytes calldata messageBody\n ) external override whenNotPaused returns (uint64) {\n require(\n destinationCaller != bytes32(0),\n \"Destination caller must be nonzero\"\n );\n\n uint64 _nonce = _reserveAndIncrementNonce();\n bytes32 _messageSender = Message.addressToBytes32(msg.sender);\n\n _sendMessage(\n destinationDomain,\n recipient,\n destinationCaller,\n _messageSender,\n _nonce,\n messageBody\n );\n\n return _nonce;\n }\n\n /**\n * @notice Receive a message. Messages with a given nonce\n * can only be broadcast once for a (sourceDomain, destinationDomain)\n * pair. The message body of a valid message is passed to the\n * specified recipient for further processing.\n *\n * @dev Attestation format:\n * A valid attestation is the concatenated 65-byte signature(s) of exactly\n * `thresholdSignature` signatures, in increasing order of attester address.\n * ***If the attester addresses recovered from signatures are not in\n * increasing order, signature verification will fail.***\n * If incorrect number of signatures or duplicate signatures are supplied,\n * signature verification will fail.\n *\n * Message format:\n * Field Bytes Type Index\n * version 4 uint32 0\n * sourceDomain 4 uint32 4\n * destinationDomain 4 uint32 8\n * nonce 8 uint64 12\n * sender 32 bytes32 20\n * recipient 32 bytes32 52\n * messageBody dynamic bytes 84\n * @param message Message bytes\n * @param attestation Concatenated 65-byte signature(s) of `message`, in increasing order\n * of the attester address recovered from signatures.\n * @return success bool, true if successful\n */\n function receiveMessage(bytes calldata message, bytes calldata attestation)\n external\n override\n whenNotPaused\n returns (bool success)\n {\n // Validate each signature in the attestation\n _verifyAttestationSignatures(message, attestation);\n\n bytes29 _msg = message.ref(0);\n\n // Validate message format\n _msg._validateMessageFormat();\n\n // Validate domain\n require(\n _msg._destinationDomain() == localDomain,\n \"Invalid destination domain\"\n );\n\n // Validate destination caller\n if (_msg._destinationCaller() != bytes32(0)) {\n require(\n _msg._destinationCaller() ==\n Message.addressToBytes32(msg.sender),\n \"Invalid caller for message\"\n );\n }\n\n // Validate version\n require(_msg._version() == version, \"Invalid message version\");\n\n // Validate nonce is available\n uint32 _sourceDomain = _msg._sourceDomain();\n uint64 _nonce = _msg._nonce();\n bytes32 _sourceAndNonce = _hashSourceAndNonce(_sourceDomain, _nonce);\n require(usedNonces[_sourceAndNonce] == 0, \"Nonce already used\");\n // Mark nonce used\n usedNonces[_sourceAndNonce] = 1;\n\n // Handle receive message\n bytes32 _sender = _msg._sender();\n bytes memory _messageBody = _msg._messageBody().clone();\n require(\n IMessageHandler(Message.bytes32ToAddress(_msg._recipient()))\n .handleReceiveMessage(_sourceDomain, _sender, _messageBody),\n \"handleReceiveMessage() failed\"\n );\n\n // Emit MessageReceived event\n emit MessageReceived(\n msg.sender,\n _sourceDomain,\n _nonce,\n _sender,\n _messageBody\n );\n return true;\n }\n\n /**\n * @notice Sets the max message body size\n * @dev This value should not be reduced without good reason,\n * to avoid impacting users who rely on large messages.\n * @param newMaxMessageBodySize new max message body size, in bytes\n */\n function setMaxMessageBodySize(uint256 newMaxMessageBodySize)\n external\n onlyOwner\n {\n maxMessageBodySize = newMaxMessageBodySize;\n emit MaxMessageBodySizeUpdated(maxMessageBodySize);\n }\n\n // ============ Internal Utils ============\n /**\n * @notice Send the message to the destination domain and recipient. If `_destinationCaller` is not equal to bytes32(0),\n * the message can only be received on the destination chain when called by `_destinationCaller`.\n * @dev Format the message and emit `MessageSent` event with message information.\n * @param _destinationDomain Domain of destination chain\n * @param _recipient Address of message recipient on destination domain as bytes32\n * @param _destinationCaller caller on the destination domain, as bytes32\n * @param _sender message sender, as bytes32\n * @param _nonce nonce reserved for message\n * @param _messageBody Raw bytes content of message\n */\n function _sendMessage(\n uint32 _destinationDomain,\n bytes32 _recipient,\n bytes32 _destinationCaller,\n bytes32 _sender,\n uint64 _nonce,\n bytes calldata _messageBody\n ) internal {\n // Validate message body length\n require(\n _messageBody.length \u003c= maxMessageBodySize,\n \"Message body exceeds max size\"\n );\n\n require(_recipient != bytes32(0), \"Recipient must be nonzero\");\n\n // serialize message\n bytes memory _message = Message._formatMessage(\n version,\n localDomain,\n _destinationDomain,\n _nonce,\n _sender,\n _recipient,\n _destinationCaller,\n _messageBody\n );\n\n // Emit MessageSent event\n emit MessageSent(_message);\n }\n\n /**\n * @notice hashes `_source` and `_nonce`.\n * @param _source Domain of chain where the transfer originated\n * @param _nonce The unique identifier for the message from source to\n destination\n * @return hash of source and nonce\n */\n function _hashSourceAndNonce(uint32 _source, uint64 _nonce)\n internal\n pure\n returns (bytes32)\n {\n return keccak256(abi.encodePacked(_source, _nonce));\n }\n\n /**\n * Reserve and increment next available nonce\n * @return nonce reserved\n */\n function _reserveAndIncrementNonce() internal returns (uint64) {\n uint64 _nonceReserved = nextAvailableNonce;\n nextAvailableNonce = nextAvailableNonce + 1;\n return _nonceReserved;\n }\n}\n","language":"Solidity","languageVersion":"0.7.6","compilerVersion":"0.7.6","compilerOptions":"--combined-json bin,bin-runtime,srcmap,srcmap-runtime,abi,userdoc,devdoc,metadata,hashes --optimize --optimize-runs 10000 --allow-paths ., ./, ../","srcMap":"","srcMapRuntime":"","abiDefinition":[{"anonymous":false,"inputs":[{"indexed":true,"internalType":"address","name":"owner","type":"address"},{"indexed":true,"internalType":"address","name":"spender","type":"address"},{"indexed":false,"internalType":"uint256","name":"value","type":"uint256"}],"name":"Approval","type":"event"},{"anonymous":false,"inputs":[{"indexed":true,"internalType":"address","name":"from","type":"address"},{"indexed":true,"internalType":"address","name":"to","type":"address"},{"indexed":false,"internalType":"uint256","name":"value","type":"uint256"}],"name":"Transfer","type":"event"},{"inputs":[{"internalType":"address","name":"owner","type":"address"},{"internalType":"address","name":"spender","type":"address"}],"name":"allowance","outputs":[{"internalType":"uint256","name":"","type":"uint256"}],"stateMutability":"view","type":"function"},{"inputs":[{"internalType":"address","name":"spender","type":"address"},{"internalType":"uint256","name":"amount","type":"uint256"}],"name":"approve","outputs":[{"internalType":"bool","name":"","type":"bool"}],"stateMutability":"nonpayable","type":"function"},{"inputs":[{"internalType":"address","name":"account","type":"address"}],"name":"balanceOf","outputs":[{"internalType":"uint256","name":"","type":"uint256"}],"stateMutability":"view","type":"function"},{"inputs":[],"name":"totalSupply","outputs":[{"internalType":"uint256","name":"","type":"uint256"}],"stateMutability":"view","type":"function"},{"inputs":[{"internalType":"address","name":"recipient","type":"address"},{"internalType":"uint256","name":"amount","type":"uint256"}],"name":"transfer","outputs":[{"internalType":"bool","name":"","type":"bool"}],"stateMutability":"nonpayable","type":"function"},{"inputs":[{"internalType":"address","name":"sender","type":"address"},{"internalType":"address","name":"recipient","type":"address"},{"internalType":"uint256","name":"amount","type":"uint256"}],"name":"transferFrom","outputs":[{"internalType":"bool","name":"","type":"bool"}],"stateMutability":"nonpayable","type":"function"}],"userDoc":{"kind":"user","methods":{},"version":1},"developerDoc":{"details":"Interface of the ERC20 standard as defined in the EIP.","events":{"Approval(address,address,uint256)":{"details":"Emitted when the allowance of a `spender` for an `owner` is set by a call to {approve}. `value` is the new allowance."},"Transfer(address,address,uint256)":{"details":"Emitted when `value` tokens are moved from one account (`from`) to another (`to`). Note that `value` may be zero."}},"kind":"dev","methods":{"allowance(address,address)":{"details":"Returns the remaining number of tokens that `spender` will be allowed to spend on behalf of `owner` through {transferFrom}. This is zero by default. This value changes when {approve} or {transferFrom} are called."},"approve(address,uint256)":{"details":"Sets `amount` as the allowance of `spender` over the caller's tokens. Returns a boolean value indicating whether the operation succeeded. IMPORTANT: Beware that changing an allowance with this method brings the risk that someone may use both the old and the new allowance by unfortunate transaction ordering. One possible solution to mitigate this race condition is to first reduce the spender's allowance to 0 and set the desired value afterwards: https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729 Emits an {Approval} event."},"balanceOf(address)":{"details":"Returns the amount of tokens owned by `account`."},"totalSupply()":{"details":"Returns the amount of tokens in existence."},"transfer(address,uint256)":{"details":"Moves `amount` tokens from the caller's account to `recipient`. Returns a boolean value indicating whether the operation succeeded. Emits a {Transfer} event."},"transferFrom(address,address,uint256)":{"details":"Moves `amount` tokens from `sender` to `recipient` using the allowance mechanism. `amount` is then deducted from the caller's allowance. Returns a boolean value indicating whether the operation succeeded. Emits a {Transfer} event."}},"version":1},"metadata":"{\"compiler\":{\"version\":\"0.7.6+commit.7338295f\"},\"language\":\"Solidity\",\"output\":{\"abi\":[{\"anonymous\":false,\"inputs\":[{\"indexed\":true,\"internalType\":\"address\",\"name\":\"owner\",\"type\":\"address\"},{\"indexed\":true,\"internalType\":\"address\",\"name\":\"spender\",\"type\":\"address\"},{\"indexed\":false,\"internalType\":\"uint256\",\"name\":\"value\",\"type\":\"uint256\"}],\"name\":\"Approval\",\"type\":\"event\"},{\"anonymous\":false,\"inputs\":[{\"indexed\":true,\"internalType\":\"address\",\"name\":\"from\",\"type\":\"address\"},{\"indexed\":true,\"internalType\":\"address\",\"name\":\"to\",\"type\":\"address\"},{\"indexed\":false,\"internalType\":\"uint256\",\"name\":\"value\",\"type\":\"uint256\"}],\"name\":\"Transfer\",\"type\":\"event\"},{\"inputs\":[{\"internalType\":\"address\",\"name\":\"owner\",\"type\":\"address\"},{\"internalType\":\"address\",\"name\":\"spender\",\"type\":\"address\"}],\"name\":\"allowance\",\"outputs\":[{\"internalType\":\"uint256\",\"name\":\"\",\"type\":\"uint256\"}],\"stateMutability\":\"view\",\"type\":\"function\"},{\"inputs\":[{\"internalType\":\"address\",\"name\":\"spender\",\"type\":\"address\"},{\"internalType\":\"uint256\",\"name\":\"amount\",\"type\":\"uint256\"}],\"name\":\"approve\",\"outputs\":[{\"internalType\":\"bool\",\"name\":\"\",\"type\":\"bool\"}],\"stateMutability\":\"nonpayable\",\"type\":\"function\"},{\"inputs\":[{\"internalType\":\"address\",\"name\":\"account\",\"type\":\"address\"}],\"name\":\"balanceOf\",\"outputs\":[{\"internalType\":\"uint256\",\"name\":\"\",\"type\":\"uint256\"}],\"stateMutability\":\"view\",\"type\":\"function\"},{\"inputs\":[],\"name\":\"totalSupply\",\"outputs\":[{\"internalType\":\"uint256\",\"name\":\"\",\"type\":\"uint256\"}],\"stateMutability\":\"view\",\"type\":\"function\"},{\"inputs\":[{\"internalType\":\"address\",\"name\":\"recipient\",\"type\":\"address\"},{\"internalType\":\"uint256\",\"name\":\"amount\",\"type\":\"uint256\"}],\"name\":\"transfer\",\"outputs\":[{\"internalType\":\"bool\",\"name\":\"\",\"type\":\"bool\"}],\"stateMutability\":\"nonpayable\",\"type\":\"function\"},{\"inputs\":[{\"internalType\":\"address\",\"name\":\"sender\",\"type\":\"address\"},{\"internalType\":\"address\",\"name\":\"recipient\",\"type\":\"address\"},{\"internalType\":\"uint256\",\"name\":\"amount\",\"type\":\"uint256\"}],\"name\":\"transferFrom\",\"outputs\":[{\"internalType\":\"bool\",\"name\":\"\",\"type\":\"bool\"}],\"stateMutability\":\"nonpayable\",\"type\":\"function\"}],\"devdoc\":{\"details\":\"Interface of the ERC20 standard as defined in the EIP.\",\"events\":{\"Approval(address,address,uint256)\":{\"details\":\"Emitted when the allowance of a `spender` for an `owner` is set by a call to {approve}. `value` is the new allowance.\"},\"Transfer(address,address,uint256)\":{\"details\":\"Emitted when `value` tokens are moved from one account (`from`) to another (`to`). Note that `value` may be zero.\"}},\"kind\":\"dev\",\"methods\":{\"allowance(address,address)\":{\"details\":\"Returns the remaining number of tokens that `spender` will be allowed to spend on behalf of `owner` through {transferFrom}. This is zero by default. This value changes when {approve} or {transferFrom} are called.\"},\"approve(address,uint256)\":{\"details\":\"Sets `amount` as the allowance of `spender` over the caller's tokens. Returns a boolean value indicating whether the operation succeeded. IMPORTANT: Beware that changing an allowance with this method brings the risk that someone may use both the old and the new allowance by unfortunate transaction ordering. One possible solution to mitigate this race condition is to first reduce the spender's allowance to 0 and set the desired value afterwards: https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729 Emits an {Approval} event.\"},\"balanceOf(address)\":{\"details\":\"Returns the amount of tokens owned by `account`.\"},\"totalSupply()\":{\"details\":\"Returns the amount of tokens in existence.\"},\"transfer(address,uint256)\":{\"details\":\"Moves `amount` tokens from the caller's account to `recipient`. Returns a boolean value indicating whether the operation succeeded. Emits a {Transfer} event.\"},\"transferFrom(address,address,uint256)\":{\"details\":\"Moves `amount` tokens from `sender` to `recipient` using the allowance mechanism. `amount` is then deducted from the caller's allowance. Returns a boolean value indicating whether the operation succeeded. Emits a {Transfer} event.\"}},\"version\":1},\"userdoc\":{\"kind\":\"user\",\"methods\":{},\"version\":1}},\"settings\":{\"compilationTarget\":{\"/solidity/MessageTransmitter.sol\":\"IERC20\"},\"evmVersion\":\"istanbul\",\"libraries\":{},\"metadata\":{\"bytecodeHash\":\"ipfs\"},\"optimizer\":{\"enabled\":true,\"runs\":10000},\"remappings\":[]},\"sources\":{\"/solidity/MessageTransmitter.sol\":{\"keccak256\":\"0x66482a7675b7a8f1b856597c0bcce83a042b7f528008def6999bc6ac352490c3\",\"urls\":[\"bzz-raw://1ac50e39d1d55ebb3768c40e3a059e0061a4b3604e6d696b344536449bf54493\",\"dweb:/ipfs/QmVs58APPUCVq74xCsVLCMdfB18yJTqFzgXNL5qEJu7GY6\"]}},\"version\":1}"},"hashes":{"allowance(address,address)":"dd62ed3e","approve(address,uint256)":"095ea7b3","balanceOf(address)":"70a08231","totalSupply()":"18160ddd","transfer(address,uint256)":"a9059cbb","transferFrom(address,address,uint256)":"23b872dd"}},"/solidity/MessageTransmitter.sol:IMessageHandler":{"code":"0x","runtime-code":"0x","info":{"source":"/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npragma solidity 0.7.6;\n\n/*\nThe MIT License (MIT)\n\nCopyright (c) 2016 Smart Contract Solutions, Inc.\n\nPermission is hereby granted, free of charge, to any person obtaining\na copy of this software and associated documentation files (the\n\"Software\"), to deal in the Software without restriction, including\nwithout limitation the rights to use, copy, modify, merge, publish,\ndistribute, sublicense, and/or sell copies of the Software, and to\npermit persons to whom the Software is furnished to do so, subject to\nthe following conditions:\n\nThe above copyright notice and this permission notice shall be included\nin all copies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS\nOR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF\nMERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.\nIN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY\nCLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,\nTORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE\nSOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n*/\n\nlibrary TypedMemView {\n using SafeMath for uint256;\n\n // Why does this exist?\n // the solidity `bytes memory` type has a few weaknesses.\n // 1. You can't index ranges effectively\n // 2. You can't slice without copying\n // 3. The underlying data may represent any type\n // 4. Solidity never deallocates memory, and memory costs grow\n // superlinearly\n\n // By using a memory view instead of a `bytes memory` we get the following\n // advantages:\n // 1. Slices are done on the stack, by manipulating the pointer\n // 2. We can index arbitrary ranges and quickly convert them to stack types\n // 3. We can insert type info into the pointer, and typecheck at runtime\n\n // This makes `TypedMemView` a useful tool for efficient zero-copy\n // algorithms.\n\n // Why bytes29?\n // We want to avoid confusion between views, digests, and other common\n // types so we chose a large and uncommonly used odd number of bytes\n //\n // Note that while bytes are left-aligned in a word, integers and addresses\n // are right-aligned. This means when working in assembly we have to\n // account for the 3 unused bytes on the righthand side\n //\n // First 5 bytes are a type flag.\n // - ff_ffff_fffe is reserved for unknown type.\n // - ff_ffff_ffff is reserved for invalid types/errors.\n // next 12 are memory address\n // next 12 are len\n // bottom 3 bytes are empty\n\n // Assumptions:\n // - non-modification of memory.\n // - No Solidity updates\n // - - wrt free mem point\n // - - wrt bytes representation in memory\n // - - wrt memory addressing in general\n\n // Usage:\n // - create type constants\n // - use `assertType` for runtime type assertions\n // - - unfortunately we can't do this at compile time yet :(\n // - recommended: implement modifiers that perform type checking\n // - - e.g.\n // - - `uint40 constant MY_TYPE = 3;`\n // - - ` modifer onlyMyType(bytes29 myView) { myView.assertType(MY_TYPE); }`\n // - instantiate a typed view from a bytearray using `ref`\n // - use `index` to inspect the contents of the view\n // - use `slice` to create smaller views into the same memory\n // - - `slice` can increase the offset\n // - - `slice can decrease the length`\n // - - must specify the output type of `slice`\n // - - `slice` will return a null view if you try to overrun\n // - - make sure to explicitly check for this with `notNull` or `assertType`\n // - use `equal` for typed comparisons.\n\n // The null view\n bytes29 public constant NULL = hex\"ffffffffffffffffffffffffffffffffffffffffffffffffffffffffff\";\n uint256 constant LOW_12_MASK = 0xffffffffffffffffffffffff;\n uint8 constant TWELVE_BYTES = 96;\n\n /**\n * @notice Returns the encoded hex character that represents the lower 4 bits of the argument.\n * @param _b The byte\n * @return char - The encoded hex character\n */\n function nibbleHex(uint8 _b) internal pure returns (uint8 char) {\n // This can probably be done more efficiently, but it's only in error\n // paths, so we don't really care :)\n uint8 _nibble = _b | 0xf0; // set top 4, keep bottom 4\n if (_nibble == 0xf0) {return 0x30;} // 0\n if (_nibble == 0xf1) {return 0x31;} // 1\n if (_nibble == 0xf2) {return 0x32;} // 2\n if (_nibble == 0xf3) {return 0x33;} // 3\n if (_nibble == 0xf4) {return 0x34;} // 4\n if (_nibble == 0xf5) {return 0x35;} // 5\n if (_nibble == 0xf6) {return 0x36;} // 6\n if (_nibble == 0xf7) {return 0x37;} // 7\n if (_nibble == 0xf8) {return 0x38;} // 8\n if (_nibble == 0xf9) {return 0x39;} // 9\n if (_nibble == 0xfa) {return 0x61;} // a\n if (_nibble == 0xfb) {return 0x62;} // b\n if (_nibble == 0xfc) {return 0x63;} // c\n if (_nibble == 0xfd) {return 0x64;} // d\n if (_nibble == 0xfe) {return 0x65;} // e\n if (_nibble == 0xff) {return 0x66;} // f\n }\n\n /**\n * @notice Returns a uint16 containing the hex-encoded byte.\n * @param _b The byte\n * @return encoded - The hex-encoded byte\n */\n function byteHex(uint8 _b) internal pure returns (uint16 encoded) {\n encoded |= nibbleHex(_b \u003e\u003e 4); // top 4 bits\n encoded \u003c\u003c= 8;\n encoded |= nibbleHex(_b); // lower 4 bits\n }\n\n /**\n * @notice Encodes the uint256 to hex. `first` contains the encoded top 16 bytes.\n * `second` contains the encoded lower 16 bytes.\n *\n * @param _b The 32 bytes as uint256\n * @return first - The top 16 bytes\n * @return second - The bottom 16 bytes\n */\n function encodeHex(uint256 _b) internal pure returns (uint256 first, uint256 second) {\n for (uint8 i = 31; i \u003e 15; i -= 1) {\n uint8 _byte = uint8(_b \u003e\u003e (i * 8));\n first |= byteHex(_byte);\n if (i != 16) {\n first \u003c\u003c= 16;\n }\n }\n\n // abusing underflow here =_=\n for (uint8 i = 15; i \u003c 255 ; i -= 1) {\n uint8 _byte = uint8(_b \u003e\u003e (i * 8));\n second |= byteHex(_byte);\n if (i != 0) {\n second \u003c\u003c= 16;\n }\n }\n }\n\n /**\n * @notice Changes the endianness of a uint256.\n * @dev https://graphics.stanford.edu/~seander/bithacks.html#ReverseParallel\n * @param _b The unsigned integer to reverse\n * @return v - The reversed value\n */\n function reverseUint256(uint256 _b) internal pure returns (uint256 v) {\n v = _b;\n\n // swap bytes\n v = ((v \u003e\u003e 8) \u0026 0x00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF) |\n ((v \u0026 0x00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF) \u003c\u003c 8);\n // swap 2-byte long pairs\n v = ((v \u003e\u003e 16) \u0026 0x0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF) |\n ((v \u0026 0x0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF) \u003c\u003c 16);\n // swap 4-byte long pairs\n v = ((v \u003e\u003e 32) \u0026 0x00000000FFFFFFFF00000000FFFFFFFF00000000FFFFFFFF00000000FFFFFFFF) |\n ((v \u0026 0x00000000FFFFFFFF00000000FFFFFFFF00000000FFFFFFFF00000000FFFFFFFF) \u003c\u003c 32);\n // swap 8-byte long pairs\n v = ((v \u003e\u003e 64) \u0026 0x0000000000000000FFFFFFFFFFFFFFFF0000000000000000FFFFFFFFFFFFFFFF) |\n ((v \u0026 0x0000000000000000FFFFFFFFFFFFFFFF0000000000000000FFFFFFFFFFFFFFFF) \u003c\u003c 64);\n // swap 16-byte long pairs\n v = (v \u003e\u003e 128) | (v \u003c\u003c 128);\n }\n\n /**\n * @notice Create a mask with the highest `_len` bits set.\n * @param _len The length\n * @return mask - The mask\n */\n function leftMask(uint8 _len) private pure returns (uint256 mask) {\n // ugly. redo without assembly?\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n mask := sar(\n sub(_len, 1),\n 0x8000000000000000000000000000000000000000000000000000000000000000\n )\n }\n }\n\n /**\n * @notice Return the null view.\n * @return bytes29 - The null view\n */\n function nullView() internal pure returns (bytes29) {\n return NULL;\n }\n\n /**\n * @notice Check if the view is null.\n * @return bool - True if the view is null\n */\n function isNull(bytes29 memView) internal pure returns (bool) {\n return memView == NULL;\n }\n\n /**\n * @notice Check if the view is not null.\n * @return bool - True if the view is not null\n */\n function notNull(bytes29 memView) internal pure returns (bool) {\n return !isNull(memView);\n }\n\n /**\n * @notice Check if the view is of a valid type and points to a valid location\n * in memory.\n * @dev We perform this check by examining solidity's unallocated memory\n * pointer and ensuring that the view's upper bound is less than that.\n * @param memView The view\n * @return ret - True if the view is valid\n */\n function isValid(bytes29 memView) internal pure returns (bool ret) {\n if (typeOf(memView) == 0xffffffffff) {return false;}\n uint256 _end = end(memView);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n ret := not(gt(_end, mload(0x40)))\n }\n }\n\n /**\n * @notice Require that a typed memory view be valid.\n * @dev Returns the view for easy chaining.\n * @param memView The view\n * @return bytes29 - The validated view\n */\n function assertValid(bytes29 memView) internal pure returns (bytes29) {\n require(isValid(memView), \"Validity assertion failed\");\n return memView;\n }\n\n /**\n * @notice Return true if the memview is of the expected type. Otherwise false.\n * @param memView The view\n * @param _expected The expected type\n * @return bool - True if the memview is of the expected type\n */\n function isType(bytes29 memView, uint40 _expected) internal pure returns (bool) {\n return typeOf(memView) == _expected;\n }\n\n /**\n * @notice Require that a typed memory view has a specific type.\n * @dev Returns the view for easy chaining.\n * @param memView The view\n * @param _expected The expected type\n * @return bytes29 - The view with validated type\n */\n function assertType(bytes29 memView, uint40 _expected) internal pure returns (bytes29) {\n if (!isType(memView, _expected)) {\n (, uint256 g) = encodeHex(uint256(typeOf(memView)));\n (, uint256 e) = encodeHex(uint256(_expected));\n string memory err = string(\n abi.encodePacked(\n \"Type assertion failed. Got 0x\",\n uint80(g),\n \". Expected 0x\",\n uint80(e)\n )\n );\n revert(err);\n }\n return memView;\n }\n\n /**\n * @notice Return an identical view with a different type.\n * @param memView The view\n * @param _newType The new type\n * @return newView - The new view with the specified type\n */\n function castTo(bytes29 memView, uint40 _newType) internal pure returns (bytes29 newView) {\n // then | in the new type\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n // shift off the top 5 bytes\n newView := or(newView, shr(40, shl(40, memView)))\n newView := or(newView, shl(216, _newType))\n }\n }\n\n /**\n * @notice Unsafe raw pointer construction. This should generally not be called\n * directly. Prefer `ref` wherever possible.\n * @dev Unsafe raw pointer construction. This should generally not be called\n * directly. Prefer `ref` wherever possible.\n * @param _type The type\n * @param _loc The memory address\n * @param _len The length\n * @return newView - The new view with the specified type, location and length\n */\n function unsafeBuildUnchecked(uint256 _type, uint256 _loc, uint256 _len) private pure returns (bytes29 newView) {\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n newView := shl(96, or(newView, _type)) // insert type\n newView := shl(96, or(newView, _loc)) // insert loc\n newView := shl(24, or(newView, _len)) // empty bottom 3 bytes\n }\n }\n\n /**\n * @notice Instantiate a new memory view. This should generally not be called\n * directly. Prefer `ref` wherever possible.\n * @dev Instantiate a new memory view. This should generally not be called\n * directly. Prefer `ref` wherever possible.\n * @param _type The type\n * @param _loc The memory address\n * @param _len The length\n * @return newView - The new view with the specified type, location and length\n */\n function build(uint256 _type, uint256 _loc, uint256 _len) internal pure returns (bytes29 newView) {\n uint256 _end = _loc.add(_len);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n if gt(_end, mload(0x40)) {\n _end := 0\n }\n }\n if (_end == 0) {\n return NULL;\n }\n newView = unsafeBuildUnchecked(_type, _loc, _len);\n }\n\n /**\n * @notice Instantiate a memory view from a byte array.\n * @dev Note that due to Solidity memory representation, it is not possible to\n * implement a deref, as the `bytes` type stores its len in memory.\n * @param arr The byte array\n * @param newType The type\n * @return bytes29 - The memory view\n */\n function ref(bytes memory arr, uint40 newType) internal pure returns (bytes29) {\n uint256 _len = arr.length;\n\n uint256 _loc;\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n _loc := add(arr, 0x20) // our view is of the data, not the struct\n }\n\n return build(newType, _loc, _len);\n }\n\n /**\n * @notice Return the associated type information.\n * @param memView The memory view\n * @return _type - The type associated with the view\n */\n function typeOf(bytes29 memView) internal pure returns (uint40 _type) {\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n // 216 == 256 - 40\n _type := shr(216, memView) // shift out lower 24 bytes\n }\n }\n\n /**\n * @notice Optimized type comparison. Checks that the 5-byte type flag is equal.\n * @param left The first view\n * @param right The second view\n * @return bool - True if the 5-byte type flag is equal\n */\n function sameType(bytes29 left, bytes29 right) internal pure returns (bool) {\n return (left ^ right) \u003e\u003e (2 * TWELVE_BYTES) == 0;\n }\n\n /**\n * @notice Return the memory address of the underlying bytes.\n * @param memView The view\n * @return _loc - The memory address\n */\n function loc(bytes29 memView) internal pure returns (uint96 _loc) {\n uint256 _mask = LOW_12_MASK; // assembly can't use globals\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n // 120 bits = 12 bytes (the encoded loc) + 3 bytes (empty low space)\n _loc := and(shr(120, memView), _mask)\n }\n }\n\n /**\n * @notice The number of memory words this memory view occupies, rounded up.\n * @param memView The view\n * @return uint256 - The number of memory words\n */\n function words(bytes29 memView) internal pure returns (uint256) {\n return uint256(len(memView)).add(32) / 32;\n }\n\n /**\n * @notice The in-memory footprint of a fresh copy of the view.\n * @param memView The view\n * @return uint256 - The in-memory footprint of a fresh copy of the view.\n */\n function footprint(bytes29 memView) internal pure returns (uint256) {\n return words(memView) * 32;\n }\n\n /**\n * @notice The number of bytes of the view.\n * @param memView The view\n * @return _len - The length of the view\n */\n function len(bytes29 memView) internal pure returns (uint96 _len) {\n uint256 _mask = LOW_12_MASK; // assembly can't use globals\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n _len := and(shr(24, memView), _mask)\n }\n }\n\n /**\n * @notice Returns the endpoint of `memView`.\n * @param memView The view\n * @return uint256 - The endpoint of `memView`\n */\n function end(bytes29 memView) internal pure returns (uint256) {\n return loc(memView) + len(memView);\n }\n\n /**\n * @notice Safe slicing without memory modification.\n * @param memView The view\n * @param _index The start index\n * @param _len The length\n * @param newType The new type\n * @return bytes29 - The new view\n */\n function slice(bytes29 memView, uint256 _index, uint256 _len, uint40 newType) internal pure returns (bytes29) {\n uint256 _loc = loc(memView);\n\n // Ensure it doesn't overrun the view\n if (_loc.add(_index).add(_len) \u003e end(memView)) {\n return NULL;\n }\n\n _loc = _loc.add(_index);\n return build(newType, _loc, _len);\n }\n\n /**\n * @notice Shortcut to `slice`. Gets a view representing the first `_len` bytes.\n * @param memView The view\n * @param _len The length\n * @param newType The new type\n * @return bytes29 - The new view\n */\n function prefix(bytes29 memView, uint256 _len, uint40 newType) internal pure returns (bytes29) {\n return slice(memView, 0, _len, newType);\n }\n\n /**\n * @notice Shortcut to `slice`. Gets a view representing the last `_len` byte.\n * @param memView The view\n * @param _len The length\n * @param newType The new type\n * @return bytes29 - The new view\n */\n function postfix(bytes29 memView, uint256 _len, uint40 newType) internal pure returns (bytes29) {\n return slice(memView, uint256(len(memView)).sub(_len), _len, newType);\n }\n\n /**\n * @notice Construct an error message for an indexing overrun.\n * @param _loc The memory address\n * @param _len The length\n * @param _index The index\n * @param _slice The slice where the overrun occurred\n * @return err - The err\n */\n function indexErrOverrun(\n uint256 _loc,\n uint256 _len,\n uint256 _index,\n uint256 _slice\n ) internal pure returns (string memory err) {\n (, uint256 a) = encodeHex(_loc);\n (, uint256 b) = encodeHex(_len);\n (, uint256 c) = encodeHex(_index);\n (, uint256 d) = encodeHex(_slice);\n err = string(\n abi.encodePacked(\n \"TypedMemView/index - Overran the view. Slice is at 0x\",\n uint48(a),\n \" with length 0x\",\n uint48(b),\n \". Attempted to index at offset 0x\",\n uint48(c),\n \" with length 0x\",\n uint48(d),\n \".\"\n )\n );\n }\n\n /**\n * @notice Load up to 32 bytes from the view onto the stack.\n * @dev Returns a bytes32 with only the `_bytes` highest bytes set.\n * This can be immediately cast to a smaller fixed-length byte array.\n * To automatically cast to an integer, use `indexUint`.\n * @param memView The view\n * @param _index The index\n * @param _bytes The bytes\n * @return result - The 32 byte result\n */\n function index(bytes29 memView, uint256 _index, uint8 _bytes) internal pure returns (bytes32 result) {\n if (_bytes == 0) {return bytes32(0);}\n if (_index.add(_bytes) \u003e len(memView)) {\n revert(indexErrOverrun(loc(memView), len(memView), _index, uint256(_bytes)));\n }\n require(_bytes \u003c= 32, \"TypedMemView/index - Attempted to index more than 32 bytes\");\n\n uint8 bitLength = _bytes * 8;\n uint256 _loc = loc(memView);\n uint256 _mask = leftMask(bitLength);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n result := and(mload(add(_loc, _index)), _mask)\n }\n }\n\n /**\n * @notice Parse an unsigned integer from the view at `_index`.\n * @dev Requires that the view have \u003e= `_bytes` bytes following that index.\n * @param memView The view\n * @param _index The index\n * @param _bytes The bytes\n * @return result - The unsigned integer\n */\n function indexUint(bytes29 memView, uint256 _index, uint8 _bytes) internal pure returns (uint256 result) {\n return uint256(index(memView, _index, _bytes)) \u003e\u003e ((32 - _bytes) * 8);\n }\n\n /**\n * @notice Parse an unsigned integer from LE bytes.\n * @param memView The view\n * @param _index The index\n * @param _bytes The bytes\n * @return result - The unsigned integer\n */\n function indexLEUint(bytes29 memView, uint256 _index, uint8 _bytes) internal pure returns (uint256 result) {\n return reverseUint256(uint256(index(memView, _index, _bytes)));\n }\n\n /**\n * @notice Parse an address from the view at `_index`. Requires that the view have \u003e= 20 bytes\n * following that index.\n * @param memView The view\n * @param _index The index\n * @return address - The address\n */\n function indexAddress(bytes29 memView, uint256 _index) internal pure returns (address) {\n return address(uint160(indexUint(memView, _index, 20)));\n }\n\n /**\n * @notice Return the keccak256 hash of the underlying memory\n * @param memView The view\n * @return digest - The keccak256 hash of the underlying memory\n */\n function keccak(bytes29 memView) internal pure returns (bytes32 digest) {\n uint256 _loc = loc(memView);\n uint256 _len = len(memView);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n digest := keccak256(_loc, _len)\n }\n }\n\n /**\n * @notice Return the sha2 digest of the underlying memory.\n * @dev We explicitly deallocate memory afterwards.\n * @param memView The view\n * @return digest - The sha2 hash of the underlying memory\n */\n function sha2(bytes29 memView) internal view returns (bytes32 digest) {\n uint256 _loc = loc(memView);\n uint256 _len = len(memView);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n let ptr := mload(0x40)\n pop(staticcall(gas(), 2, _loc, _len, ptr, 0x20)) // sha2 #1\n digest := mload(ptr)\n }\n }\n\n /**\n * @notice Implements bitcoin's hash160 (rmd160(sha2()))\n * @param memView The pre-image\n * @return digest - the Digest\n */\n function hash160(bytes29 memView) internal view returns (bytes20 digest) {\n uint256 _loc = loc(memView);\n uint256 _len = len(memView);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n let ptr := mload(0x40)\n pop(staticcall(gas(), 2, _loc, _len, ptr, 0x20)) // sha2\n pop(staticcall(gas(), 3, ptr, 0x20, ptr, 0x20)) // rmd160\n digest := mload(add(ptr, 0xc)) // return value is 0-prefixed.\n }\n }\n\n /**\n * @notice Implements bitcoin's hash256 (double sha2)\n * @param memView A view of the preimage\n * @return digest - the Digest\n */\n function hash256(bytes29 memView) internal view returns (bytes32 digest) {\n uint256 _loc = loc(memView);\n uint256 _len = len(memView);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n let ptr := mload(0x40)\n pop(staticcall(gas(), 2, _loc, _len, ptr, 0x20)) // sha2 #1\n pop(staticcall(gas(), 2, ptr, 0x20, ptr, 0x20)) // sha2 #2\n digest := mload(ptr)\n }\n }\n\n /**\n * @notice Return true if the underlying memory is equal. Else false.\n * @param left The first view\n * @param right The second view\n * @return bool - True if the underlying memory is equal\n */\n function untypedEqual(bytes29 left, bytes29 right) internal pure returns (bool) {\n return (loc(left) == loc(right) \u0026\u0026 len(left) == len(right)) || keccak(left) == keccak(right);\n }\n\n /**\n * @notice Return false if the underlying memory is equal. Else true.\n * @param left The first view\n * @param right The second view\n * @return bool - False if the underlying memory is equal\n */\n function untypedNotEqual(bytes29 left, bytes29 right) internal pure returns (bool) {\n return !untypedEqual(left, right);\n }\n\n /**\n * @notice Compares type equality.\n * @dev Shortcuts if the pointers are identical, otherwise compares type and digest.\n * @param left The first view\n * @param right The second view\n * @return bool - True if the types are the same\n */\n function equal(bytes29 left, bytes29 right) internal pure returns (bool) {\n return left == right || (typeOf(left) == typeOf(right) \u0026\u0026 keccak(left) == keccak(right));\n }\n\n /**\n * @notice Compares type inequality.\n * @dev Shortcuts if the pointers are identical, otherwise compares type and digest.\n * @param left The first view\n * @param right The second view\n * @return bool - True if the types are not the same\n */\n function notEqual(bytes29 left, bytes29 right) internal pure returns (bool) {\n return !equal(left, right);\n }\n\n /**\n * @notice Copy the view to a location, return an unsafe memory reference\n * @dev Super Dangerous direct memory access.\n *\n * This reference can be overwritten if anything else modifies memory (!!!).\n * As such it MUST be consumed IMMEDIATELY.\n * This function is private to prevent unsafe usage by callers.\n * @param memView The view\n * @param _newLoc The new location\n * @return written - the unsafe memory reference\n */\n function unsafeCopyTo(bytes29 memView, uint256 _newLoc) private view returns (bytes29 written) {\n require(notNull(memView), \"TypedMemView/copyTo - Null pointer deref\");\n require(isValid(memView), \"TypedMemView/copyTo - Invalid pointer deref\");\n uint256 _len = len(memView);\n uint256 _oldLoc = loc(memView);\n\n uint256 ptr;\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n ptr := mload(0x40)\n // revert if we're writing in occupied memory\n if gt(ptr, _newLoc) {\n revert(0x60, 0x20) // empty revert message\n }\n\n // use the identity precompile to copy\n // guaranteed not to fail, so pop the success\n pop(staticcall(gas(), 4, _oldLoc, _len, _newLoc, _len))\n }\n\n written = unsafeBuildUnchecked(typeOf(memView), _newLoc, _len);\n }\n\n /**\n * @notice Copies the referenced memory to a new loc in memory, returning a `bytes` pointing to\n * the new memory\n * @dev Shortcuts if the pointers are identical, otherwise compares type and digest.\n * @param memView The view\n * @return ret - The view pointing to the new memory\n */\n function clone(bytes29 memView) internal view returns (bytes memory ret) {\n uint256 ptr;\n uint256 _len = len(memView);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n ptr := mload(0x40) // load unused memory pointer\n ret := ptr\n }\n unsafeCopyTo(memView, ptr + 0x20);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n mstore(0x40, add(add(ptr, _len), 0x20)) // write new unused pointer\n mstore(ptr, _len) // write len of new array (in bytes)\n }\n }\n\n /**\n * @notice Join the views in memory, return an unsafe reference to the memory.\n * @dev Super Dangerous direct memory access.\n *\n * This reference can be overwritten if anything else modifies memory (!!!).\n * As such it MUST be consumed IMMEDIATELY.\n * This function is private to prevent unsafe usage by callers.\n * @param memViews The views\n * @return unsafeView - The conjoined view pointing to the new memory\n */\n function unsafeJoin(bytes29[] memory memViews, uint256 _location) private view returns (bytes29 unsafeView) {\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n let ptr := mload(0x40)\n // revert if we're writing in occupied memory\n if gt(ptr, _location) {\n revert(0x60, 0x20) // empty revert message\n }\n }\n\n uint256 _offset = 0;\n for (uint256 i = 0; i \u003c memViews.length; i ++) {\n bytes29 memView = memViews[i];\n unsafeCopyTo(memView, _location + _offset);\n _offset += len(memView);\n }\n unsafeView = unsafeBuildUnchecked(0, _location, _offset);\n }\n\n /**\n * @notice Produce the keccak256 digest of the concatenated contents of multiple views.\n * @param memViews The views\n * @return bytes32 - The keccak256 digest\n */\n function joinKeccak(bytes29[] memory memViews) internal view returns (bytes32) {\n uint256 ptr;\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n ptr := mload(0x40) // load unused memory pointer\n }\n return keccak(unsafeJoin(memViews, ptr));\n }\n\n /**\n * @notice Produce the sha256 digest of the concatenated contents of multiple views.\n * @param memViews The views\n * @return bytes32 - The sha256 digest\n */\n function joinSha2(bytes29[] memory memViews) internal view returns (bytes32) {\n uint256 ptr;\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n ptr := mload(0x40) // load unused memory pointer\n }\n return sha2(unsafeJoin(memViews, ptr));\n }\n\n /**\n * @notice copies all views, joins them into a new bytearray.\n * @param memViews The views\n * @return ret - The new byte array\n */\n function join(bytes29[] memory memViews) internal view returns (bytes memory ret) {\n uint256 ptr;\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n ptr := mload(0x40) // load unused memory pointer\n }\n\n bytes29 _newView = unsafeJoin(memViews, ptr + 0x20);\n uint256 _written = len(_newView);\n uint256 _footprint = footprint(_newView);\n\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n // store the legnth\n mstore(ptr, _written)\n // new pointer is old + 0x20 + the footprint of the body\n mstore(0x40, add(add(ptr, _footprint), 0x20))\n ret := ptr\n }\n }\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * @title IRelayer\n * @notice Sends messages from source domain to destination domain\n */\ninterface IRelayer {\n /**\n * @notice Sends an outgoing message from the source domain.\n * @dev Increment nonce, format the message, and emit `MessageSent` event with message information.\n * @param destinationDomain Domain of destination chain\n * @param recipient Address of message recipient on destination domain as bytes32\n * @param messageBody Raw bytes content of message\n * @return nonce reserved by message\n */\n function sendMessage(\n uint32 destinationDomain,\n bytes32 recipient,\n bytes calldata messageBody\n ) external returns (uint64);\n\n /**\n * @notice Sends an outgoing message from the source domain, with a specified caller on the\n * destination domain.\n * @dev Increment nonce, format the message, and emit `MessageSent` event with message information.\n * WARNING: if the `destinationCaller` does not represent a valid address as bytes32, then it will not be possible\n * to broadcast the message on the destination domain. This is an advanced feature, and the standard\n * sendMessage() should be preferred for use cases where a specific destination caller is not required.\n * @param destinationDomain Domain of destination chain\n * @param recipient Address of message recipient on destination domain as bytes32\n * @param destinationCaller caller on the destination domain, as bytes32\n * @param messageBody Raw bytes content of message\n * @return nonce reserved by message\n */\n function sendMessageWithCaller(\n uint32 destinationDomain,\n bytes32 recipient,\n bytes32 destinationCaller,\n bytes calldata messageBody\n ) external returns (uint64);\n\n /**\n * @notice Replace a message with a new message body and/or destination caller.\n * @dev The `originalAttestation` must be a valid attestation of `originalMessage`.\n * @param originalMessage original message to replace\n * @param originalAttestation attestation of `originalMessage`\n * @param newMessageBody new message body of replaced message\n * @param newDestinationCaller the new destination caller\n */\n function replaceMessage(\n bytes calldata originalMessage,\n bytes calldata originalAttestation,\n bytes calldata newMessageBody,\n bytes32 newDestinationCaller\n ) external;\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * @title IReceiver\n * @notice Receives messages on destination chain and forwards them to IMessageDestinationHandler\n */\ninterface IReceiver {\n /**\n * @notice Receives an incoming message, validating the header and passing\n * the body to application-specific handler.\n * @param message The message raw bytes\n * @param signature The message signature\n * @return success bool, true if successful\n */\n function receiveMessage(bytes calldata message, bytes calldata signature)\n external\n returns (bool success);\n}\n\n/**\n * @title IMessageTransmitter\n * @notice Interface for message transmitters, which both relay and receive messages.\n */\ninterface IMessageTransmitter is IRelayer, IReceiver {\n\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * @title IMessageHandler\n * @notice Handles messages on destination domain forwarded from\n * an IReceiver\n */\ninterface IMessageHandler {\n /**\n * @notice handles an incoming message from a Receiver\n * @param sourceDomain the source domain of the message\n * @param sender the sender of the message\n * @param messageBody The message raw bytes\n * @return success bool, true if successful\n */\n function handleReceiveMessage(\n uint32 sourceDomain,\n bytes32 sender,\n bytes calldata messageBody\n ) external returns (bool);\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * @title Message Library\n * @notice Library for formatted messages used by Relayer and Receiver.\n *\n * @dev The message body is dynamically-sized to support custom message body\n * formats. Other fields must be fixed-size to avoid hash collisions.\n * Each other input value has an explicit type to guarantee fixed-size.\n * Padding: uintNN fields are left-padded, and bytesNN fields are right-padded.\n *\n * Field Bytes Type Index\n * version 4 uint32 0\n * sourceDomain 4 uint32 4\n * destinationDomain 4 uint32 8\n * nonce 8 uint64 12\n * sender 32 bytes32 20\n * recipient 32 bytes32 52\n * destinationCaller 32 bytes32 84\n * messageBody dynamic bytes 116\n *\n **/\nlibrary Message {\n using TypedMemView for bytes;\n using TypedMemView for bytes29;\n\n // Indices of each field in message\n uint8 private constant VERSION_INDEX = 0;\n uint8 private constant SOURCE_DOMAIN_INDEX = 4;\n uint8 private constant DESTINATION_DOMAIN_INDEX = 8;\n uint8 private constant NONCE_INDEX = 12;\n uint8 private constant SENDER_INDEX = 20;\n uint8 private constant RECIPIENT_INDEX = 52;\n uint8 private constant DESTINATION_CALLER_INDEX = 84;\n uint8 private constant MESSAGE_BODY_INDEX = 116;\n\n /**\n * @notice Returns formatted (packed) message with provided fields\n * @param _msgVersion the version of the message format\n * @param _msgSourceDomain Domain of home chain\n * @param _msgDestinationDomain Domain of destination chain\n * @param _msgNonce Destination-specific nonce\n * @param _msgSender Address of sender on source chain as bytes32\n * @param _msgRecipient Address of recipient on destination chain as bytes32\n * @param _msgDestinationCaller Address of caller on destination chain as bytes32\n * @param _msgRawBody Raw bytes of message body\n * @return Formatted message\n **/\n function _formatMessage(\n uint32 _msgVersion,\n uint32 _msgSourceDomain,\n uint32 _msgDestinationDomain,\n uint64 _msgNonce,\n bytes32 _msgSender,\n bytes32 _msgRecipient,\n bytes32 _msgDestinationCaller,\n bytes memory _msgRawBody\n ) internal pure returns (bytes memory) {\n return\n abi.encodePacked(\n _msgVersion,\n _msgSourceDomain,\n _msgDestinationDomain,\n _msgNonce,\n _msgSender,\n _msgRecipient,\n _msgDestinationCaller,\n _msgRawBody\n );\n }\n\n // @notice Returns _message's version field\n function _version(bytes29 _message) internal pure returns (uint32) {\n return uint32(_message.indexUint(VERSION_INDEX, 4));\n }\n\n // @notice Returns _message's sourceDomain field\n function _sourceDomain(bytes29 _message) internal pure returns (uint32) {\n return uint32(_message.indexUint(SOURCE_DOMAIN_INDEX, 4));\n }\n\n // @notice Returns _message's destinationDomain field\n function _destinationDomain(bytes29 _message)\n internal\n pure\n returns (uint32)\n {\n return uint32(_message.indexUint(DESTINATION_DOMAIN_INDEX, 4));\n }\n\n // @notice Returns _message's nonce field\n function _nonce(bytes29 _message) internal pure returns (uint64) {\n return uint64(_message.indexUint(NONCE_INDEX, 8));\n }\n\n // @notice Returns _message's sender field\n function _sender(bytes29 _message) internal pure returns (bytes32) {\n return _message.index(SENDER_INDEX, 32);\n }\n\n // @notice Returns _message's recipient field\n function _recipient(bytes29 _message) internal pure returns (bytes32) {\n return _message.index(RECIPIENT_INDEX, 32);\n }\n\n // @notice Returns _message's destinationCaller field\n function _destinationCaller(bytes29 _message)\n internal\n pure\n returns (bytes32)\n {\n return _message.index(DESTINATION_CALLER_INDEX, 32);\n }\n\n // @notice Returns _message's messageBody field\n function _messageBody(bytes29 _message) internal pure returns (bytes29) {\n return\n _message.slice(\n MESSAGE_BODY_INDEX,\n _message.len() - MESSAGE_BODY_INDEX,\n 0\n );\n }\n\n /**\n * @notice converts address to bytes32 (alignment preserving cast.)\n * @param addr the address to convert to bytes32\n */\n function addressToBytes32(address addr) external pure returns (bytes32) {\n return bytes32(uint256(uint160(addr)));\n }\n\n /**\n * @notice converts bytes32 to address (alignment preserving cast.)\n * @dev Warning: it is possible to have different input values _buf map to the same address.\n * For use cases where this is not acceptable, validate that the first 12 bytes of _buf are zero-padding.\n * @param _buf the bytes32 to convert to address\n */\n function bytes32ToAddress(bytes32 _buf) public pure returns (address) {\n return address(uint160(uint256(_buf)));\n }\n\n /**\n * @notice Reverts if message is malformed or incorrect length\n * @param _message The message as bytes29\n */\n function _validateMessageFormat(bytes29 _message) internal pure {\n require(_message.isValid(), \"Malformed message\");\n require(\n _message.len() \u003e= MESSAGE_BODY_INDEX,\n \"Invalid message: too short\"\n );\n }\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/*\n * @dev Provides information about the current execution context, including the\n * sender of the transaction and its data. While these are generally available\n * via msg.sender and msg.data, they should not be accessed in such a direct\n * manner, since when dealing with GSN meta-transactions the account sending and\n * paying for execution may not be the actual sender (as far as an application\n * is concerned).\n *\n * This contract is only required for intermediate, library-like contracts.\n */\nabstract contract Context {\n function _msgSender() internal view virtual returns (address payable) {\n return msg.sender;\n }\n\n function _msgData() internal view virtual returns (bytes memory) {\n this; // silence state mutability warning without generating bytecode - see https://github.com/ethereum/solidity/issues/2691\n return msg.data;\n }\n}\n\n/**\n * @dev forked from https://github.com/OpenZeppelin/openzeppelin-contracts/blob/7c5f6bc2c8743d83443fa46395d75f2f3f99054a/contracts/access/Ownable.sol\n * Modifications:\n * 1. Update Solidity version from 0.8.0 to 0.7.6 (11/9/2022). (v8 was used\n * as base because it includes internal _transferOwnership method.)\n * 2. Remove renounceOwnership function\n *\n * Description\n * Contract module which provides a basic access control mechanism, where\n * there is an account (an owner) that can be granted exclusive access to\n * specific functions.\n *\n * By default, the owner account will be the one that deploys the contract. This\n * can later be changed with {transferOwnership}.\n *\n * This module is used through inheritance. It will make available the modifier\n * `onlyOwner`, which can be applied to your functions to restrict their use to\n * the owner.\n */\nabstract contract Ownable is Context {\n address private _owner;\n\n event OwnershipTransferred(\n address indexed previousOwner,\n address indexed newOwner\n );\n\n /**\n * @dev Initializes the contract setting the deployer as the initial owner.\n */\n constructor() {\n _transferOwnership(_msgSender());\n }\n\n /**\n * @dev Throws if called by any account other than the owner.\n */\n modifier onlyOwner() {\n _checkOwner();\n _;\n }\n\n /**\n * @dev Returns the address of the current owner.\n */\n function owner() public view virtual returns (address) {\n return _owner;\n }\n\n /**\n * @dev Throws if the sender is not the owner.\n */\n function _checkOwner() internal view virtual {\n require(owner() == _msgSender(), \"Ownable: caller is not the owner\");\n }\n\n /**\n * @dev Transfers ownership of the contract to a new account (`newOwner`).\n * Can only be called by the current owner.\n */\n function transferOwnership(address newOwner) public virtual onlyOwner {\n require(\n newOwner != address(0),\n \"Ownable: new owner is the zero address\"\n );\n _transferOwnership(newOwner);\n }\n\n /**\n * @dev Transfers ownership of the contract to a new account (`newOwner`).\n * Internal function without access restriction.\n */\n function _transferOwnership(address newOwner) internal virtual {\n address oldOwner = _owner;\n _owner = newOwner;\n emit OwnershipTransferred(oldOwner, newOwner);\n }\n}\n\n/**\n * @dev forked from https://github.com/OpenZeppelin/openzeppelin-contracts/blob/7c5f6bc2c8743d83443fa46395d75f2f3f99054a/contracts/access/Ownable2Step.sol\n * Modifications:\n * 1. Update Solidity version from 0.8.0 to 0.7.6. Version 0.8.0 was used\n * as base because this contract was added to OZ repo after version 0.8.0.\n *\n * Contract module which provides access control mechanism, where\n * there is an account (an owner) that can be granted exclusive access to\n * specific functions.\n *\n * By default, the owner account will be the one that deploys the contract. This\n * can later be changed with {transferOwnership} and {acceptOwnership}.\n *\n * This module is used through inheritance. It will make available all functions\n * from parent (Ownable).\n */\nabstract contract Ownable2Step is Ownable {\n address private _pendingOwner;\n\n event OwnershipTransferStarted(\n address indexed previousOwner,\n address indexed newOwner\n );\n\n /**\n * @dev Returns the address of the pending owner.\n */\n function pendingOwner() public view virtual returns (address) {\n return _pendingOwner;\n }\n\n /**\n * @dev Starts the ownership transfer of the contract to a new account. Replaces the pending transfer if there is one.\n * Can only be called by the current owner.\n */\n function transferOwnership(address newOwner)\n public\n virtual\n override\n onlyOwner\n {\n _pendingOwner = newOwner;\n emit OwnershipTransferStarted(owner(), newOwner);\n }\n\n /**\n * @dev Transfers ownership of the contract to a new account (`newOwner`) and deletes any pending owner.\n * Internal function without access restriction.\n */\n function _transferOwnership(address newOwner) internal virtual override {\n delete _pendingOwner;\n super._transferOwnership(newOwner);\n }\n\n /**\n * @dev The new owner accepts the ownership transfer.\n */\n function acceptOwnership() external {\n address sender = _msgSender();\n require(\n pendingOwner() == sender,\n \"Ownable2Step: caller is not the new owner\"\n );\n _transferOwnership(sender);\n }\n}\n\n/**\n * @notice Base contract which allows children to implement an emergency stop\n * mechanism\n * @dev Forked from https://github.com/centrehq/centre-tokens/blob/0d3cab14ebd133a83fc834dbd48d0468bdf0b391/contracts/v1/Pausable.sol\n * Modifications:\n * 1. Update Solidity version from 0.6.12 to 0.7.6 (8/23/2022)\n * 2. Change pauser visibility to private, declare external getter (11/19/22)\n */\ncontract Pausable is Ownable2Step {\n event Pause();\n event Unpause();\n event PauserChanged(address indexed newAddress);\n\n address private _pauser;\n bool public paused = false;\n\n /**\n * @dev Modifier to make a function callable only when the contract is not paused.\n */\n modifier whenNotPaused() {\n require(!paused, \"Pausable: paused\");\n _;\n }\n\n /**\n * @dev throws if called by any account other than the pauser\n */\n modifier onlyPauser() {\n require(msg.sender == _pauser, \"Pausable: caller is not the pauser\");\n _;\n }\n\n /**\n * @notice Returns current pauser\n * @return Pauser's address\n */\n function pauser() external view returns (address) {\n return _pauser;\n }\n\n /**\n * @dev called by the owner to pause, triggers stopped state\n */\n function pause() external onlyPauser {\n paused = true;\n emit Pause();\n }\n\n /**\n * @dev called by the owner to unpause, returns to normal state\n */\n function unpause() external onlyPauser {\n paused = false;\n emit Unpause();\n }\n\n /**\n * @dev update the pauser role\n */\n function updatePauser(address _newPauser) external onlyOwner {\n require(\n _newPauser != address(0),\n \"Pausable: new pauser is the zero address\"\n );\n _pauser = _newPauser;\n emit PauserChanged(_pauser);\n }\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * @dev Interface of the ERC20 standard as defined in the EIP.\n */\ninterface IERC20 {\n /**\n * @dev Returns the amount of tokens in existence.\n */\n function totalSupply() external view returns (uint256);\n\n /**\n * @dev Returns the amount of tokens owned by `account`.\n */\n function balanceOf(address account) external view returns (uint256);\n\n /**\n * @dev Moves `amount` tokens from the caller's account to `recipient`.\n *\n * Returns a boolean value indicating whether the operation succeeded.\n *\n * Emits a {Transfer} event.\n */\n function transfer(address recipient, uint256 amount) external returns (bool);\n\n /**\n * @dev Returns the remaining number of tokens that `spender` will be\n * allowed to spend on behalf of `owner` through {transferFrom}. This is\n * zero by default.\n *\n * This value changes when {approve} or {transferFrom} are called.\n */\n function allowance(address owner, address spender) external view returns (uint256);\n\n /**\n * @dev Sets `amount` as the allowance of `spender` over the caller's tokens.\n *\n * Returns a boolean value indicating whether the operation succeeded.\n *\n * IMPORTANT: Beware that changing an allowance with this method brings the risk\n * that someone may use both the old and the new allowance by unfortunate\n * transaction ordering. One possible solution to mitigate this race\n * condition is to first reduce the spender's allowance to 0 and set the\n * desired value afterwards:\n * https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729\n *\n * Emits an {Approval} event.\n */\n function approve(address spender, uint256 amount) external returns (bool);\n\n /**\n * @dev Moves `amount` tokens from `sender` to `recipient` using the\n * allowance mechanism. `amount` is then deducted from the caller's\n * allowance.\n *\n * Returns a boolean value indicating whether the operation succeeded.\n *\n * Emits a {Transfer} event.\n */\n function transferFrom(address sender, address recipient, uint256 amount) external returns (bool);\n\n /**\n * @dev Emitted when `value` tokens are moved from one account (`from`) to\n * another (`to`).\n *\n * Note that `value` may be zero.\n */\n event Transfer(address indexed from, address indexed to, uint256 value);\n\n /**\n * @dev Emitted when the allowance of a `spender` for an `owner` is set by\n * a call to {approve}. `value` is the new allowance.\n */\n event Approval(address indexed owner, address indexed spender, uint256 value);\n}\n\n/**\n * @dev Wrappers over Solidity's arithmetic operations with added overflow\n * checks.\n *\n * Arithmetic operations in Solidity wrap on overflow. This can easily result\n * in bugs, because programmers usually assume that an overflow raises an\n * error, which is the standard behavior in high level programming languages.\n * `SafeMath` restores this intuition by reverting the transaction when an\n * operation overflows.\n *\n * Using this library instead of the unchecked operations eliminates an entire\n * class of bugs, so it's recommended to use it always.\n */\nlibrary SafeMath {\n /**\n * @dev Returns the addition of two unsigned integers, with an overflow flag.\n *\n * _Available since v3.4._\n */\n function tryAdd(uint256 a, uint256 b) internal pure returns (bool, uint256) {\n uint256 c = a + b;\n if (c \u003c a) return (false, 0);\n return (true, c);\n }\n\n /**\n * @dev Returns the substraction of two unsigned integers, with an overflow flag.\n *\n * _Available since v3.4._\n */\n function trySub(uint256 a, uint256 b) internal pure returns (bool, uint256) {\n if (b \u003e a) return (false, 0);\n return (true, a - b);\n }\n\n /**\n * @dev Returns the multiplication of two unsigned integers, with an overflow flag.\n *\n * _Available since v3.4._\n */\n function tryMul(uint256 a, uint256 b) internal pure returns (bool, uint256) {\n // Gas optimization: this is cheaper than requiring 'a' not being zero, but the\n // benefit is lost if 'b' is also tested.\n // See: https://github.com/OpenZeppelin/openzeppelin-contracts/pull/522\n if (a == 0) return (true, 0);\n uint256 c = a * b;\n if (c / a != b) return (false, 0);\n return (true, c);\n }\n\n /**\n * @dev Returns the division of two unsigned integers, with a division by zero flag.\n *\n * _Available since v3.4._\n */\n function tryDiv(uint256 a, uint256 b) internal pure returns (bool, uint256) {\n if (b == 0) return (false, 0);\n return (true, a / b);\n }\n\n /**\n * @dev Returns the remainder of dividing two unsigned integers, with a division by zero flag.\n *\n * _Available since v3.4._\n */\n function tryMod(uint256 a, uint256 b) internal pure returns (bool, uint256) {\n if (b == 0) return (false, 0);\n return (true, a % b);\n }\n\n /**\n * @dev Returns the addition of two unsigned integers, reverting on\n * overflow.\n *\n * Counterpart to Solidity's `+` operator.\n *\n * Requirements:\n *\n * - Addition cannot overflow.\n */\n function add(uint256 a, uint256 b) internal pure returns (uint256) {\n uint256 c = a + b;\n require(c \u003e= a, \"SafeMath: addition overflow\");\n return c;\n }\n\n /**\n * @dev Returns the subtraction of two unsigned integers, reverting on\n * overflow (when the result is negative).\n *\n * Counterpart to Solidity's `-` operator.\n *\n * Requirements:\n *\n * - Subtraction cannot overflow.\n */\n function sub(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b \u003c= a, \"SafeMath: subtraction overflow\");\n return a - b;\n }\n\n /**\n * @dev Returns the multiplication of two unsigned integers, reverting on\n * overflow.\n *\n * Counterpart to Solidity's `*` operator.\n *\n * Requirements:\n *\n * - Multiplication cannot overflow.\n */\n function mul(uint256 a, uint256 b) internal pure returns (uint256) {\n if (a == 0) return 0;\n uint256 c = a * b;\n require(c / a == b, \"SafeMath: multiplication overflow\");\n return c;\n }\n\n /**\n * @dev Returns the integer division of two unsigned integers, reverting on\n * division by zero. The result is rounded towards zero.\n *\n * Counterpart to Solidity's `/` operator. Note: this function uses a\n * `revert` opcode (which leaves remaining gas untouched) while Solidity\n * uses an invalid opcode to revert (consuming all remaining gas).\n *\n * Requirements:\n *\n * - The divisor cannot be zero.\n */\n function div(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b \u003e 0, \"SafeMath: division by zero\");\n return a / b;\n }\n\n /**\n * @dev Returns the remainder of dividing two unsigned integers. (unsigned integer modulo),\n * reverting when dividing by zero.\n *\n * Counterpart to Solidity's `%` operator. This function uses a `revert`\n * opcode (which leaves remaining gas untouched) while Solidity uses an\n * invalid opcode to revert (consuming all remaining gas).\n *\n * Requirements:\n *\n * - The divisor cannot be zero.\n */\n function mod(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b \u003e 0, \"SafeMath: modulo by zero\");\n return a % b;\n }\n\n /**\n * @dev Returns the subtraction of two unsigned integers, reverting with custom message on\n * overflow (when the result is negative).\n *\n * CAUTION: This function is deprecated because it requires allocating memory for the error\n * message unnecessarily. For custom revert reasons use {trySub}.\n *\n * Counterpart to Solidity's `-` operator.\n *\n * Requirements:\n *\n * - Subtraction cannot overflow.\n */\n function sub(uint256 a, uint256 b, string memory errorMessage) internal pure returns (uint256) {\n require(b \u003c= a, errorMessage);\n return a - b;\n }\n\n /**\n * @dev Returns the integer division of two unsigned integers, reverting with custom message on\n * division by zero. The result is rounded towards zero.\n *\n * CAUTION: This function is deprecated because it requires allocating memory for the error\n * message unnecessarily. For custom revert reasons use {tryDiv}.\n *\n * Counterpart to Solidity's `/` operator. Note: this function uses a\n * `revert` opcode (which leaves remaining gas untouched) while Solidity\n * uses an invalid opcode to revert (consuming all remaining gas).\n *\n * Requirements:\n *\n * - The divisor cannot be zero.\n */\n function div(uint256 a, uint256 b, string memory errorMessage) internal pure returns (uint256) {\n require(b \u003e 0, errorMessage);\n return a / b;\n }\n\n /**\n * @dev Returns the remainder of dividing two unsigned integers. (unsigned integer modulo),\n * reverting with custom message when dividing by zero.\n *\n * CAUTION: This function is deprecated because it requires allocating memory for the error\n * message unnecessarily. For custom revert reasons use {tryMod}.\n *\n * Counterpart to Solidity's `%` operator. This function uses a `revert`\n * opcode (which leaves remaining gas untouched) while Solidity uses an\n * invalid opcode to revert (consuming all remaining gas).\n *\n * Requirements:\n *\n * - The divisor cannot be zero.\n */\n function mod(uint256 a, uint256 b, string memory errorMessage) internal pure returns (uint256) {\n require(b \u003e 0, errorMessage);\n return a % b;\n }\n}\n\n/**\n * @dev Collection of functions related to the address type\n */\nlibrary Address {\n /**\n * @dev Returns true if `account` is a contract.\n *\n * [IMPORTANT]\n * ====\n * It is unsafe to assume that an address for which this function returns\n * false is an externally-owned account (EOA) and not a contract.\n *\n * Among others, `isContract` will return false for the following\n * types of addresses:\n *\n * - an externally-owned account\n * - a contract in construction\n * - an address where a contract will be created\n * - an address where a contract lived, but was destroyed\n * ====\n */\n function isContract(address account) internal view returns (bool) {\n // This method relies on extcodesize, which returns 0 for contracts in\n // construction, since the code is only stored at the end of the\n // constructor execution.\n\n uint256 size;\n // solhint-disable-next-line no-inline-assembly\n assembly { size := extcodesize(account) }\n return size \u003e 0;\n }\n\n /**\n * @dev Replacement for Solidity's `transfer`: sends `amount` wei to\n * `recipient`, forwarding all available gas and reverting on errors.\n *\n * https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost\n * of certain opcodes, possibly making contracts go over the 2300 gas limit\n * imposed by `transfer`, making them unable to receive funds via\n * `transfer`. {sendValue} removes this limitation.\n *\n * https://diligence.consensys.net/posts/2019/09/stop-using-soliditys-transfer-now/[Learn more].\n *\n * IMPORTANT: because control is transferred to `recipient`, care must be\n * taken to not create reentrancy vulnerabilities. Consider using\n * {ReentrancyGuard} or the\n * https://solidity.readthedocs.io/en/v0.5.11/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern].\n */\n function sendValue(address payable recipient, uint256 amount) internal {\n require(address(this).balance \u003e= amount, \"Address: insufficient balance\");\n\n // solhint-disable-next-line avoid-low-level-calls, avoid-call-value\n (bool success, ) = recipient.call{ value: amount }(\"\");\n require(success, \"Address: unable to send value, recipient may have reverted\");\n }\n\n /**\n * @dev Performs a Solidity function call using a low level `call`. A\n * plain`call` is an unsafe replacement for a function call: use this\n * function instead.\n *\n * If `target` reverts with a revert reason, it is bubbled up by this\n * function (like regular Solidity function calls).\n *\n * Returns the raw returned data. To convert to the expected return value,\n * use https://solidity.readthedocs.io/en/latest/units-and-global-variables.html?highlight=abi.decode#abi-encoding-and-decoding-functions[`abi.decode`].\n *\n * Requirements:\n *\n * - `target` must be a contract.\n * - calling `target` with `data` must not revert.\n *\n * _Available since v3.1._\n */\n function functionCall(address target, bytes memory data) internal returns (bytes memory) {\n return functionCall(target, data, \"Address: low-level call failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], but with\n * `errorMessage` as a fallback revert reason when `target` reverts.\n *\n * _Available since v3.1._\n */\n function functionCall(address target, bytes memory data, string memory errorMessage) internal returns (bytes memory) {\n return functionCallWithValue(target, data, 0, errorMessage);\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\n * but also transferring `value` wei to `target`.\n *\n * Requirements:\n *\n * - the calling contract must have an ETH balance of at least `value`.\n * - the called Solidity function must be `payable`.\n *\n * _Available since v3.1._\n */\n function functionCallWithValue(address target, bytes memory data, uint256 value) internal returns (bytes memory) {\n return functionCallWithValue(target, data, value, \"Address: low-level call with value failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCallWithValue-address-bytes-uint256-}[`functionCallWithValue`], but\n * with `errorMessage` as a fallback revert reason when `target` reverts.\n *\n * _Available since v3.1._\n */\n function functionCallWithValue(address target, bytes memory data, uint256 value, string memory errorMessage) internal returns (bytes memory) {\n require(address(this).balance \u003e= value, \"Address: insufficient balance for call\");\n require(isContract(target), \"Address: call to non-contract\");\n\n // solhint-disable-next-line avoid-low-level-calls\n (bool success, bytes memory returndata) = target.call{ value: value }(data);\n return _verifyCallResult(success, returndata, errorMessage);\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\n * but performing a static call.\n *\n * _Available since v3.3._\n */\n function functionStaticCall(address target, bytes memory data) internal view returns (bytes memory) {\n return functionStaticCall(target, data, \"Address: low-level static call failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],\n * but performing a static call.\n *\n * _Available since v3.3._\n */\n function functionStaticCall(address target, bytes memory data, string memory errorMessage) internal view returns (bytes memory) {\n require(isContract(target), \"Address: static call to non-contract\");\n\n // solhint-disable-next-line avoid-low-level-calls\n (bool success, bytes memory returndata) = target.staticcall(data);\n return _verifyCallResult(success, returndata, errorMessage);\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\n * but performing a delegate call.\n *\n * _Available since v3.4._\n */\n function functionDelegateCall(address target, bytes memory data) internal returns (bytes memory) {\n return functionDelegateCall(target, data, \"Address: low-level delegate call failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],\n * but performing a delegate call.\n *\n * _Available since v3.4._\n */\n function functionDelegateCall(address target, bytes memory data, string memory errorMessage) internal returns (bytes memory) {\n require(isContract(target), \"Address: delegate call to non-contract\");\n\n // solhint-disable-next-line avoid-low-level-calls\n (bool success, bytes memory returndata) = target.delegatecall(data);\n return _verifyCallResult(success, returndata, errorMessage);\n }\n\n function _verifyCallResult(bool success, bytes memory returndata, string memory errorMessage) private pure returns(bytes memory) {\n if (success) {\n return returndata;\n } else {\n // Look for revert reason and bubble it up if present\n if (returndata.length \u003e 0) {\n // The easiest way to bubble the revert reason is using memory via assembly\n\n // solhint-disable-next-line no-inline-assembly\n assembly {\n let returndata_size := mload(returndata)\n revert(add(32, returndata), returndata_size)\n }\n } else {\n revert(errorMessage);\n }\n }\n }\n}\n\n/**\n * @title SafeERC20\n * @dev Wrappers around ERC20 operations that throw on failure (when the token\n * contract returns false). Tokens that return no value (and instead revert or\n * throw on failure) are also supported, non-reverting calls are assumed to be\n * successful.\n * To use this library you can add a `using SafeERC20 for IERC20;` statement to your contract,\n * which allows you to call the safe operations as `token.safeTransfer(...)`, etc.\n */\nlibrary SafeERC20 {\n using SafeMath for uint256;\n using Address for address;\n\n function safeTransfer(IERC20 token, address to, uint256 value) internal {\n _callOptionalReturn(token, abi.encodeWithSelector(token.transfer.selector, to, value));\n }\n\n function safeTransferFrom(IERC20 token, address from, address to, uint256 value) internal {\n _callOptionalReturn(token, abi.encodeWithSelector(token.transferFrom.selector, from, to, value));\n }\n\n /**\n * @dev Deprecated. This function has issues similar to the ones found in\n * {IERC20-approve}, and its usage is discouraged.\n *\n * Whenever possible, use {safeIncreaseAllowance} and\n * {safeDecreaseAllowance} instead.\n */\n function safeApprove(IERC20 token, address spender, uint256 value) internal {\n // safeApprove should only be called when setting an initial allowance,\n // or when resetting it to zero. To increase and decrease it, use\n // 'safeIncreaseAllowance' and 'safeDecreaseAllowance'\n // solhint-disable-next-line max-line-length\n require((value == 0) || (token.allowance(address(this), spender) == 0),\n \"SafeERC20: approve from non-zero to non-zero allowance\"\n );\n _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, value));\n }\n\n function safeIncreaseAllowance(IERC20 token, address spender, uint256 value) internal {\n uint256 newAllowance = token.allowance(address(this), spender).add(value);\n _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, newAllowance));\n }\n\n function safeDecreaseAllowance(IERC20 token, address spender, uint256 value) internal {\n uint256 newAllowance = token.allowance(address(this), spender).sub(value, \"SafeERC20: decreased allowance below zero\");\n _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, newAllowance));\n }\n\n /**\n * @dev Imitates a Solidity high-level call (i.e. a regular function call to a contract), relaxing the requirement\n * on the return value: the return value is optional (but if data is returned, it must not be false).\n * @param token The token targeted by the call.\n * @param data The call data (encoded using abi.encode or one of its variants).\n */\n function _callOptionalReturn(IERC20 token, bytes memory data) private {\n // We need to perform a low level call here, to bypass Solidity's return data size checking mechanism, since\n // we're implementing it ourselves. We use {Address.functionCall} to perform this call, which verifies that\n // the target address contains contract code and also asserts for success in the low-level call.\n\n bytes memory returndata = address(token).functionCall(data, \"SafeERC20: low-level call failed\");\n if (returndata.length \u003e 0) { // Return data is optional\n // solhint-disable-next-line max-line-length\n require(abi.decode(returndata, (bool)), \"SafeERC20: ERC20 operation did not succeed\");\n }\n }\n}\n\n/**\n * @notice Base contract which allows children to rescue ERC20 locked in their contract.\n * @dev Forked from https://github.com/centrehq/centre-tokens/blob/0d3cab14ebd133a83fc834dbd48d0468bdf0b391/contracts/v1.1/Rescuable.sol\n * Modifications:\n * 1. Update Solidity version from 0.6.12 to 0.7.6 (8/23/2022)\n */\ncontract Rescuable is Ownable2Step {\n using SafeERC20 for IERC20;\n\n address private _rescuer;\n\n event RescuerChanged(address indexed newRescuer);\n\n /**\n * @notice Returns current rescuer\n * @return Rescuer's address\n */\n function rescuer() external view returns (address) {\n return _rescuer;\n }\n\n /**\n * @notice Revert if called by any account other than the rescuer.\n */\n modifier onlyRescuer() {\n require(msg.sender == _rescuer, \"Rescuable: caller is not the rescuer\");\n _;\n }\n\n /**\n * @notice Rescue ERC20 tokens locked up in this contract.\n * @param tokenContract ERC20 token contract address\n * @param to Recipient address\n * @param amount Amount to withdraw\n */\n function rescueERC20(\n IERC20 tokenContract,\n address to,\n uint256 amount\n ) external onlyRescuer {\n tokenContract.safeTransfer(to, amount);\n }\n\n /**\n * @notice Assign the rescuer role to a given address.\n * @param newRescuer New rescuer's address\n */\n function updateRescuer(address newRescuer) external onlyOwner {\n require(\n newRescuer != address(0),\n \"Rescuable: new rescuer is the zero address\"\n );\n _rescuer = newRescuer;\n emit RescuerChanged(newRescuer);\n }\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * @dev Library for managing\n * https://en.wikipedia.org/wiki/Set_(abstract_data_type)[sets] of primitive\n * types.\n *\n * Sets have the following properties:\n *\n * - Elements are added, removed, and checked for existence in constant time\n * (O(1)).\n * - Elements are enumerated in O(n). No guarantees are made on the ordering.\n *\n * ```\n * contract Example {\n * // Add the library methods\n * using EnumerableSet for EnumerableSet.AddressSet;\n *\n * // Declare a set state variable\n * EnumerableSet.AddressSet private mySet;\n * }\n * ```\n *\n * As of v3.3.0, sets of type `bytes32` (`Bytes32Set`), `address` (`AddressSet`)\n * and `uint256` (`UintSet`) are supported.\n */\nlibrary EnumerableSet {\n // To implement this library for multiple types with as little code\n // repetition as possible, we write it in terms of a generic Set type with\n // bytes32 values.\n // The Set implementation uses private functions, and user-facing\n // implementations (such as AddressSet) are just wrappers around the\n // underlying Set.\n // This means that we can only create new EnumerableSets for types that fit\n // in bytes32.\n\n struct Set {\n // Storage of set values\n bytes32[] _values;\n\n // Position of the value in the `values` array, plus 1 because index 0\n // means a value is not in the set.\n mapping (bytes32 =\u003e uint256) _indexes;\n }\n\n /**\n * @dev Add a value to a set. O(1).\n *\n * Returns true if the value was added to the set, that is if it was not\n * already present.\n */\n function _add(Set storage set, bytes32 value) private returns (bool) {\n if (!_contains(set, value)) {\n set._values.push(value);\n // The value is stored at length-1, but we add 1 to all indexes\n // and use 0 as a sentinel value\n set._indexes[value] = set._values.length;\n return true;\n } else {\n return false;\n }\n }\n\n /**\n * @dev Removes a value from a set. O(1).\n *\n * Returns true if the value was removed from the set, that is if it was\n * present.\n */\n function _remove(Set storage set, bytes32 value) private returns (bool) {\n // We read and store the value's index to prevent multiple reads from the same storage slot\n uint256 valueIndex = set._indexes[value];\n\n if (valueIndex != 0) { // Equivalent to contains(set, value)\n // To delete an element from the _values array in O(1), we swap the element to delete with the last one in\n // the array, and then remove the last element (sometimes called as 'swap and pop').\n // This modifies the order of the array, as noted in {at}.\n\n uint256 toDeleteIndex = valueIndex - 1;\n uint256 lastIndex = set._values.length - 1;\n\n // When the value to delete is the last one, the swap operation is unnecessary. However, since this occurs\n // so rarely, we still do the swap anyway to avoid the gas cost of adding an 'if' statement.\n\n bytes32 lastvalue = set._values[lastIndex];\n\n // Move the last value to the index where the value to delete is\n set._values[toDeleteIndex] = lastvalue;\n // Update the index for the moved value\n set._indexes[lastvalue] = toDeleteIndex + 1; // All indexes are 1-based\n\n // Delete the slot where the moved value was stored\n set._values.pop();\n\n // Delete the index for the deleted slot\n delete set._indexes[value];\n\n return true;\n } else {\n return false;\n }\n }\n\n /**\n * @dev Returns true if the value is in the set. O(1).\n */\n function _contains(Set storage set, bytes32 value) private view returns (bool) {\n return set._indexes[value] != 0;\n }\n\n /**\n * @dev Returns the number of values on the set. O(1).\n */\n function _length(Set storage set) private view returns (uint256) {\n return set._values.length;\n }\n\n /**\n * @dev Returns the value stored at position `index` in the set. O(1).\n *\n * Note that there are no guarantees on the ordering of values inside the\n * array, and it may change when more values are added or removed.\n *\n * Requirements:\n *\n * - `index` must be strictly less than {length}.\n */\n function _at(Set storage set, uint256 index) private view returns (bytes32) {\n require(set._values.length \u003e index, \"EnumerableSet: index out of bounds\");\n return set._values[index];\n }\n\n // Bytes32Set\n\n struct Bytes32Set {\n Set _inner;\n }\n\n /**\n * @dev Add a value to a set. O(1).\n *\n * Returns true if the value was added to the set, that is if it was not\n * already present.\n */\n function add(Bytes32Set storage set, bytes32 value) internal returns (bool) {\n return _add(set._inner, value);\n }\n\n /**\n * @dev Removes a value from a set. O(1).\n *\n * Returns true if the value was removed from the set, that is if it was\n * present.\n */\n function remove(Bytes32Set storage set, bytes32 value) internal returns (bool) {\n return _remove(set._inner, value);\n }\n\n /**\n * @dev Returns true if the value is in the set. O(1).\n */\n function contains(Bytes32Set storage set, bytes32 value) internal view returns (bool) {\n return _contains(set._inner, value);\n }\n\n /**\n * @dev Returns the number of values in the set. O(1).\n */\n function length(Bytes32Set storage set) internal view returns (uint256) {\n return _length(set._inner);\n }\n\n /**\n * @dev Returns the value stored at position `index` in the set. O(1).\n *\n * Note that there are no guarantees on the ordering of values inside the\n * array, and it may change when more values are added or removed.\n *\n * Requirements:\n *\n * - `index` must be strictly less than {length}.\n */\n function at(Bytes32Set storage set, uint256 index) internal view returns (bytes32) {\n return _at(set._inner, index);\n }\n\n // AddressSet\n\n struct AddressSet {\n Set _inner;\n }\n\n /**\n * @dev Add a value to a set. O(1).\n *\n * Returns true if the value was added to the set, that is if it was not\n * already present.\n */\n function add(AddressSet storage set, address value) internal returns (bool) {\n return _add(set._inner, bytes32(uint256(uint160(value))));\n }\n\n /**\n * @dev Removes a value from a set. O(1).\n *\n * Returns true if the value was removed from the set, that is if it was\n * present.\n */\n function remove(AddressSet storage set, address value) internal returns (bool) {\n return _remove(set._inner, bytes32(uint256(uint160(value))));\n }\n\n /**\n * @dev Returns true if the value is in the set. O(1).\n */\n function contains(AddressSet storage set, address value) internal view returns (bool) {\n return _contains(set._inner, bytes32(uint256(uint160(value))));\n }\n\n /**\n * @dev Returns the number of values in the set. O(1).\n */\n function length(AddressSet storage set) internal view returns (uint256) {\n return _length(set._inner);\n }\n\n /**\n * @dev Returns the value stored at position `index` in the set. O(1).\n *\n * Note that there are no guarantees on the ordering of values inside the\n * array, and it may change when more values are added or removed.\n *\n * Requirements:\n *\n * - `index` must be strictly less than {length}.\n */\n function at(AddressSet storage set, uint256 index) internal view returns (address) {\n return address(uint160(uint256(_at(set._inner, index))));\n }\n\n // UintSet\n\n struct UintSet {\n Set _inner;\n }\n\n /**\n * @dev Add a value to a set. O(1).\n *\n * Returns true if the value was added to the set, that is if it was not\n * already present.\n */\n function add(UintSet storage set, uint256 value) internal returns (bool) {\n return _add(set._inner, bytes32(value));\n }\n\n /**\n * @dev Removes a value from a set. O(1).\n *\n * Returns true if the value was removed from the set, that is if it was\n * present.\n */\n function remove(UintSet storage set, uint256 value) internal returns (bool) {\n return _remove(set._inner, bytes32(value));\n }\n\n /**\n * @dev Returns true if the value is in the set. O(1).\n */\n function contains(UintSet storage set, uint256 value) internal view returns (bool) {\n return _contains(set._inner, bytes32(value));\n }\n\n /**\n * @dev Returns the number of values on the set. O(1).\n */\n function length(UintSet storage set) internal view returns (uint256) {\n return _length(set._inner);\n }\n\n /**\n * @dev Returns the value stored at position `index` in the set. O(1).\n *\n * Note that there are no guarantees on the ordering of values inside the\n * array, and it may change when more values are added or removed.\n *\n * Requirements:\n *\n * - `index` must be strictly less than {length}.\n */\n function at(UintSet storage set, uint256 index) internal view returns (uint256) {\n return uint256(_at(set._inner, index));\n }\n}\n\n/**\n * @dev Elliptic Curve Digital Signature Algorithm (ECDSA) operations.\n *\n * These functions can be used to verify that a message was signed by the holder\n * of the private keys of a given address.\n */\nlibrary ECDSA {\n /**\n * @dev Returns the address that signed a hashed message (`hash`) with\n * `signature`. This address can then be used for verification purposes.\n *\n * The `ecrecover` EVM opcode allows for malleable (non-unique) signatures:\n * this function rejects them by requiring the `s` value to be in the lower\n * half order, and the `v` value to be either 27 or 28.\n *\n * IMPORTANT: `hash` _must_ be the result of a hash operation for the\n * verification to be secure: it is possible to craft signatures that\n * recover to arbitrary addresses for non-hashed data. A safe way to ensure\n * this is by receiving a hash of the original message (which may otherwise\n * be too long), and then calling {toEthSignedMessageHash} on it.\n */\n function recover(bytes32 hash, bytes memory signature) internal pure returns (address) {\n // Check the signature length\n if (signature.length != 65) {\n revert(\"ECDSA: invalid signature length\");\n }\n\n // Divide the signature in r, s and v variables\n bytes32 r;\n bytes32 s;\n uint8 v;\n\n // ecrecover takes the signature parameters, and the only way to get them\n // currently is to use assembly.\n // solhint-disable-next-line no-inline-assembly\n assembly {\n r := mload(add(signature, 0x20))\n s := mload(add(signature, 0x40))\n v := byte(0, mload(add(signature, 0x60)))\n }\n\n return recover(hash, v, r, s);\n }\n\n /**\n * @dev Overload of {ECDSA-recover-bytes32-bytes-} that receives the `v`,\n * `r` and `s` signature fields separately.\n */\n function recover(bytes32 hash, uint8 v, bytes32 r, bytes32 s) internal pure returns (address) {\n // EIP-2 still allows signature malleability for ecrecover(). Remove this possibility and make the signature\n // unique. Appendix F in the Ethereum Yellow paper (https://ethereum.github.io/yellowpaper/paper.pdf), defines\n // the valid range for s in (281): 0 \u003c s \u003c secp256k1n ÷ 2 + 1, and for v in (282): v ∈ {27, 28}. Most\n // signatures from current libraries generate a unique signature with an s-value in the lower half order.\n //\n // If your library generates malleable signatures, such as s-values in the upper range, calculate a new s-value\n // with 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141 - s1 and flip v from 27 to 28 or\n // vice versa. If your library also generates signatures with 0/1 for v instead 27/28, add 27 to v to accept\n // these malleable signatures as well.\n require(uint256(s) \u003c= 0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0, \"ECDSA: invalid signature 's' value\");\n require(v == 27 || v == 28, \"ECDSA: invalid signature 'v' value\");\n\n // If the signature is valid (and not malleable), return the signer address\n address signer = ecrecover(hash, v, r, s);\n require(signer != address(0), \"ECDSA: invalid signature\");\n\n return signer;\n }\n\n /**\n * @dev Returns an Ethereum Signed Message, created from a `hash`. This\n * replicates the behavior of the\n * https://github.com/ethereum/wiki/wiki/JSON-RPC#eth_sign[`eth_sign`]\n * JSON-RPC method.\n *\n * See {recover}.\n */\n function toEthSignedMessageHash(bytes32 hash) internal pure returns (bytes32) {\n // 32 is the length in bytes of hash,\n // enforced by the type signature above\n return keccak256(abi.encodePacked(\"\\x19Ethereum Signed Message:\\n32\", hash));\n }\n}\n\ncontract Attestable is Ownable2Step {\n // ============ Events ============\n /**\n * @notice Emitted when an attester is enabled\n * @param attester newly enabled attester\n */\n event AttesterEnabled(address indexed attester);\n\n /**\n * @notice Emitted when an attester is disabled\n * @param attester newly disabled attester\n */\n event AttesterDisabled(address indexed attester);\n\n /**\n * @notice Emitted when threshold number of attestations (m in m/n multisig) is updated\n * @param oldSignatureThreshold old signature threshold\n * @param newSignatureThreshold new signature threshold\n */\n event SignatureThresholdUpdated(\n uint256 oldSignatureThreshold,\n uint256 newSignatureThreshold\n );\n\n /**\n * @dev Emitted when attester manager address is updated\n * @param previousAttesterManager representing the address of the previous attester manager\n * @param newAttesterManager representing the address of the new attester manager\n */\n event AttesterManagerUpdated(\n address indexed previousAttesterManager,\n address indexed newAttesterManager\n );\n\n // ============ Libraries ============\n using EnumerableSet for EnumerableSet.AddressSet;\n\n // ============ State Variables ============\n // number of signatures from distinct attesters required for a message to be received (m in m/n multisig)\n uint256 public signatureThreshold;\n\n // 65-byte ECDSA signature: v (32) + r (32) + s (1)\n uint256 internal constant signatureLength = 65;\n\n // enabled attesters (message signers)\n // (length of enabledAttesters is n in m/n multisig of message signers)\n EnumerableSet.AddressSet private enabledAttesters;\n\n // Attester Manager of the contract\n address private _attesterManager;\n\n // ============ Modifiers ============\n /**\n * @dev Throws if called by any account other than the attester manager.\n */\n modifier onlyAttesterManager() {\n require(msg.sender == _attesterManager, \"Caller not attester manager\");\n _;\n }\n\n // ============ Constructor ============\n /**\n * @dev The constructor sets the original attester manager of the contract to the sender account.\n * @param attester attester to initialize\n */\n constructor(address attester) {\n _setAttesterManager(msg.sender);\n // Initially 1 signature is required. Threshold can be increased by attesterManager.\n signatureThreshold = 1;\n enableAttester(attester);\n }\n\n // ============ Public/External Functions ============\n /**\n * @notice Enables an attester\n * @dev Only callable by attesterManager. New attester must be nonzero, and currently disabled.\n * @param newAttester attester to enable\n */\n function enableAttester(address newAttester) public onlyAttesterManager {\n require(newAttester != address(0), \"New attester must be nonzero\");\n require(enabledAttesters.add(newAttester), \"Attester already enabled\");\n emit AttesterEnabled(newAttester);\n }\n\n /**\n * @notice returns true if given `attester` is enabled, else false\n * @param attester attester to check enabled status of\n * @return true if given `attester` is enabled, else false\n */\n function isEnabledAttester(address attester) public view returns (bool) {\n return enabledAttesters.contains(attester);\n }\n\n /**\n * @notice returns the number of enabled attesters\n * @return number of enabled attesters\n */\n function getNumEnabledAttesters() public view returns (uint256) {\n return enabledAttesters.length();\n }\n\n /**\n * @dev Allows the current attester manager to transfer control of the contract to a newAttesterManager.\n * @param newAttesterManager The address to update attester manager to.\n */\n function updateAttesterManager(address newAttesterManager)\n external\n onlyOwner\n {\n require(\n newAttesterManager != address(0),\n \"Invalid attester manager address\"\n );\n address _oldAttesterManager = _attesterManager;\n _setAttesterManager(newAttesterManager);\n emit AttesterManagerUpdated(_oldAttesterManager, newAttesterManager);\n }\n\n /**\n * @notice Disables an attester\n * @dev Only callable by attesterManager. Disabling the attester is not allowed if there is only one attester\n * enabled, or if it would cause the number of enabled attesters to become less than signatureThreshold.\n * (Attester must be currently enabled.)\n * @param attester attester to disable\n */\n function disableAttester(address attester) external onlyAttesterManager {\n // Disallow disabling attester if there is only 1 active attester\n uint256 _numEnabledAttesters = getNumEnabledAttesters();\n\n require(_numEnabledAttesters \u003e 1, \"Too few enabled attesters\");\n\n // Disallow disabling an attester if it would cause the n in m/n multisig to fall below m (threshold # of signers).\n require(\n _numEnabledAttesters \u003e signatureThreshold,\n \"Signature threshold is too low\"\n );\n\n require(enabledAttesters.remove(attester), \"Attester already disabled\");\n emit AttesterDisabled(attester);\n }\n\n /**\n * @notice Sets the threshold of signatures required to attest to a message.\n * (This is the m in m/n multisig.)\n * @dev new signature threshold must be nonzero, and must not exceed number\n * of enabled attesters.\n * @param newSignatureThreshold new signature threshold\n */\n function setSignatureThreshold(uint256 newSignatureThreshold)\n external\n onlyAttesterManager\n {\n require(newSignatureThreshold != 0, \"Invalid signature threshold\");\n\n // New signature threshold cannot exceed the number of enabled attesters\n require(\n newSignatureThreshold \u003c= enabledAttesters.length(),\n \"New signature threshold too high\"\n );\n\n require(\n newSignatureThreshold != signatureThreshold,\n \"Signature threshold already set\"\n );\n\n uint256 _oldSignatureThreshold = signatureThreshold;\n signatureThreshold = newSignatureThreshold;\n emit SignatureThresholdUpdated(\n _oldSignatureThreshold,\n signatureThreshold\n );\n }\n\n /**\n * @dev Returns the address of the attester manager\n * @return address of the attester manager\n */\n function attesterManager() external view returns (address) {\n return _attesterManager;\n }\n\n /**\n * @notice gets enabled attester at given `index`\n * @param index index of attester to check\n * @return enabled attester at given `index`\n */\n function getEnabledAttester(uint256 index) external view returns (address) {\n return enabledAttesters.at(index);\n }\n\n // ============ Internal Utils ============\n /**\n * @dev Sets a new attester manager address\n * @param _newAttesterManager attester manager address to set\n */\n function _setAttesterManager(address _newAttesterManager) internal {\n _attesterManager = _newAttesterManager;\n }\n\n /**\n * @notice reverts if the attestation, which is comprised of one or more concatenated 65-byte signatures, is invalid.\n * @dev Rules for valid attestation:\n * 1. length of `_attestation` == 65 (signature length) * signatureThreshold\n * 2. addresses recovered from attestation must be in increasing order.\n * For example, if signature A is signed by address 0x1..., and signature B\n * is signed by address 0x2..., attestation must be passed as AB.\n * 3. no duplicate signers\n * 4. all signers must be enabled attesters\n *\n * Based on Christian Lundkvist's Simple Multisig\n * (https://github.com/christianlundkvist/simple-multisig/tree/560c463c8651e0a4da331bd8f245ccd2a48ab63d)\n * @param _message message to verify attestation of\n * @param _attestation attestation of `_message`\n */\n function _verifyAttestationSignatures(\n bytes calldata _message,\n bytes calldata _attestation\n ) internal view {\n require(\n _attestation.length == signatureLength * signatureThreshold,\n \"Invalid attestation length\"\n );\n\n // (Attesters cannot be address(0))\n address _latestAttesterAddress = address(0);\n // Address recovered from signatures must be in increasing order, to prevent duplicates\n\n bytes32 _digest = keccak256(_message);\n\n for (uint256 i; i \u003c signatureThreshold; ++i) {\n bytes memory _signature = _attestation[i * signatureLength:i *\n signatureLength +\n signatureLength];\n\n address _recoveredAttester = _recoverAttesterSignature(\n _digest,\n _signature\n );\n\n // Signatures must be in increasing order of address, and may not duplicate signatures from same address\n require(\n _recoveredAttester \u003e _latestAttesterAddress,\n \"Invalid signature order or dupe\"\n );\n require(\n isEnabledAttester(_recoveredAttester),\n \"Invalid signature: not attester\"\n );\n _latestAttesterAddress = _recoveredAttester;\n }\n }\n\n /**\n * @notice Checks that signature was signed by attester\n * @param _digest message hash\n * @param _signature message signature\n * @return address of recovered signer\n **/\n function _recoverAttesterSignature(bytes32 _digest, bytes memory _signature)\n internal\n pure\n returns (address)\n {\n return (ECDSA.recover(_digest, _signature));\n }\n}\n\n/**\n * @title MessageTransmitter\n * @notice Contract responsible for sending and receiving messages across chains.\n */\ncontract MessageTransmitter is\n IMessageTransmitter,\n Pausable,\n Rescuable,\n Attestable\n{\n // ============ Events ============\n /**\n * @notice Emitted when a new message is dispatched\n * @param message Raw bytes of message\n */\n event MessageSent(bytes message);\n\n /**\n * @notice Emitted when a new message is received\n * @param caller Caller (msg.sender) on destination domain\n * @param sourceDomain The source domain this message originated from\n * @param nonce The nonce unique to this message\n * @param sender The sender of this message\n * @param messageBody message body bytes\n */\n event MessageReceived(\n address indexed caller,\n uint32 sourceDomain,\n uint64 indexed nonce,\n bytes32 sender,\n bytes messageBody\n );\n\n /**\n * @notice Emitted when max message body size is updated\n * @param newMaxMessageBodySize new maximum message body size, in bytes\n */\n event MaxMessageBodySizeUpdated(uint256 newMaxMessageBodySize);\n\n // ============ Libraries ============\n using TypedMemView for bytes;\n using TypedMemView for bytes29;\n using Message for bytes29;\n\n // ============ State Variables ============\n // Domain of chain on which the contract is deployed\n uint32 public immutable localDomain;\n\n // Message Format version\n uint32 public immutable version;\n\n // Maximum size of message body, in bytes.\n // This value is set by owner.\n uint256 public maxMessageBodySize;\n\n // Next available nonce from this source domain\n uint64 public nextAvailableNonce;\n\n // Maps a bytes32 hash of (sourceDomain, nonce) -\u003e uint256 (0 if unused, 1 if used)\n mapping(bytes32 =\u003e uint256) public usedNonces;\n\n // ============ Constructor ============\n constructor(\n uint32 _localDomain,\n address _attester,\n uint32 _maxMessageBodySize,\n uint32 _version\n ) Attestable(_attester) {\n localDomain = _localDomain;\n maxMessageBodySize = _maxMessageBodySize;\n version = _version;\n }\n\n // ============ External Functions ============\n /**\n * @notice Send the message to the destination domain and recipient\n * @dev Increment nonce, format the message, and emit `MessageSent` event with message information.\n * @param destinationDomain Domain of destination chain\n * @param recipient Address of message recipient on destination chain as bytes32\n * @param messageBody Raw bytes content of message\n * @return nonce reserved by message\n */\n function sendMessage(\n uint32 destinationDomain,\n bytes32 recipient,\n bytes calldata messageBody\n ) external override whenNotPaused returns (uint64) {\n bytes32 _emptyDestinationCaller = bytes32(0);\n uint64 _nonce = _reserveAndIncrementNonce();\n bytes32 _messageSender = Message.addressToBytes32(msg.sender);\n\n _sendMessage(\n destinationDomain,\n recipient,\n _emptyDestinationCaller,\n _messageSender,\n _nonce,\n messageBody\n );\n\n return _nonce;\n }\n\n /**\n * @notice Replace a message with a new message body and/or destination caller.\n * @dev The `originalAttestation` must be a valid attestation of `originalMessage`.\n * Reverts if msg.sender does not match sender of original message, or if the source domain of the original message\n * does not match this MessageTransmitter's local domain.\n * @param originalMessage original message to replace\n * @param originalAttestation attestation of `originalMessage`\n * @param newMessageBody new message body of replaced message\n * @param newDestinationCaller the new destination caller, which may be the\n * same as the original destination caller, a new destination caller, or an empty\n * destination caller (bytes32(0), indicating that any destination caller is valid.)\n */\n function replaceMessage(\n bytes calldata originalMessage,\n bytes calldata originalAttestation,\n bytes calldata newMessageBody,\n bytes32 newDestinationCaller\n ) external override whenNotPaused {\n // Validate each signature in the attestation\n _verifyAttestationSignatures(originalMessage, originalAttestation);\n\n bytes29 _originalMsg = originalMessage.ref(0);\n\n // Validate message format\n _originalMsg._validateMessageFormat();\n\n // Validate message sender\n bytes32 _sender = _originalMsg._sender();\n require(\n msg.sender == Message.bytes32ToAddress(_sender),\n \"Sender not permitted to use nonce\"\n );\n\n // Validate source domain\n uint32 _sourceDomain = _originalMsg._sourceDomain();\n require(\n _sourceDomain == localDomain,\n \"Message not originally sent from this domain\"\n );\n\n uint32 _destinationDomain = _originalMsg._destinationDomain();\n bytes32 _recipient = _originalMsg._recipient();\n uint64 _nonce = _originalMsg._nonce();\n\n _sendMessage(\n _destinationDomain,\n _recipient,\n newDestinationCaller,\n _sender,\n _nonce,\n newMessageBody\n );\n }\n\n /**\n * @notice Send the message to the destination domain and recipient, for a specified `destinationCaller` on the\n * destination domain.\n * @dev Increment nonce, format the message, and emit `MessageSent` event with message information.\n * WARNING: if the `destinationCaller` does not represent a valid address, then it will not be possible\n * to broadcast the message on the destination domain. This is an advanced feature, and the standard\n * sendMessage() should be preferred for use cases where a specific destination caller is not required.\n * @param destinationDomain Domain of destination chain\n * @param recipient Address of message recipient on destination domain as bytes32\n * @param destinationCaller caller on the destination domain, as bytes32\n * @param messageBody Raw bytes content of message\n * @return nonce reserved by message\n */\n function sendMessageWithCaller(\n uint32 destinationDomain,\n bytes32 recipient,\n bytes32 destinationCaller,\n bytes calldata messageBody\n ) external override whenNotPaused returns (uint64) {\n require(\n destinationCaller != bytes32(0),\n \"Destination caller must be nonzero\"\n );\n\n uint64 _nonce = _reserveAndIncrementNonce();\n bytes32 _messageSender = Message.addressToBytes32(msg.sender);\n\n _sendMessage(\n destinationDomain,\n recipient,\n destinationCaller,\n _messageSender,\n _nonce,\n messageBody\n );\n\n return _nonce;\n }\n\n /**\n * @notice Receive a message. Messages with a given nonce\n * can only be broadcast once for a (sourceDomain, destinationDomain)\n * pair. The message body of a valid message is passed to the\n * specified recipient for further processing.\n *\n * @dev Attestation format:\n * A valid attestation is the concatenated 65-byte signature(s) of exactly\n * `thresholdSignature` signatures, in increasing order of attester address.\n * ***If the attester addresses recovered from signatures are not in\n * increasing order, signature verification will fail.***\n * If incorrect number of signatures or duplicate signatures are supplied,\n * signature verification will fail.\n *\n * Message format:\n * Field Bytes Type Index\n * version 4 uint32 0\n * sourceDomain 4 uint32 4\n * destinationDomain 4 uint32 8\n * nonce 8 uint64 12\n * sender 32 bytes32 20\n * recipient 32 bytes32 52\n * messageBody dynamic bytes 84\n * @param message Message bytes\n * @param attestation Concatenated 65-byte signature(s) of `message`, in increasing order\n * of the attester address recovered from signatures.\n * @return success bool, true if successful\n */\n function receiveMessage(bytes calldata message, bytes calldata attestation)\n external\n override\n whenNotPaused\n returns (bool success)\n {\n // Validate each signature in the attestation\n _verifyAttestationSignatures(message, attestation);\n\n bytes29 _msg = message.ref(0);\n\n // Validate message format\n _msg._validateMessageFormat();\n\n // Validate domain\n require(\n _msg._destinationDomain() == localDomain,\n \"Invalid destination domain\"\n );\n\n // Validate destination caller\n if (_msg._destinationCaller() != bytes32(0)) {\n require(\n _msg._destinationCaller() ==\n Message.addressToBytes32(msg.sender),\n \"Invalid caller for message\"\n );\n }\n\n // Validate version\n require(_msg._version() == version, \"Invalid message version\");\n\n // Validate nonce is available\n uint32 _sourceDomain = _msg._sourceDomain();\n uint64 _nonce = _msg._nonce();\n bytes32 _sourceAndNonce = _hashSourceAndNonce(_sourceDomain, _nonce);\n require(usedNonces[_sourceAndNonce] == 0, \"Nonce already used\");\n // Mark nonce used\n usedNonces[_sourceAndNonce] = 1;\n\n // Handle receive message\n bytes32 _sender = _msg._sender();\n bytes memory _messageBody = _msg._messageBody().clone();\n require(\n IMessageHandler(Message.bytes32ToAddress(_msg._recipient()))\n .handleReceiveMessage(_sourceDomain, _sender, _messageBody),\n \"handleReceiveMessage() failed\"\n );\n\n // Emit MessageReceived event\n emit MessageReceived(\n msg.sender,\n _sourceDomain,\n _nonce,\n _sender,\n _messageBody\n );\n return true;\n }\n\n /**\n * @notice Sets the max message body size\n * @dev This value should not be reduced without good reason,\n * to avoid impacting users who rely on large messages.\n * @param newMaxMessageBodySize new max message body size, in bytes\n */\n function setMaxMessageBodySize(uint256 newMaxMessageBodySize)\n external\n onlyOwner\n {\n maxMessageBodySize = newMaxMessageBodySize;\n emit MaxMessageBodySizeUpdated(maxMessageBodySize);\n }\n\n // ============ Internal Utils ============\n /**\n * @notice Send the message to the destination domain and recipient. If `_destinationCaller` is not equal to bytes32(0),\n * the message can only be received on the destination chain when called by `_destinationCaller`.\n * @dev Format the message and emit `MessageSent` event with message information.\n * @param _destinationDomain Domain of destination chain\n * @param _recipient Address of message recipient on destination domain as bytes32\n * @param _destinationCaller caller on the destination domain, as bytes32\n * @param _sender message sender, as bytes32\n * @param _nonce nonce reserved for message\n * @param _messageBody Raw bytes content of message\n */\n function _sendMessage(\n uint32 _destinationDomain,\n bytes32 _recipient,\n bytes32 _destinationCaller,\n bytes32 _sender,\n uint64 _nonce,\n bytes calldata _messageBody\n ) internal {\n // Validate message body length\n require(\n _messageBody.length \u003c= maxMessageBodySize,\n \"Message body exceeds max size\"\n );\n\n require(_recipient != bytes32(0), \"Recipient must be nonzero\");\n\n // serialize message\n bytes memory _message = Message._formatMessage(\n version,\n localDomain,\n _destinationDomain,\n _nonce,\n _sender,\n _recipient,\n _destinationCaller,\n _messageBody\n );\n\n // Emit MessageSent event\n emit MessageSent(_message);\n }\n\n /**\n * @notice hashes `_source` and `_nonce`.\n * @param _source Domain of chain where the transfer originated\n * @param _nonce The unique identifier for the message from source to\n destination\n * @return hash of source and nonce\n */\n function _hashSourceAndNonce(uint32 _source, uint64 _nonce)\n internal\n pure\n returns (bytes32)\n {\n return keccak256(abi.encodePacked(_source, _nonce));\n }\n\n /**\n * Reserve and increment next available nonce\n * @return nonce reserved\n */\n function _reserveAndIncrementNonce() internal returns (uint64) {\n uint64 _nonceReserved = nextAvailableNonce;\n nextAvailableNonce = nextAvailableNonce + 1;\n return _nonceReserved;\n }\n}\n","language":"Solidity","languageVersion":"0.7.6","compilerVersion":"0.7.6","compilerOptions":"--combined-json bin,bin-runtime,srcmap,srcmap-runtime,abi,userdoc,devdoc,metadata,hashes --optimize --optimize-runs 10000 --allow-paths ., ./, ../","srcMap":"","srcMapRuntime":"","abiDefinition":[{"inputs":[{"internalType":"uint32","name":"sourceDomain","type":"uint32"},{"internalType":"bytes32","name":"sender","type":"bytes32"},{"internalType":"bytes","name":"messageBody","type":"bytes"}],"name":"handleReceiveMessage","outputs":[{"internalType":"bool","name":"","type":"bool"}],"stateMutability":"nonpayable","type":"function"}],"userDoc":{"kind":"user","methods":{"handleReceiveMessage(uint32,bytes32,bytes)":{"notice":"handles an incoming message from a Receiver"}},"notice":"Handles messages on destination domain forwarded from an IReceiver","version":1},"developerDoc":{"kind":"dev","methods":{"handleReceiveMessage(uint32,bytes32,bytes)":{"params":{"messageBody":"The message raw bytes","sender":"the sender of the message","sourceDomain":"the source domain of the message"},"returns":{"_0":"success bool, true if successful"}}},"title":"IMessageHandler","version":1},"metadata":"{\"compiler\":{\"version\":\"0.7.6+commit.7338295f\"},\"language\":\"Solidity\",\"output\":{\"abi\":[{\"inputs\":[{\"internalType\":\"uint32\",\"name\":\"sourceDomain\",\"type\":\"uint32\"},{\"internalType\":\"bytes32\",\"name\":\"sender\",\"type\":\"bytes32\"},{\"internalType\":\"bytes\",\"name\":\"messageBody\",\"type\":\"bytes\"}],\"name\":\"handleReceiveMessage\",\"outputs\":[{\"internalType\":\"bool\",\"name\":\"\",\"type\":\"bool\"}],\"stateMutability\":\"nonpayable\",\"type\":\"function\"}],\"devdoc\":{\"kind\":\"dev\",\"methods\":{\"handleReceiveMessage(uint32,bytes32,bytes)\":{\"params\":{\"messageBody\":\"The message raw bytes\",\"sender\":\"the sender of the message\",\"sourceDomain\":\"the source domain of the message\"},\"returns\":{\"_0\":\"success bool, true if successful\"}}},\"title\":\"IMessageHandler\",\"version\":1},\"userdoc\":{\"kind\":\"user\",\"methods\":{\"handleReceiveMessage(uint32,bytes32,bytes)\":{\"notice\":\"handles an incoming message from a Receiver\"}},\"notice\":\"Handles messages on destination domain forwarded from an IReceiver\",\"version\":1}},\"settings\":{\"compilationTarget\":{\"/solidity/MessageTransmitter.sol\":\"IMessageHandler\"},\"evmVersion\":\"istanbul\",\"libraries\":{},\"metadata\":{\"bytecodeHash\":\"ipfs\"},\"optimizer\":{\"enabled\":true,\"runs\":10000},\"remappings\":[]},\"sources\":{\"/solidity/MessageTransmitter.sol\":{\"keccak256\":\"0x66482a7675b7a8f1b856597c0bcce83a042b7f528008def6999bc6ac352490c3\",\"urls\":[\"bzz-raw://1ac50e39d1d55ebb3768c40e3a059e0061a4b3604e6d696b344536449bf54493\",\"dweb:/ipfs/QmVs58APPUCVq74xCsVLCMdfB18yJTqFzgXNL5qEJu7GY6\"]}},\"version\":1}"},"hashes":{"handleReceiveMessage(uint32,bytes32,bytes)":"96abeb70"}},"/solidity/MessageTransmitter.sol:IMessageTransmitter":{"code":"0x","runtime-code":"0x","info":{"source":"/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npragma solidity 0.7.6;\n\n/*\nThe MIT License (MIT)\n\nCopyright (c) 2016 Smart Contract Solutions, Inc.\n\nPermission is hereby granted, free of charge, to any person obtaining\na copy of this software and associated documentation files (the\n\"Software\"), to deal in the Software without restriction, including\nwithout limitation the rights to use, copy, modify, merge, publish,\ndistribute, sublicense, and/or sell copies of the Software, and to\npermit persons to whom the Software is furnished to do so, subject to\nthe following conditions:\n\nThe above copyright notice and this permission notice shall be included\nin all copies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS\nOR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF\nMERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.\nIN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY\nCLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,\nTORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE\nSOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n*/\n\nlibrary TypedMemView {\n using SafeMath for uint256;\n\n // Why does this exist?\n // the solidity `bytes memory` type has a few weaknesses.\n // 1. You can't index ranges effectively\n // 2. You can't slice without copying\n // 3. The underlying data may represent any type\n // 4. Solidity never deallocates memory, and memory costs grow\n // superlinearly\n\n // By using a memory view instead of a `bytes memory` we get the following\n // advantages:\n // 1. Slices are done on the stack, by manipulating the pointer\n // 2. We can index arbitrary ranges and quickly convert them to stack types\n // 3. We can insert type info into the pointer, and typecheck at runtime\n\n // This makes `TypedMemView` a useful tool for efficient zero-copy\n // algorithms.\n\n // Why bytes29?\n // We want to avoid confusion between views, digests, and other common\n // types so we chose a large and uncommonly used odd number of bytes\n //\n // Note that while bytes are left-aligned in a word, integers and addresses\n // are right-aligned. This means when working in assembly we have to\n // account for the 3 unused bytes on the righthand side\n //\n // First 5 bytes are a type flag.\n // - ff_ffff_fffe is reserved for unknown type.\n // - ff_ffff_ffff is reserved for invalid types/errors.\n // next 12 are memory address\n // next 12 are len\n // bottom 3 bytes are empty\n\n // Assumptions:\n // - non-modification of memory.\n // - No Solidity updates\n // - - wrt free mem point\n // - - wrt bytes representation in memory\n // - - wrt memory addressing in general\n\n // Usage:\n // - create type constants\n // - use `assertType` for runtime type assertions\n // - - unfortunately we can't do this at compile time yet :(\n // - recommended: implement modifiers that perform type checking\n // - - e.g.\n // - - `uint40 constant MY_TYPE = 3;`\n // - - ` modifer onlyMyType(bytes29 myView) { myView.assertType(MY_TYPE); }`\n // - instantiate a typed view from a bytearray using `ref`\n // - use `index` to inspect the contents of the view\n // - use `slice` to create smaller views into the same memory\n // - - `slice` can increase the offset\n // - - `slice can decrease the length`\n // - - must specify the output type of `slice`\n // - - `slice` will return a null view if you try to overrun\n // - - make sure to explicitly check for this with `notNull` or `assertType`\n // - use `equal` for typed comparisons.\n\n // The null view\n bytes29 public constant NULL = hex\"ffffffffffffffffffffffffffffffffffffffffffffffffffffffffff\";\n uint256 constant LOW_12_MASK = 0xffffffffffffffffffffffff;\n uint8 constant TWELVE_BYTES = 96;\n\n /**\n * @notice Returns the encoded hex character that represents the lower 4 bits of the argument.\n * @param _b The byte\n * @return char - The encoded hex character\n */\n function nibbleHex(uint8 _b) internal pure returns (uint8 char) {\n // This can probably be done more efficiently, but it's only in error\n // paths, so we don't really care :)\n uint8 _nibble = _b | 0xf0; // set top 4, keep bottom 4\n if (_nibble == 0xf0) {return 0x30;} // 0\n if (_nibble == 0xf1) {return 0x31;} // 1\n if (_nibble == 0xf2) {return 0x32;} // 2\n if (_nibble == 0xf3) {return 0x33;} // 3\n if (_nibble == 0xf4) {return 0x34;} // 4\n if (_nibble == 0xf5) {return 0x35;} // 5\n if (_nibble == 0xf6) {return 0x36;} // 6\n if (_nibble == 0xf7) {return 0x37;} // 7\n if (_nibble == 0xf8) {return 0x38;} // 8\n if (_nibble == 0xf9) {return 0x39;} // 9\n if (_nibble == 0xfa) {return 0x61;} // a\n if (_nibble == 0xfb) {return 0x62;} // b\n if (_nibble == 0xfc) {return 0x63;} // c\n if (_nibble == 0xfd) {return 0x64;} // d\n if (_nibble == 0xfe) {return 0x65;} // e\n if (_nibble == 0xff) {return 0x66;} // f\n }\n\n /**\n * @notice Returns a uint16 containing the hex-encoded byte.\n * @param _b The byte\n * @return encoded - The hex-encoded byte\n */\n function byteHex(uint8 _b) internal pure returns (uint16 encoded) {\n encoded |= nibbleHex(_b \u003e\u003e 4); // top 4 bits\n encoded \u003c\u003c= 8;\n encoded |= nibbleHex(_b); // lower 4 bits\n }\n\n /**\n * @notice Encodes the uint256 to hex. `first` contains the encoded top 16 bytes.\n * `second` contains the encoded lower 16 bytes.\n *\n * @param _b The 32 bytes as uint256\n * @return first - The top 16 bytes\n * @return second - The bottom 16 bytes\n */\n function encodeHex(uint256 _b) internal pure returns (uint256 first, uint256 second) {\n for (uint8 i = 31; i \u003e 15; i -= 1) {\n uint8 _byte = uint8(_b \u003e\u003e (i * 8));\n first |= byteHex(_byte);\n if (i != 16) {\n first \u003c\u003c= 16;\n }\n }\n\n // abusing underflow here =_=\n for (uint8 i = 15; i \u003c 255 ; i -= 1) {\n uint8 _byte = uint8(_b \u003e\u003e (i * 8));\n second |= byteHex(_byte);\n if (i != 0) {\n second \u003c\u003c= 16;\n }\n }\n }\n\n /**\n * @notice Changes the endianness of a uint256.\n * @dev https://graphics.stanford.edu/~seander/bithacks.html#ReverseParallel\n * @param _b The unsigned integer to reverse\n * @return v - The reversed value\n */\n function reverseUint256(uint256 _b) internal pure returns (uint256 v) {\n v = _b;\n\n // swap bytes\n v = ((v \u003e\u003e 8) \u0026 0x00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF) |\n ((v \u0026 0x00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF) \u003c\u003c 8);\n // swap 2-byte long pairs\n v = ((v \u003e\u003e 16) \u0026 0x0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF) |\n ((v \u0026 0x0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF) \u003c\u003c 16);\n // swap 4-byte long pairs\n v = ((v \u003e\u003e 32) \u0026 0x00000000FFFFFFFF00000000FFFFFFFF00000000FFFFFFFF00000000FFFFFFFF) |\n ((v \u0026 0x00000000FFFFFFFF00000000FFFFFFFF00000000FFFFFFFF00000000FFFFFFFF) \u003c\u003c 32);\n // swap 8-byte long pairs\n v = ((v \u003e\u003e 64) \u0026 0x0000000000000000FFFFFFFFFFFFFFFF0000000000000000FFFFFFFFFFFFFFFF) |\n ((v \u0026 0x0000000000000000FFFFFFFFFFFFFFFF0000000000000000FFFFFFFFFFFFFFFF) \u003c\u003c 64);\n // swap 16-byte long pairs\n v = (v \u003e\u003e 128) | (v \u003c\u003c 128);\n }\n\n /**\n * @notice Create a mask with the highest `_len` bits set.\n * @param _len The length\n * @return mask - The mask\n */\n function leftMask(uint8 _len) private pure returns (uint256 mask) {\n // ugly. redo without assembly?\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n mask := sar(\n sub(_len, 1),\n 0x8000000000000000000000000000000000000000000000000000000000000000\n )\n }\n }\n\n /**\n * @notice Return the null view.\n * @return bytes29 - The null view\n */\n function nullView() internal pure returns (bytes29) {\n return NULL;\n }\n\n /**\n * @notice Check if the view is null.\n * @return bool - True if the view is null\n */\n function isNull(bytes29 memView) internal pure returns (bool) {\n return memView == NULL;\n }\n\n /**\n * @notice Check if the view is not null.\n * @return bool - True if the view is not null\n */\n function notNull(bytes29 memView) internal pure returns (bool) {\n return !isNull(memView);\n }\n\n /**\n * @notice Check if the view is of a valid type and points to a valid location\n * in memory.\n * @dev We perform this check by examining solidity's unallocated memory\n * pointer and ensuring that the view's upper bound is less than that.\n * @param memView The view\n * @return ret - True if the view is valid\n */\n function isValid(bytes29 memView) internal pure returns (bool ret) {\n if (typeOf(memView) == 0xffffffffff) {return false;}\n uint256 _end = end(memView);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n ret := not(gt(_end, mload(0x40)))\n }\n }\n\n /**\n * @notice Require that a typed memory view be valid.\n * @dev Returns the view for easy chaining.\n * @param memView The view\n * @return bytes29 - The validated view\n */\n function assertValid(bytes29 memView) internal pure returns (bytes29) {\n require(isValid(memView), \"Validity assertion failed\");\n return memView;\n }\n\n /**\n * @notice Return true if the memview is of the expected type. Otherwise false.\n * @param memView The view\n * @param _expected The expected type\n * @return bool - True if the memview is of the expected type\n */\n function isType(bytes29 memView, uint40 _expected) internal pure returns (bool) {\n return typeOf(memView) == _expected;\n }\n\n /**\n * @notice Require that a typed memory view has a specific type.\n * @dev Returns the view for easy chaining.\n * @param memView The view\n * @param _expected The expected type\n * @return bytes29 - The view with validated type\n */\n function assertType(bytes29 memView, uint40 _expected) internal pure returns (bytes29) {\n if (!isType(memView, _expected)) {\n (, uint256 g) = encodeHex(uint256(typeOf(memView)));\n (, uint256 e) = encodeHex(uint256(_expected));\n string memory err = string(\n abi.encodePacked(\n \"Type assertion failed. Got 0x\",\n uint80(g),\n \". Expected 0x\",\n uint80(e)\n )\n );\n revert(err);\n }\n return memView;\n }\n\n /**\n * @notice Return an identical view with a different type.\n * @param memView The view\n * @param _newType The new type\n * @return newView - The new view with the specified type\n */\n function castTo(bytes29 memView, uint40 _newType) internal pure returns (bytes29 newView) {\n // then | in the new type\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n // shift off the top 5 bytes\n newView := or(newView, shr(40, shl(40, memView)))\n newView := or(newView, shl(216, _newType))\n }\n }\n\n /**\n * @notice Unsafe raw pointer construction. This should generally not be called\n * directly. Prefer `ref` wherever possible.\n * @dev Unsafe raw pointer construction. This should generally not be called\n * directly. Prefer `ref` wherever possible.\n * @param _type The type\n * @param _loc The memory address\n * @param _len The length\n * @return newView - The new view with the specified type, location and length\n */\n function unsafeBuildUnchecked(uint256 _type, uint256 _loc, uint256 _len) private pure returns (bytes29 newView) {\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n newView := shl(96, or(newView, _type)) // insert type\n newView := shl(96, or(newView, _loc)) // insert loc\n newView := shl(24, or(newView, _len)) // empty bottom 3 bytes\n }\n }\n\n /**\n * @notice Instantiate a new memory view. This should generally not be called\n * directly. Prefer `ref` wherever possible.\n * @dev Instantiate a new memory view. This should generally not be called\n * directly. Prefer `ref` wherever possible.\n * @param _type The type\n * @param _loc The memory address\n * @param _len The length\n * @return newView - The new view with the specified type, location and length\n */\n function build(uint256 _type, uint256 _loc, uint256 _len) internal pure returns (bytes29 newView) {\n uint256 _end = _loc.add(_len);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n if gt(_end, mload(0x40)) {\n _end := 0\n }\n }\n if (_end == 0) {\n return NULL;\n }\n newView = unsafeBuildUnchecked(_type, _loc, _len);\n }\n\n /**\n * @notice Instantiate a memory view from a byte array.\n * @dev Note that due to Solidity memory representation, it is not possible to\n * implement a deref, as the `bytes` type stores its len in memory.\n * @param arr The byte array\n * @param newType The type\n * @return bytes29 - The memory view\n */\n function ref(bytes memory arr, uint40 newType) internal pure returns (bytes29) {\n uint256 _len = arr.length;\n\n uint256 _loc;\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n _loc := add(arr, 0x20) // our view is of the data, not the struct\n }\n\n return build(newType, _loc, _len);\n }\n\n /**\n * @notice Return the associated type information.\n * @param memView The memory view\n * @return _type - The type associated with the view\n */\n function typeOf(bytes29 memView) internal pure returns (uint40 _type) {\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n // 216 == 256 - 40\n _type := shr(216, memView) // shift out lower 24 bytes\n }\n }\n\n /**\n * @notice Optimized type comparison. Checks that the 5-byte type flag is equal.\n * @param left The first view\n * @param right The second view\n * @return bool - True if the 5-byte type flag is equal\n */\n function sameType(bytes29 left, bytes29 right) internal pure returns (bool) {\n return (left ^ right) \u003e\u003e (2 * TWELVE_BYTES) == 0;\n }\n\n /**\n * @notice Return the memory address of the underlying bytes.\n * @param memView The view\n * @return _loc - The memory address\n */\n function loc(bytes29 memView) internal pure returns (uint96 _loc) {\n uint256 _mask = LOW_12_MASK; // assembly can't use globals\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n // 120 bits = 12 bytes (the encoded loc) + 3 bytes (empty low space)\n _loc := and(shr(120, memView), _mask)\n }\n }\n\n /**\n * @notice The number of memory words this memory view occupies, rounded up.\n * @param memView The view\n * @return uint256 - The number of memory words\n */\n function words(bytes29 memView) internal pure returns (uint256) {\n return uint256(len(memView)).add(32) / 32;\n }\n\n /**\n * @notice The in-memory footprint of a fresh copy of the view.\n * @param memView The view\n * @return uint256 - The in-memory footprint of a fresh copy of the view.\n */\n function footprint(bytes29 memView) internal pure returns (uint256) {\n return words(memView) * 32;\n }\n\n /**\n * @notice The number of bytes of the view.\n * @param memView The view\n * @return _len - The length of the view\n */\n function len(bytes29 memView) internal pure returns (uint96 _len) {\n uint256 _mask = LOW_12_MASK; // assembly can't use globals\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n _len := and(shr(24, memView), _mask)\n }\n }\n\n /**\n * @notice Returns the endpoint of `memView`.\n * @param memView The view\n * @return uint256 - The endpoint of `memView`\n */\n function end(bytes29 memView) internal pure returns (uint256) {\n return loc(memView) + len(memView);\n }\n\n /**\n * @notice Safe slicing without memory modification.\n * @param memView The view\n * @param _index The start index\n * @param _len The length\n * @param newType The new type\n * @return bytes29 - The new view\n */\n function slice(bytes29 memView, uint256 _index, uint256 _len, uint40 newType) internal pure returns (bytes29) {\n uint256 _loc = loc(memView);\n\n // Ensure it doesn't overrun the view\n if (_loc.add(_index).add(_len) \u003e end(memView)) {\n return NULL;\n }\n\n _loc = _loc.add(_index);\n return build(newType, _loc, _len);\n }\n\n /**\n * @notice Shortcut to `slice`. Gets a view representing the first `_len` bytes.\n * @param memView The view\n * @param _len The length\n * @param newType The new type\n * @return bytes29 - The new view\n */\n function prefix(bytes29 memView, uint256 _len, uint40 newType) internal pure returns (bytes29) {\n return slice(memView, 0, _len, newType);\n }\n\n /**\n * @notice Shortcut to `slice`. Gets a view representing the last `_len` byte.\n * @param memView The view\n * @param _len The length\n * @param newType The new type\n * @return bytes29 - The new view\n */\n function postfix(bytes29 memView, uint256 _len, uint40 newType) internal pure returns (bytes29) {\n return slice(memView, uint256(len(memView)).sub(_len), _len, newType);\n }\n\n /**\n * @notice Construct an error message for an indexing overrun.\n * @param _loc The memory address\n * @param _len The length\n * @param _index The index\n * @param _slice The slice where the overrun occurred\n * @return err - The err\n */\n function indexErrOverrun(\n uint256 _loc,\n uint256 _len,\n uint256 _index,\n uint256 _slice\n ) internal pure returns (string memory err) {\n (, uint256 a) = encodeHex(_loc);\n (, uint256 b) = encodeHex(_len);\n (, uint256 c) = encodeHex(_index);\n (, uint256 d) = encodeHex(_slice);\n err = string(\n abi.encodePacked(\n \"TypedMemView/index - Overran the view. Slice is at 0x\",\n uint48(a),\n \" with length 0x\",\n uint48(b),\n \". Attempted to index at offset 0x\",\n uint48(c),\n \" with length 0x\",\n uint48(d),\n \".\"\n )\n );\n }\n\n /**\n * @notice Load up to 32 bytes from the view onto the stack.\n * @dev Returns a bytes32 with only the `_bytes` highest bytes set.\n * This can be immediately cast to a smaller fixed-length byte array.\n * To automatically cast to an integer, use `indexUint`.\n * @param memView The view\n * @param _index The index\n * @param _bytes The bytes\n * @return result - The 32 byte result\n */\n function index(bytes29 memView, uint256 _index, uint8 _bytes) internal pure returns (bytes32 result) {\n if (_bytes == 0) {return bytes32(0);}\n if (_index.add(_bytes) \u003e len(memView)) {\n revert(indexErrOverrun(loc(memView), len(memView), _index, uint256(_bytes)));\n }\n require(_bytes \u003c= 32, \"TypedMemView/index - Attempted to index more than 32 bytes\");\n\n uint8 bitLength = _bytes * 8;\n uint256 _loc = loc(memView);\n uint256 _mask = leftMask(bitLength);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n result := and(mload(add(_loc, _index)), _mask)\n }\n }\n\n /**\n * @notice Parse an unsigned integer from the view at `_index`.\n * @dev Requires that the view have \u003e= `_bytes` bytes following that index.\n * @param memView The view\n * @param _index The index\n * @param _bytes The bytes\n * @return result - The unsigned integer\n */\n function indexUint(bytes29 memView, uint256 _index, uint8 _bytes) internal pure returns (uint256 result) {\n return uint256(index(memView, _index, _bytes)) \u003e\u003e ((32 - _bytes) * 8);\n }\n\n /**\n * @notice Parse an unsigned integer from LE bytes.\n * @param memView The view\n * @param _index The index\n * @param _bytes The bytes\n * @return result - The unsigned integer\n */\n function indexLEUint(bytes29 memView, uint256 _index, uint8 _bytes) internal pure returns (uint256 result) {\n return reverseUint256(uint256(index(memView, _index, _bytes)));\n }\n\n /**\n * @notice Parse an address from the view at `_index`. Requires that the view have \u003e= 20 bytes\n * following that index.\n * @param memView The view\n * @param _index The index\n * @return address - The address\n */\n function indexAddress(bytes29 memView, uint256 _index) internal pure returns (address) {\n return address(uint160(indexUint(memView, _index, 20)));\n }\n\n /**\n * @notice Return the keccak256 hash of the underlying memory\n * @param memView The view\n * @return digest - The keccak256 hash of the underlying memory\n */\n function keccak(bytes29 memView) internal pure returns (bytes32 digest) {\n uint256 _loc = loc(memView);\n uint256 _len = len(memView);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n digest := keccak256(_loc, _len)\n }\n }\n\n /**\n * @notice Return the sha2 digest of the underlying memory.\n * @dev We explicitly deallocate memory afterwards.\n * @param memView The view\n * @return digest - The sha2 hash of the underlying memory\n */\n function sha2(bytes29 memView) internal view returns (bytes32 digest) {\n uint256 _loc = loc(memView);\n uint256 _len = len(memView);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n let ptr := mload(0x40)\n pop(staticcall(gas(), 2, _loc, _len, ptr, 0x20)) // sha2 #1\n digest := mload(ptr)\n }\n }\n\n /**\n * @notice Implements bitcoin's hash160 (rmd160(sha2()))\n * @param memView The pre-image\n * @return digest - the Digest\n */\n function hash160(bytes29 memView) internal view returns (bytes20 digest) {\n uint256 _loc = loc(memView);\n uint256 _len = len(memView);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n let ptr := mload(0x40)\n pop(staticcall(gas(), 2, _loc, _len, ptr, 0x20)) // sha2\n pop(staticcall(gas(), 3, ptr, 0x20, ptr, 0x20)) // rmd160\n digest := mload(add(ptr, 0xc)) // return value is 0-prefixed.\n }\n }\n\n /**\n * @notice Implements bitcoin's hash256 (double sha2)\n * @param memView A view of the preimage\n * @return digest - the Digest\n */\n function hash256(bytes29 memView) internal view returns (bytes32 digest) {\n uint256 _loc = loc(memView);\n uint256 _len = len(memView);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n let ptr := mload(0x40)\n pop(staticcall(gas(), 2, _loc, _len, ptr, 0x20)) // sha2 #1\n pop(staticcall(gas(), 2, ptr, 0x20, ptr, 0x20)) // sha2 #2\n digest := mload(ptr)\n }\n }\n\n /**\n * @notice Return true if the underlying memory is equal. Else false.\n * @param left The first view\n * @param right The second view\n * @return bool - True if the underlying memory is equal\n */\n function untypedEqual(bytes29 left, bytes29 right) internal pure returns (bool) {\n return (loc(left) == loc(right) \u0026\u0026 len(left) == len(right)) || keccak(left) == keccak(right);\n }\n\n /**\n * @notice Return false if the underlying memory is equal. Else true.\n * @param left The first view\n * @param right The second view\n * @return bool - False if the underlying memory is equal\n */\n function untypedNotEqual(bytes29 left, bytes29 right) internal pure returns (bool) {\n return !untypedEqual(left, right);\n }\n\n /**\n * @notice Compares type equality.\n * @dev Shortcuts if the pointers are identical, otherwise compares type and digest.\n * @param left The first view\n * @param right The second view\n * @return bool - True if the types are the same\n */\n function equal(bytes29 left, bytes29 right) internal pure returns (bool) {\n return left == right || (typeOf(left) == typeOf(right) \u0026\u0026 keccak(left) == keccak(right));\n }\n\n /**\n * @notice Compares type inequality.\n * @dev Shortcuts if the pointers are identical, otherwise compares type and digest.\n * @param left The first view\n * @param right The second view\n * @return bool - True if the types are not the same\n */\n function notEqual(bytes29 left, bytes29 right) internal pure returns (bool) {\n return !equal(left, right);\n }\n\n /**\n * @notice Copy the view to a location, return an unsafe memory reference\n * @dev Super Dangerous direct memory access.\n *\n * This reference can be overwritten if anything else modifies memory (!!!).\n * As such it MUST be consumed IMMEDIATELY.\n * This function is private to prevent unsafe usage by callers.\n * @param memView The view\n * @param _newLoc The new location\n * @return written - the unsafe memory reference\n */\n function unsafeCopyTo(bytes29 memView, uint256 _newLoc) private view returns (bytes29 written) {\n require(notNull(memView), \"TypedMemView/copyTo - Null pointer deref\");\n require(isValid(memView), \"TypedMemView/copyTo - Invalid pointer deref\");\n uint256 _len = len(memView);\n uint256 _oldLoc = loc(memView);\n\n uint256 ptr;\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n ptr := mload(0x40)\n // revert if we're writing in occupied memory\n if gt(ptr, _newLoc) {\n revert(0x60, 0x20) // empty revert message\n }\n\n // use the identity precompile to copy\n // guaranteed not to fail, so pop the success\n pop(staticcall(gas(), 4, _oldLoc, _len, _newLoc, _len))\n }\n\n written = unsafeBuildUnchecked(typeOf(memView), _newLoc, _len);\n }\n\n /**\n * @notice Copies the referenced memory to a new loc in memory, returning a `bytes` pointing to\n * the new memory\n * @dev Shortcuts if the pointers are identical, otherwise compares type and digest.\n * @param memView The view\n * @return ret - The view pointing to the new memory\n */\n function clone(bytes29 memView) internal view returns (bytes memory ret) {\n uint256 ptr;\n uint256 _len = len(memView);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n ptr := mload(0x40) // load unused memory pointer\n ret := ptr\n }\n unsafeCopyTo(memView, ptr + 0x20);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n mstore(0x40, add(add(ptr, _len), 0x20)) // write new unused pointer\n mstore(ptr, _len) // write len of new array (in bytes)\n }\n }\n\n /**\n * @notice Join the views in memory, return an unsafe reference to the memory.\n * @dev Super Dangerous direct memory access.\n *\n * This reference can be overwritten if anything else modifies memory (!!!).\n * As such it MUST be consumed IMMEDIATELY.\n * This function is private to prevent unsafe usage by callers.\n * @param memViews The views\n * @return unsafeView - The conjoined view pointing to the new memory\n */\n function unsafeJoin(bytes29[] memory memViews, uint256 _location) private view returns (bytes29 unsafeView) {\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n let ptr := mload(0x40)\n // revert if we're writing in occupied memory\n if gt(ptr, _location) {\n revert(0x60, 0x20) // empty revert message\n }\n }\n\n uint256 _offset = 0;\n for (uint256 i = 0; i \u003c memViews.length; i ++) {\n bytes29 memView = memViews[i];\n unsafeCopyTo(memView, _location + _offset);\n _offset += len(memView);\n }\n unsafeView = unsafeBuildUnchecked(0, _location, _offset);\n }\n\n /**\n * @notice Produce the keccak256 digest of the concatenated contents of multiple views.\n * @param memViews The views\n * @return bytes32 - The keccak256 digest\n */\n function joinKeccak(bytes29[] memory memViews) internal view returns (bytes32) {\n uint256 ptr;\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n ptr := mload(0x40) // load unused memory pointer\n }\n return keccak(unsafeJoin(memViews, ptr));\n }\n\n /**\n * @notice Produce the sha256 digest of the concatenated contents of multiple views.\n * @param memViews The views\n * @return bytes32 - The sha256 digest\n */\n function joinSha2(bytes29[] memory memViews) internal view returns (bytes32) {\n uint256 ptr;\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n ptr := mload(0x40) // load unused memory pointer\n }\n return sha2(unsafeJoin(memViews, ptr));\n }\n\n /**\n * @notice copies all views, joins them into a new bytearray.\n * @param memViews The views\n * @return ret - The new byte array\n */\n function join(bytes29[] memory memViews) internal view returns (bytes memory ret) {\n uint256 ptr;\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n ptr := mload(0x40) // load unused memory pointer\n }\n\n bytes29 _newView = unsafeJoin(memViews, ptr + 0x20);\n uint256 _written = len(_newView);\n uint256 _footprint = footprint(_newView);\n\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n // store the legnth\n mstore(ptr, _written)\n // new pointer is old + 0x20 + the footprint of the body\n mstore(0x40, add(add(ptr, _footprint), 0x20))\n ret := ptr\n }\n }\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * @title IRelayer\n * @notice Sends messages from source domain to destination domain\n */\ninterface IRelayer {\n /**\n * @notice Sends an outgoing message from the source domain.\n * @dev Increment nonce, format the message, and emit `MessageSent` event with message information.\n * @param destinationDomain Domain of destination chain\n * @param recipient Address of message recipient on destination domain as bytes32\n * @param messageBody Raw bytes content of message\n * @return nonce reserved by message\n */\n function sendMessage(\n uint32 destinationDomain,\n bytes32 recipient,\n bytes calldata messageBody\n ) external returns (uint64);\n\n /**\n * @notice Sends an outgoing message from the source domain, with a specified caller on the\n * destination domain.\n * @dev Increment nonce, format the message, and emit `MessageSent` event with message information.\n * WARNING: if the `destinationCaller` does not represent a valid address as bytes32, then it will not be possible\n * to broadcast the message on the destination domain. This is an advanced feature, and the standard\n * sendMessage() should be preferred for use cases where a specific destination caller is not required.\n * @param destinationDomain Domain of destination chain\n * @param recipient Address of message recipient on destination domain as bytes32\n * @param destinationCaller caller on the destination domain, as bytes32\n * @param messageBody Raw bytes content of message\n * @return nonce reserved by message\n */\n function sendMessageWithCaller(\n uint32 destinationDomain,\n bytes32 recipient,\n bytes32 destinationCaller,\n bytes calldata messageBody\n ) external returns (uint64);\n\n /**\n * @notice Replace a message with a new message body and/or destination caller.\n * @dev The `originalAttestation` must be a valid attestation of `originalMessage`.\n * @param originalMessage original message to replace\n * @param originalAttestation attestation of `originalMessage`\n * @param newMessageBody new message body of replaced message\n * @param newDestinationCaller the new destination caller\n */\n function replaceMessage(\n bytes calldata originalMessage,\n bytes calldata originalAttestation,\n bytes calldata newMessageBody,\n bytes32 newDestinationCaller\n ) external;\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * @title IReceiver\n * @notice Receives messages on destination chain and forwards them to IMessageDestinationHandler\n */\ninterface IReceiver {\n /**\n * @notice Receives an incoming message, validating the header and passing\n * the body to application-specific handler.\n * @param message The message raw bytes\n * @param signature The message signature\n * @return success bool, true if successful\n */\n function receiveMessage(bytes calldata message, bytes calldata signature)\n external\n returns (bool success);\n}\n\n/**\n * @title IMessageTransmitter\n * @notice Interface for message transmitters, which both relay and receive messages.\n */\ninterface IMessageTransmitter is IRelayer, IReceiver {\n\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * @title IMessageHandler\n * @notice Handles messages on destination domain forwarded from\n * an IReceiver\n */\ninterface IMessageHandler {\n /**\n * @notice handles an incoming message from a Receiver\n * @param sourceDomain the source domain of the message\n * @param sender the sender of the message\n * @param messageBody The message raw bytes\n * @return success bool, true if successful\n */\n function handleReceiveMessage(\n uint32 sourceDomain,\n bytes32 sender,\n bytes calldata messageBody\n ) external returns (bool);\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * @title Message Library\n * @notice Library for formatted messages used by Relayer and Receiver.\n *\n * @dev The message body is dynamically-sized to support custom message body\n * formats. Other fields must be fixed-size to avoid hash collisions.\n * Each other input value has an explicit type to guarantee fixed-size.\n * Padding: uintNN fields are left-padded, and bytesNN fields are right-padded.\n *\n * Field Bytes Type Index\n * version 4 uint32 0\n * sourceDomain 4 uint32 4\n * destinationDomain 4 uint32 8\n * nonce 8 uint64 12\n * sender 32 bytes32 20\n * recipient 32 bytes32 52\n * destinationCaller 32 bytes32 84\n * messageBody dynamic bytes 116\n *\n **/\nlibrary Message {\n using TypedMemView for bytes;\n using TypedMemView for bytes29;\n\n // Indices of each field in message\n uint8 private constant VERSION_INDEX = 0;\n uint8 private constant SOURCE_DOMAIN_INDEX = 4;\n uint8 private constant DESTINATION_DOMAIN_INDEX = 8;\n uint8 private constant NONCE_INDEX = 12;\n uint8 private constant SENDER_INDEX = 20;\n uint8 private constant RECIPIENT_INDEX = 52;\n uint8 private constant DESTINATION_CALLER_INDEX = 84;\n uint8 private constant MESSAGE_BODY_INDEX = 116;\n\n /**\n * @notice Returns formatted (packed) message with provided fields\n * @param _msgVersion the version of the message format\n * @param _msgSourceDomain Domain of home chain\n * @param _msgDestinationDomain Domain of destination chain\n * @param _msgNonce Destination-specific nonce\n * @param _msgSender Address of sender on source chain as bytes32\n * @param _msgRecipient Address of recipient on destination chain as bytes32\n * @param _msgDestinationCaller Address of caller on destination chain as bytes32\n * @param _msgRawBody Raw bytes of message body\n * @return Formatted message\n **/\n function _formatMessage(\n uint32 _msgVersion,\n uint32 _msgSourceDomain,\n uint32 _msgDestinationDomain,\n uint64 _msgNonce,\n bytes32 _msgSender,\n bytes32 _msgRecipient,\n bytes32 _msgDestinationCaller,\n bytes memory _msgRawBody\n ) internal pure returns (bytes memory) {\n return\n abi.encodePacked(\n _msgVersion,\n _msgSourceDomain,\n _msgDestinationDomain,\n _msgNonce,\n _msgSender,\n _msgRecipient,\n _msgDestinationCaller,\n _msgRawBody\n );\n }\n\n // @notice Returns _message's version field\n function _version(bytes29 _message) internal pure returns (uint32) {\n return uint32(_message.indexUint(VERSION_INDEX, 4));\n }\n\n // @notice Returns _message's sourceDomain field\n function _sourceDomain(bytes29 _message) internal pure returns (uint32) {\n return uint32(_message.indexUint(SOURCE_DOMAIN_INDEX, 4));\n }\n\n // @notice Returns _message's destinationDomain field\n function _destinationDomain(bytes29 _message)\n internal\n pure\n returns (uint32)\n {\n return uint32(_message.indexUint(DESTINATION_DOMAIN_INDEX, 4));\n }\n\n // @notice Returns _message's nonce field\n function _nonce(bytes29 _message) internal pure returns (uint64) {\n return uint64(_message.indexUint(NONCE_INDEX, 8));\n }\n\n // @notice Returns _message's sender field\n function _sender(bytes29 _message) internal pure returns (bytes32) {\n return _message.index(SENDER_INDEX, 32);\n }\n\n // @notice Returns _message's recipient field\n function _recipient(bytes29 _message) internal pure returns (bytes32) {\n return _message.index(RECIPIENT_INDEX, 32);\n }\n\n // @notice Returns _message's destinationCaller field\n function _destinationCaller(bytes29 _message)\n internal\n pure\n returns (bytes32)\n {\n return _message.index(DESTINATION_CALLER_INDEX, 32);\n }\n\n // @notice Returns _message's messageBody field\n function _messageBody(bytes29 _message) internal pure returns (bytes29) {\n return\n _message.slice(\n MESSAGE_BODY_INDEX,\n _message.len() - MESSAGE_BODY_INDEX,\n 0\n );\n }\n\n /**\n * @notice converts address to bytes32 (alignment preserving cast.)\n * @param addr the address to convert to bytes32\n */\n function addressToBytes32(address addr) external pure returns (bytes32) {\n return bytes32(uint256(uint160(addr)));\n }\n\n /**\n * @notice converts bytes32 to address (alignment preserving cast.)\n * @dev Warning: it is possible to have different input values _buf map to the same address.\n * For use cases where this is not acceptable, validate that the first 12 bytes of _buf are zero-padding.\n * @param _buf the bytes32 to convert to address\n */\n function bytes32ToAddress(bytes32 _buf) public pure returns (address) {\n return address(uint160(uint256(_buf)));\n }\n\n /**\n * @notice Reverts if message is malformed or incorrect length\n * @param _message The message as bytes29\n */\n function _validateMessageFormat(bytes29 _message) internal pure {\n require(_message.isValid(), \"Malformed message\");\n require(\n _message.len() \u003e= MESSAGE_BODY_INDEX,\n \"Invalid message: too short\"\n );\n }\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/*\n * @dev Provides information about the current execution context, including the\n * sender of the transaction and its data. While these are generally available\n * via msg.sender and msg.data, they should not be accessed in such a direct\n * manner, since when dealing with GSN meta-transactions the account sending and\n * paying for execution may not be the actual sender (as far as an application\n * is concerned).\n *\n * This contract is only required for intermediate, library-like contracts.\n */\nabstract contract Context {\n function _msgSender() internal view virtual returns (address payable) {\n return msg.sender;\n }\n\n function _msgData() internal view virtual returns (bytes memory) {\n this; // silence state mutability warning without generating bytecode - see https://github.com/ethereum/solidity/issues/2691\n return msg.data;\n }\n}\n\n/**\n * @dev forked from https://github.com/OpenZeppelin/openzeppelin-contracts/blob/7c5f6bc2c8743d83443fa46395d75f2f3f99054a/contracts/access/Ownable.sol\n * Modifications:\n * 1. Update Solidity version from 0.8.0 to 0.7.6 (11/9/2022). (v8 was used\n * as base because it includes internal _transferOwnership method.)\n * 2. Remove renounceOwnership function\n *\n * Description\n * Contract module which provides a basic access control mechanism, where\n * there is an account (an owner) that can be granted exclusive access to\n * specific functions.\n *\n * By default, the owner account will be the one that deploys the contract. This\n * can later be changed with {transferOwnership}.\n *\n * This module is used through inheritance. It will make available the modifier\n * `onlyOwner`, which can be applied to your functions to restrict their use to\n * the owner.\n */\nabstract contract Ownable is Context {\n address private _owner;\n\n event OwnershipTransferred(\n address indexed previousOwner,\n address indexed newOwner\n );\n\n /**\n * @dev Initializes the contract setting the deployer as the initial owner.\n */\n constructor() {\n _transferOwnership(_msgSender());\n }\n\n /**\n * @dev Throws if called by any account other than the owner.\n */\n modifier onlyOwner() {\n _checkOwner();\n _;\n }\n\n /**\n * @dev Returns the address of the current owner.\n */\n function owner() public view virtual returns (address) {\n return _owner;\n }\n\n /**\n * @dev Throws if the sender is not the owner.\n */\n function _checkOwner() internal view virtual {\n require(owner() == _msgSender(), \"Ownable: caller is not the owner\");\n }\n\n /**\n * @dev Transfers ownership of the contract to a new account (`newOwner`).\n * Can only be called by the current owner.\n */\n function transferOwnership(address newOwner) public virtual onlyOwner {\n require(\n newOwner != address(0),\n \"Ownable: new owner is the zero address\"\n );\n _transferOwnership(newOwner);\n }\n\n /**\n * @dev Transfers ownership of the contract to a new account (`newOwner`).\n * Internal function without access restriction.\n */\n function _transferOwnership(address newOwner) internal virtual {\n address oldOwner = _owner;\n _owner = newOwner;\n emit OwnershipTransferred(oldOwner, newOwner);\n }\n}\n\n/**\n * @dev forked from https://github.com/OpenZeppelin/openzeppelin-contracts/blob/7c5f6bc2c8743d83443fa46395d75f2f3f99054a/contracts/access/Ownable2Step.sol\n * Modifications:\n * 1. Update Solidity version from 0.8.0 to 0.7.6. Version 0.8.0 was used\n * as base because this contract was added to OZ repo after version 0.8.0.\n *\n * Contract module which provides access control mechanism, where\n * there is an account (an owner) that can be granted exclusive access to\n * specific functions.\n *\n * By default, the owner account will be the one that deploys the contract. This\n * can later be changed with {transferOwnership} and {acceptOwnership}.\n *\n * This module is used through inheritance. It will make available all functions\n * from parent (Ownable).\n */\nabstract contract Ownable2Step is Ownable {\n address private _pendingOwner;\n\n event OwnershipTransferStarted(\n address indexed previousOwner,\n address indexed newOwner\n );\n\n /**\n * @dev Returns the address of the pending owner.\n */\n function pendingOwner() public view virtual returns (address) {\n return _pendingOwner;\n }\n\n /**\n * @dev Starts the ownership transfer of the contract to a new account. Replaces the pending transfer if there is one.\n * Can only be called by the current owner.\n */\n function transferOwnership(address newOwner)\n public\n virtual\n override\n onlyOwner\n {\n _pendingOwner = newOwner;\n emit OwnershipTransferStarted(owner(), newOwner);\n }\n\n /**\n * @dev Transfers ownership of the contract to a new account (`newOwner`) and deletes any pending owner.\n * Internal function without access restriction.\n */\n function _transferOwnership(address newOwner) internal virtual override {\n delete _pendingOwner;\n super._transferOwnership(newOwner);\n }\n\n /**\n * @dev The new owner accepts the ownership transfer.\n */\n function acceptOwnership() external {\n address sender = _msgSender();\n require(\n pendingOwner() == sender,\n \"Ownable2Step: caller is not the new owner\"\n );\n _transferOwnership(sender);\n }\n}\n\n/**\n * @notice Base contract which allows children to implement an emergency stop\n * mechanism\n * @dev Forked from https://github.com/centrehq/centre-tokens/blob/0d3cab14ebd133a83fc834dbd48d0468bdf0b391/contracts/v1/Pausable.sol\n * Modifications:\n * 1. Update Solidity version from 0.6.12 to 0.7.6 (8/23/2022)\n * 2. Change pauser visibility to private, declare external getter (11/19/22)\n */\ncontract Pausable is Ownable2Step {\n event Pause();\n event Unpause();\n event PauserChanged(address indexed newAddress);\n\n address private _pauser;\n bool public paused = false;\n\n /**\n * @dev Modifier to make a function callable only when the contract is not paused.\n */\n modifier whenNotPaused() {\n require(!paused, \"Pausable: paused\");\n _;\n }\n\n /**\n * @dev throws if called by any account other than the pauser\n */\n modifier onlyPauser() {\n require(msg.sender == _pauser, \"Pausable: caller is not the pauser\");\n _;\n }\n\n /**\n * @notice Returns current pauser\n * @return Pauser's address\n */\n function pauser() external view returns (address) {\n return _pauser;\n }\n\n /**\n * @dev called by the owner to pause, triggers stopped state\n */\n function pause() external onlyPauser {\n paused = true;\n emit Pause();\n }\n\n /**\n * @dev called by the owner to unpause, returns to normal state\n */\n function unpause() external onlyPauser {\n paused = false;\n emit Unpause();\n }\n\n /**\n * @dev update the pauser role\n */\n function updatePauser(address _newPauser) external onlyOwner {\n require(\n _newPauser != address(0),\n \"Pausable: new pauser is the zero address\"\n );\n _pauser = _newPauser;\n emit PauserChanged(_pauser);\n }\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * @dev Interface of the ERC20 standard as defined in the EIP.\n */\ninterface IERC20 {\n /**\n * @dev Returns the amount of tokens in existence.\n */\n function totalSupply() external view returns (uint256);\n\n /**\n * @dev Returns the amount of tokens owned by `account`.\n */\n function balanceOf(address account) external view returns (uint256);\n\n /**\n * @dev Moves `amount` tokens from the caller's account to `recipient`.\n *\n * Returns a boolean value indicating whether the operation succeeded.\n *\n * Emits a {Transfer} event.\n */\n function transfer(address recipient, uint256 amount) external returns (bool);\n\n /**\n * @dev Returns the remaining number of tokens that `spender` will be\n * allowed to spend on behalf of `owner` through {transferFrom}. This is\n * zero by default.\n *\n * This value changes when {approve} or {transferFrom} are called.\n */\n function allowance(address owner, address spender) external view returns (uint256);\n\n /**\n * @dev Sets `amount` as the allowance of `spender` over the caller's tokens.\n *\n * Returns a boolean value indicating whether the operation succeeded.\n *\n * IMPORTANT: Beware that changing an allowance with this method brings the risk\n * that someone may use both the old and the new allowance by unfortunate\n * transaction ordering. One possible solution to mitigate this race\n * condition is to first reduce the spender's allowance to 0 and set the\n * desired value afterwards:\n * https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729\n *\n * Emits an {Approval} event.\n */\n function approve(address spender, uint256 amount) external returns (bool);\n\n /**\n * @dev Moves `amount` tokens from `sender` to `recipient` using the\n * allowance mechanism. `amount` is then deducted from the caller's\n * allowance.\n *\n * Returns a boolean value indicating whether the operation succeeded.\n *\n * Emits a {Transfer} event.\n */\n function transferFrom(address sender, address recipient, uint256 amount) external returns (bool);\n\n /**\n * @dev Emitted when `value` tokens are moved from one account (`from`) to\n * another (`to`).\n *\n * Note that `value` may be zero.\n */\n event Transfer(address indexed from, address indexed to, uint256 value);\n\n /**\n * @dev Emitted when the allowance of a `spender` for an `owner` is set by\n * a call to {approve}. `value` is the new allowance.\n */\n event Approval(address indexed owner, address indexed spender, uint256 value);\n}\n\n/**\n * @dev Wrappers over Solidity's arithmetic operations with added overflow\n * checks.\n *\n * Arithmetic operations in Solidity wrap on overflow. This can easily result\n * in bugs, because programmers usually assume that an overflow raises an\n * error, which is the standard behavior in high level programming languages.\n * `SafeMath` restores this intuition by reverting the transaction when an\n * operation overflows.\n *\n * Using this library instead of the unchecked operations eliminates an entire\n * class of bugs, so it's recommended to use it always.\n */\nlibrary SafeMath {\n /**\n * @dev Returns the addition of two unsigned integers, with an overflow flag.\n *\n * _Available since v3.4._\n */\n function tryAdd(uint256 a, uint256 b) internal pure returns (bool, uint256) {\n uint256 c = a + b;\n if (c \u003c a) return (false, 0);\n return (true, c);\n }\n\n /**\n * @dev Returns the substraction of two unsigned integers, with an overflow flag.\n *\n * _Available since v3.4._\n */\n function trySub(uint256 a, uint256 b) internal pure returns (bool, uint256) {\n if (b \u003e a) return (false, 0);\n return (true, a - b);\n }\n\n /**\n * @dev Returns the multiplication of two unsigned integers, with an overflow flag.\n *\n * _Available since v3.4._\n */\n function tryMul(uint256 a, uint256 b) internal pure returns (bool, uint256) {\n // Gas optimization: this is cheaper than requiring 'a' not being zero, but the\n // benefit is lost if 'b' is also tested.\n // See: https://github.com/OpenZeppelin/openzeppelin-contracts/pull/522\n if (a == 0) return (true, 0);\n uint256 c = a * b;\n if (c / a != b) return (false, 0);\n return (true, c);\n }\n\n /**\n * @dev Returns the division of two unsigned integers, with a division by zero flag.\n *\n * _Available since v3.4._\n */\n function tryDiv(uint256 a, uint256 b) internal pure returns (bool, uint256) {\n if (b == 0) return (false, 0);\n return (true, a / b);\n }\n\n /**\n * @dev Returns the remainder of dividing two unsigned integers, with a division by zero flag.\n *\n * _Available since v3.4._\n */\n function tryMod(uint256 a, uint256 b) internal pure returns (bool, uint256) {\n if (b == 0) return (false, 0);\n return (true, a % b);\n }\n\n /**\n * @dev Returns the addition of two unsigned integers, reverting on\n * overflow.\n *\n * Counterpart to Solidity's `+` operator.\n *\n * Requirements:\n *\n * - Addition cannot overflow.\n */\n function add(uint256 a, uint256 b) internal pure returns (uint256) {\n uint256 c = a + b;\n require(c \u003e= a, \"SafeMath: addition overflow\");\n return c;\n }\n\n /**\n * @dev Returns the subtraction of two unsigned integers, reverting on\n * overflow (when the result is negative).\n *\n * Counterpart to Solidity's `-` operator.\n *\n * Requirements:\n *\n * - Subtraction cannot overflow.\n */\n function sub(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b \u003c= a, \"SafeMath: subtraction overflow\");\n return a - b;\n }\n\n /**\n * @dev Returns the multiplication of two unsigned integers, reverting on\n * overflow.\n *\n * Counterpart to Solidity's `*` operator.\n *\n * Requirements:\n *\n * - Multiplication cannot overflow.\n */\n function mul(uint256 a, uint256 b) internal pure returns (uint256) {\n if (a == 0) return 0;\n uint256 c = a * b;\n require(c / a == b, \"SafeMath: multiplication overflow\");\n return c;\n }\n\n /**\n * @dev Returns the integer division of two unsigned integers, reverting on\n * division by zero. The result is rounded towards zero.\n *\n * Counterpart to Solidity's `/` operator. Note: this function uses a\n * `revert` opcode (which leaves remaining gas untouched) while Solidity\n * uses an invalid opcode to revert (consuming all remaining gas).\n *\n * Requirements:\n *\n * - The divisor cannot be zero.\n */\n function div(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b \u003e 0, \"SafeMath: division by zero\");\n return a / b;\n }\n\n /**\n * @dev Returns the remainder of dividing two unsigned integers. (unsigned integer modulo),\n * reverting when dividing by zero.\n *\n * Counterpart to Solidity's `%` operator. This function uses a `revert`\n * opcode (which leaves remaining gas untouched) while Solidity uses an\n * invalid opcode to revert (consuming all remaining gas).\n *\n * Requirements:\n *\n * - The divisor cannot be zero.\n */\n function mod(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b \u003e 0, \"SafeMath: modulo by zero\");\n return a % b;\n }\n\n /**\n * @dev Returns the subtraction of two unsigned integers, reverting with custom message on\n * overflow (when the result is negative).\n *\n * CAUTION: This function is deprecated because it requires allocating memory for the error\n * message unnecessarily. For custom revert reasons use {trySub}.\n *\n * Counterpart to Solidity's `-` operator.\n *\n * Requirements:\n *\n * - Subtraction cannot overflow.\n */\n function sub(uint256 a, uint256 b, string memory errorMessage) internal pure returns (uint256) {\n require(b \u003c= a, errorMessage);\n return a - b;\n }\n\n /**\n * @dev Returns the integer division of two unsigned integers, reverting with custom message on\n * division by zero. The result is rounded towards zero.\n *\n * CAUTION: This function is deprecated because it requires allocating memory for the error\n * message unnecessarily. For custom revert reasons use {tryDiv}.\n *\n * Counterpart to Solidity's `/` operator. Note: this function uses a\n * `revert` opcode (which leaves remaining gas untouched) while Solidity\n * uses an invalid opcode to revert (consuming all remaining gas).\n *\n * Requirements:\n *\n * - The divisor cannot be zero.\n */\n function div(uint256 a, uint256 b, string memory errorMessage) internal pure returns (uint256) {\n require(b \u003e 0, errorMessage);\n return a / b;\n }\n\n /**\n * @dev Returns the remainder of dividing two unsigned integers. (unsigned integer modulo),\n * reverting with custom message when dividing by zero.\n *\n * CAUTION: This function is deprecated because it requires allocating memory for the error\n * message unnecessarily. For custom revert reasons use {tryMod}.\n *\n * Counterpart to Solidity's `%` operator. This function uses a `revert`\n * opcode (which leaves remaining gas untouched) while Solidity uses an\n * invalid opcode to revert (consuming all remaining gas).\n *\n * Requirements:\n *\n * - The divisor cannot be zero.\n */\n function mod(uint256 a, uint256 b, string memory errorMessage) internal pure returns (uint256) {\n require(b \u003e 0, errorMessage);\n return a % b;\n }\n}\n\n/**\n * @dev Collection of functions related to the address type\n */\nlibrary Address {\n /**\n * @dev Returns true if `account` is a contract.\n *\n * [IMPORTANT]\n * ====\n * It is unsafe to assume that an address for which this function returns\n * false is an externally-owned account (EOA) and not a contract.\n *\n * Among others, `isContract` will return false for the following\n * types of addresses:\n *\n * - an externally-owned account\n * - a contract in construction\n * - an address where a contract will be created\n * - an address where a contract lived, but was destroyed\n * ====\n */\n function isContract(address account) internal view returns (bool) {\n // This method relies on extcodesize, which returns 0 for contracts in\n // construction, since the code is only stored at the end of the\n // constructor execution.\n\n uint256 size;\n // solhint-disable-next-line no-inline-assembly\n assembly { size := extcodesize(account) }\n return size \u003e 0;\n }\n\n /**\n * @dev Replacement for Solidity's `transfer`: sends `amount` wei to\n * `recipient`, forwarding all available gas and reverting on errors.\n *\n * https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost\n * of certain opcodes, possibly making contracts go over the 2300 gas limit\n * imposed by `transfer`, making them unable to receive funds via\n * `transfer`. {sendValue} removes this limitation.\n *\n * https://diligence.consensys.net/posts/2019/09/stop-using-soliditys-transfer-now/[Learn more].\n *\n * IMPORTANT: because control is transferred to `recipient`, care must be\n * taken to not create reentrancy vulnerabilities. Consider using\n * {ReentrancyGuard} or the\n * https://solidity.readthedocs.io/en/v0.5.11/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern].\n */\n function sendValue(address payable recipient, uint256 amount) internal {\n require(address(this).balance \u003e= amount, \"Address: insufficient balance\");\n\n // solhint-disable-next-line avoid-low-level-calls, avoid-call-value\n (bool success, ) = recipient.call{ value: amount }(\"\");\n require(success, \"Address: unable to send value, recipient may have reverted\");\n }\n\n /**\n * @dev Performs a Solidity function call using a low level `call`. A\n * plain`call` is an unsafe replacement for a function call: use this\n * function instead.\n *\n * If `target` reverts with a revert reason, it is bubbled up by this\n * function (like regular Solidity function calls).\n *\n * Returns the raw returned data. To convert to the expected return value,\n * use https://solidity.readthedocs.io/en/latest/units-and-global-variables.html?highlight=abi.decode#abi-encoding-and-decoding-functions[`abi.decode`].\n *\n * Requirements:\n *\n * - `target` must be a contract.\n * - calling `target` with `data` must not revert.\n *\n * _Available since v3.1._\n */\n function functionCall(address target, bytes memory data) internal returns (bytes memory) {\n return functionCall(target, data, \"Address: low-level call failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], but with\n * `errorMessage` as a fallback revert reason when `target` reverts.\n *\n * _Available since v3.1._\n */\n function functionCall(address target, bytes memory data, string memory errorMessage) internal returns (bytes memory) {\n return functionCallWithValue(target, data, 0, errorMessage);\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\n * but also transferring `value` wei to `target`.\n *\n * Requirements:\n *\n * - the calling contract must have an ETH balance of at least `value`.\n * - the called Solidity function must be `payable`.\n *\n * _Available since v3.1._\n */\n function functionCallWithValue(address target, bytes memory data, uint256 value) internal returns (bytes memory) {\n return functionCallWithValue(target, data, value, \"Address: low-level call with value failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCallWithValue-address-bytes-uint256-}[`functionCallWithValue`], but\n * with `errorMessage` as a fallback revert reason when `target` reverts.\n *\n * _Available since v3.1._\n */\n function functionCallWithValue(address target, bytes memory data, uint256 value, string memory errorMessage) internal returns (bytes memory) {\n require(address(this).balance \u003e= value, \"Address: insufficient balance for call\");\n require(isContract(target), \"Address: call to non-contract\");\n\n // solhint-disable-next-line avoid-low-level-calls\n (bool success, bytes memory returndata) = target.call{ value: value }(data);\n return _verifyCallResult(success, returndata, errorMessage);\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\n * but performing a static call.\n *\n * _Available since v3.3._\n */\n function functionStaticCall(address target, bytes memory data) internal view returns (bytes memory) {\n return functionStaticCall(target, data, \"Address: low-level static call failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],\n * but performing a static call.\n *\n * _Available since v3.3._\n */\n function functionStaticCall(address target, bytes memory data, string memory errorMessage) internal view returns (bytes memory) {\n require(isContract(target), \"Address: static call to non-contract\");\n\n // solhint-disable-next-line avoid-low-level-calls\n (bool success, bytes memory returndata) = target.staticcall(data);\n return _verifyCallResult(success, returndata, errorMessage);\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\n * but performing a delegate call.\n *\n * _Available since v3.4._\n */\n function functionDelegateCall(address target, bytes memory data) internal returns (bytes memory) {\n return functionDelegateCall(target, data, \"Address: low-level delegate call failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],\n * but performing a delegate call.\n *\n * _Available since v3.4._\n */\n function functionDelegateCall(address target, bytes memory data, string memory errorMessage) internal returns (bytes memory) {\n require(isContract(target), \"Address: delegate call to non-contract\");\n\n // solhint-disable-next-line avoid-low-level-calls\n (bool success, bytes memory returndata) = target.delegatecall(data);\n return _verifyCallResult(success, returndata, errorMessage);\n }\n\n function _verifyCallResult(bool success, bytes memory returndata, string memory errorMessage) private pure returns(bytes memory) {\n if (success) {\n return returndata;\n } else {\n // Look for revert reason and bubble it up if present\n if (returndata.length \u003e 0) {\n // The easiest way to bubble the revert reason is using memory via assembly\n\n // solhint-disable-next-line no-inline-assembly\n assembly {\n let returndata_size := mload(returndata)\n revert(add(32, returndata), returndata_size)\n }\n } else {\n revert(errorMessage);\n }\n }\n }\n}\n\n/**\n * @title SafeERC20\n * @dev Wrappers around ERC20 operations that throw on failure (when the token\n * contract returns false). Tokens that return no value (and instead revert or\n * throw on failure) are also supported, non-reverting calls are assumed to be\n * successful.\n * To use this library you can add a `using SafeERC20 for IERC20;` statement to your contract,\n * which allows you to call the safe operations as `token.safeTransfer(...)`, etc.\n */\nlibrary SafeERC20 {\n using SafeMath for uint256;\n using Address for address;\n\n function safeTransfer(IERC20 token, address to, uint256 value) internal {\n _callOptionalReturn(token, abi.encodeWithSelector(token.transfer.selector, to, value));\n }\n\n function safeTransferFrom(IERC20 token, address from, address to, uint256 value) internal {\n _callOptionalReturn(token, abi.encodeWithSelector(token.transferFrom.selector, from, to, value));\n }\n\n /**\n * @dev Deprecated. This function has issues similar to the ones found in\n * {IERC20-approve}, and its usage is discouraged.\n *\n * Whenever possible, use {safeIncreaseAllowance} and\n * {safeDecreaseAllowance} instead.\n */\n function safeApprove(IERC20 token, address spender, uint256 value) internal {\n // safeApprove should only be called when setting an initial allowance,\n // or when resetting it to zero. To increase and decrease it, use\n // 'safeIncreaseAllowance' and 'safeDecreaseAllowance'\n // solhint-disable-next-line max-line-length\n require((value == 0) || (token.allowance(address(this), spender) == 0),\n \"SafeERC20: approve from non-zero to non-zero allowance\"\n );\n _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, value));\n }\n\n function safeIncreaseAllowance(IERC20 token, address spender, uint256 value) internal {\n uint256 newAllowance = token.allowance(address(this), spender).add(value);\n _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, newAllowance));\n }\n\n function safeDecreaseAllowance(IERC20 token, address spender, uint256 value) internal {\n uint256 newAllowance = token.allowance(address(this), spender).sub(value, \"SafeERC20: decreased allowance below zero\");\n _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, newAllowance));\n }\n\n /**\n * @dev Imitates a Solidity high-level call (i.e. a regular function call to a contract), relaxing the requirement\n * on the return value: the return value is optional (but if data is returned, it must not be false).\n * @param token The token targeted by the call.\n * @param data The call data (encoded using abi.encode or one of its variants).\n */\n function _callOptionalReturn(IERC20 token, bytes memory data) private {\n // We need to perform a low level call here, to bypass Solidity's return data size checking mechanism, since\n // we're implementing it ourselves. We use {Address.functionCall} to perform this call, which verifies that\n // the target address contains contract code and also asserts for success in the low-level call.\n\n bytes memory returndata = address(token).functionCall(data, \"SafeERC20: low-level call failed\");\n if (returndata.length \u003e 0) { // Return data is optional\n // solhint-disable-next-line max-line-length\n require(abi.decode(returndata, (bool)), \"SafeERC20: ERC20 operation did not succeed\");\n }\n }\n}\n\n/**\n * @notice Base contract which allows children to rescue ERC20 locked in their contract.\n * @dev Forked from https://github.com/centrehq/centre-tokens/blob/0d3cab14ebd133a83fc834dbd48d0468bdf0b391/contracts/v1.1/Rescuable.sol\n * Modifications:\n * 1. Update Solidity version from 0.6.12 to 0.7.6 (8/23/2022)\n */\ncontract Rescuable is Ownable2Step {\n using SafeERC20 for IERC20;\n\n address private _rescuer;\n\n event RescuerChanged(address indexed newRescuer);\n\n /**\n * @notice Returns current rescuer\n * @return Rescuer's address\n */\n function rescuer() external view returns (address) {\n return _rescuer;\n }\n\n /**\n * @notice Revert if called by any account other than the rescuer.\n */\n modifier onlyRescuer() {\n require(msg.sender == _rescuer, \"Rescuable: caller is not the rescuer\");\n _;\n }\n\n /**\n * @notice Rescue ERC20 tokens locked up in this contract.\n * @param tokenContract ERC20 token contract address\n * @param to Recipient address\n * @param amount Amount to withdraw\n */\n function rescueERC20(\n IERC20 tokenContract,\n address to,\n uint256 amount\n ) external onlyRescuer {\n tokenContract.safeTransfer(to, amount);\n }\n\n /**\n * @notice Assign the rescuer role to a given address.\n * @param newRescuer New rescuer's address\n */\n function updateRescuer(address newRescuer) external onlyOwner {\n require(\n newRescuer != address(0),\n \"Rescuable: new rescuer is the zero address\"\n );\n _rescuer = newRescuer;\n emit RescuerChanged(newRescuer);\n }\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * @dev Library for managing\n * https://en.wikipedia.org/wiki/Set_(abstract_data_type)[sets] of primitive\n * types.\n *\n * Sets have the following properties:\n *\n * - Elements are added, removed, and checked for existence in constant time\n * (O(1)).\n * - Elements are enumerated in O(n). No guarantees are made on the ordering.\n *\n * ```\n * contract Example {\n * // Add the library methods\n * using EnumerableSet for EnumerableSet.AddressSet;\n *\n * // Declare a set state variable\n * EnumerableSet.AddressSet private mySet;\n * }\n * ```\n *\n * As of v3.3.0, sets of type `bytes32` (`Bytes32Set`), `address` (`AddressSet`)\n * and `uint256` (`UintSet`) are supported.\n */\nlibrary EnumerableSet {\n // To implement this library for multiple types with as little code\n // repetition as possible, we write it in terms of a generic Set type with\n // bytes32 values.\n // The Set implementation uses private functions, and user-facing\n // implementations (such as AddressSet) are just wrappers around the\n // underlying Set.\n // This means that we can only create new EnumerableSets for types that fit\n // in bytes32.\n\n struct Set {\n // Storage of set values\n bytes32[] _values;\n\n // Position of the value in the `values` array, plus 1 because index 0\n // means a value is not in the set.\n mapping (bytes32 =\u003e uint256) _indexes;\n }\n\n /**\n * @dev Add a value to a set. O(1).\n *\n * Returns true if the value was added to the set, that is if it was not\n * already present.\n */\n function _add(Set storage set, bytes32 value) private returns (bool) {\n if (!_contains(set, value)) {\n set._values.push(value);\n // The value is stored at length-1, but we add 1 to all indexes\n // and use 0 as a sentinel value\n set._indexes[value] = set._values.length;\n return true;\n } else {\n return false;\n }\n }\n\n /**\n * @dev Removes a value from a set. O(1).\n *\n * Returns true if the value was removed from the set, that is if it was\n * present.\n */\n function _remove(Set storage set, bytes32 value) private returns (bool) {\n // We read and store the value's index to prevent multiple reads from the same storage slot\n uint256 valueIndex = set._indexes[value];\n\n if (valueIndex != 0) { // Equivalent to contains(set, value)\n // To delete an element from the _values array in O(1), we swap the element to delete with the last one in\n // the array, and then remove the last element (sometimes called as 'swap and pop').\n // This modifies the order of the array, as noted in {at}.\n\n uint256 toDeleteIndex = valueIndex - 1;\n uint256 lastIndex = set._values.length - 1;\n\n // When the value to delete is the last one, the swap operation is unnecessary. However, since this occurs\n // so rarely, we still do the swap anyway to avoid the gas cost of adding an 'if' statement.\n\n bytes32 lastvalue = set._values[lastIndex];\n\n // Move the last value to the index where the value to delete is\n set._values[toDeleteIndex] = lastvalue;\n // Update the index for the moved value\n set._indexes[lastvalue] = toDeleteIndex + 1; // All indexes are 1-based\n\n // Delete the slot where the moved value was stored\n set._values.pop();\n\n // Delete the index for the deleted slot\n delete set._indexes[value];\n\n return true;\n } else {\n return false;\n }\n }\n\n /**\n * @dev Returns true if the value is in the set. O(1).\n */\n function _contains(Set storage set, bytes32 value) private view returns (bool) {\n return set._indexes[value] != 0;\n }\n\n /**\n * @dev Returns the number of values on the set. O(1).\n */\n function _length(Set storage set) private view returns (uint256) {\n return set._values.length;\n }\n\n /**\n * @dev Returns the value stored at position `index` in the set. O(1).\n *\n * Note that there are no guarantees on the ordering of values inside the\n * array, and it may change when more values are added or removed.\n *\n * Requirements:\n *\n * - `index` must be strictly less than {length}.\n */\n function _at(Set storage set, uint256 index) private view returns (bytes32) {\n require(set._values.length \u003e index, \"EnumerableSet: index out of bounds\");\n return set._values[index];\n }\n\n // Bytes32Set\n\n struct Bytes32Set {\n Set _inner;\n }\n\n /**\n * @dev Add a value to a set. O(1).\n *\n * Returns true if the value was added to the set, that is if it was not\n * already present.\n */\n function add(Bytes32Set storage set, bytes32 value) internal returns (bool) {\n return _add(set._inner, value);\n }\n\n /**\n * @dev Removes a value from a set. O(1).\n *\n * Returns true if the value was removed from the set, that is if it was\n * present.\n */\n function remove(Bytes32Set storage set, bytes32 value) internal returns (bool) {\n return _remove(set._inner, value);\n }\n\n /**\n * @dev Returns true if the value is in the set. O(1).\n */\n function contains(Bytes32Set storage set, bytes32 value) internal view returns (bool) {\n return _contains(set._inner, value);\n }\n\n /**\n * @dev Returns the number of values in the set. O(1).\n */\n function length(Bytes32Set storage set) internal view returns (uint256) {\n return _length(set._inner);\n }\n\n /**\n * @dev Returns the value stored at position `index` in the set. O(1).\n *\n * Note that there are no guarantees on the ordering of values inside the\n * array, and it may change when more values are added or removed.\n *\n * Requirements:\n *\n * - `index` must be strictly less than {length}.\n */\n function at(Bytes32Set storage set, uint256 index) internal view returns (bytes32) {\n return _at(set._inner, index);\n }\n\n // AddressSet\n\n struct AddressSet {\n Set _inner;\n }\n\n /**\n * @dev Add a value to a set. O(1).\n *\n * Returns true if the value was added to the set, that is if it was not\n * already present.\n */\n function add(AddressSet storage set, address value) internal returns (bool) {\n return _add(set._inner, bytes32(uint256(uint160(value))));\n }\n\n /**\n * @dev Removes a value from a set. O(1).\n *\n * Returns true if the value was removed from the set, that is if it was\n * present.\n */\n function remove(AddressSet storage set, address value) internal returns (bool) {\n return _remove(set._inner, bytes32(uint256(uint160(value))));\n }\n\n /**\n * @dev Returns true if the value is in the set. O(1).\n */\n function contains(AddressSet storage set, address value) internal view returns (bool) {\n return _contains(set._inner, bytes32(uint256(uint160(value))));\n }\n\n /**\n * @dev Returns the number of values in the set. O(1).\n */\n function length(AddressSet storage set) internal view returns (uint256) {\n return _length(set._inner);\n }\n\n /**\n * @dev Returns the value stored at position `index` in the set. O(1).\n *\n * Note that there are no guarantees on the ordering of values inside the\n * array, and it may change when more values are added or removed.\n *\n * Requirements:\n *\n * - `index` must be strictly less than {length}.\n */\n function at(AddressSet storage set, uint256 index) internal view returns (address) {\n return address(uint160(uint256(_at(set._inner, index))));\n }\n\n // UintSet\n\n struct UintSet {\n Set _inner;\n }\n\n /**\n * @dev Add a value to a set. O(1).\n *\n * Returns true if the value was added to the set, that is if it was not\n * already present.\n */\n function add(UintSet storage set, uint256 value) internal returns (bool) {\n return _add(set._inner, bytes32(value));\n }\n\n /**\n * @dev Removes a value from a set. O(1).\n *\n * Returns true if the value was removed from the set, that is if it was\n * present.\n */\n function remove(UintSet storage set, uint256 value) internal returns (bool) {\n return _remove(set._inner, bytes32(value));\n }\n\n /**\n * @dev Returns true if the value is in the set. O(1).\n */\n function contains(UintSet storage set, uint256 value) internal view returns (bool) {\n return _contains(set._inner, bytes32(value));\n }\n\n /**\n * @dev Returns the number of values on the set. O(1).\n */\n function length(UintSet storage set) internal view returns (uint256) {\n return _length(set._inner);\n }\n\n /**\n * @dev Returns the value stored at position `index` in the set. O(1).\n *\n * Note that there are no guarantees on the ordering of values inside the\n * array, and it may change when more values are added or removed.\n *\n * Requirements:\n *\n * - `index` must be strictly less than {length}.\n */\n function at(UintSet storage set, uint256 index) internal view returns (uint256) {\n return uint256(_at(set._inner, index));\n }\n}\n\n/**\n * @dev Elliptic Curve Digital Signature Algorithm (ECDSA) operations.\n *\n * These functions can be used to verify that a message was signed by the holder\n * of the private keys of a given address.\n */\nlibrary ECDSA {\n /**\n * @dev Returns the address that signed a hashed message (`hash`) with\n * `signature`. This address can then be used for verification purposes.\n *\n * The `ecrecover` EVM opcode allows for malleable (non-unique) signatures:\n * this function rejects them by requiring the `s` value to be in the lower\n * half order, and the `v` value to be either 27 or 28.\n *\n * IMPORTANT: `hash` _must_ be the result of a hash operation for the\n * verification to be secure: it is possible to craft signatures that\n * recover to arbitrary addresses for non-hashed data. A safe way to ensure\n * this is by receiving a hash of the original message (which may otherwise\n * be too long), and then calling {toEthSignedMessageHash} on it.\n */\n function recover(bytes32 hash, bytes memory signature) internal pure returns (address) {\n // Check the signature length\n if (signature.length != 65) {\n revert(\"ECDSA: invalid signature length\");\n }\n\n // Divide the signature in r, s and v variables\n bytes32 r;\n bytes32 s;\n uint8 v;\n\n // ecrecover takes the signature parameters, and the only way to get them\n // currently is to use assembly.\n // solhint-disable-next-line no-inline-assembly\n assembly {\n r := mload(add(signature, 0x20))\n s := mload(add(signature, 0x40))\n v := byte(0, mload(add(signature, 0x60)))\n }\n\n return recover(hash, v, r, s);\n }\n\n /**\n * @dev Overload of {ECDSA-recover-bytes32-bytes-} that receives the `v`,\n * `r` and `s` signature fields separately.\n */\n function recover(bytes32 hash, uint8 v, bytes32 r, bytes32 s) internal pure returns (address) {\n // EIP-2 still allows signature malleability for ecrecover(). Remove this possibility and make the signature\n // unique. Appendix F in the Ethereum Yellow paper (https://ethereum.github.io/yellowpaper/paper.pdf), defines\n // the valid range for s in (281): 0 \u003c s \u003c secp256k1n ÷ 2 + 1, and for v in (282): v ∈ {27, 28}. Most\n // signatures from current libraries generate a unique signature with an s-value in the lower half order.\n //\n // If your library generates malleable signatures, such as s-values in the upper range, calculate a new s-value\n // with 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141 - s1 and flip v from 27 to 28 or\n // vice versa. If your library also generates signatures with 0/1 for v instead 27/28, add 27 to v to accept\n // these malleable signatures as well.\n require(uint256(s) \u003c= 0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0, \"ECDSA: invalid signature 's' value\");\n require(v == 27 || v == 28, \"ECDSA: invalid signature 'v' value\");\n\n // If the signature is valid (and not malleable), return the signer address\n address signer = ecrecover(hash, v, r, s);\n require(signer != address(0), \"ECDSA: invalid signature\");\n\n return signer;\n }\n\n /**\n * @dev Returns an Ethereum Signed Message, created from a `hash`. This\n * replicates the behavior of the\n * https://github.com/ethereum/wiki/wiki/JSON-RPC#eth_sign[`eth_sign`]\n * JSON-RPC method.\n *\n * See {recover}.\n */\n function toEthSignedMessageHash(bytes32 hash) internal pure returns (bytes32) {\n // 32 is the length in bytes of hash,\n // enforced by the type signature above\n return keccak256(abi.encodePacked(\"\\x19Ethereum Signed Message:\\n32\", hash));\n }\n}\n\ncontract Attestable is Ownable2Step {\n // ============ Events ============\n /**\n * @notice Emitted when an attester is enabled\n * @param attester newly enabled attester\n */\n event AttesterEnabled(address indexed attester);\n\n /**\n * @notice Emitted when an attester is disabled\n * @param attester newly disabled attester\n */\n event AttesterDisabled(address indexed attester);\n\n /**\n * @notice Emitted when threshold number of attestations (m in m/n multisig) is updated\n * @param oldSignatureThreshold old signature threshold\n * @param newSignatureThreshold new signature threshold\n */\n event SignatureThresholdUpdated(\n uint256 oldSignatureThreshold,\n uint256 newSignatureThreshold\n );\n\n /**\n * @dev Emitted when attester manager address is updated\n * @param previousAttesterManager representing the address of the previous attester manager\n * @param newAttesterManager representing the address of the new attester manager\n */\n event AttesterManagerUpdated(\n address indexed previousAttesterManager,\n address indexed newAttesterManager\n );\n\n // ============ Libraries ============\n using EnumerableSet for EnumerableSet.AddressSet;\n\n // ============ State Variables ============\n // number of signatures from distinct attesters required for a message to be received (m in m/n multisig)\n uint256 public signatureThreshold;\n\n // 65-byte ECDSA signature: v (32) + r (32) + s (1)\n uint256 internal constant signatureLength = 65;\n\n // enabled attesters (message signers)\n // (length of enabledAttesters is n in m/n multisig of message signers)\n EnumerableSet.AddressSet private enabledAttesters;\n\n // Attester Manager of the contract\n address private _attesterManager;\n\n // ============ Modifiers ============\n /**\n * @dev Throws if called by any account other than the attester manager.\n */\n modifier onlyAttesterManager() {\n require(msg.sender == _attesterManager, \"Caller not attester manager\");\n _;\n }\n\n // ============ Constructor ============\n /**\n * @dev The constructor sets the original attester manager of the contract to the sender account.\n * @param attester attester to initialize\n */\n constructor(address attester) {\n _setAttesterManager(msg.sender);\n // Initially 1 signature is required. Threshold can be increased by attesterManager.\n signatureThreshold = 1;\n enableAttester(attester);\n }\n\n // ============ Public/External Functions ============\n /**\n * @notice Enables an attester\n * @dev Only callable by attesterManager. New attester must be nonzero, and currently disabled.\n * @param newAttester attester to enable\n */\n function enableAttester(address newAttester) public onlyAttesterManager {\n require(newAttester != address(0), \"New attester must be nonzero\");\n require(enabledAttesters.add(newAttester), \"Attester already enabled\");\n emit AttesterEnabled(newAttester);\n }\n\n /**\n * @notice returns true if given `attester` is enabled, else false\n * @param attester attester to check enabled status of\n * @return true if given `attester` is enabled, else false\n */\n function isEnabledAttester(address attester) public view returns (bool) {\n return enabledAttesters.contains(attester);\n }\n\n /**\n * @notice returns the number of enabled attesters\n * @return number of enabled attesters\n */\n function getNumEnabledAttesters() public view returns (uint256) {\n return enabledAttesters.length();\n }\n\n /**\n * @dev Allows the current attester manager to transfer control of the contract to a newAttesterManager.\n * @param newAttesterManager The address to update attester manager to.\n */\n function updateAttesterManager(address newAttesterManager)\n external\n onlyOwner\n {\n require(\n newAttesterManager != address(0),\n \"Invalid attester manager address\"\n );\n address _oldAttesterManager = _attesterManager;\n _setAttesterManager(newAttesterManager);\n emit AttesterManagerUpdated(_oldAttesterManager, newAttesterManager);\n }\n\n /**\n * @notice Disables an attester\n * @dev Only callable by attesterManager. Disabling the attester is not allowed if there is only one attester\n * enabled, or if it would cause the number of enabled attesters to become less than signatureThreshold.\n * (Attester must be currently enabled.)\n * @param attester attester to disable\n */\n function disableAttester(address attester) external onlyAttesterManager {\n // Disallow disabling attester if there is only 1 active attester\n uint256 _numEnabledAttesters = getNumEnabledAttesters();\n\n require(_numEnabledAttesters \u003e 1, \"Too few enabled attesters\");\n\n // Disallow disabling an attester if it would cause the n in m/n multisig to fall below m (threshold # of signers).\n require(\n _numEnabledAttesters \u003e signatureThreshold,\n \"Signature threshold is too low\"\n );\n\n require(enabledAttesters.remove(attester), \"Attester already disabled\");\n emit AttesterDisabled(attester);\n }\n\n /**\n * @notice Sets the threshold of signatures required to attest to a message.\n * (This is the m in m/n multisig.)\n * @dev new signature threshold must be nonzero, and must not exceed number\n * of enabled attesters.\n * @param newSignatureThreshold new signature threshold\n */\n function setSignatureThreshold(uint256 newSignatureThreshold)\n external\n onlyAttesterManager\n {\n require(newSignatureThreshold != 0, \"Invalid signature threshold\");\n\n // New signature threshold cannot exceed the number of enabled attesters\n require(\n newSignatureThreshold \u003c= enabledAttesters.length(),\n \"New signature threshold too high\"\n );\n\n require(\n newSignatureThreshold != signatureThreshold,\n \"Signature threshold already set\"\n );\n\n uint256 _oldSignatureThreshold = signatureThreshold;\n signatureThreshold = newSignatureThreshold;\n emit SignatureThresholdUpdated(\n _oldSignatureThreshold,\n signatureThreshold\n );\n }\n\n /**\n * @dev Returns the address of the attester manager\n * @return address of the attester manager\n */\n function attesterManager() external view returns (address) {\n return _attesterManager;\n }\n\n /**\n * @notice gets enabled attester at given `index`\n * @param index index of attester to check\n * @return enabled attester at given `index`\n */\n function getEnabledAttester(uint256 index) external view returns (address) {\n return enabledAttesters.at(index);\n }\n\n // ============ Internal Utils ============\n /**\n * @dev Sets a new attester manager address\n * @param _newAttesterManager attester manager address to set\n */\n function _setAttesterManager(address _newAttesterManager) internal {\n _attesterManager = _newAttesterManager;\n }\n\n /**\n * @notice reverts if the attestation, which is comprised of one or more concatenated 65-byte signatures, is invalid.\n * @dev Rules for valid attestation:\n * 1. length of `_attestation` == 65 (signature length) * signatureThreshold\n * 2. addresses recovered from attestation must be in increasing order.\n * For example, if signature A is signed by address 0x1..., and signature B\n * is signed by address 0x2..., attestation must be passed as AB.\n * 3. no duplicate signers\n * 4. all signers must be enabled attesters\n *\n * Based on Christian Lundkvist's Simple Multisig\n * (https://github.com/christianlundkvist/simple-multisig/tree/560c463c8651e0a4da331bd8f245ccd2a48ab63d)\n * @param _message message to verify attestation of\n * @param _attestation attestation of `_message`\n */\n function _verifyAttestationSignatures(\n bytes calldata _message,\n bytes calldata _attestation\n ) internal view {\n require(\n _attestation.length == signatureLength * signatureThreshold,\n \"Invalid attestation length\"\n );\n\n // (Attesters cannot be address(0))\n address _latestAttesterAddress = address(0);\n // Address recovered from signatures must be in increasing order, to prevent duplicates\n\n bytes32 _digest = keccak256(_message);\n\n for (uint256 i; i \u003c signatureThreshold; ++i) {\n bytes memory _signature = _attestation[i * signatureLength:i *\n signatureLength +\n signatureLength];\n\n address _recoveredAttester = _recoverAttesterSignature(\n _digest,\n _signature\n );\n\n // Signatures must be in increasing order of address, and may not duplicate signatures from same address\n require(\n _recoveredAttester \u003e _latestAttesterAddress,\n \"Invalid signature order or dupe\"\n );\n require(\n isEnabledAttester(_recoveredAttester),\n \"Invalid signature: not attester\"\n );\n _latestAttesterAddress = _recoveredAttester;\n }\n }\n\n /**\n * @notice Checks that signature was signed by attester\n * @param _digest message hash\n * @param _signature message signature\n * @return address of recovered signer\n **/\n function _recoverAttesterSignature(bytes32 _digest, bytes memory _signature)\n internal\n pure\n returns (address)\n {\n return (ECDSA.recover(_digest, _signature));\n }\n}\n\n/**\n * @title MessageTransmitter\n * @notice Contract responsible for sending and receiving messages across chains.\n */\ncontract MessageTransmitter is\n IMessageTransmitter,\n Pausable,\n Rescuable,\n Attestable\n{\n // ============ Events ============\n /**\n * @notice Emitted when a new message is dispatched\n * @param message Raw bytes of message\n */\n event MessageSent(bytes message);\n\n /**\n * @notice Emitted when a new message is received\n * @param caller Caller (msg.sender) on destination domain\n * @param sourceDomain The source domain this message originated from\n * @param nonce The nonce unique to this message\n * @param sender The sender of this message\n * @param messageBody message body bytes\n */\n event MessageReceived(\n address indexed caller,\n uint32 sourceDomain,\n uint64 indexed nonce,\n bytes32 sender,\n bytes messageBody\n );\n\n /**\n * @notice Emitted when max message body size is updated\n * @param newMaxMessageBodySize new maximum message body size, in bytes\n */\n event MaxMessageBodySizeUpdated(uint256 newMaxMessageBodySize);\n\n // ============ Libraries ============\n using TypedMemView for bytes;\n using TypedMemView for bytes29;\n using Message for bytes29;\n\n // ============ State Variables ============\n // Domain of chain on which the contract is deployed\n uint32 public immutable localDomain;\n\n // Message Format version\n uint32 public immutable version;\n\n // Maximum size of message body, in bytes.\n // This value is set by owner.\n uint256 public maxMessageBodySize;\n\n // Next available nonce from this source domain\n uint64 public nextAvailableNonce;\n\n // Maps a bytes32 hash of (sourceDomain, nonce) -\u003e uint256 (0 if unused, 1 if used)\n mapping(bytes32 =\u003e uint256) public usedNonces;\n\n // ============ Constructor ============\n constructor(\n uint32 _localDomain,\n address _attester,\n uint32 _maxMessageBodySize,\n uint32 _version\n ) Attestable(_attester) {\n localDomain = _localDomain;\n maxMessageBodySize = _maxMessageBodySize;\n version = _version;\n }\n\n // ============ External Functions ============\n /**\n * @notice Send the message to the destination domain and recipient\n * @dev Increment nonce, format the message, and emit `MessageSent` event with message information.\n * @param destinationDomain Domain of destination chain\n * @param recipient Address of message recipient on destination chain as bytes32\n * @param messageBody Raw bytes content of message\n * @return nonce reserved by message\n */\n function sendMessage(\n uint32 destinationDomain,\n bytes32 recipient,\n bytes calldata messageBody\n ) external override whenNotPaused returns (uint64) {\n bytes32 _emptyDestinationCaller = bytes32(0);\n uint64 _nonce = _reserveAndIncrementNonce();\n bytes32 _messageSender = Message.addressToBytes32(msg.sender);\n\n _sendMessage(\n destinationDomain,\n recipient,\n _emptyDestinationCaller,\n _messageSender,\n _nonce,\n messageBody\n );\n\n return _nonce;\n }\n\n /**\n * @notice Replace a message with a new message body and/or destination caller.\n * @dev The `originalAttestation` must be a valid attestation of `originalMessage`.\n * Reverts if msg.sender does not match sender of original message, or if the source domain of the original message\n * does not match this MessageTransmitter's local domain.\n * @param originalMessage original message to replace\n * @param originalAttestation attestation of `originalMessage`\n * @param newMessageBody new message body of replaced message\n * @param newDestinationCaller the new destination caller, which may be the\n * same as the original destination caller, a new destination caller, or an empty\n * destination caller (bytes32(0), indicating that any destination caller is valid.)\n */\n function replaceMessage(\n bytes calldata originalMessage,\n bytes calldata originalAttestation,\n bytes calldata newMessageBody,\n bytes32 newDestinationCaller\n ) external override whenNotPaused {\n // Validate each signature in the attestation\n _verifyAttestationSignatures(originalMessage, originalAttestation);\n\n bytes29 _originalMsg = originalMessage.ref(0);\n\n // Validate message format\n _originalMsg._validateMessageFormat();\n\n // Validate message sender\n bytes32 _sender = _originalMsg._sender();\n require(\n msg.sender == Message.bytes32ToAddress(_sender),\n \"Sender not permitted to use nonce\"\n );\n\n // Validate source domain\n uint32 _sourceDomain = _originalMsg._sourceDomain();\n require(\n _sourceDomain == localDomain,\n \"Message not originally sent from this domain\"\n );\n\n uint32 _destinationDomain = _originalMsg._destinationDomain();\n bytes32 _recipient = _originalMsg._recipient();\n uint64 _nonce = _originalMsg._nonce();\n\n _sendMessage(\n _destinationDomain,\n _recipient,\n newDestinationCaller,\n _sender,\n _nonce,\n newMessageBody\n );\n }\n\n /**\n * @notice Send the message to the destination domain and recipient, for a specified `destinationCaller` on the\n * destination domain.\n * @dev Increment nonce, format the message, and emit `MessageSent` event with message information.\n * WARNING: if the `destinationCaller` does not represent a valid address, then it will not be possible\n * to broadcast the message on the destination domain. This is an advanced feature, and the standard\n * sendMessage() should be preferred for use cases where a specific destination caller is not required.\n * @param destinationDomain Domain of destination chain\n * @param recipient Address of message recipient on destination domain as bytes32\n * @param destinationCaller caller on the destination domain, as bytes32\n * @param messageBody Raw bytes content of message\n * @return nonce reserved by message\n */\n function sendMessageWithCaller(\n uint32 destinationDomain,\n bytes32 recipient,\n bytes32 destinationCaller,\n bytes calldata messageBody\n ) external override whenNotPaused returns (uint64) {\n require(\n destinationCaller != bytes32(0),\n \"Destination caller must be nonzero\"\n );\n\n uint64 _nonce = _reserveAndIncrementNonce();\n bytes32 _messageSender = Message.addressToBytes32(msg.sender);\n\n _sendMessage(\n destinationDomain,\n recipient,\n destinationCaller,\n _messageSender,\n _nonce,\n messageBody\n );\n\n return _nonce;\n }\n\n /**\n * @notice Receive a message. Messages with a given nonce\n * can only be broadcast once for a (sourceDomain, destinationDomain)\n * pair. The message body of a valid message is passed to the\n * specified recipient for further processing.\n *\n * @dev Attestation format:\n * A valid attestation is the concatenated 65-byte signature(s) of exactly\n * `thresholdSignature` signatures, in increasing order of attester address.\n * ***If the attester addresses recovered from signatures are not in\n * increasing order, signature verification will fail.***\n * If incorrect number of signatures or duplicate signatures are supplied,\n * signature verification will fail.\n *\n * Message format:\n * Field Bytes Type Index\n * version 4 uint32 0\n * sourceDomain 4 uint32 4\n * destinationDomain 4 uint32 8\n * nonce 8 uint64 12\n * sender 32 bytes32 20\n * recipient 32 bytes32 52\n * messageBody dynamic bytes 84\n * @param message Message bytes\n * @param attestation Concatenated 65-byte signature(s) of `message`, in increasing order\n * of the attester address recovered from signatures.\n * @return success bool, true if successful\n */\n function receiveMessage(bytes calldata message, bytes calldata attestation)\n external\n override\n whenNotPaused\n returns (bool success)\n {\n // Validate each signature in the attestation\n _verifyAttestationSignatures(message, attestation);\n\n bytes29 _msg = message.ref(0);\n\n // Validate message format\n _msg._validateMessageFormat();\n\n // Validate domain\n require(\n _msg._destinationDomain() == localDomain,\n \"Invalid destination domain\"\n );\n\n // Validate destination caller\n if (_msg._destinationCaller() != bytes32(0)) {\n require(\n _msg._destinationCaller() ==\n Message.addressToBytes32(msg.sender),\n \"Invalid caller for message\"\n );\n }\n\n // Validate version\n require(_msg._version() == version, \"Invalid message version\");\n\n // Validate nonce is available\n uint32 _sourceDomain = _msg._sourceDomain();\n uint64 _nonce = _msg._nonce();\n bytes32 _sourceAndNonce = _hashSourceAndNonce(_sourceDomain, _nonce);\n require(usedNonces[_sourceAndNonce] == 0, \"Nonce already used\");\n // Mark nonce used\n usedNonces[_sourceAndNonce] = 1;\n\n // Handle receive message\n bytes32 _sender = _msg._sender();\n bytes memory _messageBody = _msg._messageBody().clone();\n require(\n IMessageHandler(Message.bytes32ToAddress(_msg._recipient()))\n .handleReceiveMessage(_sourceDomain, _sender, _messageBody),\n \"handleReceiveMessage() failed\"\n );\n\n // Emit MessageReceived event\n emit MessageReceived(\n msg.sender,\n _sourceDomain,\n _nonce,\n _sender,\n _messageBody\n );\n return true;\n }\n\n /**\n * @notice Sets the max message body size\n * @dev This value should not be reduced without good reason,\n * to avoid impacting users who rely on large messages.\n * @param newMaxMessageBodySize new max message body size, in bytes\n */\n function setMaxMessageBodySize(uint256 newMaxMessageBodySize)\n external\n onlyOwner\n {\n maxMessageBodySize = newMaxMessageBodySize;\n emit MaxMessageBodySizeUpdated(maxMessageBodySize);\n }\n\n // ============ Internal Utils ============\n /**\n * @notice Send the message to the destination domain and recipient. If `_destinationCaller` is not equal to bytes32(0),\n * the message can only be received on the destination chain when called by `_destinationCaller`.\n * @dev Format the message and emit `MessageSent` event with message information.\n * @param _destinationDomain Domain of destination chain\n * @param _recipient Address of message recipient on destination domain as bytes32\n * @param _destinationCaller caller on the destination domain, as bytes32\n * @param _sender message sender, as bytes32\n * @param _nonce nonce reserved for message\n * @param _messageBody Raw bytes content of message\n */\n function _sendMessage(\n uint32 _destinationDomain,\n bytes32 _recipient,\n bytes32 _destinationCaller,\n bytes32 _sender,\n uint64 _nonce,\n bytes calldata _messageBody\n ) internal {\n // Validate message body length\n require(\n _messageBody.length \u003c= maxMessageBodySize,\n \"Message body exceeds max size\"\n );\n\n require(_recipient != bytes32(0), \"Recipient must be nonzero\");\n\n // serialize message\n bytes memory _message = Message._formatMessage(\n version,\n localDomain,\n _destinationDomain,\n _nonce,\n _sender,\n _recipient,\n _destinationCaller,\n _messageBody\n );\n\n // Emit MessageSent event\n emit MessageSent(_message);\n }\n\n /**\n * @notice hashes `_source` and `_nonce`.\n * @param _source Domain of chain where the transfer originated\n * @param _nonce The unique identifier for the message from source to\n destination\n * @return hash of source and nonce\n */\n function _hashSourceAndNonce(uint32 _source, uint64 _nonce)\n internal\n pure\n returns (bytes32)\n {\n return keccak256(abi.encodePacked(_source, _nonce));\n }\n\n /**\n * Reserve and increment next available nonce\n * @return nonce reserved\n */\n function _reserveAndIncrementNonce() internal returns (uint64) {\n uint64 _nonceReserved = nextAvailableNonce;\n nextAvailableNonce = nextAvailableNonce + 1;\n return _nonceReserved;\n }\n}\n","language":"Solidity","languageVersion":"0.7.6","compilerVersion":"0.7.6","compilerOptions":"--combined-json bin,bin-runtime,srcmap,srcmap-runtime,abi,userdoc,devdoc,metadata,hashes --optimize --optimize-runs 10000 --allow-paths ., ./, ../","srcMap":"","srcMapRuntime":"","abiDefinition":[{"inputs":[{"internalType":"bytes","name":"message","type":"bytes"},{"internalType":"bytes","name":"signature","type":"bytes"}],"name":"receiveMessage","outputs":[{"internalType":"bool","name":"success","type":"bool"}],"stateMutability":"nonpayable","type":"function"},{"inputs":[{"internalType":"bytes","name":"originalMessage","type":"bytes"},{"internalType":"bytes","name":"originalAttestation","type":"bytes"},{"internalType":"bytes","name":"newMessageBody","type":"bytes"},{"internalType":"bytes32","name":"newDestinationCaller","type":"bytes32"}],"name":"replaceMessage","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[{"internalType":"uint32","name":"destinationDomain","type":"uint32"},{"internalType":"bytes32","name":"recipient","type":"bytes32"},{"internalType":"bytes","name":"messageBody","type":"bytes"}],"name":"sendMessage","outputs":[{"internalType":"uint64","name":"","type":"uint64"}],"stateMutability":"nonpayable","type":"function"},{"inputs":[{"internalType":"uint32","name":"destinationDomain","type":"uint32"},{"internalType":"bytes32","name":"recipient","type":"bytes32"},{"internalType":"bytes32","name":"destinationCaller","type":"bytes32"},{"internalType":"bytes","name":"messageBody","type":"bytes"}],"name":"sendMessageWithCaller","outputs":[{"internalType":"uint64","name":"","type":"uint64"}],"stateMutability":"nonpayable","type":"function"}],"userDoc":{"kind":"user","methods":{"receiveMessage(bytes,bytes)":{"notice":"Receives an incoming message, validating the header and passing the body to application-specific handler."},"replaceMessage(bytes,bytes,bytes,bytes32)":{"notice":"Replace a message with a new message body and/or destination caller."},"sendMessage(uint32,bytes32,bytes)":{"notice":"Sends an outgoing message from the source domain."},"sendMessageWithCaller(uint32,bytes32,bytes32,bytes)":{"notice":"Sends an outgoing message from the source domain, with a specified caller on the destination domain."}},"notice":"Interface for message transmitters, which both relay and receive messages.","version":1},"developerDoc":{"kind":"dev","methods":{"receiveMessage(bytes,bytes)":{"params":{"message":"The message raw bytes","signature":"The message signature"},"returns":{"success":"bool, true if successful"}},"replaceMessage(bytes,bytes,bytes,bytes32)":{"details":"The `originalAttestation` must be a valid attestation of `originalMessage`.","params":{"newDestinationCaller":"the new destination caller","newMessageBody":"new message body of replaced message","originalAttestation":"attestation of `originalMessage`","originalMessage":"original message to replace"}},"sendMessage(uint32,bytes32,bytes)":{"details":"Increment nonce, format the message, and emit `MessageSent` event with message information.","params":{"destinationDomain":"Domain of destination chain","messageBody":"Raw bytes content of message","recipient":"Address of message recipient on destination domain as bytes32"},"returns":{"_0":"nonce reserved by message"}},"sendMessageWithCaller(uint32,bytes32,bytes32,bytes)":{"details":"Increment nonce, format the message, and emit `MessageSent` event with message information. WARNING: if the `destinationCaller` does not represent a valid address as bytes32, then it will not be possible to broadcast the message on the destination domain. This is an advanced feature, and the standard sendMessage() should be preferred for use cases where a specific destination caller is not required.","params":{"destinationCaller":"caller on the destination domain, as bytes32","destinationDomain":"Domain of destination chain","messageBody":"Raw bytes content of message","recipient":"Address of message recipient on destination domain as bytes32"},"returns":{"_0":"nonce reserved by message"}}},"title":"IMessageTransmitter","version":1},"metadata":"{\"compiler\":{\"version\":\"0.7.6+commit.7338295f\"},\"language\":\"Solidity\",\"output\":{\"abi\":[{\"inputs\":[{\"internalType\":\"bytes\",\"name\":\"message\",\"type\":\"bytes\"},{\"internalType\":\"bytes\",\"name\":\"signature\",\"type\":\"bytes\"}],\"name\":\"receiveMessage\",\"outputs\":[{\"internalType\":\"bool\",\"name\":\"success\",\"type\":\"bool\"}],\"stateMutability\":\"nonpayable\",\"type\":\"function\"},{\"inputs\":[{\"internalType\":\"bytes\",\"name\":\"originalMessage\",\"type\":\"bytes\"},{\"internalType\":\"bytes\",\"name\":\"originalAttestation\",\"type\":\"bytes\"},{\"internalType\":\"bytes\",\"name\":\"newMessageBody\",\"type\":\"bytes\"},{\"internalType\":\"bytes32\",\"name\":\"newDestinationCaller\",\"type\":\"bytes32\"}],\"name\":\"replaceMessage\",\"outputs\":[],\"stateMutability\":\"nonpayable\",\"type\":\"function\"},{\"inputs\":[{\"internalType\":\"uint32\",\"name\":\"destinationDomain\",\"type\":\"uint32\"},{\"internalType\":\"bytes32\",\"name\":\"recipient\",\"type\":\"bytes32\"},{\"internalType\":\"bytes\",\"name\":\"messageBody\",\"type\":\"bytes\"}],\"name\":\"sendMessage\",\"outputs\":[{\"internalType\":\"uint64\",\"name\":\"\",\"type\":\"uint64\"}],\"stateMutability\":\"nonpayable\",\"type\":\"function\"},{\"inputs\":[{\"internalType\":\"uint32\",\"name\":\"destinationDomain\",\"type\":\"uint32\"},{\"internalType\":\"bytes32\",\"name\":\"recipient\",\"type\":\"bytes32\"},{\"internalType\":\"bytes32\",\"name\":\"destinationCaller\",\"type\":\"bytes32\"},{\"internalType\":\"bytes\",\"name\":\"messageBody\",\"type\":\"bytes\"}],\"name\":\"sendMessageWithCaller\",\"outputs\":[{\"internalType\":\"uint64\",\"name\":\"\",\"type\":\"uint64\"}],\"stateMutability\":\"nonpayable\",\"type\":\"function\"}],\"devdoc\":{\"kind\":\"dev\",\"methods\":{\"receiveMessage(bytes,bytes)\":{\"params\":{\"message\":\"The message raw bytes\",\"signature\":\"The message signature\"},\"returns\":{\"success\":\"bool, true if successful\"}},\"replaceMessage(bytes,bytes,bytes,bytes32)\":{\"details\":\"The `originalAttestation` must be a valid attestation of `originalMessage`.\",\"params\":{\"newDestinationCaller\":\"the new destination caller\",\"newMessageBody\":\"new message body of replaced message\",\"originalAttestation\":\"attestation of `originalMessage`\",\"originalMessage\":\"original message to replace\"}},\"sendMessage(uint32,bytes32,bytes)\":{\"details\":\"Increment nonce, format the message, and emit `MessageSent` event with message information.\",\"params\":{\"destinationDomain\":\"Domain of destination chain\",\"messageBody\":\"Raw bytes content of message\",\"recipient\":\"Address of message recipient on destination domain as bytes32\"},\"returns\":{\"_0\":\"nonce reserved by message\"}},\"sendMessageWithCaller(uint32,bytes32,bytes32,bytes)\":{\"details\":\"Increment nonce, format the message, and emit `MessageSent` event with message information. WARNING: if the `destinationCaller` does not represent a valid address as bytes32, then it will not be possible to broadcast the message on the destination domain. This is an advanced feature, and the standard sendMessage() should be preferred for use cases where a specific destination caller is not required.\",\"params\":{\"destinationCaller\":\"caller on the destination domain, as bytes32\",\"destinationDomain\":\"Domain of destination chain\",\"messageBody\":\"Raw bytes content of message\",\"recipient\":\"Address of message recipient on destination domain as bytes32\"},\"returns\":{\"_0\":\"nonce reserved by message\"}}},\"title\":\"IMessageTransmitter\",\"version\":1},\"userdoc\":{\"kind\":\"user\",\"methods\":{\"receiveMessage(bytes,bytes)\":{\"notice\":\"Receives an incoming message, validating the header and passing the body to application-specific handler.\"},\"replaceMessage(bytes,bytes,bytes,bytes32)\":{\"notice\":\"Replace a message with a new message body and/or destination caller.\"},\"sendMessage(uint32,bytes32,bytes)\":{\"notice\":\"Sends an outgoing message from the source domain.\"},\"sendMessageWithCaller(uint32,bytes32,bytes32,bytes)\":{\"notice\":\"Sends an outgoing message from the source domain, with a specified caller on the destination domain.\"}},\"notice\":\"Interface for message transmitters, which both relay and receive messages.\",\"version\":1}},\"settings\":{\"compilationTarget\":{\"/solidity/MessageTransmitter.sol\":\"IMessageTransmitter\"},\"evmVersion\":\"istanbul\",\"libraries\":{},\"metadata\":{\"bytecodeHash\":\"ipfs\"},\"optimizer\":{\"enabled\":true,\"runs\":10000},\"remappings\":[]},\"sources\":{\"/solidity/MessageTransmitter.sol\":{\"keccak256\":\"0x66482a7675b7a8f1b856597c0bcce83a042b7f528008def6999bc6ac352490c3\",\"urls\":[\"bzz-raw://1ac50e39d1d55ebb3768c40e3a059e0061a4b3604e6d696b344536449bf54493\",\"dweb:/ipfs/QmVs58APPUCVq74xCsVLCMdfB18yJTqFzgXNL5qEJu7GY6\"]}},\"version\":1}"},"hashes":{"receiveMessage(bytes,bytes)":"57ecfd28","replaceMessage(bytes,bytes,bytes,bytes32)":"b857b774","sendMessage(uint32,bytes32,bytes)":"0ba469bc","sendMessageWithCaller(uint32,bytes32,bytes32,bytes)":"f7259a75"}},"/solidity/MessageTransmitter.sol:IReceiver":{"code":"0x","runtime-code":"0x","info":{"source":"/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npragma solidity 0.7.6;\n\n/*\nThe MIT License (MIT)\n\nCopyright (c) 2016 Smart Contract Solutions, Inc.\n\nPermission is hereby granted, free of charge, to any person obtaining\na copy of this software and associated documentation files (the\n\"Software\"), to deal in the Software without restriction, including\nwithout limitation the rights to use, copy, modify, merge, publish,\ndistribute, sublicense, and/or sell copies of the Software, and to\npermit persons to whom the Software is furnished to do so, subject to\nthe following conditions:\n\nThe above copyright notice and this permission notice shall be included\nin all copies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS\nOR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF\nMERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.\nIN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY\nCLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,\nTORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE\nSOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n*/\n\nlibrary TypedMemView {\n using SafeMath for uint256;\n\n // Why does this exist?\n // the solidity `bytes memory` type has a few weaknesses.\n // 1. You can't index ranges effectively\n // 2. You can't slice without copying\n // 3. The underlying data may represent any type\n // 4. Solidity never deallocates memory, and memory costs grow\n // superlinearly\n\n // By using a memory view instead of a `bytes memory` we get the following\n // advantages:\n // 1. Slices are done on the stack, by manipulating the pointer\n // 2. We can index arbitrary ranges and quickly convert them to stack types\n // 3. We can insert type info into the pointer, and typecheck at runtime\n\n // This makes `TypedMemView` a useful tool for efficient zero-copy\n // algorithms.\n\n // Why bytes29?\n // We want to avoid confusion between views, digests, and other common\n // types so we chose a large and uncommonly used odd number of bytes\n //\n // Note that while bytes are left-aligned in a word, integers and addresses\n // are right-aligned. This means when working in assembly we have to\n // account for the 3 unused bytes on the righthand side\n //\n // First 5 bytes are a type flag.\n // - ff_ffff_fffe is reserved for unknown type.\n // - ff_ffff_ffff is reserved for invalid types/errors.\n // next 12 are memory address\n // next 12 are len\n // bottom 3 bytes are empty\n\n // Assumptions:\n // - non-modification of memory.\n // - No Solidity updates\n // - - wrt free mem point\n // - - wrt bytes representation in memory\n // - - wrt memory addressing in general\n\n // Usage:\n // - create type constants\n // - use `assertType` for runtime type assertions\n // - - unfortunately we can't do this at compile time yet :(\n // - recommended: implement modifiers that perform type checking\n // - - e.g.\n // - - `uint40 constant MY_TYPE = 3;`\n // - - ` modifer onlyMyType(bytes29 myView) { myView.assertType(MY_TYPE); }`\n // - instantiate a typed view from a bytearray using `ref`\n // - use `index` to inspect the contents of the view\n // - use `slice` to create smaller views into the same memory\n // - - `slice` can increase the offset\n // - - `slice can decrease the length`\n // - - must specify the output type of `slice`\n // - - `slice` will return a null view if you try to overrun\n // - - make sure to explicitly check for this with `notNull` or `assertType`\n // - use `equal` for typed comparisons.\n\n // The null view\n bytes29 public constant NULL = hex\"ffffffffffffffffffffffffffffffffffffffffffffffffffffffffff\";\n uint256 constant LOW_12_MASK = 0xffffffffffffffffffffffff;\n uint8 constant TWELVE_BYTES = 96;\n\n /**\n * @notice Returns the encoded hex character that represents the lower 4 bits of the argument.\n * @param _b The byte\n * @return char - The encoded hex character\n */\n function nibbleHex(uint8 _b) internal pure returns (uint8 char) {\n // This can probably be done more efficiently, but it's only in error\n // paths, so we don't really care :)\n uint8 _nibble = _b | 0xf0; // set top 4, keep bottom 4\n if (_nibble == 0xf0) {return 0x30;} // 0\n if (_nibble == 0xf1) {return 0x31;} // 1\n if (_nibble == 0xf2) {return 0x32;} // 2\n if (_nibble == 0xf3) {return 0x33;} // 3\n if (_nibble == 0xf4) {return 0x34;} // 4\n if (_nibble == 0xf5) {return 0x35;} // 5\n if (_nibble == 0xf6) {return 0x36;} // 6\n if (_nibble == 0xf7) {return 0x37;} // 7\n if (_nibble == 0xf8) {return 0x38;} // 8\n if (_nibble == 0xf9) {return 0x39;} // 9\n if (_nibble == 0xfa) {return 0x61;} // a\n if (_nibble == 0xfb) {return 0x62;} // b\n if (_nibble == 0xfc) {return 0x63;} // c\n if (_nibble == 0xfd) {return 0x64;} // d\n if (_nibble == 0xfe) {return 0x65;} // e\n if (_nibble == 0xff) {return 0x66;} // f\n }\n\n /**\n * @notice Returns a uint16 containing the hex-encoded byte.\n * @param _b The byte\n * @return encoded - The hex-encoded byte\n */\n function byteHex(uint8 _b) internal pure returns (uint16 encoded) {\n encoded |= nibbleHex(_b \u003e\u003e 4); // top 4 bits\n encoded \u003c\u003c= 8;\n encoded |= nibbleHex(_b); // lower 4 bits\n }\n\n /**\n * @notice Encodes the uint256 to hex. `first` contains the encoded top 16 bytes.\n * `second` contains the encoded lower 16 bytes.\n *\n * @param _b The 32 bytes as uint256\n * @return first - The top 16 bytes\n * @return second - The bottom 16 bytes\n */\n function encodeHex(uint256 _b) internal pure returns (uint256 first, uint256 second) {\n for (uint8 i = 31; i \u003e 15; i -= 1) {\n uint8 _byte = uint8(_b \u003e\u003e (i * 8));\n first |= byteHex(_byte);\n if (i != 16) {\n first \u003c\u003c= 16;\n }\n }\n\n // abusing underflow here =_=\n for (uint8 i = 15; i \u003c 255 ; i -= 1) {\n uint8 _byte = uint8(_b \u003e\u003e (i * 8));\n second |= byteHex(_byte);\n if (i != 0) {\n second \u003c\u003c= 16;\n }\n }\n }\n\n /**\n * @notice Changes the endianness of a uint256.\n * @dev https://graphics.stanford.edu/~seander/bithacks.html#ReverseParallel\n * @param _b The unsigned integer to reverse\n * @return v - The reversed value\n */\n function reverseUint256(uint256 _b) internal pure returns (uint256 v) {\n v = _b;\n\n // swap bytes\n v = ((v \u003e\u003e 8) \u0026 0x00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF) |\n ((v \u0026 0x00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF) \u003c\u003c 8);\n // swap 2-byte long pairs\n v = ((v \u003e\u003e 16) \u0026 0x0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF) |\n ((v \u0026 0x0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF) \u003c\u003c 16);\n // swap 4-byte long pairs\n v = ((v \u003e\u003e 32) \u0026 0x00000000FFFFFFFF00000000FFFFFFFF00000000FFFFFFFF00000000FFFFFFFF) |\n ((v \u0026 0x00000000FFFFFFFF00000000FFFFFFFF00000000FFFFFFFF00000000FFFFFFFF) \u003c\u003c 32);\n // swap 8-byte long pairs\n v = ((v \u003e\u003e 64) \u0026 0x0000000000000000FFFFFFFFFFFFFFFF0000000000000000FFFFFFFFFFFFFFFF) |\n ((v \u0026 0x0000000000000000FFFFFFFFFFFFFFFF0000000000000000FFFFFFFFFFFFFFFF) \u003c\u003c 64);\n // swap 16-byte long pairs\n v = (v \u003e\u003e 128) | (v \u003c\u003c 128);\n }\n\n /**\n * @notice Create a mask with the highest `_len` bits set.\n * @param _len The length\n * @return mask - The mask\n */\n function leftMask(uint8 _len) private pure returns (uint256 mask) {\n // ugly. redo without assembly?\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n mask := sar(\n sub(_len, 1),\n 0x8000000000000000000000000000000000000000000000000000000000000000\n )\n }\n }\n\n /**\n * @notice Return the null view.\n * @return bytes29 - The null view\n */\n function nullView() internal pure returns (bytes29) {\n return NULL;\n }\n\n /**\n * @notice Check if the view is null.\n * @return bool - True if the view is null\n */\n function isNull(bytes29 memView) internal pure returns (bool) {\n return memView == NULL;\n }\n\n /**\n * @notice Check if the view is not null.\n * @return bool - True if the view is not null\n */\n function notNull(bytes29 memView) internal pure returns (bool) {\n return !isNull(memView);\n }\n\n /**\n * @notice Check if the view is of a valid type and points to a valid location\n * in memory.\n * @dev We perform this check by examining solidity's unallocated memory\n * pointer and ensuring that the view's upper bound is less than that.\n * @param memView The view\n * @return ret - True if the view is valid\n */\n function isValid(bytes29 memView) internal pure returns (bool ret) {\n if (typeOf(memView) == 0xffffffffff) {return false;}\n uint256 _end = end(memView);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n ret := not(gt(_end, mload(0x40)))\n }\n }\n\n /**\n * @notice Require that a typed memory view be valid.\n * @dev Returns the view for easy chaining.\n * @param memView The view\n * @return bytes29 - The validated view\n */\n function assertValid(bytes29 memView) internal pure returns (bytes29) {\n require(isValid(memView), \"Validity assertion failed\");\n return memView;\n }\n\n /**\n * @notice Return true if the memview is of the expected type. Otherwise false.\n * @param memView The view\n * @param _expected The expected type\n * @return bool - True if the memview is of the expected type\n */\n function isType(bytes29 memView, uint40 _expected) internal pure returns (bool) {\n return typeOf(memView) == _expected;\n }\n\n /**\n * @notice Require that a typed memory view has a specific type.\n * @dev Returns the view for easy chaining.\n * @param memView The view\n * @param _expected The expected type\n * @return bytes29 - The view with validated type\n */\n function assertType(bytes29 memView, uint40 _expected) internal pure returns (bytes29) {\n if (!isType(memView, _expected)) {\n (, uint256 g) = encodeHex(uint256(typeOf(memView)));\n (, uint256 e) = encodeHex(uint256(_expected));\n string memory err = string(\n abi.encodePacked(\n \"Type assertion failed. Got 0x\",\n uint80(g),\n \". Expected 0x\",\n uint80(e)\n )\n );\n revert(err);\n }\n return memView;\n }\n\n /**\n * @notice Return an identical view with a different type.\n * @param memView The view\n * @param _newType The new type\n * @return newView - The new view with the specified type\n */\n function castTo(bytes29 memView, uint40 _newType) internal pure returns (bytes29 newView) {\n // then | in the new type\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n // shift off the top 5 bytes\n newView := or(newView, shr(40, shl(40, memView)))\n newView := or(newView, shl(216, _newType))\n }\n }\n\n /**\n * @notice Unsafe raw pointer construction. This should generally not be called\n * directly. Prefer `ref` wherever possible.\n * @dev Unsafe raw pointer construction. This should generally not be called\n * directly. Prefer `ref` wherever possible.\n * @param _type The type\n * @param _loc The memory address\n * @param _len The length\n * @return newView - The new view with the specified type, location and length\n */\n function unsafeBuildUnchecked(uint256 _type, uint256 _loc, uint256 _len) private pure returns (bytes29 newView) {\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n newView := shl(96, or(newView, _type)) // insert type\n newView := shl(96, or(newView, _loc)) // insert loc\n newView := shl(24, or(newView, _len)) // empty bottom 3 bytes\n }\n }\n\n /**\n * @notice Instantiate a new memory view. This should generally not be called\n * directly. Prefer `ref` wherever possible.\n * @dev Instantiate a new memory view. This should generally not be called\n * directly. Prefer `ref` wherever possible.\n * @param _type The type\n * @param _loc The memory address\n * @param _len The length\n * @return newView - The new view with the specified type, location and length\n */\n function build(uint256 _type, uint256 _loc, uint256 _len) internal pure returns (bytes29 newView) {\n uint256 _end = _loc.add(_len);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n if gt(_end, mload(0x40)) {\n _end := 0\n }\n }\n if (_end == 0) {\n return NULL;\n }\n newView = unsafeBuildUnchecked(_type, _loc, _len);\n }\n\n /**\n * @notice Instantiate a memory view from a byte array.\n * @dev Note that due to Solidity memory representation, it is not possible to\n * implement a deref, as the `bytes` type stores its len in memory.\n * @param arr The byte array\n * @param newType The type\n * @return bytes29 - The memory view\n */\n function ref(bytes memory arr, uint40 newType) internal pure returns (bytes29) {\n uint256 _len = arr.length;\n\n uint256 _loc;\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n _loc := add(arr, 0x20) // our view is of the data, not the struct\n }\n\n return build(newType, _loc, _len);\n }\n\n /**\n * @notice Return the associated type information.\n * @param memView The memory view\n * @return _type - The type associated with the view\n */\n function typeOf(bytes29 memView) internal pure returns (uint40 _type) {\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n // 216 == 256 - 40\n _type := shr(216, memView) // shift out lower 24 bytes\n }\n }\n\n /**\n * @notice Optimized type comparison. Checks that the 5-byte type flag is equal.\n * @param left The first view\n * @param right The second view\n * @return bool - True if the 5-byte type flag is equal\n */\n function sameType(bytes29 left, bytes29 right) internal pure returns (bool) {\n return (left ^ right) \u003e\u003e (2 * TWELVE_BYTES) == 0;\n }\n\n /**\n * @notice Return the memory address of the underlying bytes.\n * @param memView The view\n * @return _loc - The memory address\n */\n function loc(bytes29 memView) internal pure returns (uint96 _loc) {\n uint256 _mask = LOW_12_MASK; // assembly can't use globals\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n // 120 bits = 12 bytes (the encoded loc) + 3 bytes (empty low space)\n _loc := and(shr(120, memView), _mask)\n }\n }\n\n /**\n * @notice The number of memory words this memory view occupies, rounded up.\n * @param memView The view\n * @return uint256 - The number of memory words\n */\n function words(bytes29 memView) internal pure returns (uint256) {\n return uint256(len(memView)).add(32) / 32;\n }\n\n /**\n * @notice The in-memory footprint of a fresh copy of the view.\n * @param memView The view\n * @return uint256 - The in-memory footprint of a fresh copy of the view.\n */\n function footprint(bytes29 memView) internal pure returns (uint256) {\n return words(memView) * 32;\n }\n\n /**\n * @notice The number of bytes of the view.\n * @param memView The view\n * @return _len - The length of the view\n */\n function len(bytes29 memView) internal pure returns (uint96 _len) {\n uint256 _mask = LOW_12_MASK; // assembly can't use globals\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n _len := and(shr(24, memView), _mask)\n }\n }\n\n /**\n * @notice Returns the endpoint of `memView`.\n * @param memView The view\n * @return uint256 - The endpoint of `memView`\n */\n function end(bytes29 memView) internal pure returns (uint256) {\n return loc(memView) + len(memView);\n }\n\n /**\n * @notice Safe slicing without memory modification.\n * @param memView The view\n * @param _index The start index\n * @param _len The length\n * @param newType The new type\n * @return bytes29 - The new view\n */\n function slice(bytes29 memView, uint256 _index, uint256 _len, uint40 newType) internal pure returns (bytes29) {\n uint256 _loc = loc(memView);\n\n // Ensure it doesn't overrun the view\n if (_loc.add(_index).add(_len) \u003e end(memView)) {\n return NULL;\n }\n\n _loc = _loc.add(_index);\n return build(newType, _loc, _len);\n }\n\n /**\n * @notice Shortcut to `slice`. Gets a view representing the first `_len` bytes.\n * @param memView The view\n * @param _len The length\n * @param newType The new type\n * @return bytes29 - The new view\n */\n function prefix(bytes29 memView, uint256 _len, uint40 newType) internal pure returns (bytes29) {\n return slice(memView, 0, _len, newType);\n }\n\n /**\n * @notice Shortcut to `slice`. Gets a view representing the last `_len` byte.\n * @param memView The view\n * @param _len The length\n * @param newType The new type\n * @return bytes29 - The new view\n */\n function postfix(bytes29 memView, uint256 _len, uint40 newType) internal pure returns (bytes29) {\n return slice(memView, uint256(len(memView)).sub(_len), _len, newType);\n }\n\n /**\n * @notice Construct an error message for an indexing overrun.\n * @param _loc The memory address\n * @param _len The length\n * @param _index The index\n * @param _slice The slice where the overrun occurred\n * @return err - The err\n */\n function indexErrOverrun(\n uint256 _loc,\n uint256 _len,\n uint256 _index,\n uint256 _slice\n ) internal pure returns (string memory err) {\n (, uint256 a) = encodeHex(_loc);\n (, uint256 b) = encodeHex(_len);\n (, uint256 c) = encodeHex(_index);\n (, uint256 d) = encodeHex(_slice);\n err = string(\n abi.encodePacked(\n \"TypedMemView/index - Overran the view. Slice is at 0x\",\n uint48(a),\n \" with length 0x\",\n uint48(b),\n \". Attempted to index at offset 0x\",\n uint48(c),\n \" with length 0x\",\n uint48(d),\n \".\"\n )\n );\n }\n\n /**\n * @notice Load up to 32 bytes from the view onto the stack.\n * @dev Returns a bytes32 with only the `_bytes` highest bytes set.\n * This can be immediately cast to a smaller fixed-length byte array.\n * To automatically cast to an integer, use `indexUint`.\n * @param memView The view\n * @param _index The index\n * @param _bytes The bytes\n * @return result - The 32 byte result\n */\n function index(bytes29 memView, uint256 _index, uint8 _bytes) internal pure returns (bytes32 result) {\n if (_bytes == 0) {return bytes32(0);}\n if (_index.add(_bytes) \u003e len(memView)) {\n revert(indexErrOverrun(loc(memView), len(memView), _index, uint256(_bytes)));\n }\n require(_bytes \u003c= 32, \"TypedMemView/index - Attempted to index more than 32 bytes\");\n\n uint8 bitLength = _bytes * 8;\n uint256 _loc = loc(memView);\n uint256 _mask = leftMask(bitLength);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n result := and(mload(add(_loc, _index)), _mask)\n }\n }\n\n /**\n * @notice Parse an unsigned integer from the view at `_index`.\n * @dev Requires that the view have \u003e= `_bytes` bytes following that index.\n * @param memView The view\n * @param _index The index\n * @param _bytes The bytes\n * @return result - The unsigned integer\n */\n function indexUint(bytes29 memView, uint256 _index, uint8 _bytes) internal pure returns (uint256 result) {\n return uint256(index(memView, _index, _bytes)) \u003e\u003e ((32 - _bytes) * 8);\n }\n\n /**\n * @notice Parse an unsigned integer from LE bytes.\n * @param memView The view\n * @param _index The index\n * @param _bytes The bytes\n * @return result - The unsigned integer\n */\n function indexLEUint(bytes29 memView, uint256 _index, uint8 _bytes) internal pure returns (uint256 result) {\n return reverseUint256(uint256(index(memView, _index, _bytes)));\n }\n\n /**\n * @notice Parse an address from the view at `_index`. Requires that the view have \u003e= 20 bytes\n * following that index.\n * @param memView The view\n * @param _index The index\n * @return address - The address\n */\n function indexAddress(bytes29 memView, uint256 _index) internal pure returns (address) {\n return address(uint160(indexUint(memView, _index, 20)));\n }\n\n /**\n * @notice Return the keccak256 hash of the underlying memory\n * @param memView The view\n * @return digest - The keccak256 hash of the underlying memory\n */\n function keccak(bytes29 memView) internal pure returns (bytes32 digest) {\n uint256 _loc = loc(memView);\n uint256 _len = len(memView);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n digest := keccak256(_loc, _len)\n }\n }\n\n /**\n * @notice Return the sha2 digest of the underlying memory.\n * @dev We explicitly deallocate memory afterwards.\n * @param memView The view\n * @return digest - The sha2 hash of the underlying memory\n */\n function sha2(bytes29 memView) internal view returns (bytes32 digest) {\n uint256 _loc = loc(memView);\n uint256 _len = len(memView);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n let ptr := mload(0x40)\n pop(staticcall(gas(), 2, _loc, _len, ptr, 0x20)) // sha2 #1\n digest := mload(ptr)\n }\n }\n\n /**\n * @notice Implements bitcoin's hash160 (rmd160(sha2()))\n * @param memView The pre-image\n * @return digest - the Digest\n */\n function hash160(bytes29 memView) internal view returns (bytes20 digest) {\n uint256 _loc = loc(memView);\n uint256 _len = len(memView);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n let ptr := mload(0x40)\n pop(staticcall(gas(), 2, _loc, _len, ptr, 0x20)) // sha2\n pop(staticcall(gas(), 3, ptr, 0x20, ptr, 0x20)) // rmd160\n digest := mload(add(ptr, 0xc)) // return value is 0-prefixed.\n }\n }\n\n /**\n * @notice Implements bitcoin's hash256 (double sha2)\n * @param memView A view of the preimage\n * @return digest - the Digest\n */\n function hash256(bytes29 memView) internal view returns (bytes32 digest) {\n uint256 _loc = loc(memView);\n uint256 _len = len(memView);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n let ptr := mload(0x40)\n pop(staticcall(gas(), 2, _loc, _len, ptr, 0x20)) // sha2 #1\n pop(staticcall(gas(), 2, ptr, 0x20, ptr, 0x20)) // sha2 #2\n digest := mload(ptr)\n }\n }\n\n /**\n * @notice Return true if the underlying memory is equal. Else false.\n * @param left The first view\n * @param right The second view\n * @return bool - True if the underlying memory is equal\n */\n function untypedEqual(bytes29 left, bytes29 right) internal pure returns (bool) {\n return (loc(left) == loc(right) \u0026\u0026 len(left) == len(right)) || keccak(left) == keccak(right);\n }\n\n /**\n * @notice Return false if the underlying memory is equal. Else true.\n * @param left The first view\n * @param right The second view\n * @return bool - False if the underlying memory is equal\n */\n function untypedNotEqual(bytes29 left, bytes29 right) internal pure returns (bool) {\n return !untypedEqual(left, right);\n }\n\n /**\n * @notice Compares type equality.\n * @dev Shortcuts if the pointers are identical, otherwise compares type and digest.\n * @param left The first view\n * @param right The second view\n * @return bool - True if the types are the same\n */\n function equal(bytes29 left, bytes29 right) internal pure returns (bool) {\n return left == right || (typeOf(left) == typeOf(right) \u0026\u0026 keccak(left) == keccak(right));\n }\n\n /**\n * @notice Compares type inequality.\n * @dev Shortcuts if the pointers are identical, otherwise compares type and digest.\n * @param left The first view\n * @param right The second view\n * @return bool - True if the types are not the same\n */\n function notEqual(bytes29 left, bytes29 right) internal pure returns (bool) {\n return !equal(left, right);\n }\n\n /**\n * @notice Copy the view to a location, return an unsafe memory reference\n * @dev Super Dangerous direct memory access.\n *\n * This reference can be overwritten if anything else modifies memory (!!!).\n * As such it MUST be consumed IMMEDIATELY.\n * This function is private to prevent unsafe usage by callers.\n * @param memView The view\n * @param _newLoc The new location\n * @return written - the unsafe memory reference\n */\n function unsafeCopyTo(bytes29 memView, uint256 _newLoc) private view returns (bytes29 written) {\n require(notNull(memView), \"TypedMemView/copyTo - Null pointer deref\");\n require(isValid(memView), \"TypedMemView/copyTo - Invalid pointer deref\");\n uint256 _len = len(memView);\n uint256 _oldLoc = loc(memView);\n\n uint256 ptr;\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n ptr := mload(0x40)\n // revert if we're writing in occupied memory\n if gt(ptr, _newLoc) {\n revert(0x60, 0x20) // empty revert message\n }\n\n // use the identity precompile to copy\n // guaranteed not to fail, so pop the success\n pop(staticcall(gas(), 4, _oldLoc, _len, _newLoc, _len))\n }\n\n written = unsafeBuildUnchecked(typeOf(memView), _newLoc, _len);\n }\n\n /**\n * @notice Copies the referenced memory to a new loc in memory, returning a `bytes` pointing to\n * the new memory\n * @dev Shortcuts if the pointers are identical, otherwise compares type and digest.\n * @param memView The view\n * @return ret - The view pointing to the new memory\n */\n function clone(bytes29 memView) internal view returns (bytes memory ret) {\n uint256 ptr;\n uint256 _len = len(memView);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n ptr := mload(0x40) // load unused memory pointer\n ret := ptr\n }\n unsafeCopyTo(memView, ptr + 0x20);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n mstore(0x40, add(add(ptr, _len), 0x20)) // write new unused pointer\n mstore(ptr, _len) // write len of new array (in bytes)\n }\n }\n\n /**\n * @notice Join the views in memory, return an unsafe reference to the memory.\n * @dev Super Dangerous direct memory access.\n *\n * This reference can be overwritten if anything else modifies memory (!!!).\n * As such it MUST be consumed IMMEDIATELY.\n * This function is private to prevent unsafe usage by callers.\n * @param memViews The views\n * @return unsafeView - The conjoined view pointing to the new memory\n */\n function unsafeJoin(bytes29[] memory memViews, uint256 _location) private view returns (bytes29 unsafeView) {\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n let ptr := mload(0x40)\n // revert if we're writing in occupied memory\n if gt(ptr, _location) {\n revert(0x60, 0x20) // empty revert message\n }\n }\n\n uint256 _offset = 0;\n for (uint256 i = 0; i \u003c memViews.length; i ++) {\n bytes29 memView = memViews[i];\n unsafeCopyTo(memView, _location + _offset);\n _offset += len(memView);\n }\n unsafeView = unsafeBuildUnchecked(0, _location, _offset);\n }\n\n /**\n * @notice Produce the keccak256 digest of the concatenated contents of multiple views.\n * @param memViews The views\n * @return bytes32 - The keccak256 digest\n */\n function joinKeccak(bytes29[] memory memViews) internal view returns (bytes32) {\n uint256 ptr;\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n ptr := mload(0x40) // load unused memory pointer\n }\n return keccak(unsafeJoin(memViews, ptr));\n }\n\n /**\n * @notice Produce the sha256 digest of the concatenated contents of multiple views.\n * @param memViews The views\n * @return bytes32 - The sha256 digest\n */\n function joinSha2(bytes29[] memory memViews) internal view returns (bytes32) {\n uint256 ptr;\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n ptr := mload(0x40) // load unused memory pointer\n }\n return sha2(unsafeJoin(memViews, ptr));\n }\n\n /**\n * @notice copies all views, joins them into a new bytearray.\n * @param memViews The views\n * @return ret - The new byte array\n */\n function join(bytes29[] memory memViews) internal view returns (bytes memory ret) {\n uint256 ptr;\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n ptr := mload(0x40) // load unused memory pointer\n }\n\n bytes29 _newView = unsafeJoin(memViews, ptr + 0x20);\n uint256 _written = len(_newView);\n uint256 _footprint = footprint(_newView);\n\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n // store the legnth\n mstore(ptr, _written)\n // new pointer is old + 0x20 + the footprint of the body\n mstore(0x40, add(add(ptr, _footprint), 0x20))\n ret := ptr\n }\n }\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * @title IRelayer\n * @notice Sends messages from source domain to destination domain\n */\ninterface IRelayer {\n /**\n * @notice Sends an outgoing message from the source domain.\n * @dev Increment nonce, format the message, and emit `MessageSent` event with message information.\n * @param destinationDomain Domain of destination chain\n * @param recipient Address of message recipient on destination domain as bytes32\n * @param messageBody Raw bytes content of message\n * @return nonce reserved by message\n */\n function sendMessage(\n uint32 destinationDomain,\n bytes32 recipient,\n bytes calldata messageBody\n ) external returns (uint64);\n\n /**\n * @notice Sends an outgoing message from the source domain, with a specified caller on the\n * destination domain.\n * @dev Increment nonce, format the message, and emit `MessageSent` event with message information.\n * WARNING: if the `destinationCaller` does not represent a valid address as bytes32, then it will not be possible\n * to broadcast the message on the destination domain. This is an advanced feature, and the standard\n * sendMessage() should be preferred for use cases where a specific destination caller is not required.\n * @param destinationDomain Domain of destination chain\n * @param recipient Address of message recipient on destination domain as bytes32\n * @param destinationCaller caller on the destination domain, as bytes32\n * @param messageBody Raw bytes content of message\n * @return nonce reserved by message\n */\n function sendMessageWithCaller(\n uint32 destinationDomain,\n bytes32 recipient,\n bytes32 destinationCaller,\n bytes calldata messageBody\n ) external returns (uint64);\n\n /**\n * @notice Replace a message with a new message body and/or destination caller.\n * @dev The `originalAttestation` must be a valid attestation of `originalMessage`.\n * @param originalMessage original message to replace\n * @param originalAttestation attestation of `originalMessage`\n * @param newMessageBody new message body of replaced message\n * @param newDestinationCaller the new destination caller\n */\n function replaceMessage(\n bytes calldata originalMessage,\n bytes calldata originalAttestation,\n bytes calldata newMessageBody,\n bytes32 newDestinationCaller\n ) external;\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * @title IReceiver\n * @notice Receives messages on destination chain and forwards them to IMessageDestinationHandler\n */\ninterface IReceiver {\n /**\n * @notice Receives an incoming message, validating the header and passing\n * the body to application-specific handler.\n * @param message The message raw bytes\n * @param signature The message signature\n * @return success bool, true if successful\n */\n function receiveMessage(bytes calldata message, bytes calldata signature)\n external\n returns (bool success);\n}\n\n/**\n * @title IMessageTransmitter\n * @notice Interface for message transmitters, which both relay and receive messages.\n */\ninterface IMessageTransmitter is IRelayer, IReceiver {\n\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * @title IMessageHandler\n * @notice Handles messages on destination domain forwarded from\n * an IReceiver\n */\ninterface IMessageHandler {\n /**\n * @notice handles an incoming message from a Receiver\n * @param sourceDomain the source domain of the message\n * @param sender the sender of the message\n * @param messageBody The message raw bytes\n * @return success bool, true if successful\n */\n function handleReceiveMessage(\n uint32 sourceDomain,\n bytes32 sender,\n bytes calldata messageBody\n ) external returns (bool);\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * @title Message Library\n * @notice Library for formatted messages used by Relayer and Receiver.\n *\n * @dev The message body is dynamically-sized to support custom message body\n * formats. Other fields must be fixed-size to avoid hash collisions.\n * Each other input value has an explicit type to guarantee fixed-size.\n * Padding: uintNN fields are left-padded, and bytesNN fields are right-padded.\n *\n * Field Bytes Type Index\n * version 4 uint32 0\n * sourceDomain 4 uint32 4\n * destinationDomain 4 uint32 8\n * nonce 8 uint64 12\n * sender 32 bytes32 20\n * recipient 32 bytes32 52\n * destinationCaller 32 bytes32 84\n * messageBody dynamic bytes 116\n *\n **/\nlibrary Message {\n using TypedMemView for bytes;\n using TypedMemView for bytes29;\n\n // Indices of each field in message\n uint8 private constant VERSION_INDEX = 0;\n uint8 private constant SOURCE_DOMAIN_INDEX = 4;\n uint8 private constant DESTINATION_DOMAIN_INDEX = 8;\n uint8 private constant NONCE_INDEX = 12;\n uint8 private constant SENDER_INDEX = 20;\n uint8 private constant RECIPIENT_INDEX = 52;\n uint8 private constant DESTINATION_CALLER_INDEX = 84;\n uint8 private constant MESSAGE_BODY_INDEX = 116;\n\n /**\n * @notice Returns formatted (packed) message with provided fields\n * @param _msgVersion the version of the message format\n * @param _msgSourceDomain Domain of home chain\n * @param _msgDestinationDomain Domain of destination chain\n * @param _msgNonce Destination-specific nonce\n * @param _msgSender Address of sender on source chain as bytes32\n * @param _msgRecipient Address of recipient on destination chain as bytes32\n * @param _msgDestinationCaller Address of caller on destination chain as bytes32\n * @param _msgRawBody Raw bytes of message body\n * @return Formatted message\n **/\n function _formatMessage(\n uint32 _msgVersion,\n uint32 _msgSourceDomain,\n uint32 _msgDestinationDomain,\n uint64 _msgNonce,\n bytes32 _msgSender,\n bytes32 _msgRecipient,\n bytes32 _msgDestinationCaller,\n bytes memory _msgRawBody\n ) internal pure returns (bytes memory) {\n return\n abi.encodePacked(\n _msgVersion,\n _msgSourceDomain,\n _msgDestinationDomain,\n _msgNonce,\n _msgSender,\n _msgRecipient,\n _msgDestinationCaller,\n _msgRawBody\n );\n }\n\n // @notice Returns _message's version field\n function _version(bytes29 _message) internal pure returns (uint32) {\n return uint32(_message.indexUint(VERSION_INDEX, 4));\n }\n\n // @notice Returns _message's sourceDomain field\n function _sourceDomain(bytes29 _message) internal pure returns (uint32) {\n return uint32(_message.indexUint(SOURCE_DOMAIN_INDEX, 4));\n }\n\n // @notice Returns _message's destinationDomain field\n function _destinationDomain(bytes29 _message)\n internal\n pure\n returns (uint32)\n {\n return uint32(_message.indexUint(DESTINATION_DOMAIN_INDEX, 4));\n }\n\n // @notice Returns _message's nonce field\n function _nonce(bytes29 _message) internal pure returns (uint64) {\n return uint64(_message.indexUint(NONCE_INDEX, 8));\n }\n\n // @notice Returns _message's sender field\n function _sender(bytes29 _message) internal pure returns (bytes32) {\n return _message.index(SENDER_INDEX, 32);\n }\n\n // @notice Returns _message's recipient field\n function _recipient(bytes29 _message) internal pure returns (bytes32) {\n return _message.index(RECIPIENT_INDEX, 32);\n }\n\n // @notice Returns _message's destinationCaller field\n function _destinationCaller(bytes29 _message)\n internal\n pure\n returns (bytes32)\n {\n return _message.index(DESTINATION_CALLER_INDEX, 32);\n }\n\n // @notice Returns _message's messageBody field\n function _messageBody(bytes29 _message) internal pure returns (bytes29) {\n return\n _message.slice(\n MESSAGE_BODY_INDEX,\n _message.len() - MESSAGE_BODY_INDEX,\n 0\n );\n }\n\n /**\n * @notice converts address to bytes32 (alignment preserving cast.)\n * @param addr the address to convert to bytes32\n */\n function addressToBytes32(address addr) external pure returns (bytes32) {\n return bytes32(uint256(uint160(addr)));\n }\n\n /**\n * @notice converts bytes32 to address (alignment preserving cast.)\n * @dev Warning: it is possible to have different input values _buf map to the same address.\n * For use cases where this is not acceptable, validate that the first 12 bytes of _buf are zero-padding.\n * @param _buf the bytes32 to convert to address\n */\n function bytes32ToAddress(bytes32 _buf) public pure returns (address) {\n return address(uint160(uint256(_buf)));\n }\n\n /**\n * @notice Reverts if message is malformed or incorrect length\n * @param _message The message as bytes29\n */\n function _validateMessageFormat(bytes29 _message) internal pure {\n require(_message.isValid(), \"Malformed message\");\n require(\n _message.len() \u003e= MESSAGE_BODY_INDEX,\n \"Invalid message: too short\"\n );\n }\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/*\n * @dev Provides information about the current execution context, including the\n * sender of the transaction and its data. While these are generally available\n * via msg.sender and msg.data, they should not be accessed in such a direct\n * manner, since when dealing with GSN meta-transactions the account sending and\n * paying for execution may not be the actual sender (as far as an application\n * is concerned).\n *\n * This contract is only required for intermediate, library-like contracts.\n */\nabstract contract Context {\n function _msgSender() internal view virtual returns (address payable) {\n return msg.sender;\n }\n\n function _msgData() internal view virtual returns (bytes memory) {\n this; // silence state mutability warning without generating bytecode - see https://github.com/ethereum/solidity/issues/2691\n return msg.data;\n }\n}\n\n/**\n * @dev forked from https://github.com/OpenZeppelin/openzeppelin-contracts/blob/7c5f6bc2c8743d83443fa46395d75f2f3f99054a/contracts/access/Ownable.sol\n * Modifications:\n * 1. Update Solidity version from 0.8.0 to 0.7.6 (11/9/2022). (v8 was used\n * as base because it includes internal _transferOwnership method.)\n * 2. Remove renounceOwnership function\n *\n * Description\n * Contract module which provides a basic access control mechanism, where\n * there is an account (an owner) that can be granted exclusive access to\n * specific functions.\n *\n * By default, the owner account will be the one that deploys the contract. This\n * can later be changed with {transferOwnership}.\n *\n * This module is used through inheritance. It will make available the modifier\n * `onlyOwner`, which can be applied to your functions to restrict their use to\n * the owner.\n */\nabstract contract Ownable is Context {\n address private _owner;\n\n event OwnershipTransferred(\n address indexed previousOwner,\n address indexed newOwner\n );\n\n /**\n * @dev Initializes the contract setting the deployer as the initial owner.\n */\n constructor() {\n _transferOwnership(_msgSender());\n }\n\n /**\n * @dev Throws if called by any account other than the owner.\n */\n modifier onlyOwner() {\n _checkOwner();\n _;\n }\n\n /**\n * @dev Returns the address of the current owner.\n */\n function owner() public view virtual returns (address) {\n return _owner;\n }\n\n /**\n * @dev Throws if the sender is not the owner.\n */\n function _checkOwner() internal view virtual {\n require(owner() == _msgSender(), \"Ownable: caller is not the owner\");\n }\n\n /**\n * @dev Transfers ownership of the contract to a new account (`newOwner`).\n * Can only be called by the current owner.\n */\n function transferOwnership(address newOwner) public virtual onlyOwner {\n require(\n newOwner != address(0),\n \"Ownable: new owner is the zero address\"\n );\n _transferOwnership(newOwner);\n }\n\n /**\n * @dev Transfers ownership of the contract to a new account (`newOwner`).\n * Internal function without access restriction.\n */\n function _transferOwnership(address newOwner) internal virtual {\n address oldOwner = _owner;\n _owner = newOwner;\n emit OwnershipTransferred(oldOwner, newOwner);\n }\n}\n\n/**\n * @dev forked from https://github.com/OpenZeppelin/openzeppelin-contracts/blob/7c5f6bc2c8743d83443fa46395d75f2f3f99054a/contracts/access/Ownable2Step.sol\n * Modifications:\n * 1. Update Solidity version from 0.8.0 to 0.7.6. Version 0.8.0 was used\n * as base because this contract was added to OZ repo after version 0.8.0.\n *\n * Contract module which provides access control mechanism, where\n * there is an account (an owner) that can be granted exclusive access to\n * specific functions.\n *\n * By default, the owner account will be the one that deploys the contract. This\n * can later be changed with {transferOwnership} and {acceptOwnership}.\n *\n * This module is used through inheritance. It will make available all functions\n * from parent (Ownable).\n */\nabstract contract Ownable2Step is Ownable {\n address private _pendingOwner;\n\n event OwnershipTransferStarted(\n address indexed previousOwner,\n address indexed newOwner\n );\n\n /**\n * @dev Returns the address of the pending owner.\n */\n function pendingOwner() public view virtual returns (address) {\n return _pendingOwner;\n }\n\n /**\n * @dev Starts the ownership transfer of the contract to a new account. Replaces the pending transfer if there is one.\n * Can only be called by the current owner.\n */\n function transferOwnership(address newOwner)\n public\n virtual\n override\n onlyOwner\n {\n _pendingOwner = newOwner;\n emit OwnershipTransferStarted(owner(), newOwner);\n }\n\n /**\n * @dev Transfers ownership of the contract to a new account (`newOwner`) and deletes any pending owner.\n * Internal function without access restriction.\n */\n function _transferOwnership(address newOwner) internal virtual override {\n delete _pendingOwner;\n super._transferOwnership(newOwner);\n }\n\n /**\n * @dev The new owner accepts the ownership transfer.\n */\n function acceptOwnership() external {\n address sender = _msgSender();\n require(\n pendingOwner() == sender,\n \"Ownable2Step: caller is not the new owner\"\n );\n _transferOwnership(sender);\n }\n}\n\n/**\n * @notice Base contract which allows children to implement an emergency stop\n * mechanism\n * @dev Forked from https://github.com/centrehq/centre-tokens/blob/0d3cab14ebd133a83fc834dbd48d0468bdf0b391/contracts/v1/Pausable.sol\n * Modifications:\n * 1. Update Solidity version from 0.6.12 to 0.7.6 (8/23/2022)\n * 2. Change pauser visibility to private, declare external getter (11/19/22)\n */\ncontract Pausable is Ownable2Step {\n event Pause();\n event Unpause();\n event PauserChanged(address indexed newAddress);\n\n address private _pauser;\n bool public paused = false;\n\n /**\n * @dev Modifier to make a function callable only when the contract is not paused.\n */\n modifier whenNotPaused() {\n require(!paused, \"Pausable: paused\");\n _;\n }\n\n /**\n * @dev throws if called by any account other than the pauser\n */\n modifier onlyPauser() {\n require(msg.sender == _pauser, \"Pausable: caller is not the pauser\");\n _;\n }\n\n /**\n * @notice Returns current pauser\n * @return Pauser's address\n */\n function pauser() external view returns (address) {\n return _pauser;\n }\n\n /**\n * @dev called by the owner to pause, triggers stopped state\n */\n function pause() external onlyPauser {\n paused = true;\n emit Pause();\n }\n\n /**\n * @dev called by the owner to unpause, returns to normal state\n */\n function unpause() external onlyPauser {\n paused = false;\n emit Unpause();\n }\n\n /**\n * @dev update the pauser role\n */\n function updatePauser(address _newPauser) external onlyOwner {\n require(\n _newPauser != address(0),\n \"Pausable: new pauser is the zero address\"\n );\n _pauser = _newPauser;\n emit PauserChanged(_pauser);\n }\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * @dev Interface of the ERC20 standard as defined in the EIP.\n */\ninterface IERC20 {\n /**\n * @dev Returns the amount of tokens in existence.\n */\n function totalSupply() external view returns (uint256);\n\n /**\n * @dev Returns the amount of tokens owned by `account`.\n */\n function balanceOf(address account) external view returns (uint256);\n\n /**\n * @dev Moves `amount` tokens from the caller's account to `recipient`.\n *\n * Returns a boolean value indicating whether the operation succeeded.\n *\n * Emits a {Transfer} event.\n */\n function transfer(address recipient, uint256 amount) external returns (bool);\n\n /**\n * @dev Returns the remaining number of tokens that `spender` will be\n * allowed to spend on behalf of `owner` through {transferFrom}. This is\n * zero by default.\n *\n * This value changes when {approve} or {transferFrom} are called.\n */\n function allowance(address owner, address spender) external view returns (uint256);\n\n /**\n * @dev Sets `amount` as the allowance of `spender` over the caller's tokens.\n *\n * Returns a boolean value indicating whether the operation succeeded.\n *\n * IMPORTANT: Beware that changing an allowance with this method brings the risk\n * that someone may use both the old and the new allowance by unfortunate\n * transaction ordering. One possible solution to mitigate this race\n * condition is to first reduce the spender's allowance to 0 and set the\n * desired value afterwards:\n * https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729\n *\n * Emits an {Approval} event.\n */\n function approve(address spender, uint256 amount) external returns (bool);\n\n /**\n * @dev Moves `amount` tokens from `sender` to `recipient` using the\n * allowance mechanism. `amount` is then deducted from the caller's\n * allowance.\n *\n * Returns a boolean value indicating whether the operation succeeded.\n *\n * Emits a {Transfer} event.\n */\n function transferFrom(address sender, address recipient, uint256 amount) external returns (bool);\n\n /**\n * @dev Emitted when `value` tokens are moved from one account (`from`) to\n * another (`to`).\n *\n * Note that `value` may be zero.\n */\n event Transfer(address indexed from, address indexed to, uint256 value);\n\n /**\n * @dev Emitted when the allowance of a `spender` for an `owner` is set by\n * a call to {approve}. `value` is the new allowance.\n */\n event Approval(address indexed owner, address indexed spender, uint256 value);\n}\n\n/**\n * @dev Wrappers over Solidity's arithmetic operations with added overflow\n * checks.\n *\n * Arithmetic operations in Solidity wrap on overflow. This can easily result\n * in bugs, because programmers usually assume that an overflow raises an\n * error, which is the standard behavior in high level programming languages.\n * `SafeMath` restores this intuition by reverting the transaction when an\n * operation overflows.\n *\n * Using this library instead of the unchecked operations eliminates an entire\n * class of bugs, so it's recommended to use it always.\n */\nlibrary SafeMath {\n /**\n * @dev Returns the addition of two unsigned integers, with an overflow flag.\n *\n * _Available since v3.4._\n */\n function tryAdd(uint256 a, uint256 b) internal pure returns (bool, uint256) {\n uint256 c = a + b;\n if (c \u003c a) return (false, 0);\n return (true, c);\n }\n\n /**\n * @dev Returns the substraction of two unsigned integers, with an overflow flag.\n *\n * _Available since v3.4._\n */\n function trySub(uint256 a, uint256 b) internal pure returns (bool, uint256) {\n if (b \u003e a) return (false, 0);\n return (true, a - b);\n }\n\n /**\n * @dev Returns the multiplication of two unsigned integers, with an overflow flag.\n *\n * _Available since v3.4._\n */\n function tryMul(uint256 a, uint256 b) internal pure returns (bool, uint256) {\n // Gas optimization: this is cheaper than requiring 'a' not being zero, but the\n // benefit is lost if 'b' is also tested.\n // See: https://github.com/OpenZeppelin/openzeppelin-contracts/pull/522\n if (a == 0) return (true, 0);\n uint256 c = a * b;\n if (c / a != b) return (false, 0);\n return (true, c);\n }\n\n /**\n * @dev Returns the division of two unsigned integers, with a division by zero flag.\n *\n * _Available since v3.4._\n */\n function tryDiv(uint256 a, uint256 b) internal pure returns (bool, uint256) {\n if (b == 0) return (false, 0);\n return (true, a / b);\n }\n\n /**\n * @dev Returns the remainder of dividing two unsigned integers, with a division by zero flag.\n *\n * _Available since v3.4._\n */\n function tryMod(uint256 a, uint256 b) internal pure returns (bool, uint256) {\n if (b == 0) return (false, 0);\n return (true, a % b);\n }\n\n /**\n * @dev Returns the addition of two unsigned integers, reverting on\n * overflow.\n *\n * Counterpart to Solidity's `+` operator.\n *\n * Requirements:\n *\n * - Addition cannot overflow.\n */\n function add(uint256 a, uint256 b) internal pure returns (uint256) {\n uint256 c = a + b;\n require(c \u003e= a, \"SafeMath: addition overflow\");\n return c;\n }\n\n /**\n * @dev Returns the subtraction of two unsigned integers, reverting on\n * overflow (when the result is negative).\n *\n * Counterpart to Solidity's `-` operator.\n *\n * Requirements:\n *\n * - Subtraction cannot overflow.\n */\n function sub(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b \u003c= a, \"SafeMath: subtraction overflow\");\n return a - b;\n }\n\n /**\n * @dev Returns the multiplication of two unsigned integers, reverting on\n * overflow.\n *\n * Counterpart to Solidity's `*` operator.\n *\n * Requirements:\n *\n * - Multiplication cannot overflow.\n */\n function mul(uint256 a, uint256 b) internal pure returns (uint256) {\n if (a == 0) return 0;\n uint256 c = a * b;\n require(c / a == b, \"SafeMath: multiplication overflow\");\n return c;\n }\n\n /**\n * @dev Returns the integer division of two unsigned integers, reverting on\n * division by zero. The result is rounded towards zero.\n *\n * Counterpart to Solidity's `/` operator. Note: this function uses a\n * `revert` opcode (which leaves remaining gas untouched) while Solidity\n * uses an invalid opcode to revert (consuming all remaining gas).\n *\n * Requirements:\n *\n * - The divisor cannot be zero.\n */\n function div(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b \u003e 0, \"SafeMath: division by zero\");\n return a / b;\n }\n\n /**\n * @dev Returns the remainder of dividing two unsigned integers. (unsigned integer modulo),\n * reverting when dividing by zero.\n *\n * Counterpart to Solidity's `%` operator. This function uses a `revert`\n * opcode (which leaves remaining gas untouched) while Solidity uses an\n * invalid opcode to revert (consuming all remaining gas).\n *\n * Requirements:\n *\n * - The divisor cannot be zero.\n */\n function mod(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b \u003e 0, \"SafeMath: modulo by zero\");\n return a % b;\n }\n\n /**\n * @dev Returns the subtraction of two unsigned integers, reverting with custom message on\n * overflow (when the result is negative).\n *\n * CAUTION: This function is deprecated because it requires allocating memory for the error\n * message unnecessarily. For custom revert reasons use {trySub}.\n *\n * Counterpart to Solidity's `-` operator.\n *\n * Requirements:\n *\n * - Subtraction cannot overflow.\n */\n function sub(uint256 a, uint256 b, string memory errorMessage) internal pure returns (uint256) {\n require(b \u003c= a, errorMessage);\n return a - b;\n }\n\n /**\n * @dev Returns the integer division of two unsigned integers, reverting with custom message on\n * division by zero. The result is rounded towards zero.\n *\n * CAUTION: This function is deprecated because it requires allocating memory for the error\n * message unnecessarily. For custom revert reasons use {tryDiv}.\n *\n * Counterpart to Solidity's `/` operator. Note: this function uses a\n * `revert` opcode (which leaves remaining gas untouched) while Solidity\n * uses an invalid opcode to revert (consuming all remaining gas).\n *\n * Requirements:\n *\n * - The divisor cannot be zero.\n */\n function div(uint256 a, uint256 b, string memory errorMessage) internal pure returns (uint256) {\n require(b \u003e 0, errorMessage);\n return a / b;\n }\n\n /**\n * @dev Returns the remainder of dividing two unsigned integers. (unsigned integer modulo),\n * reverting with custom message when dividing by zero.\n *\n * CAUTION: This function is deprecated because it requires allocating memory for the error\n * message unnecessarily. For custom revert reasons use {tryMod}.\n *\n * Counterpart to Solidity's `%` operator. This function uses a `revert`\n * opcode (which leaves remaining gas untouched) while Solidity uses an\n * invalid opcode to revert (consuming all remaining gas).\n *\n * Requirements:\n *\n * - The divisor cannot be zero.\n */\n function mod(uint256 a, uint256 b, string memory errorMessage) internal pure returns (uint256) {\n require(b \u003e 0, errorMessage);\n return a % b;\n }\n}\n\n/**\n * @dev Collection of functions related to the address type\n */\nlibrary Address {\n /**\n * @dev Returns true if `account` is a contract.\n *\n * [IMPORTANT]\n * ====\n * It is unsafe to assume that an address for which this function returns\n * false is an externally-owned account (EOA) and not a contract.\n *\n * Among others, `isContract` will return false for the following\n * types of addresses:\n *\n * - an externally-owned account\n * - a contract in construction\n * - an address where a contract will be created\n * - an address where a contract lived, but was destroyed\n * ====\n */\n function isContract(address account) internal view returns (bool) {\n // This method relies on extcodesize, which returns 0 for contracts in\n // construction, since the code is only stored at the end of the\n // constructor execution.\n\n uint256 size;\n // solhint-disable-next-line no-inline-assembly\n assembly { size := extcodesize(account) }\n return size \u003e 0;\n }\n\n /**\n * @dev Replacement for Solidity's `transfer`: sends `amount` wei to\n * `recipient`, forwarding all available gas and reverting on errors.\n *\n * https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost\n * of certain opcodes, possibly making contracts go over the 2300 gas limit\n * imposed by `transfer`, making them unable to receive funds via\n * `transfer`. {sendValue} removes this limitation.\n *\n * https://diligence.consensys.net/posts/2019/09/stop-using-soliditys-transfer-now/[Learn more].\n *\n * IMPORTANT: because control is transferred to `recipient`, care must be\n * taken to not create reentrancy vulnerabilities. Consider using\n * {ReentrancyGuard} or the\n * https://solidity.readthedocs.io/en/v0.5.11/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern].\n */\n function sendValue(address payable recipient, uint256 amount) internal {\n require(address(this).balance \u003e= amount, \"Address: insufficient balance\");\n\n // solhint-disable-next-line avoid-low-level-calls, avoid-call-value\n (bool success, ) = recipient.call{ value: amount }(\"\");\n require(success, \"Address: unable to send value, recipient may have reverted\");\n }\n\n /**\n * @dev Performs a Solidity function call using a low level `call`. A\n * plain`call` is an unsafe replacement for a function call: use this\n * function instead.\n *\n * If `target` reverts with a revert reason, it is bubbled up by this\n * function (like regular Solidity function calls).\n *\n * Returns the raw returned data. To convert to the expected return value,\n * use https://solidity.readthedocs.io/en/latest/units-and-global-variables.html?highlight=abi.decode#abi-encoding-and-decoding-functions[`abi.decode`].\n *\n * Requirements:\n *\n * - `target` must be a contract.\n * - calling `target` with `data` must not revert.\n *\n * _Available since v3.1._\n */\n function functionCall(address target, bytes memory data) internal returns (bytes memory) {\n return functionCall(target, data, \"Address: low-level call failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], but with\n * `errorMessage` as a fallback revert reason when `target` reverts.\n *\n * _Available since v3.1._\n */\n function functionCall(address target, bytes memory data, string memory errorMessage) internal returns (bytes memory) {\n return functionCallWithValue(target, data, 0, errorMessage);\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\n * but also transferring `value` wei to `target`.\n *\n * Requirements:\n *\n * - the calling contract must have an ETH balance of at least `value`.\n * - the called Solidity function must be `payable`.\n *\n * _Available since v3.1._\n */\n function functionCallWithValue(address target, bytes memory data, uint256 value) internal returns (bytes memory) {\n return functionCallWithValue(target, data, value, \"Address: low-level call with value failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCallWithValue-address-bytes-uint256-}[`functionCallWithValue`], but\n * with `errorMessage` as a fallback revert reason when `target` reverts.\n *\n * _Available since v3.1._\n */\n function functionCallWithValue(address target, bytes memory data, uint256 value, string memory errorMessage) internal returns (bytes memory) {\n require(address(this).balance \u003e= value, \"Address: insufficient balance for call\");\n require(isContract(target), \"Address: call to non-contract\");\n\n // solhint-disable-next-line avoid-low-level-calls\n (bool success, bytes memory returndata) = target.call{ value: value }(data);\n return _verifyCallResult(success, returndata, errorMessage);\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\n * but performing a static call.\n *\n * _Available since v3.3._\n */\n function functionStaticCall(address target, bytes memory data) internal view returns (bytes memory) {\n return functionStaticCall(target, data, \"Address: low-level static call failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],\n * but performing a static call.\n *\n * _Available since v3.3._\n */\n function functionStaticCall(address target, bytes memory data, string memory errorMessage) internal view returns (bytes memory) {\n require(isContract(target), \"Address: static call to non-contract\");\n\n // solhint-disable-next-line avoid-low-level-calls\n (bool success, bytes memory returndata) = target.staticcall(data);\n return _verifyCallResult(success, returndata, errorMessage);\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\n * but performing a delegate call.\n *\n * _Available since v3.4._\n */\n function functionDelegateCall(address target, bytes memory data) internal returns (bytes memory) {\n return functionDelegateCall(target, data, \"Address: low-level delegate call failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],\n * but performing a delegate call.\n *\n * _Available since v3.4._\n */\n function functionDelegateCall(address target, bytes memory data, string memory errorMessage) internal returns (bytes memory) {\n require(isContract(target), \"Address: delegate call to non-contract\");\n\n // solhint-disable-next-line avoid-low-level-calls\n (bool success, bytes memory returndata) = target.delegatecall(data);\n return _verifyCallResult(success, returndata, errorMessage);\n }\n\n function _verifyCallResult(bool success, bytes memory returndata, string memory errorMessage) private pure returns(bytes memory) {\n if (success) {\n return returndata;\n } else {\n // Look for revert reason and bubble it up if present\n if (returndata.length \u003e 0) {\n // The easiest way to bubble the revert reason is using memory via assembly\n\n // solhint-disable-next-line no-inline-assembly\n assembly {\n let returndata_size := mload(returndata)\n revert(add(32, returndata), returndata_size)\n }\n } else {\n revert(errorMessage);\n }\n }\n }\n}\n\n/**\n * @title SafeERC20\n * @dev Wrappers around ERC20 operations that throw on failure (when the token\n * contract returns false). Tokens that return no value (and instead revert or\n * throw on failure) are also supported, non-reverting calls are assumed to be\n * successful.\n * To use this library you can add a `using SafeERC20 for IERC20;` statement to your contract,\n * which allows you to call the safe operations as `token.safeTransfer(...)`, etc.\n */\nlibrary SafeERC20 {\n using SafeMath for uint256;\n using Address for address;\n\n function safeTransfer(IERC20 token, address to, uint256 value) internal {\n _callOptionalReturn(token, abi.encodeWithSelector(token.transfer.selector, to, value));\n }\n\n function safeTransferFrom(IERC20 token, address from, address to, uint256 value) internal {\n _callOptionalReturn(token, abi.encodeWithSelector(token.transferFrom.selector, from, to, value));\n }\n\n /**\n * @dev Deprecated. This function has issues similar to the ones found in\n * {IERC20-approve}, and its usage is discouraged.\n *\n * Whenever possible, use {safeIncreaseAllowance} and\n * {safeDecreaseAllowance} instead.\n */\n function safeApprove(IERC20 token, address spender, uint256 value) internal {\n // safeApprove should only be called when setting an initial allowance,\n // or when resetting it to zero. To increase and decrease it, use\n // 'safeIncreaseAllowance' and 'safeDecreaseAllowance'\n // solhint-disable-next-line max-line-length\n require((value == 0) || (token.allowance(address(this), spender) == 0),\n \"SafeERC20: approve from non-zero to non-zero allowance\"\n );\n _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, value));\n }\n\n function safeIncreaseAllowance(IERC20 token, address spender, uint256 value) internal {\n uint256 newAllowance = token.allowance(address(this), spender).add(value);\n _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, newAllowance));\n }\n\n function safeDecreaseAllowance(IERC20 token, address spender, uint256 value) internal {\n uint256 newAllowance = token.allowance(address(this), spender).sub(value, \"SafeERC20: decreased allowance below zero\");\n _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, newAllowance));\n }\n\n /**\n * @dev Imitates a Solidity high-level call (i.e. a regular function call to a contract), relaxing the requirement\n * on the return value: the return value is optional (but if data is returned, it must not be false).\n * @param token The token targeted by the call.\n * @param data The call data (encoded using abi.encode or one of its variants).\n */\n function _callOptionalReturn(IERC20 token, bytes memory data) private {\n // We need to perform a low level call here, to bypass Solidity's return data size checking mechanism, since\n // we're implementing it ourselves. We use {Address.functionCall} to perform this call, which verifies that\n // the target address contains contract code and also asserts for success in the low-level call.\n\n bytes memory returndata = address(token).functionCall(data, \"SafeERC20: low-level call failed\");\n if (returndata.length \u003e 0) { // Return data is optional\n // solhint-disable-next-line max-line-length\n require(abi.decode(returndata, (bool)), \"SafeERC20: ERC20 operation did not succeed\");\n }\n }\n}\n\n/**\n * @notice Base contract which allows children to rescue ERC20 locked in their contract.\n * @dev Forked from https://github.com/centrehq/centre-tokens/blob/0d3cab14ebd133a83fc834dbd48d0468bdf0b391/contracts/v1.1/Rescuable.sol\n * Modifications:\n * 1. Update Solidity version from 0.6.12 to 0.7.6 (8/23/2022)\n */\ncontract Rescuable is Ownable2Step {\n using SafeERC20 for IERC20;\n\n address private _rescuer;\n\n event RescuerChanged(address indexed newRescuer);\n\n /**\n * @notice Returns current rescuer\n * @return Rescuer's address\n */\n function rescuer() external view returns (address) {\n return _rescuer;\n }\n\n /**\n * @notice Revert if called by any account other than the rescuer.\n */\n modifier onlyRescuer() {\n require(msg.sender == _rescuer, \"Rescuable: caller is not the rescuer\");\n _;\n }\n\n /**\n * @notice Rescue ERC20 tokens locked up in this contract.\n * @param tokenContract ERC20 token contract address\n * @param to Recipient address\n * @param amount Amount to withdraw\n */\n function rescueERC20(\n IERC20 tokenContract,\n address to,\n uint256 amount\n ) external onlyRescuer {\n tokenContract.safeTransfer(to, amount);\n }\n\n /**\n * @notice Assign the rescuer role to a given address.\n * @param newRescuer New rescuer's address\n */\n function updateRescuer(address newRescuer) external onlyOwner {\n require(\n newRescuer != address(0),\n \"Rescuable: new rescuer is the zero address\"\n );\n _rescuer = newRescuer;\n emit RescuerChanged(newRescuer);\n }\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * @dev Library for managing\n * https://en.wikipedia.org/wiki/Set_(abstract_data_type)[sets] of primitive\n * types.\n *\n * Sets have the following properties:\n *\n * - Elements are added, removed, and checked for existence in constant time\n * (O(1)).\n * - Elements are enumerated in O(n). No guarantees are made on the ordering.\n *\n * ```\n * contract Example {\n * // Add the library methods\n * using EnumerableSet for EnumerableSet.AddressSet;\n *\n * // Declare a set state variable\n * EnumerableSet.AddressSet private mySet;\n * }\n * ```\n *\n * As of v3.3.0, sets of type `bytes32` (`Bytes32Set`), `address` (`AddressSet`)\n * and `uint256` (`UintSet`) are supported.\n */\nlibrary EnumerableSet {\n // To implement this library for multiple types with as little code\n // repetition as possible, we write it in terms of a generic Set type with\n // bytes32 values.\n // The Set implementation uses private functions, and user-facing\n // implementations (such as AddressSet) are just wrappers around the\n // underlying Set.\n // This means that we can only create new EnumerableSets for types that fit\n // in bytes32.\n\n struct Set {\n // Storage of set values\n bytes32[] _values;\n\n // Position of the value in the `values` array, plus 1 because index 0\n // means a value is not in the set.\n mapping (bytes32 =\u003e uint256) _indexes;\n }\n\n /**\n * @dev Add a value to a set. O(1).\n *\n * Returns true if the value was added to the set, that is if it was not\n * already present.\n */\n function _add(Set storage set, bytes32 value) private returns (bool) {\n if (!_contains(set, value)) {\n set._values.push(value);\n // The value is stored at length-1, but we add 1 to all indexes\n // and use 0 as a sentinel value\n set._indexes[value] = set._values.length;\n return true;\n } else {\n return false;\n }\n }\n\n /**\n * @dev Removes a value from a set. O(1).\n *\n * Returns true if the value was removed from the set, that is if it was\n * present.\n */\n function _remove(Set storage set, bytes32 value) private returns (bool) {\n // We read and store the value's index to prevent multiple reads from the same storage slot\n uint256 valueIndex = set._indexes[value];\n\n if (valueIndex != 0) { // Equivalent to contains(set, value)\n // To delete an element from the _values array in O(1), we swap the element to delete with the last one in\n // the array, and then remove the last element (sometimes called as 'swap and pop').\n // This modifies the order of the array, as noted in {at}.\n\n uint256 toDeleteIndex = valueIndex - 1;\n uint256 lastIndex = set._values.length - 1;\n\n // When the value to delete is the last one, the swap operation is unnecessary. However, since this occurs\n // so rarely, we still do the swap anyway to avoid the gas cost of adding an 'if' statement.\n\n bytes32 lastvalue = set._values[lastIndex];\n\n // Move the last value to the index where the value to delete is\n set._values[toDeleteIndex] = lastvalue;\n // Update the index for the moved value\n set._indexes[lastvalue] = toDeleteIndex + 1; // All indexes are 1-based\n\n // Delete the slot where the moved value was stored\n set._values.pop();\n\n // Delete the index for the deleted slot\n delete set._indexes[value];\n\n return true;\n } else {\n return false;\n }\n }\n\n /**\n * @dev Returns true if the value is in the set. O(1).\n */\n function _contains(Set storage set, bytes32 value) private view returns (bool) {\n return set._indexes[value] != 0;\n }\n\n /**\n * @dev Returns the number of values on the set. O(1).\n */\n function _length(Set storage set) private view returns (uint256) {\n return set._values.length;\n }\n\n /**\n * @dev Returns the value stored at position `index` in the set. O(1).\n *\n * Note that there are no guarantees on the ordering of values inside the\n * array, and it may change when more values are added or removed.\n *\n * Requirements:\n *\n * - `index` must be strictly less than {length}.\n */\n function _at(Set storage set, uint256 index) private view returns (bytes32) {\n require(set._values.length \u003e index, \"EnumerableSet: index out of bounds\");\n return set._values[index];\n }\n\n // Bytes32Set\n\n struct Bytes32Set {\n Set _inner;\n }\n\n /**\n * @dev Add a value to a set. O(1).\n *\n * Returns true if the value was added to the set, that is if it was not\n * already present.\n */\n function add(Bytes32Set storage set, bytes32 value) internal returns (bool) {\n return _add(set._inner, value);\n }\n\n /**\n * @dev Removes a value from a set. O(1).\n *\n * Returns true if the value was removed from the set, that is if it was\n * present.\n */\n function remove(Bytes32Set storage set, bytes32 value) internal returns (bool) {\n return _remove(set._inner, value);\n }\n\n /**\n * @dev Returns true if the value is in the set. O(1).\n */\n function contains(Bytes32Set storage set, bytes32 value) internal view returns (bool) {\n return _contains(set._inner, value);\n }\n\n /**\n * @dev Returns the number of values in the set. O(1).\n */\n function length(Bytes32Set storage set) internal view returns (uint256) {\n return _length(set._inner);\n }\n\n /**\n * @dev Returns the value stored at position `index` in the set. O(1).\n *\n * Note that there are no guarantees on the ordering of values inside the\n * array, and it may change when more values are added or removed.\n *\n * Requirements:\n *\n * - `index` must be strictly less than {length}.\n */\n function at(Bytes32Set storage set, uint256 index) internal view returns (bytes32) {\n return _at(set._inner, index);\n }\n\n // AddressSet\n\n struct AddressSet {\n Set _inner;\n }\n\n /**\n * @dev Add a value to a set. O(1).\n *\n * Returns true if the value was added to the set, that is if it was not\n * already present.\n */\n function add(AddressSet storage set, address value) internal returns (bool) {\n return _add(set._inner, bytes32(uint256(uint160(value))));\n }\n\n /**\n * @dev Removes a value from a set. O(1).\n *\n * Returns true if the value was removed from the set, that is if it was\n * present.\n */\n function remove(AddressSet storage set, address value) internal returns (bool) {\n return _remove(set._inner, bytes32(uint256(uint160(value))));\n }\n\n /**\n * @dev Returns true if the value is in the set. O(1).\n */\n function contains(AddressSet storage set, address value) internal view returns (bool) {\n return _contains(set._inner, bytes32(uint256(uint160(value))));\n }\n\n /**\n * @dev Returns the number of values in the set. O(1).\n */\n function length(AddressSet storage set) internal view returns (uint256) {\n return _length(set._inner);\n }\n\n /**\n * @dev Returns the value stored at position `index` in the set. O(1).\n *\n * Note that there are no guarantees on the ordering of values inside the\n * array, and it may change when more values are added or removed.\n *\n * Requirements:\n *\n * - `index` must be strictly less than {length}.\n */\n function at(AddressSet storage set, uint256 index) internal view returns (address) {\n return address(uint160(uint256(_at(set._inner, index))));\n }\n\n // UintSet\n\n struct UintSet {\n Set _inner;\n }\n\n /**\n * @dev Add a value to a set. O(1).\n *\n * Returns true if the value was added to the set, that is if it was not\n * already present.\n */\n function add(UintSet storage set, uint256 value) internal returns (bool) {\n return _add(set._inner, bytes32(value));\n }\n\n /**\n * @dev Removes a value from a set. O(1).\n *\n * Returns true if the value was removed from the set, that is if it was\n * present.\n */\n function remove(UintSet storage set, uint256 value) internal returns (bool) {\n return _remove(set._inner, bytes32(value));\n }\n\n /**\n * @dev Returns true if the value is in the set. O(1).\n */\n function contains(UintSet storage set, uint256 value) internal view returns (bool) {\n return _contains(set._inner, bytes32(value));\n }\n\n /**\n * @dev Returns the number of values on the set. O(1).\n */\n function length(UintSet storage set) internal view returns (uint256) {\n return _length(set._inner);\n }\n\n /**\n * @dev Returns the value stored at position `index` in the set. O(1).\n *\n * Note that there are no guarantees on the ordering of values inside the\n * array, and it may change when more values are added or removed.\n *\n * Requirements:\n *\n * - `index` must be strictly less than {length}.\n */\n function at(UintSet storage set, uint256 index) internal view returns (uint256) {\n return uint256(_at(set._inner, index));\n }\n}\n\n/**\n * @dev Elliptic Curve Digital Signature Algorithm (ECDSA) operations.\n *\n * These functions can be used to verify that a message was signed by the holder\n * of the private keys of a given address.\n */\nlibrary ECDSA {\n /**\n * @dev Returns the address that signed a hashed message (`hash`) with\n * `signature`. This address can then be used for verification purposes.\n *\n * The `ecrecover` EVM opcode allows for malleable (non-unique) signatures:\n * this function rejects them by requiring the `s` value to be in the lower\n * half order, and the `v` value to be either 27 or 28.\n *\n * IMPORTANT: `hash` _must_ be the result of a hash operation for the\n * verification to be secure: it is possible to craft signatures that\n * recover to arbitrary addresses for non-hashed data. A safe way to ensure\n * this is by receiving a hash of the original message (which may otherwise\n * be too long), and then calling {toEthSignedMessageHash} on it.\n */\n function recover(bytes32 hash, bytes memory signature) internal pure returns (address) {\n // Check the signature length\n if (signature.length != 65) {\n revert(\"ECDSA: invalid signature length\");\n }\n\n // Divide the signature in r, s and v variables\n bytes32 r;\n bytes32 s;\n uint8 v;\n\n // ecrecover takes the signature parameters, and the only way to get them\n // currently is to use assembly.\n // solhint-disable-next-line no-inline-assembly\n assembly {\n r := mload(add(signature, 0x20))\n s := mload(add(signature, 0x40))\n v := byte(0, mload(add(signature, 0x60)))\n }\n\n return recover(hash, v, r, s);\n }\n\n /**\n * @dev Overload of {ECDSA-recover-bytes32-bytes-} that receives the `v`,\n * `r` and `s` signature fields separately.\n */\n function recover(bytes32 hash, uint8 v, bytes32 r, bytes32 s) internal pure returns (address) {\n // EIP-2 still allows signature malleability for ecrecover(). Remove this possibility and make the signature\n // unique. Appendix F in the Ethereum Yellow paper (https://ethereum.github.io/yellowpaper/paper.pdf), defines\n // the valid range for s in (281): 0 \u003c s \u003c secp256k1n ÷ 2 + 1, and for v in (282): v ∈ {27, 28}. Most\n // signatures from current libraries generate a unique signature with an s-value in the lower half order.\n //\n // If your library generates malleable signatures, such as s-values in the upper range, calculate a new s-value\n // with 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141 - s1 and flip v from 27 to 28 or\n // vice versa. If your library also generates signatures with 0/1 for v instead 27/28, add 27 to v to accept\n // these malleable signatures as well.\n require(uint256(s) \u003c= 0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0, \"ECDSA: invalid signature 's' value\");\n require(v == 27 || v == 28, \"ECDSA: invalid signature 'v' value\");\n\n // If the signature is valid (and not malleable), return the signer address\n address signer = ecrecover(hash, v, r, s);\n require(signer != address(0), \"ECDSA: invalid signature\");\n\n return signer;\n }\n\n /**\n * @dev Returns an Ethereum Signed Message, created from a `hash`. This\n * replicates the behavior of the\n * https://github.com/ethereum/wiki/wiki/JSON-RPC#eth_sign[`eth_sign`]\n * JSON-RPC method.\n *\n * See {recover}.\n */\n function toEthSignedMessageHash(bytes32 hash) internal pure returns (bytes32) {\n // 32 is the length in bytes of hash,\n // enforced by the type signature above\n return keccak256(abi.encodePacked(\"\\x19Ethereum Signed Message:\\n32\", hash));\n }\n}\n\ncontract Attestable is Ownable2Step {\n // ============ Events ============\n /**\n * @notice Emitted when an attester is enabled\n * @param attester newly enabled attester\n */\n event AttesterEnabled(address indexed attester);\n\n /**\n * @notice Emitted when an attester is disabled\n * @param attester newly disabled attester\n */\n event AttesterDisabled(address indexed attester);\n\n /**\n * @notice Emitted when threshold number of attestations (m in m/n multisig) is updated\n * @param oldSignatureThreshold old signature threshold\n * @param newSignatureThreshold new signature threshold\n */\n event SignatureThresholdUpdated(\n uint256 oldSignatureThreshold,\n uint256 newSignatureThreshold\n );\n\n /**\n * @dev Emitted when attester manager address is updated\n * @param previousAttesterManager representing the address of the previous attester manager\n * @param newAttesterManager representing the address of the new attester manager\n */\n event AttesterManagerUpdated(\n address indexed previousAttesterManager,\n address indexed newAttesterManager\n );\n\n // ============ Libraries ============\n using EnumerableSet for EnumerableSet.AddressSet;\n\n // ============ State Variables ============\n // number of signatures from distinct attesters required for a message to be received (m in m/n multisig)\n uint256 public signatureThreshold;\n\n // 65-byte ECDSA signature: v (32) + r (32) + s (1)\n uint256 internal constant signatureLength = 65;\n\n // enabled attesters (message signers)\n // (length of enabledAttesters is n in m/n multisig of message signers)\n EnumerableSet.AddressSet private enabledAttesters;\n\n // Attester Manager of the contract\n address private _attesterManager;\n\n // ============ Modifiers ============\n /**\n * @dev Throws if called by any account other than the attester manager.\n */\n modifier onlyAttesterManager() {\n require(msg.sender == _attesterManager, \"Caller not attester manager\");\n _;\n }\n\n // ============ Constructor ============\n /**\n * @dev The constructor sets the original attester manager of the contract to the sender account.\n * @param attester attester to initialize\n */\n constructor(address attester) {\n _setAttesterManager(msg.sender);\n // Initially 1 signature is required. Threshold can be increased by attesterManager.\n signatureThreshold = 1;\n enableAttester(attester);\n }\n\n // ============ Public/External Functions ============\n /**\n * @notice Enables an attester\n * @dev Only callable by attesterManager. New attester must be nonzero, and currently disabled.\n * @param newAttester attester to enable\n */\n function enableAttester(address newAttester) public onlyAttesterManager {\n require(newAttester != address(0), \"New attester must be nonzero\");\n require(enabledAttesters.add(newAttester), \"Attester already enabled\");\n emit AttesterEnabled(newAttester);\n }\n\n /**\n * @notice returns true if given `attester` is enabled, else false\n * @param attester attester to check enabled status of\n * @return true if given `attester` is enabled, else false\n */\n function isEnabledAttester(address attester) public view returns (bool) {\n return enabledAttesters.contains(attester);\n }\n\n /**\n * @notice returns the number of enabled attesters\n * @return number of enabled attesters\n */\n function getNumEnabledAttesters() public view returns (uint256) {\n return enabledAttesters.length();\n }\n\n /**\n * @dev Allows the current attester manager to transfer control of the contract to a newAttesterManager.\n * @param newAttesterManager The address to update attester manager to.\n */\n function updateAttesterManager(address newAttesterManager)\n external\n onlyOwner\n {\n require(\n newAttesterManager != address(0),\n \"Invalid attester manager address\"\n );\n address _oldAttesterManager = _attesterManager;\n _setAttesterManager(newAttesterManager);\n emit AttesterManagerUpdated(_oldAttesterManager, newAttesterManager);\n }\n\n /**\n * @notice Disables an attester\n * @dev Only callable by attesterManager. Disabling the attester is not allowed if there is only one attester\n * enabled, or if it would cause the number of enabled attesters to become less than signatureThreshold.\n * (Attester must be currently enabled.)\n * @param attester attester to disable\n */\n function disableAttester(address attester) external onlyAttesterManager {\n // Disallow disabling attester if there is only 1 active attester\n uint256 _numEnabledAttesters = getNumEnabledAttesters();\n\n require(_numEnabledAttesters \u003e 1, \"Too few enabled attesters\");\n\n // Disallow disabling an attester if it would cause the n in m/n multisig to fall below m (threshold # of signers).\n require(\n _numEnabledAttesters \u003e signatureThreshold,\n \"Signature threshold is too low\"\n );\n\n require(enabledAttesters.remove(attester), \"Attester already disabled\");\n emit AttesterDisabled(attester);\n }\n\n /**\n * @notice Sets the threshold of signatures required to attest to a message.\n * (This is the m in m/n multisig.)\n * @dev new signature threshold must be nonzero, and must not exceed number\n * of enabled attesters.\n * @param newSignatureThreshold new signature threshold\n */\n function setSignatureThreshold(uint256 newSignatureThreshold)\n external\n onlyAttesterManager\n {\n require(newSignatureThreshold != 0, \"Invalid signature threshold\");\n\n // New signature threshold cannot exceed the number of enabled attesters\n require(\n newSignatureThreshold \u003c= enabledAttesters.length(),\n \"New signature threshold too high\"\n );\n\n require(\n newSignatureThreshold != signatureThreshold,\n \"Signature threshold already set\"\n );\n\n uint256 _oldSignatureThreshold = signatureThreshold;\n signatureThreshold = newSignatureThreshold;\n emit SignatureThresholdUpdated(\n _oldSignatureThreshold,\n signatureThreshold\n );\n }\n\n /**\n * @dev Returns the address of the attester manager\n * @return address of the attester manager\n */\n function attesterManager() external view returns (address) {\n return _attesterManager;\n }\n\n /**\n * @notice gets enabled attester at given `index`\n * @param index index of attester to check\n * @return enabled attester at given `index`\n */\n function getEnabledAttester(uint256 index) external view returns (address) {\n return enabledAttesters.at(index);\n }\n\n // ============ Internal Utils ============\n /**\n * @dev Sets a new attester manager address\n * @param _newAttesterManager attester manager address to set\n */\n function _setAttesterManager(address _newAttesterManager) internal {\n _attesterManager = _newAttesterManager;\n }\n\n /**\n * @notice reverts if the attestation, which is comprised of one or more concatenated 65-byte signatures, is invalid.\n * @dev Rules for valid attestation:\n * 1. length of `_attestation` == 65 (signature length) * signatureThreshold\n * 2. addresses recovered from attestation must be in increasing order.\n * For example, if signature A is signed by address 0x1..., and signature B\n * is signed by address 0x2..., attestation must be passed as AB.\n * 3. no duplicate signers\n * 4. all signers must be enabled attesters\n *\n * Based on Christian Lundkvist's Simple Multisig\n * (https://github.com/christianlundkvist/simple-multisig/tree/560c463c8651e0a4da331bd8f245ccd2a48ab63d)\n * @param _message message to verify attestation of\n * @param _attestation attestation of `_message`\n */\n function _verifyAttestationSignatures(\n bytes calldata _message,\n bytes calldata _attestation\n ) internal view {\n require(\n _attestation.length == signatureLength * signatureThreshold,\n \"Invalid attestation length\"\n );\n\n // (Attesters cannot be address(0))\n address _latestAttesterAddress = address(0);\n // Address recovered from signatures must be in increasing order, to prevent duplicates\n\n bytes32 _digest = keccak256(_message);\n\n for (uint256 i; i \u003c signatureThreshold; ++i) {\n bytes memory _signature = _attestation[i * signatureLength:i *\n signatureLength +\n signatureLength];\n\n address _recoveredAttester = _recoverAttesterSignature(\n _digest,\n _signature\n );\n\n // Signatures must be in increasing order of address, and may not duplicate signatures from same address\n require(\n _recoveredAttester \u003e _latestAttesterAddress,\n \"Invalid signature order or dupe\"\n );\n require(\n isEnabledAttester(_recoveredAttester),\n \"Invalid signature: not attester\"\n );\n _latestAttesterAddress = _recoveredAttester;\n }\n }\n\n /**\n * @notice Checks that signature was signed by attester\n * @param _digest message hash\n * @param _signature message signature\n * @return address of recovered signer\n **/\n function _recoverAttesterSignature(bytes32 _digest, bytes memory _signature)\n internal\n pure\n returns (address)\n {\n return (ECDSA.recover(_digest, _signature));\n }\n}\n\n/**\n * @title MessageTransmitter\n * @notice Contract responsible for sending and receiving messages across chains.\n */\ncontract MessageTransmitter is\n IMessageTransmitter,\n Pausable,\n Rescuable,\n Attestable\n{\n // ============ Events ============\n /**\n * @notice Emitted when a new message is dispatched\n * @param message Raw bytes of message\n */\n event MessageSent(bytes message);\n\n /**\n * @notice Emitted when a new message is received\n * @param caller Caller (msg.sender) on destination domain\n * @param sourceDomain The source domain this message originated from\n * @param nonce The nonce unique to this message\n * @param sender The sender of this message\n * @param messageBody message body bytes\n */\n event MessageReceived(\n address indexed caller,\n uint32 sourceDomain,\n uint64 indexed nonce,\n bytes32 sender,\n bytes messageBody\n );\n\n /**\n * @notice Emitted when max message body size is updated\n * @param newMaxMessageBodySize new maximum message body size, in bytes\n */\n event MaxMessageBodySizeUpdated(uint256 newMaxMessageBodySize);\n\n // ============ Libraries ============\n using TypedMemView for bytes;\n using TypedMemView for bytes29;\n using Message for bytes29;\n\n // ============ State Variables ============\n // Domain of chain on which the contract is deployed\n uint32 public immutable localDomain;\n\n // Message Format version\n uint32 public immutable version;\n\n // Maximum size of message body, in bytes.\n // This value is set by owner.\n uint256 public maxMessageBodySize;\n\n // Next available nonce from this source domain\n uint64 public nextAvailableNonce;\n\n // Maps a bytes32 hash of (sourceDomain, nonce) -\u003e uint256 (0 if unused, 1 if used)\n mapping(bytes32 =\u003e uint256) public usedNonces;\n\n // ============ Constructor ============\n constructor(\n uint32 _localDomain,\n address _attester,\n uint32 _maxMessageBodySize,\n uint32 _version\n ) Attestable(_attester) {\n localDomain = _localDomain;\n maxMessageBodySize = _maxMessageBodySize;\n version = _version;\n }\n\n // ============ External Functions ============\n /**\n * @notice Send the message to the destination domain and recipient\n * @dev Increment nonce, format the message, and emit `MessageSent` event with message information.\n * @param destinationDomain Domain of destination chain\n * @param recipient Address of message recipient on destination chain as bytes32\n * @param messageBody Raw bytes content of message\n * @return nonce reserved by message\n */\n function sendMessage(\n uint32 destinationDomain,\n bytes32 recipient,\n bytes calldata messageBody\n ) external override whenNotPaused returns (uint64) {\n bytes32 _emptyDestinationCaller = bytes32(0);\n uint64 _nonce = _reserveAndIncrementNonce();\n bytes32 _messageSender = Message.addressToBytes32(msg.sender);\n\n _sendMessage(\n destinationDomain,\n recipient,\n _emptyDestinationCaller,\n _messageSender,\n _nonce,\n messageBody\n );\n\n return _nonce;\n }\n\n /**\n * @notice Replace a message with a new message body and/or destination caller.\n * @dev The `originalAttestation` must be a valid attestation of `originalMessage`.\n * Reverts if msg.sender does not match sender of original message, or if the source domain of the original message\n * does not match this MessageTransmitter's local domain.\n * @param originalMessage original message to replace\n * @param originalAttestation attestation of `originalMessage`\n * @param newMessageBody new message body of replaced message\n * @param newDestinationCaller the new destination caller, which may be the\n * same as the original destination caller, a new destination caller, or an empty\n * destination caller (bytes32(0), indicating that any destination caller is valid.)\n */\n function replaceMessage(\n bytes calldata originalMessage,\n bytes calldata originalAttestation,\n bytes calldata newMessageBody,\n bytes32 newDestinationCaller\n ) external override whenNotPaused {\n // Validate each signature in the attestation\n _verifyAttestationSignatures(originalMessage, originalAttestation);\n\n bytes29 _originalMsg = originalMessage.ref(0);\n\n // Validate message format\n _originalMsg._validateMessageFormat();\n\n // Validate message sender\n bytes32 _sender = _originalMsg._sender();\n require(\n msg.sender == Message.bytes32ToAddress(_sender),\n \"Sender not permitted to use nonce\"\n );\n\n // Validate source domain\n uint32 _sourceDomain = _originalMsg._sourceDomain();\n require(\n _sourceDomain == localDomain,\n \"Message not originally sent from this domain\"\n );\n\n uint32 _destinationDomain = _originalMsg._destinationDomain();\n bytes32 _recipient = _originalMsg._recipient();\n uint64 _nonce = _originalMsg._nonce();\n\n _sendMessage(\n _destinationDomain,\n _recipient,\n newDestinationCaller,\n _sender,\n _nonce,\n newMessageBody\n );\n }\n\n /**\n * @notice Send the message to the destination domain and recipient, for a specified `destinationCaller` on the\n * destination domain.\n * @dev Increment nonce, format the message, and emit `MessageSent` event with message information.\n * WARNING: if the `destinationCaller` does not represent a valid address, then it will not be possible\n * to broadcast the message on the destination domain. This is an advanced feature, and the standard\n * sendMessage() should be preferred for use cases where a specific destination caller is not required.\n * @param destinationDomain Domain of destination chain\n * @param recipient Address of message recipient on destination domain as bytes32\n * @param destinationCaller caller on the destination domain, as bytes32\n * @param messageBody Raw bytes content of message\n * @return nonce reserved by message\n */\n function sendMessageWithCaller(\n uint32 destinationDomain,\n bytes32 recipient,\n bytes32 destinationCaller,\n bytes calldata messageBody\n ) external override whenNotPaused returns (uint64) {\n require(\n destinationCaller != bytes32(0),\n \"Destination caller must be nonzero\"\n );\n\n uint64 _nonce = _reserveAndIncrementNonce();\n bytes32 _messageSender = Message.addressToBytes32(msg.sender);\n\n _sendMessage(\n destinationDomain,\n recipient,\n destinationCaller,\n _messageSender,\n _nonce,\n messageBody\n );\n\n return _nonce;\n }\n\n /**\n * @notice Receive a message. Messages with a given nonce\n * can only be broadcast once for a (sourceDomain, destinationDomain)\n * pair. The message body of a valid message is passed to the\n * specified recipient for further processing.\n *\n * @dev Attestation format:\n * A valid attestation is the concatenated 65-byte signature(s) of exactly\n * `thresholdSignature` signatures, in increasing order of attester address.\n * ***If the attester addresses recovered from signatures are not in\n * increasing order, signature verification will fail.***\n * If incorrect number of signatures or duplicate signatures are supplied,\n * signature verification will fail.\n *\n * Message format:\n * Field Bytes Type Index\n * version 4 uint32 0\n * sourceDomain 4 uint32 4\n * destinationDomain 4 uint32 8\n * nonce 8 uint64 12\n * sender 32 bytes32 20\n * recipient 32 bytes32 52\n * messageBody dynamic bytes 84\n * @param message Message bytes\n * @param attestation Concatenated 65-byte signature(s) of `message`, in increasing order\n * of the attester address recovered from signatures.\n * @return success bool, true if successful\n */\n function receiveMessage(bytes calldata message, bytes calldata attestation)\n external\n override\n whenNotPaused\n returns (bool success)\n {\n // Validate each signature in the attestation\n _verifyAttestationSignatures(message, attestation);\n\n bytes29 _msg = message.ref(0);\n\n // Validate message format\n _msg._validateMessageFormat();\n\n // Validate domain\n require(\n _msg._destinationDomain() == localDomain,\n \"Invalid destination domain\"\n );\n\n // Validate destination caller\n if (_msg._destinationCaller() != bytes32(0)) {\n require(\n _msg._destinationCaller() ==\n Message.addressToBytes32(msg.sender),\n \"Invalid caller for message\"\n );\n }\n\n // Validate version\n require(_msg._version() == version, \"Invalid message version\");\n\n // Validate nonce is available\n uint32 _sourceDomain = _msg._sourceDomain();\n uint64 _nonce = _msg._nonce();\n bytes32 _sourceAndNonce = _hashSourceAndNonce(_sourceDomain, _nonce);\n require(usedNonces[_sourceAndNonce] == 0, \"Nonce already used\");\n // Mark nonce used\n usedNonces[_sourceAndNonce] = 1;\n\n // Handle receive message\n bytes32 _sender = _msg._sender();\n bytes memory _messageBody = _msg._messageBody().clone();\n require(\n IMessageHandler(Message.bytes32ToAddress(_msg._recipient()))\n .handleReceiveMessage(_sourceDomain, _sender, _messageBody),\n \"handleReceiveMessage() failed\"\n );\n\n // Emit MessageReceived event\n emit MessageReceived(\n msg.sender,\n _sourceDomain,\n _nonce,\n _sender,\n _messageBody\n );\n return true;\n }\n\n /**\n * @notice Sets the max message body size\n * @dev This value should not be reduced without good reason,\n * to avoid impacting users who rely on large messages.\n * @param newMaxMessageBodySize new max message body size, in bytes\n */\n function setMaxMessageBodySize(uint256 newMaxMessageBodySize)\n external\n onlyOwner\n {\n maxMessageBodySize = newMaxMessageBodySize;\n emit MaxMessageBodySizeUpdated(maxMessageBodySize);\n }\n\n // ============ Internal Utils ============\n /**\n * @notice Send the message to the destination domain and recipient. If `_destinationCaller` is not equal to bytes32(0),\n * the message can only be received on the destination chain when called by `_destinationCaller`.\n * @dev Format the message and emit `MessageSent` event with message information.\n * @param _destinationDomain Domain of destination chain\n * @param _recipient Address of message recipient on destination domain as bytes32\n * @param _destinationCaller caller on the destination domain, as bytes32\n * @param _sender message sender, as bytes32\n * @param _nonce nonce reserved for message\n * @param _messageBody Raw bytes content of message\n */\n function _sendMessage(\n uint32 _destinationDomain,\n bytes32 _recipient,\n bytes32 _destinationCaller,\n bytes32 _sender,\n uint64 _nonce,\n bytes calldata _messageBody\n ) internal {\n // Validate message body length\n require(\n _messageBody.length \u003c= maxMessageBodySize,\n \"Message body exceeds max size\"\n );\n\n require(_recipient != bytes32(0), \"Recipient must be nonzero\");\n\n // serialize message\n bytes memory _message = Message._formatMessage(\n version,\n localDomain,\n _destinationDomain,\n _nonce,\n _sender,\n _recipient,\n _destinationCaller,\n _messageBody\n );\n\n // Emit MessageSent event\n emit MessageSent(_message);\n }\n\n /**\n * @notice hashes `_source` and `_nonce`.\n * @param _source Domain of chain where the transfer originated\n * @param _nonce The unique identifier for the message from source to\n destination\n * @return hash of source and nonce\n */\n function _hashSourceAndNonce(uint32 _source, uint64 _nonce)\n internal\n pure\n returns (bytes32)\n {\n return keccak256(abi.encodePacked(_source, _nonce));\n }\n\n /**\n * Reserve and increment next available nonce\n * @return nonce reserved\n */\n function _reserveAndIncrementNonce() internal returns (uint64) {\n uint64 _nonceReserved = nextAvailableNonce;\n nextAvailableNonce = nextAvailableNonce + 1;\n return _nonceReserved;\n }\n}\n","language":"Solidity","languageVersion":"0.7.6","compilerVersion":"0.7.6","compilerOptions":"--combined-json bin,bin-runtime,srcmap,srcmap-runtime,abi,userdoc,devdoc,metadata,hashes --optimize --optimize-runs 10000 --allow-paths ., ./, ../","srcMap":"","srcMapRuntime":"","abiDefinition":[{"inputs":[{"internalType":"bytes","name":"message","type":"bytes"},{"internalType":"bytes","name":"signature","type":"bytes"}],"name":"receiveMessage","outputs":[{"internalType":"bool","name":"success","type":"bool"}],"stateMutability":"nonpayable","type":"function"}],"userDoc":{"kind":"user","methods":{"receiveMessage(bytes,bytes)":{"notice":"Receives an incoming message, validating the header and passing the body to application-specific handler."}},"notice":"Receives messages on destination chain and forwards them to IMessageDestinationHandler","version":1},"developerDoc":{"kind":"dev","methods":{"receiveMessage(bytes,bytes)":{"params":{"message":"The message raw bytes","signature":"The message signature"},"returns":{"success":"bool, true if successful"}}},"title":"IReceiver","version":1},"metadata":"{\"compiler\":{\"version\":\"0.7.6+commit.7338295f\"},\"language\":\"Solidity\",\"output\":{\"abi\":[{\"inputs\":[{\"internalType\":\"bytes\",\"name\":\"message\",\"type\":\"bytes\"},{\"internalType\":\"bytes\",\"name\":\"signature\",\"type\":\"bytes\"}],\"name\":\"receiveMessage\",\"outputs\":[{\"internalType\":\"bool\",\"name\":\"success\",\"type\":\"bool\"}],\"stateMutability\":\"nonpayable\",\"type\":\"function\"}],\"devdoc\":{\"kind\":\"dev\",\"methods\":{\"receiveMessage(bytes,bytes)\":{\"params\":{\"message\":\"The message raw bytes\",\"signature\":\"The message signature\"},\"returns\":{\"success\":\"bool, true if successful\"}}},\"title\":\"IReceiver\",\"version\":1},\"userdoc\":{\"kind\":\"user\",\"methods\":{\"receiveMessage(bytes,bytes)\":{\"notice\":\"Receives an incoming message, validating the header and passing the body to application-specific handler.\"}},\"notice\":\"Receives messages on destination chain and forwards them to IMessageDestinationHandler\",\"version\":1}},\"settings\":{\"compilationTarget\":{\"/solidity/MessageTransmitter.sol\":\"IReceiver\"},\"evmVersion\":\"istanbul\",\"libraries\":{},\"metadata\":{\"bytecodeHash\":\"ipfs\"},\"optimizer\":{\"enabled\":true,\"runs\":10000},\"remappings\":[]},\"sources\":{\"/solidity/MessageTransmitter.sol\":{\"keccak256\":\"0x66482a7675b7a8f1b856597c0bcce83a042b7f528008def6999bc6ac352490c3\",\"urls\":[\"bzz-raw://1ac50e39d1d55ebb3768c40e3a059e0061a4b3604e6d696b344536449bf54493\",\"dweb:/ipfs/QmVs58APPUCVq74xCsVLCMdfB18yJTqFzgXNL5qEJu7GY6\"]}},\"version\":1}"},"hashes":{"receiveMessage(bytes,bytes)":"57ecfd28"}},"/solidity/MessageTransmitter.sol:IRelayer":{"code":"0x","runtime-code":"0x","info":{"source":"/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npragma solidity 0.7.6;\n\n/*\nThe MIT License (MIT)\n\nCopyright (c) 2016 Smart Contract Solutions, Inc.\n\nPermission is hereby granted, free of charge, to any person obtaining\na copy of this software and associated documentation files (the\n\"Software\"), to deal in the Software without restriction, including\nwithout limitation the rights to use, copy, modify, merge, publish,\ndistribute, sublicense, and/or sell copies of the Software, and to\npermit persons to whom the Software is furnished to do so, subject to\nthe following conditions:\n\nThe above copyright notice and this permission notice shall be included\nin all copies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS\nOR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF\nMERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.\nIN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY\nCLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,\nTORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE\nSOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n*/\n\nlibrary TypedMemView {\n using SafeMath for uint256;\n\n // Why does this exist?\n // the solidity `bytes memory` type has a few weaknesses.\n // 1. You can't index ranges effectively\n // 2. You can't slice without copying\n // 3. The underlying data may represent any type\n // 4. Solidity never deallocates memory, and memory costs grow\n // superlinearly\n\n // By using a memory view instead of a `bytes memory` we get the following\n // advantages:\n // 1. Slices are done on the stack, by manipulating the pointer\n // 2. We can index arbitrary ranges and quickly convert them to stack types\n // 3. We can insert type info into the pointer, and typecheck at runtime\n\n // This makes `TypedMemView` a useful tool for efficient zero-copy\n // algorithms.\n\n // Why bytes29?\n // We want to avoid confusion between views, digests, and other common\n // types so we chose a large and uncommonly used odd number of bytes\n //\n // Note that while bytes are left-aligned in a word, integers and addresses\n // are right-aligned. This means when working in assembly we have to\n // account for the 3 unused bytes on the righthand side\n //\n // First 5 bytes are a type flag.\n // - ff_ffff_fffe is reserved for unknown type.\n // - ff_ffff_ffff is reserved for invalid types/errors.\n // next 12 are memory address\n // next 12 are len\n // bottom 3 bytes are empty\n\n // Assumptions:\n // - non-modification of memory.\n // - No Solidity updates\n // - - wrt free mem point\n // - - wrt bytes representation in memory\n // - - wrt memory addressing in general\n\n // Usage:\n // - create type constants\n // - use `assertType` for runtime type assertions\n // - - unfortunately we can't do this at compile time yet :(\n // - recommended: implement modifiers that perform type checking\n // - - e.g.\n // - - `uint40 constant MY_TYPE = 3;`\n // - - ` modifer onlyMyType(bytes29 myView) { myView.assertType(MY_TYPE); }`\n // - instantiate a typed view from a bytearray using `ref`\n // - use `index` to inspect the contents of the view\n // - use `slice` to create smaller views into the same memory\n // - - `slice` can increase the offset\n // - - `slice can decrease the length`\n // - - must specify the output type of `slice`\n // - - `slice` will return a null view if you try to overrun\n // - - make sure to explicitly check for this with `notNull` or `assertType`\n // - use `equal` for typed comparisons.\n\n // The null view\n bytes29 public constant NULL = hex\"ffffffffffffffffffffffffffffffffffffffffffffffffffffffffff\";\n uint256 constant LOW_12_MASK = 0xffffffffffffffffffffffff;\n uint8 constant TWELVE_BYTES = 96;\n\n /**\n * @notice Returns the encoded hex character that represents the lower 4 bits of the argument.\n * @param _b The byte\n * @return char - The encoded hex character\n */\n function nibbleHex(uint8 _b) internal pure returns (uint8 char) {\n // This can probably be done more efficiently, but it's only in error\n // paths, so we don't really care :)\n uint8 _nibble = _b | 0xf0; // set top 4, keep bottom 4\n if (_nibble == 0xf0) {return 0x30;} // 0\n if (_nibble == 0xf1) {return 0x31;} // 1\n if (_nibble == 0xf2) {return 0x32;} // 2\n if (_nibble == 0xf3) {return 0x33;} // 3\n if (_nibble == 0xf4) {return 0x34;} // 4\n if (_nibble == 0xf5) {return 0x35;} // 5\n if (_nibble == 0xf6) {return 0x36;} // 6\n if (_nibble == 0xf7) {return 0x37;} // 7\n if (_nibble == 0xf8) {return 0x38;} // 8\n if (_nibble == 0xf9) {return 0x39;} // 9\n if (_nibble == 0xfa) {return 0x61;} // a\n if (_nibble == 0xfb) {return 0x62;} // b\n if (_nibble == 0xfc) {return 0x63;} // c\n if (_nibble == 0xfd) {return 0x64;} // d\n if (_nibble == 0xfe) {return 0x65;} // e\n if (_nibble == 0xff) {return 0x66;} // f\n }\n\n /**\n * @notice Returns a uint16 containing the hex-encoded byte.\n * @param _b The byte\n * @return encoded - The hex-encoded byte\n */\n function byteHex(uint8 _b) internal pure returns (uint16 encoded) {\n encoded |= nibbleHex(_b \u003e\u003e 4); // top 4 bits\n encoded \u003c\u003c= 8;\n encoded |= nibbleHex(_b); // lower 4 bits\n }\n\n /**\n * @notice Encodes the uint256 to hex. `first` contains the encoded top 16 bytes.\n * `second` contains the encoded lower 16 bytes.\n *\n * @param _b The 32 bytes as uint256\n * @return first - The top 16 bytes\n * @return second - The bottom 16 bytes\n */\n function encodeHex(uint256 _b) internal pure returns (uint256 first, uint256 second) {\n for (uint8 i = 31; i \u003e 15; i -= 1) {\n uint8 _byte = uint8(_b \u003e\u003e (i * 8));\n first |= byteHex(_byte);\n if (i != 16) {\n first \u003c\u003c= 16;\n }\n }\n\n // abusing underflow here =_=\n for (uint8 i = 15; i \u003c 255 ; i -= 1) {\n uint8 _byte = uint8(_b \u003e\u003e (i * 8));\n second |= byteHex(_byte);\n if (i != 0) {\n second \u003c\u003c= 16;\n }\n }\n }\n\n /**\n * @notice Changes the endianness of a uint256.\n * @dev https://graphics.stanford.edu/~seander/bithacks.html#ReverseParallel\n * @param _b The unsigned integer to reverse\n * @return v - The reversed value\n */\n function reverseUint256(uint256 _b) internal pure returns (uint256 v) {\n v = _b;\n\n // swap bytes\n v = ((v \u003e\u003e 8) \u0026 0x00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF) |\n ((v \u0026 0x00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF) \u003c\u003c 8);\n // swap 2-byte long pairs\n v = ((v \u003e\u003e 16) \u0026 0x0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF) |\n ((v \u0026 0x0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF) \u003c\u003c 16);\n // swap 4-byte long pairs\n v = ((v \u003e\u003e 32) \u0026 0x00000000FFFFFFFF00000000FFFFFFFF00000000FFFFFFFF00000000FFFFFFFF) |\n ((v \u0026 0x00000000FFFFFFFF00000000FFFFFFFF00000000FFFFFFFF00000000FFFFFFFF) \u003c\u003c 32);\n // swap 8-byte long pairs\n v = ((v \u003e\u003e 64) \u0026 0x0000000000000000FFFFFFFFFFFFFFFF0000000000000000FFFFFFFFFFFFFFFF) |\n ((v \u0026 0x0000000000000000FFFFFFFFFFFFFFFF0000000000000000FFFFFFFFFFFFFFFF) \u003c\u003c 64);\n // swap 16-byte long pairs\n v = (v \u003e\u003e 128) | (v \u003c\u003c 128);\n }\n\n /**\n * @notice Create a mask with the highest `_len` bits set.\n * @param _len The length\n * @return mask - The mask\n */\n function leftMask(uint8 _len) private pure returns (uint256 mask) {\n // ugly. redo without assembly?\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n mask := sar(\n sub(_len, 1),\n 0x8000000000000000000000000000000000000000000000000000000000000000\n )\n }\n }\n\n /**\n * @notice Return the null view.\n * @return bytes29 - The null view\n */\n function nullView() internal pure returns (bytes29) {\n return NULL;\n }\n\n /**\n * @notice Check if the view is null.\n * @return bool - True if the view is null\n */\n function isNull(bytes29 memView) internal pure returns (bool) {\n return memView == NULL;\n }\n\n /**\n * @notice Check if the view is not null.\n * @return bool - True if the view is not null\n */\n function notNull(bytes29 memView) internal pure returns (bool) {\n return !isNull(memView);\n }\n\n /**\n * @notice Check if the view is of a valid type and points to a valid location\n * in memory.\n * @dev We perform this check by examining solidity's unallocated memory\n * pointer and ensuring that the view's upper bound is less than that.\n * @param memView The view\n * @return ret - True if the view is valid\n */\n function isValid(bytes29 memView) internal pure returns (bool ret) {\n if (typeOf(memView) == 0xffffffffff) {return false;}\n uint256 _end = end(memView);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n ret := not(gt(_end, mload(0x40)))\n }\n }\n\n /**\n * @notice Require that a typed memory view be valid.\n * @dev Returns the view for easy chaining.\n * @param memView The view\n * @return bytes29 - The validated view\n */\n function assertValid(bytes29 memView) internal pure returns (bytes29) {\n require(isValid(memView), \"Validity assertion failed\");\n return memView;\n }\n\n /**\n * @notice Return true if the memview is of the expected type. Otherwise false.\n * @param memView The view\n * @param _expected The expected type\n * @return bool - True if the memview is of the expected type\n */\n function isType(bytes29 memView, uint40 _expected) internal pure returns (bool) {\n return typeOf(memView) == _expected;\n }\n\n /**\n * @notice Require that a typed memory view has a specific type.\n * @dev Returns the view for easy chaining.\n * @param memView The view\n * @param _expected The expected type\n * @return bytes29 - The view with validated type\n */\n function assertType(bytes29 memView, uint40 _expected) internal pure returns (bytes29) {\n if (!isType(memView, _expected)) {\n (, uint256 g) = encodeHex(uint256(typeOf(memView)));\n (, uint256 e) = encodeHex(uint256(_expected));\n string memory err = string(\n abi.encodePacked(\n \"Type assertion failed. Got 0x\",\n uint80(g),\n \". Expected 0x\",\n uint80(e)\n )\n );\n revert(err);\n }\n return memView;\n }\n\n /**\n * @notice Return an identical view with a different type.\n * @param memView The view\n * @param _newType The new type\n * @return newView - The new view with the specified type\n */\n function castTo(bytes29 memView, uint40 _newType) internal pure returns (bytes29 newView) {\n // then | in the new type\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n // shift off the top 5 bytes\n newView := or(newView, shr(40, shl(40, memView)))\n newView := or(newView, shl(216, _newType))\n }\n }\n\n /**\n * @notice Unsafe raw pointer construction. This should generally not be called\n * directly. Prefer `ref` wherever possible.\n * @dev Unsafe raw pointer construction. This should generally not be called\n * directly. Prefer `ref` wherever possible.\n * @param _type The type\n * @param _loc The memory address\n * @param _len The length\n * @return newView - The new view with the specified type, location and length\n */\n function unsafeBuildUnchecked(uint256 _type, uint256 _loc, uint256 _len) private pure returns (bytes29 newView) {\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n newView := shl(96, or(newView, _type)) // insert type\n newView := shl(96, or(newView, _loc)) // insert loc\n newView := shl(24, or(newView, _len)) // empty bottom 3 bytes\n }\n }\n\n /**\n * @notice Instantiate a new memory view. This should generally not be called\n * directly. Prefer `ref` wherever possible.\n * @dev Instantiate a new memory view. This should generally not be called\n * directly. Prefer `ref` wherever possible.\n * @param _type The type\n * @param _loc The memory address\n * @param _len The length\n * @return newView - The new view with the specified type, location and length\n */\n function build(uint256 _type, uint256 _loc, uint256 _len) internal pure returns (bytes29 newView) {\n uint256 _end = _loc.add(_len);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n if gt(_end, mload(0x40)) {\n _end := 0\n }\n }\n if (_end == 0) {\n return NULL;\n }\n newView = unsafeBuildUnchecked(_type, _loc, _len);\n }\n\n /**\n * @notice Instantiate a memory view from a byte array.\n * @dev Note that due to Solidity memory representation, it is not possible to\n * implement a deref, as the `bytes` type stores its len in memory.\n * @param arr The byte array\n * @param newType The type\n * @return bytes29 - The memory view\n */\n function ref(bytes memory arr, uint40 newType) internal pure returns (bytes29) {\n uint256 _len = arr.length;\n\n uint256 _loc;\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n _loc := add(arr, 0x20) // our view is of the data, not the struct\n }\n\n return build(newType, _loc, _len);\n }\n\n /**\n * @notice Return the associated type information.\n * @param memView The memory view\n * @return _type - The type associated with the view\n */\n function typeOf(bytes29 memView) internal pure returns (uint40 _type) {\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n // 216 == 256 - 40\n _type := shr(216, memView) // shift out lower 24 bytes\n }\n }\n\n /**\n * @notice Optimized type comparison. Checks that the 5-byte type flag is equal.\n * @param left The first view\n * @param right The second view\n * @return bool - True if the 5-byte type flag is equal\n */\n function sameType(bytes29 left, bytes29 right) internal pure returns (bool) {\n return (left ^ right) \u003e\u003e (2 * TWELVE_BYTES) == 0;\n }\n\n /**\n * @notice Return the memory address of the underlying bytes.\n * @param memView The view\n * @return _loc - The memory address\n */\n function loc(bytes29 memView) internal pure returns (uint96 _loc) {\n uint256 _mask = LOW_12_MASK; // assembly can't use globals\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n // 120 bits = 12 bytes (the encoded loc) + 3 bytes (empty low space)\n _loc := and(shr(120, memView), _mask)\n }\n }\n\n /**\n * @notice The number of memory words this memory view occupies, rounded up.\n * @param memView The view\n * @return uint256 - The number of memory words\n */\n function words(bytes29 memView) internal pure returns (uint256) {\n return uint256(len(memView)).add(32) / 32;\n }\n\n /**\n * @notice The in-memory footprint of a fresh copy of the view.\n * @param memView The view\n * @return uint256 - The in-memory footprint of a fresh copy of the view.\n */\n function footprint(bytes29 memView) internal pure returns (uint256) {\n return words(memView) * 32;\n }\n\n /**\n * @notice The number of bytes of the view.\n * @param memView The view\n * @return _len - The length of the view\n */\n function len(bytes29 memView) internal pure returns (uint96 _len) {\n uint256 _mask = LOW_12_MASK; // assembly can't use globals\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n _len := and(shr(24, memView), _mask)\n }\n }\n\n /**\n * @notice Returns the endpoint of `memView`.\n * @param memView The view\n * @return uint256 - The endpoint of `memView`\n */\n function end(bytes29 memView) internal pure returns (uint256) {\n return loc(memView) + len(memView);\n }\n\n /**\n * @notice Safe slicing without memory modification.\n * @param memView The view\n * @param _index The start index\n * @param _len The length\n * @param newType The new type\n * @return bytes29 - The new view\n */\n function slice(bytes29 memView, uint256 _index, uint256 _len, uint40 newType) internal pure returns (bytes29) {\n uint256 _loc = loc(memView);\n\n // Ensure it doesn't overrun the view\n if (_loc.add(_index).add(_len) \u003e end(memView)) {\n return NULL;\n }\n\n _loc = _loc.add(_index);\n return build(newType, _loc, _len);\n }\n\n /**\n * @notice Shortcut to `slice`. Gets a view representing the first `_len` bytes.\n * @param memView The view\n * @param _len The length\n * @param newType The new type\n * @return bytes29 - The new view\n */\n function prefix(bytes29 memView, uint256 _len, uint40 newType) internal pure returns (bytes29) {\n return slice(memView, 0, _len, newType);\n }\n\n /**\n * @notice Shortcut to `slice`. Gets a view representing the last `_len` byte.\n * @param memView The view\n * @param _len The length\n * @param newType The new type\n * @return bytes29 - The new view\n */\n function postfix(bytes29 memView, uint256 _len, uint40 newType) internal pure returns (bytes29) {\n return slice(memView, uint256(len(memView)).sub(_len), _len, newType);\n }\n\n /**\n * @notice Construct an error message for an indexing overrun.\n * @param _loc The memory address\n * @param _len The length\n * @param _index The index\n * @param _slice The slice where the overrun occurred\n * @return err - The err\n */\n function indexErrOverrun(\n uint256 _loc,\n uint256 _len,\n uint256 _index,\n uint256 _slice\n ) internal pure returns (string memory err) {\n (, uint256 a) = encodeHex(_loc);\n (, uint256 b) = encodeHex(_len);\n (, uint256 c) = encodeHex(_index);\n (, uint256 d) = encodeHex(_slice);\n err = string(\n abi.encodePacked(\n \"TypedMemView/index - Overran the view. Slice is at 0x\",\n uint48(a),\n \" with length 0x\",\n uint48(b),\n \". Attempted to index at offset 0x\",\n uint48(c),\n \" with length 0x\",\n uint48(d),\n \".\"\n )\n );\n }\n\n /**\n * @notice Load up to 32 bytes from the view onto the stack.\n * @dev Returns a bytes32 with only the `_bytes` highest bytes set.\n * This can be immediately cast to a smaller fixed-length byte array.\n * To automatically cast to an integer, use `indexUint`.\n * @param memView The view\n * @param _index The index\n * @param _bytes The bytes\n * @return result - The 32 byte result\n */\n function index(bytes29 memView, uint256 _index, uint8 _bytes) internal pure returns (bytes32 result) {\n if (_bytes == 0) {return bytes32(0);}\n if (_index.add(_bytes) \u003e len(memView)) {\n revert(indexErrOverrun(loc(memView), len(memView), _index, uint256(_bytes)));\n }\n require(_bytes \u003c= 32, \"TypedMemView/index - Attempted to index more than 32 bytes\");\n\n uint8 bitLength = _bytes * 8;\n uint256 _loc = loc(memView);\n uint256 _mask = leftMask(bitLength);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n result := and(mload(add(_loc, _index)), _mask)\n }\n }\n\n /**\n * @notice Parse an unsigned integer from the view at `_index`.\n * @dev Requires that the view have \u003e= `_bytes` bytes following that index.\n * @param memView The view\n * @param _index The index\n * @param _bytes The bytes\n * @return result - The unsigned integer\n */\n function indexUint(bytes29 memView, uint256 _index, uint8 _bytes) internal pure returns (uint256 result) {\n return uint256(index(memView, _index, _bytes)) \u003e\u003e ((32 - _bytes) * 8);\n }\n\n /**\n * @notice Parse an unsigned integer from LE bytes.\n * @param memView The view\n * @param _index The index\n * @param _bytes The bytes\n * @return result - The unsigned integer\n */\n function indexLEUint(bytes29 memView, uint256 _index, uint8 _bytes) internal pure returns (uint256 result) {\n return reverseUint256(uint256(index(memView, _index, _bytes)));\n }\n\n /**\n * @notice Parse an address from the view at `_index`. Requires that the view have \u003e= 20 bytes\n * following that index.\n * @param memView The view\n * @param _index The index\n * @return address - The address\n */\n function indexAddress(bytes29 memView, uint256 _index) internal pure returns (address) {\n return address(uint160(indexUint(memView, _index, 20)));\n }\n\n /**\n * @notice Return the keccak256 hash of the underlying memory\n * @param memView The view\n * @return digest - The keccak256 hash of the underlying memory\n */\n function keccak(bytes29 memView) internal pure returns (bytes32 digest) {\n uint256 _loc = loc(memView);\n uint256 _len = len(memView);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n digest := keccak256(_loc, _len)\n }\n }\n\n /**\n * @notice Return the sha2 digest of the underlying memory.\n * @dev We explicitly deallocate memory afterwards.\n * @param memView The view\n * @return digest - The sha2 hash of the underlying memory\n */\n function sha2(bytes29 memView) internal view returns (bytes32 digest) {\n uint256 _loc = loc(memView);\n uint256 _len = len(memView);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n let ptr := mload(0x40)\n pop(staticcall(gas(), 2, _loc, _len, ptr, 0x20)) // sha2 #1\n digest := mload(ptr)\n }\n }\n\n /**\n * @notice Implements bitcoin's hash160 (rmd160(sha2()))\n * @param memView The pre-image\n * @return digest - the Digest\n */\n function hash160(bytes29 memView) internal view returns (bytes20 digest) {\n uint256 _loc = loc(memView);\n uint256 _len = len(memView);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n let ptr := mload(0x40)\n pop(staticcall(gas(), 2, _loc, _len, ptr, 0x20)) // sha2\n pop(staticcall(gas(), 3, ptr, 0x20, ptr, 0x20)) // rmd160\n digest := mload(add(ptr, 0xc)) // return value is 0-prefixed.\n }\n }\n\n /**\n * @notice Implements bitcoin's hash256 (double sha2)\n * @param memView A view of the preimage\n * @return digest - the Digest\n */\n function hash256(bytes29 memView) internal view returns (bytes32 digest) {\n uint256 _loc = loc(memView);\n uint256 _len = len(memView);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n let ptr := mload(0x40)\n pop(staticcall(gas(), 2, _loc, _len, ptr, 0x20)) // sha2 #1\n pop(staticcall(gas(), 2, ptr, 0x20, ptr, 0x20)) // sha2 #2\n digest := mload(ptr)\n }\n }\n\n /**\n * @notice Return true if the underlying memory is equal. Else false.\n * @param left The first view\n * @param right The second view\n * @return bool - True if the underlying memory is equal\n */\n function untypedEqual(bytes29 left, bytes29 right) internal pure returns (bool) {\n return (loc(left) == loc(right) \u0026\u0026 len(left) == len(right)) || keccak(left) == keccak(right);\n }\n\n /**\n * @notice Return false if the underlying memory is equal. Else true.\n * @param left The first view\n * @param right The second view\n * @return bool - False if the underlying memory is equal\n */\n function untypedNotEqual(bytes29 left, bytes29 right) internal pure returns (bool) {\n return !untypedEqual(left, right);\n }\n\n /**\n * @notice Compares type equality.\n * @dev Shortcuts if the pointers are identical, otherwise compares type and digest.\n * @param left The first view\n * @param right The second view\n * @return bool - True if the types are the same\n */\n function equal(bytes29 left, bytes29 right) internal pure returns (bool) {\n return left == right || (typeOf(left) == typeOf(right) \u0026\u0026 keccak(left) == keccak(right));\n }\n\n /**\n * @notice Compares type inequality.\n * @dev Shortcuts if the pointers are identical, otherwise compares type and digest.\n * @param left The first view\n * @param right The second view\n * @return bool - True if the types are not the same\n */\n function notEqual(bytes29 left, bytes29 right) internal pure returns (bool) {\n return !equal(left, right);\n }\n\n /**\n * @notice Copy the view to a location, return an unsafe memory reference\n * @dev Super Dangerous direct memory access.\n *\n * This reference can be overwritten if anything else modifies memory (!!!).\n * As such it MUST be consumed IMMEDIATELY.\n * This function is private to prevent unsafe usage by callers.\n * @param memView The view\n * @param _newLoc The new location\n * @return written - the unsafe memory reference\n */\n function unsafeCopyTo(bytes29 memView, uint256 _newLoc) private view returns (bytes29 written) {\n require(notNull(memView), \"TypedMemView/copyTo - Null pointer deref\");\n require(isValid(memView), \"TypedMemView/copyTo - Invalid pointer deref\");\n uint256 _len = len(memView);\n uint256 _oldLoc = loc(memView);\n\n uint256 ptr;\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n ptr := mload(0x40)\n // revert if we're writing in occupied memory\n if gt(ptr, _newLoc) {\n revert(0x60, 0x20) // empty revert message\n }\n\n // use the identity precompile to copy\n // guaranteed not to fail, so pop the success\n pop(staticcall(gas(), 4, _oldLoc, _len, _newLoc, _len))\n }\n\n written = unsafeBuildUnchecked(typeOf(memView), _newLoc, _len);\n }\n\n /**\n * @notice Copies the referenced memory to a new loc in memory, returning a `bytes` pointing to\n * the new memory\n * @dev Shortcuts if the pointers are identical, otherwise compares type and digest.\n * @param memView The view\n * @return ret - The view pointing to the new memory\n */\n function clone(bytes29 memView) internal view returns (bytes memory ret) {\n uint256 ptr;\n uint256 _len = len(memView);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n ptr := mload(0x40) // load unused memory pointer\n ret := ptr\n }\n unsafeCopyTo(memView, ptr + 0x20);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n mstore(0x40, add(add(ptr, _len), 0x20)) // write new unused pointer\n mstore(ptr, _len) // write len of new array (in bytes)\n }\n }\n\n /**\n * @notice Join the views in memory, return an unsafe reference to the memory.\n * @dev Super Dangerous direct memory access.\n *\n * This reference can be overwritten if anything else modifies memory (!!!).\n * As such it MUST be consumed IMMEDIATELY.\n * This function is private to prevent unsafe usage by callers.\n * @param memViews The views\n * @return unsafeView - The conjoined view pointing to the new memory\n */\n function unsafeJoin(bytes29[] memory memViews, uint256 _location) private view returns (bytes29 unsafeView) {\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n let ptr := mload(0x40)\n // revert if we're writing in occupied memory\n if gt(ptr, _location) {\n revert(0x60, 0x20) // empty revert message\n }\n }\n\n uint256 _offset = 0;\n for (uint256 i = 0; i \u003c memViews.length; i ++) {\n bytes29 memView = memViews[i];\n unsafeCopyTo(memView, _location + _offset);\n _offset += len(memView);\n }\n unsafeView = unsafeBuildUnchecked(0, _location, _offset);\n }\n\n /**\n * @notice Produce the keccak256 digest of the concatenated contents of multiple views.\n * @param memViews The views\n * @return bytes32 - The keccak256 digest\n */\n function joinKeccak(bytes29[] memory memViews) internal view returns (bytes32) {\n uint256 ptr;\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n ptr := mload(0x40) // load unused memory pointer\n }\n return keccak(unsafeJoin(memViews, ptr));\n }\n\n /**\n * @notice Produce the sha256 digest of the concatenated contents of multiple views.\n * @param memViews The views\n * @return bytes32 - The sha256 digest\n */\n function joinSha2(bytes29[] memory memViews) internal view returns (bytes32) {\n uint256 ptr;\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n ptr := mload(0x40) // load unused memory pointer\n }\n return sha2(unsafeJoin(memViews, ptr));\n }\n\n /**\n * @notice copies all views, joins them into a new bytearray.\n * @param memViews The views\n * @return ret - The new byte array\n */\n function join(bytes29[] memory memViews) internal view returns (bytes memory ret) {\n uint256 ptr;\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n ptr := mload(0x40) // load unused memory pointer\n }\n\n bytes29 _newView = unsafeJoin(memViews, ptr + 0x20);\n uint256 _written = len(_newView);\n uint256 _footprint = footprint(_newView);\n\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n // store the legnth\n mstore(ptr, _written)\n // new pointer is old + 0x20 + the footprint of the body\n mstore(0x40, add(add(ptr, _footprint), 0x20))\n ret := ptr\n }\n }\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * @title IRelayer\n * @notice Sends messages from source domain to destination domain\n */\ninterface IRelayer {\n /**\n * @notice Sends an outgoing message from the source domain.\n * @dev Increment nonce, format the message, and emit `MessageSent` event with message information.\n * @param destinationDomain Domain of destination chain\n * @param recipient Address of message recipient on destination domain as bytes32\n * @param messageBody Raw bytes content of message\n * @return nonce reserved by message\n */\n function sendMessage(\n uint32 destinationDomain,\n bytes32 recipient,\n bytes calldata messageBody\n ) external returns (uint64);\n\n /**\n * @notice Sends an outgoing message from the source domain, with a specified caller on the\n * destination domain.\n * @dev Increment nonce, format the message, and emit `MessageSent` event with message information.\n * WARNING: if the `destinationCaller` does not represent a valid address as bytes32, then it will not be possible\n * to broadcast the message on the destination domain. This is an advanced feature, and the standard\n * sendMessage() should be preferred for use cases where a specific destination caller is not required.\n * @param destinationDomain Domain of destination chain\n * @param recipient Address of message recipient on destination domain as bytes32\n * @param destinationCaller caller on the destination domain, as bytes32\n * @param messageBody Raw bytes content of message\n * @return nonce reserved by message\n */\n function sendMessageWithCaller(\n uint32 destinationDomain,\n bytes32 recipient,\n bytes32 destinationCaller,\n bytes calldata messageBody\n ) external returns (uint64);\n\n /**\n * @notice Replace a message with a new message body and/or destination caller.\n * @dev The `originalAttestation` must be a valid attestation of `originalMessage`.\n * @param originalMessage original message to replace\n * @param originalAttestation attestation of `originalMessage`\n * @param newMessageBody new message body of replaced message\n * @param newDestinationCaller the new destination caller\n */\n function replaceMessage(\n bytes calldata originalMessage,\n bytes calldata originalAttestation,\n bytes calldata newMessageBody,\n bytes32 newDestinationCaller\n ) external;\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * @title IReceiver\n * @notice Receives messages on destination chain and forwards them to IMessageDestinationHandler\n */\ninterface IReceiver {\n /**\n * @notice Receives an incoming message, validating the header and passing\n * the body to application-specific handler.\n * @param message The message raw bytes\n * @param signature The message signature\n * @return success bool, true if successful\n */\n function receiveMessage(bytes calldata message, bytes calldata signature)\n external\n returns (bool success);\n}\n\n/**\n * @title IMessageTransmitter\n * @notice Interface for message transmitters, which both relay and receive messages.\n */\ninterface IMessageTransmitter is IRelayer, IReceiver {\n\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * @title IMessageHandler\n * @notice Handles messages on destination domain forwarded from\n * an IReceiver\n */\ninterface IMessageHandler {\n /**\n * @notice handles an incoming message from a Receiver\n * @param sourceDomain the source domain of the message\n * @param sender the sender of the message\n * @param messageBody The message raw bytes\n * @return success bool, true if successful\n */\n function handleReceiveMessage(\n uint32 sourceDomain,\n bytes32 sender,\n bytes calldata messageBody\n ) external returns (bool);\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * @title Message Library\n * @notice Library for formatted messages used by Relayer and Receiver.\n *\n * @dev The message body is dynamically-sized to support custom message body\n * formats. Other fields must be fixed-size to avoid hash collisions.\n * Each other input value has an explicit type to guarantee fixed-size.\n * Padding: uintNN fields are left-padded, and bytesNN fields are right-padded.\n *\n * Field Bytes Type Index\n * version 4 uint32 0\n * sourceDomain 4 uint32 4\n * destinationDomain 4 uint32 8\n * nonce 8 uint64 12\n * sender 32 bytes32 20\n * recipient 32 bytes32 52\n * destinationCaller 32 bytes32 84\n * messageBody dynamic bytes 116\n *\n **/\nlibrary Message {\n using TypedMemView for bytes;\n using TypedMemView for bytes29;\n\n // Indices of each field in message\n uint8 private constant VERSION_INDEX = 0;\n uint8 private constant SOURCE_DOMAIN_INDEX = 4;\n uint8 private constant DESTINATION_DOMAIN_INDEX = 8;\n uint8 private constant NONCE_INDEX = 12;\n uint8 private constant SENDER_INDEX = 20;\n uint8 private constant RECIPIENT_INDEX = 52;\n uint8 private constant DESTINATION_CALLER_INDEX = 84;\n uint8 private constant MESSAGE_BODY_INDEX = 116;\n\n /**\n * @notice Returns formatted (packed) message with provided fields\n * @param _msgVersion the version of the message format\n * @param _msgSourceDomain Domain of home chain\n * @param _msgDestinationDomain Domain of destination chain\n * @param _msgNonce Destination-specific nonce\n * @param _msgSender Address of sender on source chain as bytes32\n * @param _msgRecipient Address of recipient on destination chain as bytes32\n * @param _msgDestinationCaller Address of caller on destination chain as bytes32\n * @param _msgRawBody Raw bytes of message body\n * @return Formatted message\n **/\n function _formatMessage(\n uint32 _msgVersion,\n uint32 _msgSourceDomain,\n uint32 _msgDestinationDomain,\n uint64 _msgNonce,\n bytes32 _msgSender,\n bytes32 _msgRecipient,\n bytes32 _msgDestinationCaller,\n bytes memory _msgRawBody\n ) internal pure returns (bytes memory) {\n return\n abi.encodePacked(\n _msgVersion,\n _msgSourceDomain,\n _msgDestinationDomain,\n _msgNonce,\n _msgSender,\n _msgRecipient,\n _msgDestinationCaller,\n _msgRawBody\n );\n }\n\n // @notice Returns _message's version field\n function _version(bytes29 _message) internal pure returns (uint32) {\n return uint32(_message.indexUint(VERSION_INDEX, 4));\n }\n\n // @notice Returns _message's sourceDomain field\n function _sourceDomain(bytes29 _message) internal pure returns (uint32) {\n return uint32(_message.indexUint(SOURCE_DOMAIN_INDEX, 4));\n }\n\n // @notice Returns _message's destinationDomain field\n function _destinationDomain(bytes29 _message)\n internal\n pure\n returns (uint32)\n {\n return uint32(_message.indexUint(DESTINATION_DOMAIN_INDEX, 4));\n }\n\n // @notice Returns _message's nonce field\n function _nonce(bytes29 _message) internal pure returns (uint64) {\n return uint64(_message.indexUint(NONCE_INDEX, 8));\n }\n\n // @notice Returns _message's sender field\n function _sender(bytes29 _message) internal pure returns (bytes32) {\n return _message.index(SENDER_INDEX, 32);\n }\n\n // @notice Returns _message's recipient field\n function _recipient(bytes29 _message) internal pure returns (bytes32) {\n return _message.index(RECIPIENT_INDEX, 32);\n }\n\n // @notice Returns _message's destinationCaller field\n function _destinationCaller(bytes29 _message)\n internal\n pure\n returns (bytes32)\n {\n return _message.index(DESTINATION_CALLER_INDEX, 32);\n }\n\n // @notice Returns _message's messageBody field\n function _messageBody(bytes29 _message) internal pure returns (bytes29) {\n return\n _message.slice(\n MESSAGE_BODY_INDEX,\n _message.len() - MESSAGE_BODY_INDEX,\n 0\n );\n }\n\n /**\n * @notice converts address to bytes32 (alignment preserving cast.)\n * @param addr the address to convert to bytes32\n */\n function addressToBytes32(address addr) external pure returns (bytes32) {\n return bytes32(uint256(uint160(addr)));\n }\n\n /**\n * @notice converts bytes32 to address (alignment preserving cast.)\n * @dev Warning: it is possible to have different input values _buf map to the same address.\n * For use cases where this is not acceptable, validate that the first 12 bytes of _buf are zero-padding.\n * @param _buf the bytes32 to convert to address\n */\n function bytes32ToAddress(bytes32 _buf) public pure returns (address) {\n return address(uint160(uint256(_buf)));\n }\n\n /**\n * @notice Reverts if message is malformed or incorrect length\n * @param _message The message as bytes29\n */\n function _validateMessageFormat(bytes29 _message) internal pure {\n require(_message.isValid(), \"Malformed message\");\n require(\n _message.len() \u003e= MESSAGE_BODY_INDEX,\n \"Invalid message: too short\"\n );\n }\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/*\n * @dev Provides information about the current execution context, including the\n * sender of the transaction and its data. While these are generally available\n * via msg.sender and msg.data, they should not be accessed in such a direct\n * manner, since when dealing with GSN meta-transactions the account sending and\n * paying for execution may not be the actual sender (as far as an application\n * is concerned).\n *\n * This contract is only required for intermediate, library-like contracts.\n */\nabstract contract Context {\n function _msgSender() internal view virtual returns (address payable) {\n return msg.sender;\n }\n\n function _msgData() internal view virtual returns (bytes memory) {\n this; // silence state mutability warning without generating bytecode - see https://github.com/ethereum/solidity/issues/2691\n return msg.data;\n }\n}\n\n/**\n * @dev forked from https://github.com/OpenZeppelin/openzeppelin-contracts/blob/7c5f6bc2c8743d83443fa46395d75f2f3f99054a/contracts/access/Ownable.sol\n * Modifications:\n * 1. Update Solidity version from 0.8.0 to 0.7.6 (11/9/2022). (v8 was used\n * as base because it includes internal _transferOwnership method.)\n * 2. Remove renounceOwnership function\n *\n * Description\n * Contract module which provides a basic access control mechanism, where\n * there is an account (an owner) that can be granted exclusive access to\n * specific functions.\n *\n * By default, the owner account will be the one that deploys the contract. This\n * can later be changed with {transferOwnership}.\n *\n * This module is used through inheritance. It will make available the modifier\n * `onlyOwner`, which can be applied to your functions to restrict their use to\n * the owner.\n */\nabstract contract Ownable is Context {\n address private _owner;\n\n event OwnershipTransferred(\n address indexed previousOwner,\n address indexed newOwner\n );\n\n /**\n * @dev Initializes the contract setting the deployer as the initial owner.\n */\n constructor() {\n _transferOwnership(_msgSender());\n }\n\n /**\n * @dev Throws if called by any account other than the owner.\n */\n modifier onlyOwner() {\n _checkOwner();\n _;\n }\n\n /**\n * @dev Returns the address of the current owner.\n */\n function owner() public view virtual returns (address) {\n return _owner;\n }\n\n /**\n * @dev Throws if the sender is not the owner.\n */\n function _checkOwner() internal view virtual {\n require(owner() == _msgSender(), \"Ownable: caller is not the owner\");\n }\n\n /**\n * @dev Transfers ownership of the contract to a new account (`newOwner`).\n * Can only be called by the current owner.\n */\n function transferOwnership(address newOwner) public virtual onlyOwner {\n require(\n newOwner != address(0),\n \"Ownable: new owner is the zero address\"\n );\n _transferOwnership(newOwner);\n }\n\n /**\n * @dev Transfers ownership of the contract to a new account (`newOwner`).\n * Internal function without access restriction.\n */\n function _transferOwnership(address newOwner) internal virtual {\n address oldOwner = _owner;\n _owner = newOwner;\n emit OwnershipTransferred(oldOwner, newOwner);\n }\n}\n\n/**\n * @dev forked from https://github.com/OpenZeppelin/openzeppelin-contracts/blob/7c5f6bc2c8743d83443fa46395d75f2f3f99054a/contracts/access/Ownable2Step.sol\n * Modifications:\n * 1. Update Solidity version from 0.8.0 to 0.7.6. Version 0.8.0 was used\n * as base because this contract was added to OZ repo after version 0.8.0.\n *\n * Contract module which provides access control mechanism, where\n * there is an account (an owner) that can be granted exclusive access to\n * specific functions.\n *\n * By default, the owner account will be the one that deploys the contract. This\n * can later be changed with {transferOwnership} and {acceptOwnership}.\n *\n * This module is used through inheritance. It will make available all functions\n * from parent (Ownable).\n */\nabstract contract Ownable2Step is Ownable {\n address private _pendingOwner;\n\n event OwnershipTransferStarted(\n address indexed previousOwner,\n address indexed newOwner\n );\n\n /**\n * @dev Returns the address of the pending owner.\n */\n function pendingOwner() public view virtual returns (address) {\n return _pendingOwner;\n }\n\n /**\n * @dev Starts the ownership transfer of the contract to a new account. Replaces the pending transfer if there is one.\n * Can only be called by the current owner.\n */\n function transferOwnership(address newOwner)\n public\n virtual\n override\n onlyOwner\n {\n _pendingOwner = newOwner;\n emit OwnershipTransferStarted(owner(), newOwner);\n }\n\n /**\n * @dev Transfers ownership of the contract to a new account (`newOwner`) and deletes any pending owner.\n * Internal function without access restriction.\n */\n function _transferOwnership(address newOwner) internal virtual override {\n delete _pendingOwner;\n super._transferOwnership(newOwner);\n }\n\n /**\n * @dev The new owner accepts the ownership transfer.\n */\n function acceptOwnership() external {\n address sender = _msgSender();\n require(\n pendingOwner() == sender,\n \"Ownable2Step: caller is not the new owner\"\n );\n _transferOwnership(sender);\n }\n}\n\n/**\n * @notice Base contract which allows children to implement an emergency stop\n * mechanism\n * @dev Forked from https://github.com/centrehq/centre-tokens/blob/0d3cab14ebd133a83fc834dbd48d0468bdf0b391/contracts/v1/Pausable.sol\n * Modifications:\n * 1. Update Solidity version from 0.6.12 to 0.7.6 (8/23/2022)\n * 2. Change pauser visibility to private, declare external getter (11/19/22)\n */\ncontract Pausable is Ownable2Step {\n event Pause();\n event Unpause();\n event PauserChanged(address indexed newAddress);\n\n address private _pauser;\n bool public paused = false;\n\n /**\n * @dev Modifier to make a function callable only when the contract is not paused.\n */\n modifier whenNotPaused() {\n require(!paused, \"Pausable: paused\");\n _;\n }\n\n /**\n * @dev throws if called by any account other than the pauser\n */\n modifier onlyPauser() {\n require(msg.sender == _pauser, \"Pausable: caller is not the pauser\");\n _;\n }\n\n /**\n * @notice Returns current pauser\n * @return Pauser's address\n */\n function pauser() external view returns (address) {\n return _pauser;\n }\n\n /**\n * @dev called by the owner to pause, triggers stopped state\n */\n function pause() external onlyPauser {\n paused = true;\n emit Pause();\n }\n\n /**\n * @dev called by the owner to unpause, returns to normal state\n */\n function unpause() external onlyPauser {\n paused = false;\n emit Unpause();\n }\n\n /**\n * @dev update the pauser role\n */\n function updatePauser(address _newPauser) external onlyOwner {\n require(\n _newPauser != address(0),\n \"Pausable: new pauser is the zero address\"\n );\n _pauser = _newPauser;\n emit PauserChanged(_pauser);\n }\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * @dev Interface of the ERC20 standard as defined in the EIP.\n */\ninterface IERC20 {\n /**\n * @dev Returns the amount of tokens in existence.\n */\n function totalSupply() external view returns (uint256);\n\n /**\n * @dev Returns the amount of tokens owned by `account`.\n */\n function balanceOf(address account) external view returns (uint256);\n\n /**\n * @dev Moves `amount` tokens from the caller's account to `recipient`.\n *\n * Returns a boolean value indicating whether the operation succeeded.\n *\n * Emits a {Transfer} event.\n */\n function transfer(address recipient, uint256 amount) external returns (bool);\n\n /**\n * @dev Returns the remaining number of tokens that `spender` will be\n * allowed to spend on behalf of `owner` through {transferFrom}. This is\n * zero by default.\n *\n * This value changes when {approve} or {transferFrom} are called.\n */\n function allowance(address owner, address spender) external view returns (uint256);\n\n /**\n * @dev Sets `amount` as the allowance of `spender` over the caller's tokens.\n *\n * Returns a boolean value indicating whether the operation succeeded.\n *\n * IMPORTANT: Beware that changing an allowance with this method brings the risk\n * that someone may use both the old and the new allowance by unfortunate\n * transaction ordering. One possible solution to mitigate this race\n * condition is to first reduce the spender's allowance to 0 and set the\n * desired value afterwards:\n * https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729\n *\n * Emits an {Approval} event.\n */\n function approve(address spender, uint256 amount) external returns (bool);\n\n /**\n * @dev Moves `amount` tokens from `sender` to `recipient` using the\n * allowance mechanism. `amount` is then deducted from the caller's\n * allowance.\n *\n * Returns a boolean value indicating whether the operation succeeded.\n *\n * Emits a {Transfer} event.\n */\n function transferFrom(address sender, address recipient, uint256 amount) external returns (bool);\n\n /**\n * @dev Emitted when `value` tokens are moved from one account (`from`) to\n * another (`to`).\n *\n * Note that `value` may be zero.\n */\n event Transfer(address indexed from, address indexed to, uint256 value);\n\n /**\n * @dev Emitted when the allowance of a `spender` for an `owner` is set by\n * a call to {approve}. `value` is the new allowance.\n */\n event Approval(address indexed owner, address indexed spender, uint256 value);\n}\n\n/**\n * @dev Wrappers over Solidity's arithmetic operations with added overflow\n * checks.\n *\n * Arithmetic operations in Solidity wrap on overflow. This can easily result\n * in bugs, because programmers usually assume that an overflow raises an\n * error, which is the standard behavior in high level programming languages.\n * `SafeMath` restores this intuition by reverting the transaction when an\n * operation overflows.\n *\n * Using this library instead of the unchecked operations eliminates an entire\n * class of bugs, so it's recommended to use it always.\n */\nlibrary SafeMath {\n /**\n * @dev Returns the addition of two unsigned integers, with an overflow flag.\n *\n * _Available since v3.4._\n */\n function tryAdd(uint256 a, uint256 b) internal pure returns (bool, uint256) {\n uint256 c = a + b;\n if (c \u003c a) return (false, 0);\n return (true, c);\n }\n\n /**\n * @dev Returns the substraction of two unsigned integers, with an overflow flag.\n *\n * _Available since v3.4._\n */\n function trySub(uint256 a, uint256 b) internal pure returns (bool, uint256) {\n if (b \u003e a) return (false, 0);\n return (true, a - b);\n }\n\n /**\n * @dev Returns the multiplication of two unsigned integers, with an overflow flag.\n *\n * _Available since v3.4._\n */\n function tryMul(uint256 a, uint256 b) internal pure returns (bool, uint256) {\n // Gas optimization: this is cheaper than requiring 'a' not being zero, but the\n // benefit is lost if 'b' is also tested.\n // See: https://github.com/OpenZeppelin/openzeppelin-contracts/pull/522\n if (a == 0) return (true, 0);\n uint256 c = a * b;\n if (c / a != b) return (false, 0);\n return (true, c);\n }\n\n /**\n * @dev Returns the division of two unsigned integers, with a division by zero flag.\n *\n * _Available since v3.4._\n */\n function tryDiv(uint256 a, uint256 b) internal pure returns (bool, uint256) {\n if (b == 0) return (false, 0);\n return (true, a / b);\n }\n\n /**\n * @dev Returns the remainder of dividing two unsigned integers, with a division by zero flag.\n *\n * _Available since v3.4._\n */\n function tryMod(uint256 a, uint256 b) internal pure returns (bool, uint256) {\n if (b == 0) return (false, 0);\n return (true, a % b);\n }\n\n /**\n * @dev Returns the addition of two unsigned integers, reverting on\n * overflow.\n *\n * Counterpart to Solidity's `+` operator.\n *\n * Requirements:\n *\n * - Addition cannot overflow.\n */\n function add(uint256 a, uint256 b) internal pure returns (uint256) {\n uint256 c = a + b;\n require(c \u003e= a, \"SafeMath: addition overflow\");\n return c;\n }\n\n /**\n * @dev Returns the subtraction of two unsigned integers, reverting on\n * overflow (when the result is negative).\n *\n * Counterpart to Solidity's `-` operator.\n *\n * Requirements:\n *\n * - Subtraction cannot overflow.\n */\n function sub(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b \u003c= a, \"SafeMath: subtraction overflow\");\n return a - b;\n }\n\n /**\n * @dev Returns the multiplication of two unsigned integers, reverting on\n * overflow.\n *\n * Counterpart to Solidity's `*` operator.\n *\n * Requirements:\n *\n * - Multiplication cannot overflow.\n */\n function mul(uint256 a, uint256 b) internal pure returns (uint256) {\n if (a == 0) return 0;\n uint256 c = a * b;\n require(c / a == b, \"SafeMath: multiplication overflow\");\n return c;\n }\n\n /**\n * @dev Returns the integer division of two unsigned integers, reverting on\n * division by zero. The result is rounded towards zero.\n *\n * Counterpart to Solidity's `/` operator. Note: this function uses a\n * `revert` opcode (which leaves remaining gas untouched) while Solidity\n * uses an invalid opcode to revert (consuming all remaining gas).\n *\n * Requirements:\n *\n * - The divisor cannot be zero.\n */\n function div(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b \u003e 0, \"SafeMath: division by zero\");\n return a / b;\n }\n\n /**\n * @dev Returns the remainder of dividing two unsigned integers. (unsigned integer modulo),\n * reverting when dividing by zero.\n *\n * Counterpart to Solidity's `%` operator. This function uses a `revert`\n * opcode (which leaves remaining gas untouched) while Solidity uses an\n * invalid opcode to revert (consuming all remaining gas).\n *\n * Requirements:\n *\n * - The divisor cannot be zero.\n */\n function mod(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b \u003e 0, \"SafeMath: modulo by zero\");\n return a % b;\n }\n\n /**\n * @dev Returns the subtraction of two unsigned integers, reverting with custom message on\n * overflow (when the result is negative).\n *\n * CAUTION: This function is deprecated because it requires allocating memory for the error\n * message unnecessarily. For custom revert reasons use {trySub}.\n *\n * Counterpart to Solidity's `-` operator.\n *\n * Requirements:\n *\n * - Subtraction cannot overflow.\n */\n function sub(uint256 a, uint256 b, string memory errorMessage) internal pure returns (uint256) {\n require(b \u003c= a, errorMessage);\n return a - b;\n }\n\n /**\n * @dev Returns the integer division of two unsigned integers, reverting with custom message on\n * division by zero. The result is rounded towards zero.\n *\n * CAUTION: This function is deprecated because it requires allocating memory for the error\n * message unnecessarily. For custom revert reasons use {tryDiv}.\n *\n * Counterpart to Solidity's `/` operator. Note: this function uses a\n * `revert` opcode (which leaves remaining gas untouched) while Solidity\n * uses an invalid opcode to revert (consuming all remaining gas).\n *\n * Requirements:\n *\n * - The divisor cannot be zero.\n */\n function div(uint256 a, uint256 b, string memory errorMessage) internal pure returns (uint256) {\n require(b \u003e 0, errorMessage);\n return a / b;\n }\n\n /**\n * @dev Returns the remainder of dividing two unsigned integers. (unsigned integer modulo),\n * reverting with custom message when dividing by zero.\n *\n * CAUTION: This function is deprecated because it requires allocating memory for the error\n * message unnecessarily. For custom revert reasons use {tryMod}.\n *\n * Counterpart to Solidity's `%` operator. This function uses a `revert`\n * opcode (which leaves remaining gas untouched) while Solidity uses an\n * invalid opcode to revert (consuming all remaining gas).\n *\n * Requirements:\n *\n * - The divisor cannot be zero.\n */\n function mod(uint256 a, uint256 b, string memory errorMessage) internal pure returns (uint256) {\n require(b \u003e 0, errorMessage);\n return a % b;\n }\n}\n\n/**\n * @dev Collection of functions related to the address type\n */\nlibrary Address {\n /**\n * @dev Returns true if `account` is a contract.\n *\n * [IMPORTANT]\n * ====\n * It is unsafe to assume that an address for which this function returns\n * false is an externally-owned account (EOA) and not a contract.\n *\n * Among others, `isContract` will return false for the following\n * types of addresses:\n *\n * - an externally-owned account\n * - a contract in construction\n * - an address where a contract will be created\n * - an address where a contract lived, but was destroyed\n * ====\n */\n function isContract(address account) internal view returns (bool) {\n // This method relies on extcodesize, which returns 0 for contracts in\n // construction, since the code is only stored at the end of the\n // constructor execution.\n\n uint256 size;\n // solhint-disable-next-line no-inline-assembly\n assembly { size := extcodesize(account) }\n return size \u003e 0;\n }\n\n /**\n * @dev Replacement for Solidity's `transfer`: sends `amount` wei to\n * `recipient`, forwarding all available gas and reverting on errors.\n *\n * https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost\n * of certain opcodes, possibly making contracts go over the 2300 gas limit\n * imposed by `transfer`, making them unable to receive funds via\n * `transfer`. {sendValue} removes this limitation.\n *\n * https://diligence.consensys.net/posts/2019/09/stop-using-soliditys-transfer-now/[Learn more].\n *\n * IMPORTANT: because control is transferred to `recipient`, care must be\n * taken to not create reentrancy vulnerabilities. Consider using\n * {ReentrancyGuard} or the\n * https://solidity.readthedocs.io/en/v0.5.11/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern].\n */\n function sendValue(address payable recipient, uint256 amount) internal {\n require(address(this).balance \u003e= amount, \"Address: insufficient balance\");\n\n // solhint-disable-next-line avoid-low-level-calls, avoid-call-value\n (bool success, ) = recipient.call{ value: amount }(\"\");\n require(success, \"Address: unable to send value, recipient may have reverted\");\n }\n\n /**\n * @dev Performs a Solidity function call using a low level `call`. A\n * plain`call` is an unsafe replacement for a function call: use this\n * function instead.\n *\n * If `target` reverts with a revert reason, it is bubbled up by this\n * function (like regular Solidity function calls).\n *\n * Returns the raw returned data. To convert to the expected return value,\n * use https://solidity.readthedocs.io/en/latest/units-and-global-variables.html?highlight=abi.decode#abi-encoding-and-decoding-functions[`abi.decode`].\n *\n * Requirements:\n *\n * - `target` must be a contract.\n * - calling `target` with `data` must not revert.\n *\n * _Available since v3.1._\n */\n function functionCall(address target, bytes memory data) internal returns (bytes memory) {\n return functionCall(target, data, \"Address: low-level call failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], but with\n * `errorMessage` as a fallback revert reason when `target` reverts.\n *\n * _Available since v3.1._\n */\n function functionCall(address target, bytes memory data, string memory errorMessage) internal returns (bytes memory) {\n return functionCallWithValue(target, data, 0, errorMessage);\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\n * but also transferring `value` wei to `target`.\n *\n * Requirements:\n *\n * - the calling contract must have an ETH balance of at least `value`.\n * - the called Solidity function must be `payable`.\n *\n * _Available since v3.1._\n */\n function functionCallWithValue(address target, bytes memory data, uint256 value) internal returns (bytes memory) {\n return functionCallWithValue(target, data, value, \"Address: low-level call with value failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCallWithValue-address-bytes-uint256-}[`functionCallWithValue`], but\n * with `errorMessage` as a fallback revert reason when `target` reverts.\n *\n * _Available since v3.1._\n */\n function functionCallWithValue(address target, bytes memory data, uint256 value, string memory errorMessage) internal returns (bytes memory) {\n require(address(this).balance \u003e= value, \"Address: insufficient balance for call\");\n require(isContract(target), \"Address: call to non-contract\");\n\n // solhint-disable-next-line avoid-low-level-calls\n (bool success, bytes memory returndata) = target.call{ value: value }(data);\n return _verifyCallResult(success, returndata, errorMessage);\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\n * but performing a static call.\n *\n * _Available since v3.3._\n */\n function functionStaticCall(address target, bytes memory data) internal view returns (bytes memory) {\n return functionStaticCall(target, data, \"Address: low-level static call failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],\n * but performing a static call.\n *\n * _Available since v3.3._\n */\n function functionStaticCall(address target, bytes memory data, string memory errorMessage) internal view returns (bytes memory) {\n require(isContract(target), \"Address: static call to non-contract\");\n\n // solhint-disable-next-line avoid-low-level-calls\n (bool success, bytes memory returndata) = target.staticcall(data);\n return _verifyCallResult(success, returndata, errorMessage);\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\n * but performing a delegate call.\n *\n * _Available since v3.4._\n */\n function functionDelegateCall(address target, bytes memory data) internal returns (bytes memory) {\n return functionDelegateCall(target, data, \"Address: low-level delegate call failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],\n * but performing a delegate call.\n *\n * _Available since v3.4._\n */\n function functionDelegateCall(address target, bytes memory data, string memory errorMessage) internal returns (bytes memory) {\n require(isContract(target), \"Address: delegate call to non-contract\");\n\n // solhint-disable-next-line avoid-low-level-calls\n (bool success, bytes memory returndata) = target.delegatecall(data);\n return _verifyCallResult(success, returndata, errorMessage);\n }\n\n function _verifyCallResult(bool success, bytes memory returndata, string memory errorMessage) private pure returns(bytes memory) {\n if (success) {\n return returndata;\n } else {\n // Look for revert reason and bubble it up if present\n if (returndata.length \u003e 0) {\n // The easiest way to bubble the revert reason is using memory via assembly\n\n // solhint-disable-next-line no-inline-assembly\n assembly {\n let returndata_size := mload(returndata)\n revert(add(32, returndata), returndata_size)\n }\n } else {\n revert(errorMessage);\n }\n }\n }\n}\n\n/**\n * @title SafeERC20\n * @dev Wrappers around ERC20 operations that throw on failure (when the token\n * contract returns false). Tokens that return no value (and instead revert or\n * throw on failure) are also supported, non-reverting calls are assumed to be\n * successful.\n * To use this library you can add a `using SafeERC20 for IERC20;` statement to your contract,\n * which allows you to call the safe operations as `token.safeTransfer(...)`, etc.\n */\nlibrary SafeERC20 {\n using SafeMath for uint256;\n using Address for address;\n\n function safeTransfer(IERC20 token, address to, uint256 value) internal {\n _callOptionalReturn(token, abi.encodeWithSelector(token.transfer.selector, to, value));\n }\n\n function safeTransferFrom(IERC20 token, address from, address to, uint256 value) internal {\n _callOptionalReturn(token, abi.encodeWithSelector(token.transferFrom.selector, from, to, value));\n }\n\n /**\n * @dev Deprecated. This function has issues similar to the ones found in\n * {IERC20-approve}, and its usage is discouraged.\n *\n * Whenever possible, use {safeIncreaseAllowance} and\n * {safeDecreaseAllowance} instead.\n */\n function safeApprove(IERC20 token, address spender, uint256 value) internal {\n // safeApprove should only be called when setting an initial allowance,\n // or when resetting it to zero. To increase and decrease it, use\n // 'safeIncreaseAllowance' and 'safeDecreaseAllowance'\n // solhint-disable-next-line max-line-length\n require((value == 0) || (token.allowance(address(this), spender) == 0),\n \"SafeERC20: approve from non-zero to non-zero allowance\"\n );\n _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, value));\n }\n\n function safeIncreaseAllowance(IERC20 token, address spender, uint256 value) internal {\n uint256 newAllowance = token.allowance(address(this), spender).add(value);\n _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, newAllowance));\n }\n\n function safeDecreaseAllowance(IERC20 token, address spender, uint256 value) internal {\n uint256 newAllowance = token.allowance(address(this), spender).sub(value, \"SafeERC20: decreased allowance below zero\");\n _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, newAllowance));\n }\n\n /**\n * @dev Imitates a Solidity high-level call (i.e. a regular function call to a contract), relaxing the requirement\n * on the return value: the return value is optional (but if data is returned, it must not be false).\n * @param token The token targeted by the call.\n * @param data The call data (encoded using abi.encode or one of its variants).\n */\n function _callOptionalReturn(IERC20 token, bytes memory data) private {\n // We need to perform a low level call here, to bypass Solidity's return data size checking mechanism, since\n // we're implementing it ourselves. We use {Address.functionCall} to perform this call, which verifies that\n // the target address contains contract code and also asserts for success in the low-level call.\n\n bytes memory returndata = address(token).functionCall(data, \"SafeERC20: low-level call failed\");\n if (returndata.length \u003e 0) { // Return data is optional\n // solhint-disable-next-line max-line-length\n require(abi.decode(returndata, (bool)), \"SafeERC20: ERC20 operation did not succeed\");\n }\n }\n}\n\n/**\n * @notice Base contract which allows children to rescue ERC20 locked in their contract.\n * @dev Forked from https://github.com/centrehq/centre-tokens/blob/0d3cab14ebd133a83fc834dbd48d0468bdf0b391/contracts/v1.1/Rescuable.sol\n * Modifications:\n * 1. Update Solidity version from 0.6.12 to 0.7.6 (8/23/2022)\n */\ncontract Rescuable is Ownable2Step {\n using SafeERC20 for IERC20;\n\n address private _rescuer;\n\n event RescuerChanged(address indexed newRescuer);\n\n /**\n * @notice Returns current rescuer\n * @return Rescuer's address\n */\n function rescuer() external view returns (address) {\n return _rescuer;\n }\n\n /**\n * @notice Revert if called by any account other than the rescuer.\n */\n modifier onlyRescuer() {\n require(msg.sender == _rescuer, \"Rescuable: caller is not the rescuer\");\n _;\n }\n\n /**\n * @notice Rescue ERC20 tokens locked up in this contract.\n * @param tokenContract ERC20 token contract address\n * @param to Recipient address\n * @param amount Amount to withdraw\n */\n function rescueERC20(\n IERC20 tokenContract,\n address to,\n uint256 amount\n ) external onlyRescuer {\n tokenContract.safeTransfer(to, amount);\n }\n\n /**\n * @notice Assign the rescuer role to a given address.\n * @param newRescuer New rescuer's address\n */\n function updateRescuer(address newRescuer) external onlyOwner {\n require(\n newRescuer != address(0),\n \"Rescuable: new rescuer is the zero address\"\n );\n _rescuer = newRescuer;\n emit RescuerChanged(newRescuer);\n }\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * @dev Library for managing\n * https://en.wikipedia.org/wiki/Set_(abstract_data_type)[sets] of primitive\n * types.\n *\n * Sets have the following properties:\n *\n * - Elements are added, removed, and checked for existence in constant time\n * (O(1)).\n * - Elements are enumerated in O(n). No guarantees are made on the ordering.\n *\n * ```\n * contract Example {\n * // Add the library methods\n * using EnumerableSet for EnumerableSet.AddressSet;\n *\n * // Declare a set state variable\n * EnumerableSet.AddressSet private mySet;\n * }\n * ```\n *\n * As of v3.3.0, sets of type `bytes32` (`Bytes32Set`), `address` (`AddressSet`)\n * and `uint256` (`UintSet`) are supported.\n */\nlibrary EnumerableSet {\n // To implement this library for multiple types with as little code\n // repetition as possible, we write it in terms of a generic Set type with\n // bytes32 values.\n // The Set implementation uses private functions, and user-facing\n // implementations (such as AddressSet) are just wrappers around the\n // underlying Set.\n // This means that we can only create new EnumerableSets for types that fit\n // in bytes32.\n\n struct Set {\n // Storage of set values\n bytes32[] _values;\n\n // Position of the value in the `values` array, plus 1 because index 0\n // means a value is not in the set.\n mapping (bytes32 =\u003e uint256) _indexes;\n }\n\n /**\n * @dev Add a value to a set. O(1).\n *\n * Returns true if the value was added to the set, that is if it was not\n * already present.\n */\n function _add(Set storage set, bytes32 value) private returns (bool) {\n if (!_contains(set, value)) {\n set._values.push(value);\n // The value is stored at length-1, but we add 1 to all indexes\n // and use 0 as a sentinel value\n set._indexes[value] = set._values.length;\n return true;\n } else {\n return false;\n }\n }\n\n /**\n * @dev Removes a value from a set. O(1).\n *\n * Returns true if the value was removed from the set, that is if it was\n * present.\n */\n function _remove(Set storage set, bytes32 value) private returns (bool) {\n // We read and store the value's index to prevent multiple reads from the same storage slot\n uint256 valueIndex = set._indexes[value];\n\n if (valueIndex != 0) { // Equivalent to contains(set, value)\n // To delete an element from the _values array in O(1), we swap the element to delete with the last one in\n // the array, and then remove the last element (sometimes called as 'swap and pop').\n // This modifies the order of the array, as noted in {at}.\n\n uint256 toDeleteIndex = valueIndex - 1;\n uint256 lastIndex = set._values.length - 1;\n\n // When the value to delete is the last one, the swap operation is unnecessary. However, since this occurs\n // so rarely, we still do the swap anyway to avoid the gas cost of adding an 'if' statement.\n\n bytes32 lastvalue = set._values[lastIndex];\n\n // Move the last value to the index where the value to delete is\n set._values[toDeleteIndex] = lastvalue;\n // Update the index for the moved value\n set._indexes[lastvalue] = toDeleteIndex + 1; // All indexes are 1-based\n\n // Delete the slot where the moved value was stored\n set._values.pop();\n\n // Delete the index for the deleted slot\n delete set._indexes[value];\n\n return true;\n } else {\n return false;\n }\n }\n\n /**\n * @dev Returns true if the value is in the set. O(1).\n */\n function _contains(Set storage set, bytes32 value) private view returns (bool) {\n return set._indexes[value] != 0;\n }\n\n /**\n * @dev Returns the number of values on the set. O(1).\n */\n function _length(Set storage set) private view returns (uint256) {\n return set._values.length;\n }\n\n /**\n * @dev Returns the value stored at position `index` in the set. O(1).\n *\n * Note that there are no guarantees on the ordering of values inside the\n * array, and it may change when more values are added or removed.\n *\n * Requirements:\n *\n * - `index` must be strictly less than {length}.\n */\n function _at(Set storage set, uint256 index) private view returns (bytes32) {\n require(set._values.length \u003e index, \"EnumerableSet: index out of bounds\");\n return set._values[index];\n }\n\n // Bytes32Set\n\n struct Bytes32Set {\n Set _inner;\n }\n\n /**\n * @dev Add a value to a set. O(1).\n *\n * Returns true if the value was added to the set, that is if it was not\n * already present.\n */\n function add(Bytes32Set storage set, bytes32 value) internal returns (bool) {\n return _add(set._inner, value);\n }\n\n /**\n * @dev Removes a value from a set. O(1).\n *\n * Returns true if the value was removed from the set, that is if it was\n * present.\n */\n function remove(Bytes32Set storage set, bytes32 value) internal returns (bool) {\n return _remove(set._inner, value);\n }\n\n /**\n * @dev Returns true if the value is in the set. O(1).\n */\n function contains(Bytes32Set storage set, bytes32 value) internal view returns (bool) {\n return _contains(set._inner, value);\n }\n\n /**\n * @dev Returns the number of values in the set. O(1).\n */\n function length(Bytes32Set storage set) internal view returns (uint256) {\n return _length(set._inner);\n }\n\n /**\n * @dev Returns the value stored at position `index` in the set. O(1).\n *\n * Note that there are no guarantees on the ordering of values inside the\n * array, and it may change when more values are added or removed.\n *\n * Requirements:\n *\n * - `index` must be strictly less than {length}.\n */\n function at(Bytes32Set storage set, uint256 index) internal view returns (bytes32) {\n return _at(set._inner, index);\n }\n\n // AddressSet\n\n struct AddressSet {\n Set _inner;\n }\n\n /**\n * @dev Add a value to a set. O(1).\n *\n * Returns true if the value was added to the set, that is if it was not\n * already present.\n */\n function add(AddressSet storage set, address value) internal returns (bool) {\n return _add(set._inner, bytes32(uint256(uint160(value))));\n }\n\n /**\n * @dev Removes a value from a set. O(1).\n *\n * Returns true if the value was removed from the set, that is if it was\n * present.\n */\n function remove(AddressSet storage set, address value) internal returns (bool) {\n return _remove(set._inner, bytes32(uint256(uint160(value))));\n }\n\n /**\n * @dev Returns true if the value is in the set. O(1).\n */\n function contains(AddressSet storage set, address value) internal view returns (bool) {\n return _contains(set._inner, bytes32(uint256(uint160(value))));\n }\n\n /**\n * @dev Returns the number of values in the set. O(1).\n */\n function length(AddressSet storage set) internal view returns (uint256) {\n return _length(set._inner);\n }\n\n /**\n * @dev Returns the value stored at position `index` in the set. O(1).\n *\n * Note that there are no guarantees on the ordering of values inside the\n * array, and it may change when more values are added or removed.\n *\n * Requirements:\n *\n * - `index` must be strictly less than {length}.\n */\n function at(AddressSet storage set, uint256 index) internal view returns (address) {\n return address(uint160(uint256(_at(set._inner, index))));\n }\n\n // UintSet\n\n struct UintSet {\n Set _inner;\n }\n\n /**\n * @dev Add a value to a set. O(1).\n *\n * Returns true if the value was added to the set, that is if it was not\n * already present.\n */\n function add(UintSet storage set, uint256 value) internal returns (bool) {\n return _add(set._inner, bytes32(value));\n }\n\n /**\n * @dev Removes a value from a set. O(1).\n *\n * Returns true if the value was removed from the set, that is if it was\n * present.\n */\n function remove(UintSet storage set, uint256 value) internal returns (bool) {\n return _remove(set._inner, bytes32(value));\n }\n\n /**\n * @dev Returns true if the value is in the set. O(1).\n */\n function contains(UintSet storage set, uint256 value) internal view returns (bool) {\n return _contains(set._inner, bytes32(value));\n }\n\n /**\n * @dev Returns the number of values on the set. O(1).\n */\n function length(UintSet storage set) internal view returns (uint256) {\n return _length(set._inner);\n }\n\n /**\n * @dev Returns the value stored at position `index` in the set. O(1).\n *\n * Note that there are no guarantees on the ordering of values inside the\n * array, and it may change when more values are added or removed.\n *\n * Requirements:\n *\n * - `index` must be strictly less than {length}.\n */\n function at(UintSet storage set, uint256 index) internal view returns (uint256) {\n return uint256(_at(set._inner, index));\n }\n}\n\n/**\n * @dev Elliptic Curve Digital Signature Algorithm (ECDSA) operations.\n *\n * These functions can be used to verify that a message was signed by the holder\n * of the private keys of a given address.\n */\nlibrary ECDSA {\n /**\n * @dev Returns the address that signed a hashed message (`hash`) with\n * `signature`. This address can then be used for verification purposes.\n *\n * The `ecrecover` EVM opcode allows for malleable (non-unique) signatures:\n * this function rejects them by requiring the `s` value to be in the lower\n * half order, and the `v` value to be either 27 or 28.\n *\n * IMPORTANT: `hash` _must_ be the result of a hash operation for the\n * verification to be secure: it is possible to craft signatures that\n * recover to arbitrary addresses for non-hashed data. A safe way to ensure\n * this is by receiving a hash of the original message (which may otherwise\n * be too long), and then calling {toEthSignedMessageHash} on it.\n */\n function recover(bytes32 hash, bytes memory signature) internal pure returns (address) {\n // Check the signature length\n if (signature.length != 65) {\n revert(\"ECDSA: invalid signature length\");\n }\n\n // Divide the signature in r, s and v variables\n bytes32 r;\n bytes32 s;\n uint8 v;\n\n // ecrecover takes the signature parameters, and the only way to get them\n // currently is to use assembly.\n // solhint-disable-next-line no-inline-assembly\n assembly {\n r := mload(add(signature, 0x20))\n s := mload(add(signature, 0x40))\n v := byte(0, mload(add(signature, 0x60)))\n }\n\n return recover(hash, v, r, s);\n }\n\n /**\n * @dev Overload of {ECDSA-recover-bytes32-bytes-} that receives the `v`,\n * `r` and `s` signature fields separately.\n */\n function recover(bytes32 hash, uint8 v, bytes32 r, bytes32 s) internal pure returns (address) {\n // EIP-2 still allows signature malleability for ecrecover(). Remove this possibility and make the signature\n // unique. Appendix F in the Ethereum Yellow paper (https://ethereum.github.io/yellowpaper/paper.pdf), defines\n // the valid range for s in (281): 0 \u003c s \u003c secp256k1n ÷ 2 + 1, and for v in (282): v ∈ {27, 28}. Most\n // signatures from current libraries generate a unique signature with an s-value in the lower half order.\n //\n // If your library generates malleable signatures, such as s-values in the upper range, calculate a new s-value\n // with 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141 - s1 and flip v from 27 to 28 or\n // vice versa. If your library also generates signatures with 0/1 for v instead 27/28, add 27 to v to accept\n // these malleable signatures as well.\n require(uint256(s) \u003c= 0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0, \"ECDSA: invalid signature 's' value\");\n require(v == 27 || v == 28, \"ECDSA: invalid signature 'v' value\");\n\n // If the signature is valid (and not malleable), return the signer address\n address signer = ecrecover(hash, v, r, s);\n require(signer != address(0), \"ECDSA: invalid signature\");\n\n return signer;\n }\n\n /**\n * @dev Returns an Ethereum Signed Message, created from a `hash`. This\n * replicates the behavior of the\n * https://github.com/ethereum/wiki/wiki/JSON-RPC#eth_sign[`eth_sign`]\n * JSON-RPC method.\n *\n * See {recover}.\n */\n function toEthSignedMessageHash(bytes32 hash) internal pure returns (bytes32) {\n // 32 is the length in bytes of hash,\n // enforced by the type signature above\n return keccak256(abi.encodePacked(\"\\x19Ethereum Signed Message:\\n32\", hash));\n }\n}\n\ncontract Attestable is Ownable2Step {\n // ============ Events ============\n /**\n * @notice Emitted when an attester is enabled\n * @param attester newly enabled attester\n */\n event AttesterEnabled(address indexed attester);\n\n /**\n * @notice Emitted when an attester is disabled\n * @param attester newly disabled attester\n */\n event AttesterDisabled(address indexed attester);\n\n /**\n * @notice Emitted when threshold number of attestations (m in m/n multisig) is updated\n * @param oldSignatureThreshold old signature threshold\n * @param newSignatureThreshold new signature threshold\n */\n event SignatureThresholdUpdated(\n uint256 oldSignatureThreshold,\n uint256 newSignatureThreshold\n );\n\n /**\n * @dev Emitted when attester manager address is updated\n * @param previousAttesterManager representing the address of the previous attester manager\n * @param newAttesterManager representing the address of the new attester manager\n */\n event AttesterManagerUpdated(\n address indexed previousAttesterManager,\n address indexed newAttesterManager\n );\n\n // ============ Libraries ============\n using EnumerableSet for EnumerableSet.AddressSet;\n\n // ============ State Variables ============\n // number of signatures from distinct attesters required for a message to be received (m in m/n multisig)\n uint256 public signatureThreshold;\n\n // 65-byte ECDSA signature: v (32) + r (32) + s (1)\n uint256 internal constant signatureLength = 65;\n\n // enabled attesters (message signers)\n // (length of enabledAttesters is n in m/n multisig of message signers)\n EnumerableSet.AddressSet private enabledAttesters;\n\n // Attester Manager of the contract\n address private _attesterManager;\n\n // ============ Modifiers ============\n /**\n * @dev Throws if called by any account other than the attester manager.\n */\n modifier onlyAttesterManager() {\n require(msg.sender == _attesterManager, \"Caller not attester manager\");\n _;\n }\n\n // ============ Constructor ============\n /**\n * @dev The constructor sets the original attester manager of the contract to the sender account.\n * @param attester attester to initialize\n */\n constructor(address attester) {\n _setAttesterManager(msg.sender);\n // Initially 1 signature is required. Threshold can be increased by attesterManager.\n signatureThreshold = 1;\n enableAttester(attester);\n }\n\n // ============ Public/External Functions ============\n /**\n * @notice Enables an attester\n * @dev Only callable by attesterManager. New attester must be nonzero, and currently disabled.\n * @param newAttester attester to enable\n */\n function enableAttester(address newAttester) public onlyAttesterManager {\n require(newAttester != address(0), \"New attester must be nonzero\");\n require(enabledAttesters.add(newAttester), \"Attester already enabled\");\n emit AttesterEnabled(newAttester);\n }\n\n /**\n * @notice returns true if given `attester` is enabled, else false\n * @param attester attester to check enabled status of\n * @return true if given `attester` is enabled, else false\n */\n function isEnabledAttester(address attester) public view returns (bool) {\n return enabledAttesters.contains(attester);\n }\n\n /**\n * @notice returns the number of enabled attesters\n * @return number of enabled attesters\n */\n function getNumEnabledAttesters() public view returns (uint256) {\n return enabledAttesters.length();\n }\n\n /**\n * @dev Allows the current attester manager to transfer control of the contract to a newAttesterManager.\n * @param newAttesterManager The address to update attester manager to.\n */\n function updateAttesterManager(address newAttesterManager)\n external\n onlyOwner\n {\n require(\n newAttesterManager != address(0),\n \"Invalid attester manager address\"\n );\n address _oldAttesterManager = _attesterManager;\n _setAttesterManager(newAttesterManager);\n emit AttesterManagerUpdated(_oldAttesterManager, newAttesterManager);\n }\n\n /**\n * @notice Disables an attester\n * @dev Only callable by attesterManager. Disabling the attester is not allowed if there is only one attester\n * enabled, or if it would cause the number of enabled attesters to become less than signatureThreshold.\n * (Attester must be currently enabled.)\n * @param attester attester to disable\n */\n function disableAttester(address attester) external onlyAttesterManager {\n // Disallow disabling attester if there is only 1 active attester\n uint256 _numEnabledAttesters = getNumEnabledAttesters();\n\n require(_numEnabledAttesters \u003e 1, \"Too few enabled attesters\");\n\n // Disallow disabling an attester if it would cause the n in m/n multisig to fall below m (threshold # of signers).\n require(\n _numEnabledAttesters \u003e signatureThreshold,\n \"Signature threshold is too low\"\n );\n\n require(enabledAttesters.remove(attester), \"Attester already disabled\");\n emit AttesterDisabled(attester);\n }\n\n /**\n * @notice Sets the threshold of signatures required to attest to a message.\n * (This is the m in m/n multisig.)\n * @dev new signature threshold must be nonzero, and must not exceed number\n * of enabled attesters.\n * @param newSignatureThreshold new signature threshold\n */\n function setSignatureThreshold(uint256 newSignatureThreshold)\n external\n onlyAttesterManager\n {\n require(newSignatureThreshold != 0, \"Invalid signature threshold\");\n\n // New signature threshold cannot exceed the number of enabled attesters\n require(\n newSignatureThreshold \u003c= enabledAttesters.length(),\n \"New signature threshold too high\"\n );\n\n require(\n newSignatureThreshold != signatureThreshold,\n \"Signature threshold already set\"\n );\n\n uint256 _oldSignatureThreshold = signatureThreshold;\n signatureThreshold = newSignatureThreshold;\n emit SignatureThresholdUpdated(\n _oldSignatureThreshold,\n signatureThreshold\n );\n }\n\n /**\n * @dev Returns the address of the attester manager\n * @return address of the attester manager\n */\n function attesterManager() external view returns (address) {\n return _attesterManager;\n }\n\n /**\n * @notice gets enabled attester at given `index`\n * @param index index of attester to check\n * @return enabled attester at given `index`\n */\n function getEnabledAttester(uint256 index) external view returns (address) {\n return enabledAttesters.at(index);\n }\n\n // ============ Internal Utils ============\n /**\n * @dev Sets a new attester manager address\n * @param _newAttesterManager attester manager address to set\n */\n function _setAttesterManager(address _newAttesterManager) internal {\n _attesterManager = _newAttesterManager;\n }\n\n /**\n * @notice reverts if the attestation, which is comprised of one or more concatenated 65-byte signatures, is invalid.\n * @dev Rules for valid attestation:\n * 1. length of `_attestation` == 65 (signature length) * signatureThreshold\n * 2. addresses recovered from attestation must be in increasing order.\n * For example, if signature A is signed by address 0x1..., and signature B\n * is signed by address 0x2..., attestation must be passed as AB.\n * 3. no duplicate signers\n * 4. all signers must be enabled attesters\n *\n * Based on Christian Lundkvist's Simple Multisig\n * (https://github.com/christianlundkvist/simple-multisig/tree/560c463c8651e0a4da331bd8f245ccd2a48ab63d)\n * @param _message message to verify attestation of\n * @param _attestation attestation of `_message`\n */\n function _verifyAttestationSignatures(\n bytes calldata _message,\n bytes calldata _attestation\n ) internal view {\n require(\n _attestation.length == signatureLength * signatureThreshold,\n \"Invalid attestation length\"\n );\n\n // (Attesters cannot be address(0))\n address _latestAttesterAddress = address(0);\n // Address recovered from signatures must be in increasing order, to prevent duplicates\n\n bytes32 _digest = keccak256(_message);\n\n for (uint256 i; i \u003c signatureThreshold; ++i) {\n bytes memory _signature = _attestation[i * signatureLength:i *\n signatureLength +\n signatureLength];\n\n address _recoveredAttester = _recoverAttesterSignature(\n _digest,\n _signature\n );\n\n // Signatures must be in increasing order of address, and may not duplicate signatures from same address\n require(\n _recoveredAttester \u003e _latestAttesterAddress,\n \"Invalid signature order or dupe\"\n );\n require(\n isEnabledAttester(_recoveredAttester),\n \"Invalid signature: not attester\"\n );\n _latestAttesterAddress = _recoveredAttester;\n }\n }\n\n /**\n * @notice Checks that signature was signed by attester\n * @param _digest message hash\n * @param _signature message signature\n * @return address of recovered signer\n **/\n function _recoverAttesterSignature(bytes32 _digest, bytes memory _signature)\n internal\n pure\n returns (address)\n {\n return (ECDSA.recover(_digest, _signature));\n }\n}\n\n/**\n * @title MessageTransmitter\n * @notice Contract responsible for sending and receiving messages across chains.\n */\ncontract MessageTransmitter is\n IMessageTransmitter,\n Pausable,\n Rescuable,\n Attestable\n{\n // ============ Events ============\n /**\n * @notice Emitted when a new message is dispatched\n * @param message Raw bytes of message\n */\n event MessageSent(bytes message);\n\n /**\n * @notice Emitted when a new message is received\n * @param caller Caller (msg.sender) on destination domain\n * @param sourceDomain The source domain this message originated from\n * @param nonce The nonce unique to this message\n * @param sender The sender of this message\n * @param messageBody message body bytes\n */\n event MessageReceived(\n address indexed caller,\n uint32 sourceDomain,\n uint64 indexed nonce,\n bytes32 sender,\n bytes messageBody\n );\n\n /**\n * @notice Emitted when max message body size is updated\n * @param newMaxMessageBodySize new maximum message body size, in bytes\n */\n event MaxMessageBodySizeUpdated(uint256 newMaxMessageBodySize);\n\n // ============ Libraries ============\n using TypedMemView for bytes;\n using TypedMemView for bytes29;\n using Message for bytes29;\n\n // ============ State Variables ============\n // Domain of chain on which the contract is deployed\n uint32 public immutable localDomain;\n\n // Message Format version\n uint32 public immutable version;\n\n // Maximum size of message body, in bytes.\n // This value is set by owner.\n uint256 public maxMessageBodySize;\n\n // Next available nonce from this source domain\n uint64 public nextAvailableNonce;\n\n // Maps a bytes32 hash of (sourceDomain, nonce) -\u003e uint256 (0 if unused, 1 if used)\n mapping(bytes32 =\u003e uint256) public usedNonces;\n\n // ============ Constructor ============\n constructor(\n uint32 _localDomain,\n address _attester,\n uint32 _maxMessageBodySize,\n uint32 _version\n ) Attestable(_attester) {\n localDomain = _localDomain;\n maxMessageBodySize = _maxMessageBodySize;\n version = _version;\n }\n\n // ============ External Functions ============\n /**\n * @notice Send the message to the destination domain and recipient\n * @dev Increment nonce, format the message, and emit `MessageSent` event with message information.\n * @param destinationDomain Domain of destination chain\n * @param recipient Address of message recipient on destination chain as bytes32\n * @param messageBody Raw bytes content of message\n * @return nonce reserved by message\n */\n function sendMessage(\n uint32 destinationDomain,\n bytes32 recipient,\n bytes calldata messageBody\n ) external override whenNotPaused returns (uint64) {\n bytes32 _emptyDestinationCaller = bytes32(0);\n uint64 _nonce = _reserveAndIncrementNonce();\n bytes32 _messageSender = Message.addressToBytes32(msg.sender);\n\n _sendMessage(\n destinationDomain,\n recipient,\n _emptyDestinationCaller,\n _messageSender,\n _nonce,\n messageBody\n );\n\n return _nonce;\n }\n\n /**\n * @notice Replace a message with a new message body and/or destination caller.\n * @dev The `originalAttestation` must be a valid attestation of `originalMessage`.\n * Reverts if msg.sender does not match sender of original message, or if the source domain of the original message\n * does not match this MessageTransmitter's local domain.\n * @param originalMessage original message to replace\n * @param originalAttestation attestation of `originalMessage`\n * @param newMessageBody new message body of replaced message\n * @param newDestinationCaller the new destination caller, which may be the\n * same as the original destination caller, a new destination caller, or an empty\n * destination caller (bytes32(0), indicating that any destination caller is valid.)\n */\n function replaceMessage(\n bytes calldata originalMessage,\n bytes calldata originalAttestation,\n bytes calldata newMessageBody,\n bytes32 newDestinationCaller\n ) external override whenNotPaused {\n // Validate each signature in the attestation\n _verifyAttestationSignatures(originalMessage, originalAttestation);\n\n bytes29 _originalMsg = originalMessage.ref(0);\n\n // Validate message format\n _originalMsg._validateMessageFormat();\n\n // Validate message sender\n bytes32 _sender = _originalMsg._sender();\n require(\n msg.sender == Message.bytes32ToAddress(_sender),\n \"Sender not permitted to use nonce\"\n );\n\n // Validate source domain\n uint32 _sourceDomain = _originalMsg._sourceDomain();\n require(\n _sourceDomain == localDomain,\n \"Message not originally sent from this domain\"\n );\n\n uint32 _destinationDomain = _originalMsg._destinationDomain();\n bytes32 _recipient = _originalMsg._recipient();\n uint64 _nonce = _originalMsg._nonce();\n\n _sendMessage(\n _destinationDomain,\n _recipient,\n newDestinationCaller,\n _sender,\n _nonce,\n newMessageBody\n );\n }\n\n /**\n * @notice Send the message to the destination domain and recipient, for a specified `destinationCaller` on the\n * destination domain.\n * @dev Increment nonce, format the message, and emit `MessageSent` event with message information.\n * WARNING: if the `destinationCaller` does not represent a valid address, then it will not be possible\n * to broadcast the message on the destination domain. This is an advanced feature, and the standard\n * sendMessage() should be preferred for use cases where a specific destination caller is not required.\n * @param destinationDomain Domain of destination chain\n * @param recipient Address of message recipient on destination domain as bytes32\n * @param destinationCaller caller on the destination domain, as bytes32\n * @param messageBody Raw bytes content of message\n * @return nonce reserved by message\n */\n function sendMessageWithCaller(\n uint32 destinationDomain,\n bytes32 recipient,\n bytes32 destinationCaller,\n bytes calldata messageBody\n ) external override whenNotPaused returns (uint64) {\n require(\n destinationCaller != bytes32(0),\n \"Destination caller must be nonzero\"\n );\n\n uint64 _nonce = _reserveAndIncrementNonce();\n bytes32 _messageSender = Message.addressToBytes32(msg.sender);\n\n _sendMessage(\n destinationDomain,\n recipient,\n destinationCaller,\n _messageSender,\n _nonce,\n messageBody\n );\n\n return _nonce;\n }\n\n /**\n * @notice Receive a message. Messages with a given nonce\n * can only be broadcast once for a (sourceDomain, destinationDomain)\n * pair. The message body of a valid message is passed to the\n * specified recipient for further processing.\n *\n * @dev Attestation format:\n * A valid attestation is the concatenated 65-byte signature(s) of exactly\n * `thresholdSignature` signatures, in increasing order of attester address.\n * ***If the attester addresses recovered from signatures are not in\n * increasing order, signature verification will fail.***\n * If incorrect number of signatures or duplicate signatures are supplied,\n * signature verification will fail.\n *\n * Message format:\n * Field Bytes Type Index\n * version 4 uint32 0\n * sourceDomain 4 uint32 4\n * destinationDomain 4 uint32 8\n * nonce 8 uint64 12\n * sender 32 bytes32 20\n * recipient 32 bytes32 52\n * messageBody dynamic bytes 84\n * @param message Message bytes\n * @param attestation Concatenated 65-byte signature(s) of `message`, in increasing order\n * of the attester address recovered from signatures.\n * @return success bool, true if successful\n */\n function receiveMessage(bytes calldata message, bytes calldata attestation)\n external\n override\n whenNotPaused\n returns (bool success)\n {\n // Validate each signature in the attestation\n _verifyAttestationSignatures(message, attestation);\n\n bytes29 _msg = message.ref(0);\n\n // Validate message format\n _msg._validateMessageFormat();\n\n // Validate domain\n require(\n _msg._destinationDomain() == localDomain,\n \"Invalid destination domain\"\n );\n\n // Validate destination caller\n if (_msg._destinationCaller() != bytes32(0)) {\n require(\n _msg._destinationCaller() ==\n Message.addressToBytes32(msg.sender),\n \"Invalid caller for message\"\n );\n }\n\n // Validate version\n require(_msg._version() == version, \"Invalid message version\");\n\n // Validate nonce is available\n uint32 _sourceDomain = _msg._sourceDomain();\n uint64 _nonce = _msg._nonce();\n bytes32 _sourceAndNonce = _hashSourceAndNonce(_sourceDomain, _nonce);\n require(usedNonces[_sourceAndNonce] == 0, \"Nonce already used\");\n // Mark nonce used\n usedNonces[_sourceAndNonce] = 1;\n\n // Handle receive message\n bytes32 _sender = _msg._sender();\n bytes memory _messageBody = _msg._messageBody().clone();\n require(\n IMessageHandler(Message.bytes32ToAddress(_msg._recipient()))\n .handleReceiveMessage(_sourceDomain, _sender, _messageBody),\n \"handleReceiveMessage() failed\"\n );\n\n // Emit MessageReceived event\n emit MessageReceived(\n msg.sender,\n _sourceDomain,\n _nonce,\n _sender,\n _messageBody\n );\n return true;\n }\n\n /**\n * @notice Sets the max message body size\n * @dev This value should not be reduced without good reason,\n * to avoid impacting users who rely on large messages.\n * @param newMaxMessageBodySize new max message body size, in bytes\n */\n function setMaxMessageBodySize(uint256 newMaxMessageBodySize)\n external\n onlyOwner\n {\n maxMessageBodySize = newMaxMessageBodySize;\n emit MaxMessageBodySizeUpdated(maxMessageBodySize);\n }\n\n // ============ Internal Utils ============\n /**\n * @notice Send the message to the destination domain and recipient. If `_destinationCaller` is not equal to bytes32(0),\n * the message can only be received on the destination chain when called by `_destinationCaller`.\n * @dev Format the message and emit `MessageSent` event with message information.\n * @param _destinationDomain Domain of destination chain\n * @param _recipient Address of message recipient on destination domain as bytes32\n * @param _destinationCaller caller on the destination domain, as bytes32\n * @param _sender message sender, as bytes32\n * @param _nonce nonce reserved for message\n * @param _messageBody Raw bytes content of message\n */\n function _sendMessage(\n uint32 _destinationDomain,\n bytes32 _recipient,\n bytes32 _destinationCaller,\n bytes32 _sender,\n uint64 _nonce,\n bytes calldata _messageBody\n ) internal {\n // Validate message body length\n require(\n _messageBody.length \u003c= maxMessageBodySize,\n \"Message body exceeds max size\"\n );\n\n require(_recipient != bytes32(0), \"Recipient must be nonzero\");\n\n // serialize message\n bytes memory _message = Message._formatMessage(\n version,\n localDomain,\n _destinationDomain,\n _nonce,\n _sender,\n _recipient,\n _destinationCaller,\n _messageBody\n );\n\n // Emit MessageSent event\n emit MessageSent(_message);\n }\n\n /**\n * @notice hashes `_source` and `_nonce`.\n * @param _source Domain of chain where the transfer originated\n * @param _nonce The unique identifier for the message from source to\n destination\n * @return hash of source and nonce\n */\n function _hashSourceAndNonce(uint32 _source, uint64 _nonce)\n internal\n pure\n returns (bytes32)\n {\n return keccak256(abi.encodePacked(_source, _nonce));\n }\n\n /**\n * Reserve and increment next available nonce\n * @return nonce reserved\n */\n function _reserveAndIncrementNonce() internal returns (uint64) {\n uint64 _nonceReserved = nextAvailableNonce;\n nextAvailableNonce = nextAvailableNonce + 1;\n return _nonceReserved;\n }\n}\n","language":"Solidity","languageVersion":"0.7.6","compilerVersion":"0.7.6","compilerOptions":"--combined-json bin,bin-runtime,srcmap,srcmap-runtime,abi,userdoc,devdoc,metadata,hashes --optimize --optimize-runs 10000 --allow-paths ., ./, ../","srcMap":"","srcMapRuntime":"","abiDefinition":[{"inputs":[{"internalType":"bytes","name":"originalMessage","type":"bytes"},{"internalType":"bytes","name":"originalAttestation","type":"bytes"},{"internalType":"bytes","name":"newMessageBody","type":"bytes"},{"internalType":"bytes32","name":"newDestinationCaller","type":"bytes32"}],"name":"replaceMessage","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[{"internalType":"uint32","name":"destinationDomain","type":"uint32"},{"internalType":"bytes32","name":"recipient","type":"bytes32"},{"internalType":"bytes","name":"messageBody","type":"bytes"}],"name":"sendMessage","outputs":[{"internalType":"uint64","name":"","type":"uint64"}],"stateMutability":"nonpayable","type":"function"},{"inputs":[{"internalType":"uint32","name":"destinationDomain","type":"uint32"},{"internalType":"bytes32","name":"recipient","type":"bytes32"},{"internalType":"bytes32","name":"destinationCaller","type":"bytes32"},{"internalType":"bytes","name":"messageBody","type":"bytes"}],"name":"sendMessageWithCaller","outputs":[{"internalType":"uint64","name":"","type":"uint64"}],"stateMutability":"nonpayable","type":"function"}],"userDoc":{"kind":"user","methods":{"replaceMessage(bytes,bytes,bytes,bytes32)":{"notice":"Replace a message with a new message body and/or destination caller."},"sendMessage(uint32,bytes32,bytes)":{"notice":"Sends an outgoing message from the source domain."},"sendMessageWithCaller(uint32,bytes32,bytes32,bytes)":{"notice":"Sends an outgoing message from the source domain, with a specified caller on the destination domain."}},"notice":"Sends messages from source domain to destination domain","version":1},"developerDoc":{"kind":"dev","methods":{"replaceMessage(bytes,bytes,bytes,bytes32)":{"details":"The `originalAttestation` must be a valid attestation of `originalMessage`.","params":{"newDestinationCaller":"the new destination caller","newMessageBody":"new message body of replaced message","originalAttestation":"attestation of `originalMessage`","originalMessage":"original message to replace"}},"sendMessage(uint32,bytes32,bytes)":{"details":"Increment nonce, format the message, and emit `MessageSent` event with message information.","params":{"destinationDomain":"Domain of destination chain","messageBody":"Raw bytes content of message","recipient":"Address of message recipient on destination domain as bytes32"},"returns":{"_0":"nonce reserved by message"}},"sendMessageWithCaller(uint32,bytes32,bytes32,bytes)":{"details":"Increment nonce, format the message, and emit `MessageSent` event with message information. WARNING: if the `destinationCaller` does not represent a valid address as bytes32, then it will not be possible to broadcast the message on the destination domain. This is an advanced feature, and the standard sendMessage() should be preferred for use cases where a specific destination caller is not required.","params":{"destinationCaller":"caller on the destination domain, as bytes32","destinationDomain":"Domain of destination chain","messageBody":"Raw bytes content of message","recipient":"Address of message recipient on destination domain as bytes32"},"returns":{"_0":"nonce reserved by message"}}},"title":"IRelayer","version":1},"metadata":"{\"compiler\":{\"version\":\"0.7.6+commit.7338295f\"},\"language\":\"Solidity\",\"output\":{\"abi\":[{\"inputs\":[{\"internalType\":\"bytes\",\"name\":\"originalMessage\",\"type\":\"bytes\"},{\"internalType\":\"bytes\",\"name\":\"originalAttestation\",\"type\":\"bytes\"},{\"internalType\":\"bytes\",\"name\":\"newMessageBody\",\"type\":\"bytes\"},{\"internalType\":\"bytes32\",\"name\":\"newDestinationCaller\",\"type\":\"bytes32\"}],\"name\":\"replaceMessage\",\"outputs\":[],\"stateMutability\":\"nonpayable\",\"type\":\"function\"},{\"inputs\":[{\"internalType\":\"uint32\",\"name\":\"destinationDomain\",\"type\":\"uint32\"},{\"internalType\":\"bytes32\",\"name\":\"recipient\",\"type\":\"bytes32\"},{\"internalType\":\"bytes\",\"name\":\"messageBody\",\"type\":\"bytes\"}],\"name\":\"sendMessage\",\"outputs\":[{\"internalType\":\"uint64\",\"name\":\"\",\"type\":\"uint64\"}],\"stateMutability\":\"nonpayable\",\"type\":\"function\"},{\"inputs\":[{\"internalType\":\"uint32\",\"name\":\"destinationDomain\",\"type\":\"uint32\"},{\"internalType\":\"bytes32\",\"name\":\"recipient\",\"type\":\"bytes32\"},{\"internalType\":\"bytes32\",\"name\":\"destinationCaller\",\"type\":\"bytes32\"},{\"internalType\":\"bytes\",\"name\":\"messageBody\",\"type\":\"bytes\"}],\"name\":\"sendMessageWithCaller\",\"outputs\":[{\"internalType\":\"uint64\",\"name\":\"\",\"type\":\"uint64\"}],\"stateMutability\":\"nonpayable\",\"type\":\"function\"}],\"devdoc\":{\"kind\":\"dev\",\"methods\":{\"replaceMessage(bytes,bytes,bytes,bytes32)\":{\"details\":\"The `originalAttestation` must be a valid attestation of `originalMessage`.\",\"params\":{\"newDestinationCaller\":\"the new destination caller\",\"newMessageBody\":\"new message body of replaced message\",\"originalAttestation\":\"attestation of `originalMessage`\",\"originalMessage\":\"original message to replace\"}},\"sendMessage(uint32,bytes32,bytes)\":{\"details\":\"Increment nonce, format the message, and emit `MessageSent` event with message information.\",\"params\":{\"destinationDomain\":\"Domain of destination chain\",\"messageBody\":\"Raw bytes content of message\",\"recipient\":\"Address of message recipient on destination domain as bytes32\"},\"returns\":{\"_0\":\"nonce reserved by message\"}},\"sendMessageWithCaller(uint32,bytes32,bytes32,bytes)\":{\"details\":\"Increment nonce, format the message, and emit `MessageSent` event with message information. WARNING: if the `destinationCaller` does not represent a valid address as bytes32, then it will not be possible to broadcast the message on the destination domain. This is an advanced feature, and the standard sendMessage() should be preferred for use cases where a specific destination caller is not required.\",\"params\":{\"destinationCaller\":\"caller on the destination domain, as bytes32\",\"destinationDomain\":\"Domain of destination chain\",\"messageBody\":\"Raw bytes content of message\",\"recipient\":\"Address of message recipient on destination domain as bytes32\"},\"returns\":{\"_0\":\"nonce reserved by message\"}}},\"title\":\"IRelayer\",\"version\":1},\"userdoc\":{\"kind\":\"user\",\"methods\":{\"replaceMessage(bytes,bytes,bytes,bytes32)\":{\"notice\":\"Replace a message with a new message body and/or destination caller.\"},\"sendMessage(uint32,bytes32,bytes)\":{\"notice\":\"Sends an outgoing message from the source domain.\"},\"sendMessageWithCaller(uint32,bytes32,bytes32,bytes)\":{\"notice\":\"Sends an outgoing message from the source domain, with a specified caller on the destination domain.\"}},\"notice\":\"Sends messages from source domain to destination domain\",\"version\":1}},\"settings\":{\"compilationTarget\":{\"/solidity/MessageTransmitter.sol\":\"IRelayer\"},\"evmVersion\":\"istanbul\",\"libraries\":{},\"metadata\":{\"bytecodeHash\":\"ipfs\"},\"optimizer\":{\"enabled\":true,\"runs\":10000},\"remappings\":[]},\"sources\":{\"/solidity/MessageTransmitter.sol\":{\"keccak256\":\"0x66482a7675b7a8f1b856597c0bcce83a042b7f528008def6999bc6ac352490c3\",\"urls\":[\"bzz-raw://1ac50e39d1d55ebb3768c40e3a059e0061a4b3604e6d696b344536449bf54493\",\"dweb:/ipfs/QmVs58APPUCVq74xCsVLCMdfB18yJTqFzgXNL5qEJu7GY6\"]}},\"version\":1}"},"hashes":{"replaceMessage(bytes,bytes,bytes,bytes32)":"b857b774","sendMessage(uint32,bytes32,bytes)":"0ba469bc","sendMessageWithCaller(uint32,bytes32,bytes32,bytes)":"f7259a75"}},"/solidity/MessageTransmitter.sol:Message":{"code":"0x610119610026600b82828239805160001a60731461001957fe5b30600052607381538281f3fe7300000000000000000000000000000000000000003014608060405260043610603d5760003560e01c80635ced058e14604257806382c947b7146085575b600080fd5b605c60048036036020811015605657600080fd5b503560c7565b6040805173ffffffffffffffffffffffffffffffffffffffff9092168252519081900360200190f35b60b560048036036020811015609957600080fd5b503573ffffffffffffffffffffffffffffffffffffffff1660ca565b60408051918252519081900360200190f35b90565b73ffffffffffffffffffffffffffffffffffffffff169056fea264697066735822122016096abc2c134d24a08f7ea8ec23179b7ba94fbed82239438af7360b92c1c2b564736f6c63430007060033","runtime-code":"0x7300000000000000000000000000000000000000003014608060405260043610603d5760003560e01c80635ced058e14604257806382c947b7146085575b600080fd5b605c60048036036020811015605657600080fd5b503560c7565b6040805173ffffffffffffffffffffffffffffffffffffffff9092168252519081900360200190f35b60b560048036036020811015609957600080fd5b503573ffffffffffffffffffffffffffffffffffffffff1660ca565b60408051918252519081900360200190f35b90565b73ffffffffffffffffffffffffffffffffffffffff169056fea264697066735822122016096abc2c134d24a08f7ea8ec23179b7ba94fbed82239438af7360b92c1c2b564736f6c63430007060033","info":{"source":"/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npragma solidity 0.7.6;\n\n/*\nThe MIT License (MIT)\n\nCopyright (c) 2016 Smart Contract Solutions, Inc.\n\nPermission is hereby granted, free of charge, to any person obtaining\na copy of this software and associated documentation files (the\n\"Software\"), to deal in the Software without restriction, including\nwithout limitation the rights to use, copy, modify, merge, publish,\ndistribute, sublicense, and/or sell copies of the Software, and to\npermit persons to whom the Software is furnished to do so, subject to\nthe following conditions:\n\nThe above copyright notice and this permission notice shall be included\nin all copies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS\nOR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF\nMERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.\nIN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY\nCLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,\nTORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE\nSOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n*/\n\nlibrary TypedMemView {\n using SafeMath for uint256;\n\n // Why does this exist?\n // the solidity `bytes memory` type has a few weaknesses.\n // 1. You can't index ranges effectively\n // 2. You can't slice without copying\n // 3. The underlying data may represent any type\n // 4. Solidity never deallocates memory, and memory costs grow\n // superlinearly\n\n // By using a memory view instead of a `bytes memory` we get the following\n // advantages:\n // 1. Slices are done on the stack, by manipulating the pointer\n // 2. We can index arbitrary ranges and quickly convert them to stack types\n // 3. We can insert type info into the pointer, and typecheck at runtime\n\n // This makes `TypedMemView` a useful tool for efficient zero-copy\n // algorithms.\n\n // Why bytes29?\n // We want to avoid confusion between views, digests, and other common\n // types so we chose a large and uncommonly used odd number of bytes\n //\n // Note that while bytes are left-aligned in a word, integers and addresses\n // are right-aligned. This means when working in assembly we have to\n // account for the 3 unused bytes on the righthand side\n //\n // First 5 bytes are a type flag.\n // - ff_ffff_fffe is reserved for unknown type.\n // - ff_ffff_ffff is reserved for invalid types/errors.\n // next 12 are memory address\n // next 12 are len\n // bottom 3 bytes are empty\n\n // Assumptions:\n // - non-modification of memory.\n // - No Solidity updates\n // - - wrt free mem point\n // - - wrt bytes representation in memory\n // - - wrt memory addressing in general\n\n // Usage:\n // - create type constants\n // - use `assertType` for runtime type assertions\n // - - unfortunately we can't do this at compile time yet :(\n // - recommended: implement modifiers that perform type checking\n // - - e.g.\n // - - `uint40 constant MY_TYPE = 3;`\n // - - ` modifer onlyMyType(bytes29 myView) { myView.assertType(MY_TYPE); }`\n // - instantiate a typed view from a bytearray using `ref`\n // - use `index` to inspect the contents of the view\n // - use `slice` to create smaller views into the same memory\n // - - `slice` can increase the offset\n // - - `slice can decrease the length`\n // - - must specify the output type of `slice`\n // - - `slice` will return a null view if you try to overrun\n // - - make sure to explicitly check for this with `notNull` or `assertType`\n // - use `equal` for typed comparisons.\n\n // The null view\n bytes29 public constant NULL = hex\"ffffffffffffffffffffffffffffffffffffffffffffffffffffffffff\";\n uint256 constant LOW_12_MASK = 0xffffffffffffffffffffffff;\n uint8 constant TWELVE_BYTES = 96;\n\n /**\n * @notice Returns the encoded hex character that represents the lower 4 bits of the argument.\n * @param _b The byte\n * @return char - The encoded hex character\n */\n function nibbleHex(uint8 _b) internal pure returns (uint8 char) {\n // This can probably be done more efficiently, but it's only in error\n // paths, so we don't really care :)\n uint8 _nibble = _b | 0xf0; // set top 4, keep bottom 4\n if (_nibble == 0xf0) {return 0x30;} // 0\n if (_nibble == 0xf1) {return 0x31;} // 1\n if (_nibble == 0xf2) {return 0x32;} // 2\n if (_nibble == 0xf3) {return 0x33;} // 3\n if (_nibble == 0xf4) {return 0x34;} // 4\n if (_nibble == 0xf5) {return 0x35;} // 5\n if (_nibble == 0xf6) {return 0x36;} // 6\n if (_nibble == 0xf7) {return 0x37;} // 7\n if (_nibble == 0xf8) {return 0x38;} // 8\n if (_nibble == 0xf9) {return 0x39;} // 9\n if (_nibble == 0xfa) {return 0x61;} // a\n if (_nibble == 0xfb) {return 0x62;} // b\n if (_nibble == 0xfc) {return 0x63;} // c\n if (_nibble == 0xfd) {return 0x64;} // d\n if (_nibble == 0xfe) {return 0x65;} // e\n if (_nibble == 0xff) {return 0x66;} // f\n }\n\n /**\n * @notice Returns a uint16 containing the hex-encoded byte.\n * @param _b The byte\n * @return encoded - The hex-encoded byte\n */\n function byteHex(uint8 _b) internal pure returns (uint16 encoded) {\n encoded |= nibbleHex(_b \u003e\u003e 4); // top 4 bits\n encoded \u003c\u003c= 8;\n encoded |= nibbleHex(_b); // lower 4 bits\n }\n\n /**\n * @notice Encodes the uint256 to hex. `first` contains the encoded top 16 bytes.\n * `second` contains the encoded lower 16 bytes.\n *\n * @param _b The 32 bytes as uint256\n * @return first - The top 16 bytes\n * @return second - The bottom 16 bytes\n */\n function encodeHex(uint256 _b) internal pure returns (uint256 first, uint256 second) {\n for (uint8 i = 31; i \u003e 15; i -= 1) {\n uint8 _byte = uint8(_b \u003e\u003e (i * 8));\n first |= byteHex(_byte);\n if (i != 16) {\n first \u003c\u003c= 16;\n }\n }\n\n // abusing underflow here =_=\n for (uint8 i = 15; i \u003c 255 ; i -= 1) {\n uint8 _byte = uint8(_b \u003e\u003e (i * 8));\n second |= byteHex(_byte);\n if (i != 0) {\n second \u003c\u003c= 16;\n }\n }\n }\n\n /**\n * @notice Changes the endianness of a uint256.\n * @dev https://graphics.stanford.edu/~seander/bithacks.html#ReverseParallel\n * @param _b The unsigned integer to reverse\n * @return v - The reversed value\n */\n function reverseUint256(uint256 _b) internal pure returns (uint256 v) {\n v = _b;\n\n // swap bytes\n v = ((v \u003e\u003e 8) \u0026 0x00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF) |\n ((v \u0026 0x00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF) \u003c\u003c 8);\n // swap 2-byte long pairs\n v = ((v \u003e\u003e 16) \u0026 0x0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF) |\n ((v \u0026 0x0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF) \u003c\u003c 16);\n // swap 4-byte long pairs\n v = ((v \u003e\u003e 32) \u0026 0x00000000FFFFFFFF00000000FFFFFFFF00000000FFFFFFFF00000000FFFFFFFF) |\n ((v \u0026 0x00000000FFFFFFFF00000000FFFFFFFF00000000FFFFFFFF00000000FFFFFFFF) \u003c\u003c 32);\n // swap 8-byte long pairs\n v = ((v \u003e\u003e 64) \u0026 0x0000000000000000FFFFFFFFFFFFFFFF0000000000000000FFFFFFFFFFFFFFFF) |\n ((v \u0026 0x0000000000000000FFFFFFFFFFFFFFFF0000000000000000FFFFFFFFFFFFFFFF) \u003c\u003c 64);\n // swap 16-byte long pairs\n v = (v \u003e\u003e 128) | (v \u003c\u003c 128);\n }\n\n /**\n * @notice Create a mask with the highest `_len` bits set.\n * @param _len The length\n * @return mask - The mask\n */\n function leftMask(uint8 _len) private pure returns (uint256 mask) {\n // ugly. redo without assembly?\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n mask := sar(\n sub(_len, 1),\n 0x8000000000000000000000000000000000000000000000000000000000000000\n )\n }\n }\n\n /**\n * @notice Return the null view.\n * @return bytes29 - The null view\n */\n function nullView() internal pure returns (bytes29) {\n return NULL;\n }\n\n /**\n * @notice Check if the view is null.\n * @return bool - True if the view is null\n */\n function isNull(bytes29 memView) internal pure returns (bool) {\n return memView == NULL;\n }\n\n /**\n * @notice Check if the view is not null.\n * @return bool - True if the view is not null\n */\n function notNull(bytes29 memView) internal pure returns (bool) {\n return !isNull(memView);\n }\n\n /**\n * @notice Check if the view is of a valid type and points to a valid location\n * in memory.\n * @dev We perform this check by examining solidity's unallocated memory\n * pointer and ensuring that the view's upper bound is less than that.\n * @param memView The view\n * @return ret - True if the view is valid\n */\n function isValid(bytes29 memView) internal pure returns (bool ret) {\n if (typeOf(memView) == 0xffffffffff) {return false;}\n uint256 _end = end(memView);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n ret := not(gt(_end, mload(0x40)))\n }\n }\n\n /**\n * @notice Require that a typed memory view be valid.\n * @dev Returns the view for easy chaining.\n * @param memView The view\n * @return bytes29 - The validated view\n */\n function assertValid(bytes29 memView) internal pure returns (bytes29) {\n require(isValid(memView), \"Validity assertion failed\");\n return memView;\n }\n\n /**\n * @notice Return true if the memview is of the expected type. Otherwise false.\n * @param memView The view\n * @param _expected The expected type\n * @return bool - True if the memview is of the expected type\n */\n function isType(bytes29 memView, uint40 _expected) internal pure returns (bool) {\n return typeOf(memView) == _expected;\n }\n\n /**\n * @notice Require that a typed memory view has a specific type.\n * @dev Returns the view for easy chaining.\n * @param memView The view\n * @param _expected The expected type\n * @return bytes29 - The view with validated type\n */\n function assertType(bytes29 memView, uint40 _expected) internal pure returns (bytes29) {\n if (!isType(memView, _expected)) {\n (, uint256 g) = encodeHex(uint256(typeOf(memView)));\n (, uint256 e) = encodeHex(uint256(_expected));\n string memory err = string(\n abi.encodePacked(\n \"Type assertion failed. Got 0x\",\n uint80(g),\n \". Expected 0x\",\n uint80(e)\n )\n );\n revert(err);\n }\n return memView;\n }\n\n /**\n * @notice Return an identical view with a different type.\n * @param memView The view\n * @param _newType The new type\n * @return newView - The new view with the specified type\n */\n function castTo(bytes29 memView, uint40 _newType) internal pure returns (bytes29 newView) {\n // then | in the new type\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n // shift off the top 5 bytes\n newView := or(newView, shr(40, shl(40, memView)))\n newView := or(newView, shl(216, _newType))\n }\n }\n\n /**\n * @notice Unsafe raw pointer construction. This should generally not be called\n * directly. Prefer `ref` wherever possible.\n * @dev Unsafe raw pointer construction. This should generally not be called\n * directly. Prefer `ref` wherever possible.\n * @param _type The type\n * @param _loc The memory address\n * @param _len The length\n * @return newView - The new view with the specified type, location and length\n */\n function unsafeBuildUnchecked(uint256 _type, uint256 _loc, uint256 _len) private pure returns (bytes29 newView) {\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n newView := shl(96, or(newView, _type)) // insert type\n newView := shl(96, or(newView, _loc)) // insert loc\n newView := shl(24, or(newView, _len)) // empty bottom 3 bytes\n }\n }\n\n /**\n * @notice Instantiate a new memory view. This should generally not be called\n * directly. Prefer `ref` wherever possible.\n * @dev Instantiate a new memory view. This should generally not be called\n * directly. Prefer `ref` wherever possible.\n * @param _type The type\n * @param _loc The memory address\n * @param _len The length\n * @return newView - The new view with the specified type, location and length\n */\n function build(uint256 _type, uint256 _loc, uint256 _len) internal pure returns (bytes29 newView) {\n uint256 _end = _loc.add(_len);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n if gt(_end, mload(0x40)) {\n _end := 0\n }\n }\n if (_end == 0) {\n return NULL;\n }\n newView = unsafeBuildUnchecked(_type, _loc, _len);\n }\n\n /**\n * @notice Instantiate a memory view from a byte array.\n * @dev Note that due to Solidity memory representation, it is not possible to\n * implement a deref, as the `bytes` type stores its len in memory.\n * @param arr The byte array\n * @param newType The type\n * @return bytes29 - The memory view\n */\n function ref(bytes memory arr, uint40 newType) internal pure returns (bytes29) {\n uint256 _len = arr.length;\n\n uint256 _loc;\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n _loc := add(arr, 0x20) // our view is of the data, not the struct\n }\n\n return build(newType, _loc, _len);\n }\n\n /**\n * @notice Return the associated type information.\n * @param memView The memory view\n * @return _type - The type associated with the view\n */\n function typeOf(bytes29 memView) internal pure returns (uint40 _type) {\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n // 216 == 256 - 40\n _type := shr(216, memView) // shift out lower 24 bytes\n }\n }\n\n /**\n * @notice Optimized type comparison. Checks that the 5-byte type flag is equal.\n * @param left The first view\n * @param right The second view\n * @return bool - True if the 5-byte type flag is equal\n */\n function sameType(bytes29 left, bytes29 right) internal pure returns (bool) {\n return (left ^ right) \u003e\u003e (2 * TWELVE_BYTES) == 0;\n }\n\n /**\n * @notice Return the memory address of the underlying bytes.\n * @param memView The view\n * @return _loc - The memory address\n */\n function loc(bytes29 memView) internal pure returns (uint96 _loc) {\n uint256 _mask = LOW_12_MASK; // assembly can't use globals\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n // 120 bits = 12 bytes (the encoded loc) + 3 bytes (empty low space)\n _loc := and(shr(120, memView), _mask)\n }\n }\n\n /**\n * @notice The number of memory words this memory view occupies, rounded up.\n * @param memView The view\n * @return uint256 - The number of memory words\n */\n function words(bytes29 memView) internal pure returns (uint256) {\n return uint256(len(memView)).add(32) / 32;\n }\n\n /**\n * @notice The in-memory footprint of a fresh copy of the view.\n * @param memView The view\n * @return uint256 - The in-memory footprint of a fresh copy of the view.\n */\n function footprint(bytes29 memView) internal pure returns (uint256) {\n return words(memView) * 32;\n }\n\n /**\n * @notice The number of bytes of the view.\n * @param memView The view\n * @return _len - The length of the view\n */\n function len(bytes29 memView) internal pure returns (uint96 _len) {\n uint256 _mask = LOW_12_MASK; // assembly can't use globals\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n _len := and(shr(24, memView), _mask)\n }\n }\n\n /**\n * @notice Returns the endpoint of `memView`.\n * @param memView The view\n * @return uint256 - The endpoint of `memView`\n */\n function end(bytes29 memView) internal pure returns (uint256) {\n return loc(memView) + len(memView);\n }\n\n /**\n * @notice Safe slicing without memory modification.\n * @param memView The view\n * @param _index The start index\n * @param _len The length\n * @param newType The new type\n * @return bytes29 - The new view\n */\n function slice(bytes29 memView, uint256 _index, uint256 _len, uint40 newType) internal pure returns (bytes29) {\n uint256 _loc = loc(memView);\n\n // Ensure it doesn't overrun the view\n if (_loc.add(_index).add(_len) \u003e end(memView)) {\n return NULL;\n }\n\n _loc = _loc.add(_index);\n return build(newType, _loc, _len);\n }\n\n /**\n * @notice Shortcut to `slice`. Gets a view representing the first `_len` bytes.\n * @param memView The view\n * @param _len The length\n * @param newType The new type\n * @return bytes29 - The new view\n */\n function prefix(bytes29 memView, uint256 _len, uint40 newType) internal pure returns (bytes29) {\n return slice(memView, 0, _len, newType);\n }\n\n /**\n * @notice Shortcut to `slice`. Gets a view representing the last `_len` byte.\n * @param memView The view\n * @param _len The length\n * @param newType The new type\n * @return bytes29 - The new view\n */\n function postfix(bytes29 memView, uint256 _len, uint40 newType) internal pure returns (bytes29) {\n return slice(memView, uint256(len(memView)).sub(_len), _len, newType);\n }\n\n /**\n * @notice Construct an error message for an indexing overrun.\n * @param _loc The memory address\n * @param _len The length\n * @param _index The index\n * @param _slice The slice where the overrun occurred\n * @return err - The err\n */\n function indexErrOverrun(\n uint256 _loc,\n uint256 _len,\n uint256 _index,\n uint256 _slice\n ) internal pure returns (string memory err) {\n (, uint256 a) = encodeHex(_loc);\n (, uint256 b) = encodeHex(_len);\n (, uint256 c) = encodeHex(_index);\n (, uint256 d) = encodeHex(_slice);\n err = string(\n abi.encodePacked(\n \"TypedMemView/index - Overran the view. Slice is at 0x\",\n uint48(a),\n \" with length 0x\",\n uint48(b),\n \". Attempted to index at offset 0x\",\n uint48(c),\n \" with length 0x\",\n uint48(d),\n \".\"\n )\n );\n }\n\n /**\n * @notice Load up to 32 bytes from the view onto the stack.\n * @dev Returns a bytes32 with only the `_bytes` highest bytes set.\n * This can be immediately cast to a smaller fixed-length byte array.\n * To automatically cast to an integer, use `indexUint`.\n * @param memView The view\n * @param _index The index\n * @param _bytes The bytes\n * @return result - The 32 byte result\n */\n function index(bytes29 memView, uint256 _index, uint8 _bytes) internal pure returns (bytes32 result) {\n if (_bytes == 0) {return bytes32(0);}\n if (_index.add(_bytes) \u003e len(memView)) {\n revert(indexErrOverrun(loc(memView), len(memView), _index, uint256(_bytes)));\n }\n require(_bytes \u003c= 32, \"TypedMemView/index - Attempted to index more than 32 bytes\");\n\n uint8 bitLength = _bytes * 8;\n uint256 _loc = loc(memView);\n uint256 _mask = leftMask(bitLength);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n result := and(mload(add(_loc, _index)), _mask)\n }\n }\n\n /**\n * @notice Parse an unsigned integer from the view at `_index`.\n * @dev Requires that the view have \u003e= `_bytes` bytes following that index.\n * @param memView The view\n * @param _index The index\n * @param _bytes The bytes\n * @return result - The unsigned integer\n */\n function indexUint(bytes29 memView, uint256 _index, uint8 _bytes) internal pure returns (uint256 result) {\n return uint256(index(memView, _index, _bytes)) \u003e\u003e ((32 - _bytes) * 8);\n }\n\n /**\n * @notice Parse an unsigned integer from LE bytes.\n * @param memView The view\n * @param _index The index\n * @param _bytes The bytes\n * @return result - The unsigned integer\n */\n function indexLEUint(bytes29 memView, uint256 _index, uint8 _bytes) internal pure returns (uint256 result) {\n return reverseUint256(uint256(index(memView, _index, _bytes)));\n }\n\n /**\n * @notice Parse an address from the view at `_index`. Requires that the view have \u003e= 20 bytes\n * following that index.\n * @param memView The view\n * @param _index The index\n * @return address - The address\n */\n function indexAddress(bytes29 memView, uint256 _index) internal pure returns (address) {\n return address(uint160(indexUint(memView, _index, 20)));\n }\n\n /**\n * @notice Return the keccak256 hash of the underlying memory\n * @param memView The view\n * @return digest - The keccak256 hash of the underlying memory\n */\n function keccak(bytes29 memView) internal pure returns (bytes32 digest) {\n uint256 _loc = loc(memView);\n uint256 _len = len(memView);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n digest := keccak256(_loc, _len)\n }\n }\n\n /**\n * @notice Return the sha2 digest of the underlying memory.\n * @dev We explicitly deallocate memory afterwards.\n * @param memView The view\n * @return digest - The sha2 hash of the underlying memory\n */\n function sha2(bytes29 memView) internal view returns (bytes32 digest) {\n uint256 _loc = loc(memView);\n uint256 _len = len(memView);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n let ptr := mload(0x40)\n pop(staticcall(gas(), 2, _loc, _len, ptr, 0x20)) // sha2 #1\n digest := mload(ptr)\n }\n }\n\n /**\n * @notice Implements bitcoin's hash160 (rmd160(sha2()))\n * @param memView The pre-image\n * @return digest - the Digest\n */\n function hash160(bytes29 memView) internal view returns (bytes20 digest) {\n uint256 _loc = loc(memView);\n uint256 _len = len(memView);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n let ptr := mload(0x40)\n pop(staticcall(gas(), 2, _loc, _len, ptr, 0x20)) // sha2\n pop(staticcall(gas(), 3, ptr, 0x20, ptr, 0x20)) // rmd160\n digest := mload(add(ptr, 0xc)) // return value is 0-prefixed.\n }\n }\n\n /**\n * @notice Implements bitcoin's hash256 (double sha2)\n * @param memView A view of the preimage\n * @return digest - the Digest\n */\n function hash256(bytes29 memView) internal view returns (bytes32 digest) {\n uint256 _loc = loc(memView);\n uint256 _len = len(memView);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n let ptr := mload(0x40)\n pop(staticcall(gas(), 2, _loc, _len, ptr, 0x20)) // sha2 #1\n pop(staticcall(gas(), 2, ptr, 0x20, ptr, 0x20)) // sha2 #2\n digest := mload(ptr)\n }\n }\n\n /**\n * @notice Return true if the underlying memory is equal. Else false.\n * @param left The first view\n * @param right The second view\n * @return bool - True if the underlying memory is equal\n */\n function untypedEqual(bytes29 left, bytes29 right) internal pure returns (bool) {\n return (loc(left) == loc(right) \u0026\u0026 len(left) == len(right)) || keccak(left) == keccak(right);\n }\n\n /**\n * @notice Return false if the underlying memory is equal. Else true.\n * @param left The first view\n * @param right The second view\n * @return bool - False if the underlying memory is equal\n */\n function untypedNotEqual(bytes29 left, bytes29 right) internal pure returns (bool) {\n return !untypedEqual(left, right);\n }\n\n /**\n * @notice Compares type equality.\n * @dev Shortcuts if the pointers are identical, otherwise compares type and digest.\n * @param left The first view\n * @param right The second view\n * @return bool - True if the types are the same\n */\n function equal(bytes29 left, bytes29 right) internal pure returns (bool) {\n return left == right || (typeOf(left) == typeOf(right) \u0026\u0026 keccak(left) == keccak(right));\n }\n\n /**\n * @notice Compares type inequality.\n * @dev Shortcuts if the pointers are identical, otherwise compares type and digest.\n * @param left The first view\n * @param right The second view\n * @return bool - True if the types are not the same\n */\n function notEqual(bytes29 left, bytes29 right) internal pure returns (bool) {\n return !equal(left, right);\n }\n\n /**\n * @notice Copy the view to a location, return an unsafe memory reference\n * @dev Super Dangerous direct memory access.\n *\n * This reference can be overwritten if anything else modifies memory (!!!).\n * As such it MUST be consumed IMMEDIATELY.\n * This function is private to prevent unsafe usage by callers.\n * @param memView The view\n * @param _newLoc The new location\n * @return written - the unsafe memory reference\n */\n function unsafeCopyTo(bytes29 memView, uint256 _newLoc) private view returns (bytes29 written) {\n require(notNull(memView), \"TypedMemView/copyTo - Null pointer deref\");\n require(isValid(memView), \"TypedMemView/copyTo - Invalid pointer deref\");\n uint256 _len = len(memView);\n uint256 _oldLoc = loc(memView);\n\n uint256 ptr;\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n ptr := mload(0x40)\n // revert if we're writing in occupied memory\n if gt(ptr, _newLoc) {\n revert(0x60, 0x20) // empty revert message\n }\n\n // use the identity precompile to copy\n // guaranteed not to fail, so pop the success\n pop(staticcall(gas(), 4, _oldLoc, _len, _newLoc, _len))\n }\n\n written = unsafeBuildUnchecked(typeOf(memView), _newLoc, _len);\n }\n\n /**\n * @notice Copies the referenced memory to a new loc in memory, returning a `bytes` pointing to\n * the new memory\n * @dev Shortcuts if the pointers are identical, otherwise compares type and digest.\n * @param memView The view\n * @return ret - The view pointing to the new memory\n */\n function clone(bytes29 memView) internal view returns (bytes memory ret) {\n uint256 ptr;\n uint256 _len = len(memView);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n ptr := mload(0x40) // load unused memory pointer\n ret := ptr\n }\n unsafeCopyTo(memView, ptr + 0x20);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n mstore(0x40, add(add(ptr, _len), 0x20)) // write new unused pointer\n mstore(ptr, _len) // write len of new array (in bytes)\n }\n }\n\n /**\n * @notice Join the views in memory, return an unsafe reference to the memory.\n * @dev Super Dangerous direct memory access.\n *\n * This reference can be overwritten if anything else modifies memory (!!!).\n * As such it MUST be consumed IMMEDIATELY.\n * This function is private to prevent unsafe usage by callers.\n * @param memViews The views\n * @return unsafeView - The conjoined view pointing to the new memory\n */\n function unsafeJoin(bytes29[] memory memViews, uint256 _location) private view returns (bytes29 unsafeView) {\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n let ptr := mload(0x40)\n // revert if we're writing in occupied memory\n if gt(ptr, _location) {\n revert(0x60, 0x20) // empty revert message\n }\n }\n\n uint256 _offset = 0;\n for (uint256 i = 0; i \u003c memViews.length; i ++) {\n bytes29 memView = memViews[i];\n unsafeCopyTo(memView, _location + _offset);\n _offset += len(memView);\n }\n unsafeView = unsafeBuildUnchecked(0, _location, _offset);\n }\n\n /**\n * @notice Produce the keccak256 digest of the concatenated contents of multiple views.\n * @param memViews The views\n * @return bytes32 - The keccak256 digest\n */\n function joinKeccak(bytes29[] memory memViews) internal view returns (bytes32) {\n uint256 ptr;\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n ptr := mload(0x40) // load unused memory pointer\n }\n return keccak(unsafeJoin(memViews, ptr));\n }\n\n /**\n * @notice Produce the sha256 digest of the concatenated contents of multiple views.\n * @param memViews The views\n * @return bytes32 - The sha256 digest\n */\n function joinSha2(bytes29[] memory memViews) internal view returns (bytes32) {\n uint256 ptr;\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n ptr := mload(0x40) // load unused memory pointer\n }\n return sha2(unsafeJoin(memViews, ptr));\n }\n\n /**\n * @notice copies all views, joins them into a new bytearray.\n * @param memViews The views\n * @return ret - The new byte array\n */\n function join(bytes29[] memory memViews) internal view returns (bytes memory ret) {\n uint256 ptr;\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n ptr := mload(0x40) // load unused memory pointer\n }\n\n bytes29 _newView = unsafeJoin(memViews, ptr + 0x20);\n uint256 _written = len(_newView);\n uint256 _footprint = footprint(_newView);\n\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n // store the legnth\n mstore(ptr, _written)\n // new pointer is old + 0x20 + the footprint of the body\n mstore(0x40, add(add(ptr, _footprint), 0x20))\n ret := ptr\n }\n }\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * @title IRelayer\n * @notice Sends messages from source domain to destination domain\n */\ninterface IRelayer {\n /**\n * @notice Sends an outgoing message from the source domain.\n * @dev Increment nonce, format the message, and emit `MessageSent` event with message information.\n * @param destinationDomain Domain of destination chain\n * @param recipient Address of message recipient on destination domain as bytes32\n * @param messageBody Raw bytes content of message\n * @return nonce reserved by message\n */\n function sendMessage(\n uint32 destinationDomain,\n bytes32 recipient,\n bytes calldata messageBody\n ) external returns (uint64);\n\n /**\n * @notice Sends an outgoing message from the source domain, with a specified caller on the\n * destination domain.\n * @dev Increment nonce, format the message, and emit `MessageSent` event with message information.\n * WARNING: if the `destinationCaller` does not represent a valid address as bytes32, then it will not be possible\n * to broadcast the message on the destination domain. This is an advanced feature, and the standard\n * sendMessage() should be preferred for use cases where a specific destination caller is not required.\n * @param destinationDomain Domain of destination chain\n * @param recipient Address of message recipient on destination domain as bytes32\n * @param destinationCaller caller on the destination domain, as bytes32\n * @param messageBody Raw bytes content of message\n * @return nonce reserved by message\n */\n function sendMessageWithCaller(\n uint32 destinationDomain,\n bytes32 recipient,\n bytes32 destinationCaller,\n bytes calldata messageBody\n ) external returns (uint64);\n\n /**\n * @notice Replace a message with a new message body and/or destination caller.\n * @dev The `originalAttestation` must be a valid attestation of `originalMessage`.\n * @param originalMessage original message to replace\n * @param originalAttestation attestation of `originalMessage`\n * @param newMessageBody new message body of replaced message\n * @param newDestinationCaller the new destination caller\n */\n function replaceMessage(\n bytes calldata originalMessage,\n bytes calldata originalAttestation,\n bytes calldata newMessageBody,\n bytes32 newDestinationCaller\n ) external;\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * @title IReceiver\n * @notice Receives messages on destination chain and forwards them to IMessageDestinationHandler\n */\ninterface IReceiver {\n /**\n * @notice Receives an incoming message, validating the header and passing\n * the body to application-specific handler.\n * @param message The message raw bytes\n * @param signature The message signature\n * @return success bool, true if successful\n */\n function receiveMessage(bytes calldata message, bytes calldata signature)\n external\n returns (bool success);\n}\n\n/**\n * @title IMessageTransmitter\n * @notice Interface for message transmitters, which both relay and receive messages.\n */\ninterface IMessageTransmitter is IRelayer, IReceiver {\n\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * @title IMessageHandler\n * @notice Handles messages on destination domain forwarded from\n * an IReceiver\n */\ninterface IMessageHandler {\n /**\n * @notice handles an incoming message from a Receiver\n * @param sourceDomain the source domain of the message\n * @param sender the sender of the message\n * @param messageBody The message raw bytes\n * @return success bool, true if successful\n */\n function handleReceiveMessage(\n uint32 sourceDomain,\n bytes32 sender,\n bytes calldata messageBody\n ) external returns (bool);\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * @title Message Library\n * @notice Library for formatted messages used by Relayer and Receiver.\n *\n * @dev The message body is dynamically-sized to support custom message body\n * formats. Other fields must be fixed-size to avoid hash collisions.\n * Each other input value has an explicit type to guarantee fixed-size.\n * Padding: uintNN fields are left-padded, and bytesNN fields are right-padded.\n *\n * Field Bytes Type Index\n * version 4 uint32 0\n * sourceDomain 4 uint32 4\n * destinationDomain 4 uint32 8\n * nonce 8 uint64 12\n * sender 32 bytes32 20\n * recipient 32 bytes32 52\n * destinationCaller 32 bytes32 84\n * messageBody dynamic bytes 116\n *\n **/\nlibrary Message {\n using TypedMemView for bytes;\n using TypedMemView for bytes29;\n\n // Indices of each field in message\n uint8 private constant VERSION_INDEX = 0;\n uint8 private constant SOURCE_DOMAIN_INDEX = 4;\n uint8 private constant DESTINATION_DOMAIN_INDEX = 8;\n uint8 private constant NONCE_INDEX = 12;\n uint8 private constant SENDER_INDEX = 20;\n uint8 private constant RECIPIENT_INDEX = 52;\n uint8 private constant DESTINATION_CALLER_INDEX = 84;\n uint8 private constant MESSAGE_BODY_INDEX = 116;\n\n /**\n * @notice Returns formatted (packed) message with provided fields\n * @param _msgVersion the version of the message format\n * @param _msgSourceDomain Domain of home chain\n * @param _msgDestinationDomain Domain of destination chain\n * @param _msgNonce Destination-specific nonce\n * @param _msgSender Address of sender on source chain as bytes32\n * @param _msgRecipient Address of recipient on destination chain as bytes32\n * @param _msgDestinationCaller Address of caller on destination chain as bytes32\n * @param _msgRawBody Raw bytes of message body\n * @return Formatted message\n **/\n function _formatMessage(\n uint32 _msgVersion,\n uint32 _msgSourceDomain,\n uint32 _msgDestinationDomain,\n uint64 _msgNonce,\n bytes32 _msgSender,\n bytes32 _msgRecipient,\n bytes32 _msgDestinationCaller,\n bytes memory _msgRawBody\n ) internal pure returns (bytes memory) {\n return\n abi.encodePacked(\n _msgVersion,\n _msgSourceDomain,\n _msgDestinationDomain,\n _msgNonce,\n _msgSender,\n _msgRecipient,\n _msgDestinationCaller,\n _msgRawBody\n );\n }\n\n // @notice Returns _message's version field\n function _version(bytes29 _message) internal pure returns (uint32) {\n return uint32(_message.indexUint(VERSION_INDEX, 4));\n }\n\n // @notice Returns _message's sourceDomain field\n function _sourceDomain(bytes29 _message) internal pure returns (uint32) {\n return uint32(_message.indexUint(SOURCE_DOMAIN_INDEX, 4));\n }\n\n // @notice Returns _message's destinationDomain field\n function _destinationDomain(bytes29 _message)\n internal\n pure\n returns (uint32)\n {\n return uint32(_message.indexUint(DESTINATION_DOMAIN_INDEX, 4));\n }\n\n // @notice Returns _message's nonce field\n function _nonce(bytes29 _message) internal pure returns (uint64) {\n return uint64(_message.indexUint(NONCE_INDEX, 8));\n }\n\n // @notice Returns _message's sender field\n function _sender(bytes29 _message) internal pure returns (bytes32) {\n return _message.index(SENDER_INDEX, 32);\n }\n\n // @notice Returns _message's recipient field\n function _recipient(bytes29 _message) internal pure returns (bytes32) {\n return _message.index(RECIPIENT_INDEX, 32);\n }\n\n // @notice Returns _message's destinationCaller field\n function _destinationCaller(bytes29 _message)\n internal\n pure\n returns (bytes32)\n {\n return _message.index(DESTINATION_CALLER_INDEX, 32);\n }\n\n // @notice Returns _message's messageBody field\n function _messageBody(bytes29 _message) internal pure returns (bytes29) {\n return\n _message.slice(\n MESSAGE_BODY_INDEX,\n _message.len() - MESSAGE_BODY_INDEX,\n 0\n );\n }\n\n /**\n * @notice converts address to bytes32 (alignment preserving cast.)\n * @param addr the address to convert to bytes32\n */\n function addressToBytes32(address addr) external pure returns (bytes32) {\n return bytes32(uint256(uint160(addr)));\n }\n\n /**\n * @notice converts bytes32 to address (alignment preserving cast.)\n * @dev Warning: it is possible to have different input values _buf map to the same address.\n * For use cases where this is not acceptable, validate that the first 12 bytes of _buf are zero-padding.\n * @param _buf the bytes32 to convert to address\n */\n function bytes32ToAddress(bytes32 _buf) public pure returns (address) {\n return address(uint160(uint256(_buf)));\n }\n\n /**\n * @notice Reverts if message is malformed or incorrect length\n * @param _message The message as bytes29\n */\n function _validateMessageFormat(bytes29 _message) internal pure {\n require(_message.isValid(), \"Malformed message\");\n require(\n _message.len() \u003e= MESSAGE_BODY_INDEX,\n \"Invalid message: too short\"\n );\n }\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/*\n * @dev Provides information about the current execution context, including the\n * sender of the transaction and its data. While these are generally available\n * via msg.sender and msg.data, they should not be accessed in such a direct\n * manner, since when dealing with GSN meta-transactions the account sending and\n * paying for execution may not be the actual sender (as far as an application\n * is concerned).\n *\n * This contract is only required for intermediate, library-like contracts.\n */\nabstract contract Context {\n function _msgSender() internal view virtual returns (address payable) {\n return msg.sender;\n }\n\n function _msgData() internal view virtual returns (bytes memory) {\n this; // silence state mutability warning without generating bytecode - see https://github.com/ethereum/solidity/issues/2691\n return msg.data;\n }\n}\n\n/**\n * @dev forked from https://github.com/OpenZeppelin/openzeppelin-contracts/blob/7c5f6bc2c8743d83443fa46395d75f2f3f99054a/contracts/access/Ownable.sol\n * Modifications:\n * 1. Update Solidity version from 0.8.0 to 0.7.6 (11/9/2022). (v8 was used\n * as base because it includes internal _transferOwnership method.)\n * 2. Remove renounceOwnership function\n *\n * Description\n * Contract module which provides a basic access control mechanism, where\n * there is an account (an owner) that can be granted exclusive access to\n * specific functions.\n *\n * By default, the owner account will be the one that deploys the contract. This\n * can later be changed with {transferOwnership}.\n *\n * This module is used through inheritance. It will make available the modifier\n * `onlyOwner`, which can be applied to your functions to restrict their use to\n * the owner.\n */\nabstract contract Ownable is Context {\n address private _owner;\n\n event OwnershipTransferred(\n address indexed previousOwner,\n address indexed newOwner\n );\n\n /**\n * @dev Initializes the contract setting the deployer as the initial owner.\n */\n constructor() {\n _transferOwnership(_msgSender());\n }\n\n /**\n * @dev Throws if called by any account other than the owner.\n */\n modifier onlyOwner() {\n _checkOwner();\n _;\n }\n\n /**\n * @dev Returns the address of the current owner.\n */\n function owner() public view virtual returns (address) {\n return _owner;\n }\n\n /**\n * @dev Throws if the sender is not the owner.\n */\n function _checkOwner() internal view virtual {\n require(owner() == _msgSender(), \"Ownable: caller is not the owner\");\n }\n\n /**\n * @dev Transfers ownership of the contract to a new account (`newOwner`).\n * Can only be called by the current owner.\n */\n function transferOwnership(address newOwner) public virtual onlyOwner {\n require(\n newOwner != address(0),\n \"Ownable: new owner is the zero address\"\n );\n _transferOwnership(newOwner);\n }\n\n /**\n * @dev Transfers ownership of the contract to a new account (`newOwner`).\n * Internal function without access restriction.\n */\n function _transferOwnership(address newOwner) internal virtual {\n address oldOwner = _owner;\n _owner = newOwner;\n emit OwnershipTransferred(oldOwner, newOwner);\n }\n}\n\n/**\n * @dev forked from https://github.com/OpenZeppelin/openzeppelin-contracts/blob/7c5f6bc2c8743d83443fa46395d75f2f3f99054a/contracts/access/Ownable2Step.sol\n * Modifications:\n * 1. Update Solidity version from 0.8.0 to 0.7.6. Version 0.8.0 was used\n * as base because this contract was added to OZ repo after version 0.8.0.\n *\n * Contract module which provides access control mechanism, where\n * there is an account (an owner) that can be granted exclusive access to\n * specific functions.\n *\n * By default, the owner account will be the one that deploys the contract. This\n * can later be changed with {transferOwnership} and {acceptOwnership}.\n *\n * This module is used through inheritance. It will make available all functions\n * from parent (Ownable).\n */\nabstract contract Ownable2Step is Ownable {\n address private _pendingOwner;\n\n event OwnershipTransferStarted(\n address indexed previousOwner,\n address indexed newOwner\n );\n\n /**\n * @dev Returns the address of the pending owner.\n */\n function pendingOwner() public view virtual returns (address) {\n return _pendingOwner;\n }\n\n /**\n * @dev Starts the ownership transfer of the contract to a new account. Replaces the pending transfer if there is one.\n * Can only be called by the current owner.\n */\n function transferOwnership(address newOwner)\n public\n virtual\n override\n onlyOwner\n {\n _pendingOwner = newOwner;\n emit OwnershipTransferStarted(owner(), newOwner);\n }\n\n /**\n * @dev Transfers ownership of the contract to a new account (`newOwner`) and deletes any pending owner.\n * Internal function without access restriction.\n */\n function _transferOwnership(address newOwner) internal virtual override {\n delete _pendingOwner;\n super._transferOwnership(newOwner);\n }\n\n /**\n * @dev The new owner accepts the ownership transfer.\n */\n function acceptOwnership() external {\n address sender = _msgSender();\n require(\n pendingOwner() == sender,\n \"Ownable2Step: caller is not the new owner\"\n );\n _transferOwnership(sender);\n }\n}\n\n/**\n * @notice Base contract which allows children to implement an emergency stop\n * mechanism\n * @dev Forked from https://github.com/centrehq/centre-tokens/blob/0d3cab14ebd133a83fc834dbd48d0468bdf0b391/contracts/v1/Pausable.sol\n * Modifications:\n * 1. Update Solidity version from 0.6.12 to 0.7.6 (8/23/2022)\n * 2. Change pauser visibility to private, declare external getter (11/19/22)\n */\ncontract Pausable is Ownable2Step {\n event Pause();\n event Unpause();\n event PauserChanged(address indexed newAddress);\n\n address private _pauser;\n bool public paused = false;\n\n /**\n * @dev Modifier to make a function callable only when the contract is not paused.\n */\n modifier whenNotPaused() {\n require(!paused, \"Pausable: paused\");\n _;\n }\n\n /**\n * @dev throws if called by any account other than the pauser\n */\n modifier onlyPauser() {\n require(msg.sender == _pauser, \"Pausable: caller is not the pauser\");\n _;\n }\n\n /**\n * @notice Returns current pauser\n * @return Pauser's address\n */\n function pauser() external view returns (address) {\n return _pauser;\n }\n\n /**\n * @dev called by the owner to pause, triggers stopped state\n */\n function pause() external onlyPauser {\n paused = true;\n emit Pause();\n }\n\n /**\n * @dev called by the owner to unpause, returns to normal state\n */\n function unpause() external onlyPauser {\n paused = false;\n emit Unpause();\n }\n\n /**\n * @dev update the pauser role\n */\n function updatePauser(address _newPauser) external onlyOwner {\n require(\n _newPauser != address(0),\n \"Pausable: new pauser is the zero address\"\n );\n _pauser = _newPauser;\n emit PauserChanged(_pauser);\n }\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * @dev Interface of the ERC20 standard as defined in the EIP.\n */\ninterface IERC20 {\n /**\n * @dev Returns the amount of tokens in existence.\n */\n function totalSupply() external view returns (uint256);\n\n /**\n * @dev Returns the amount of tokens owned by `account`.\n */\n function balanceOf(address account) external view returns (uint256);\n\n /**\n * @dev Moves `amount` tokens from the caller's account to `recipient`.\n *\n * Returns a boolean value indicating whether the operation succeeded.\n *\n * Emits a {Transfer} event.\n */\n function transfer(address recipient, uint256 amount) external returns (bool);\n\n /**\n * @dev Returns the remaining number of tokens that `spender` will be\n * allowed to spend on behalf of `owner` through {transferFrom}. This is\n * zero by default.\n *\n * This value changes when {approve} or {transferFrom} are called.\n */\n function allowance(address owner, address spender) external view returns (uint256);\n\n /**\n * @dev Sets `amount` as the allowance of `spender` over the caller's tokens.\n *\n * Returns a boolean value indicating whether the operation succeeded.\n *\n * IMPORTANT: Beware that changing an allowance with this method brings the risk\n * that someone may use both the old and the new allowance by unfortunate\n * transaction ordering. One possible solution to mitigate this race\n * condition is to first reduce the spender's allowance to 0 and set the\n * desired value afterwards:\n * https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729\n *\n * Emits an {Approval} event.\n */\n function approve(address spender, uint256 amount) external returns (bool);\n\n /**\n * @dev Moves `amount` tokens from `sender` to `recipient` using the\n * allowance mechanism. `amount` is then deducted from the caller's\n * allowance.\n *\n * Returns a boolean value indicating whether the operation succeeded.\n *\n * Emits a {Transfer} event.\n */\n function transferFrom(address sender, address recipient, uint256 amount) external returns (bool);\n\n /**\n * @dev Emitted when `value` tokens are moved from one account (`from`) to\n * another (`to`).\n *\n * Note that `value` may be zero.\n */\n event Transfer(address indexed from, address indexed to, uint256 value);\n\n /**\n * @dev Emitted when the allowance of a `spender` for an `owner` is set by\n * a call to {approve}. `value` is the new allowance.\n */\n event Approval(address indexed owner, address indexed spender, uint256 value);\n}\n\n/**\n * @dev Wrappers over Solidity's arithmetic operations with added overflow\n * checks.\n *\n * Arithmetic operations in Solidity wrap on overflow. This can easily result\n * in bugs, because programmers usually assume that an overflow raises an\n * error, which is the standard behavior in high level programming languages.\n * `SafeMath` restores this intuition by reverting the transaction when an\n * operation overflows.\n *\n * Using this library instead of the unchecked operations eliminates an entire\n * class of bugs, so it's recommended to use it always.\n */\nlibrary SafeMath {\n /**\n * @dev Returns the addition of two unsigned integers, with an overflow flag.\n *\n * _Available since v3.4._\n */\n function tryAdd(uint256 a, uint256 b) internal pure returns (bool, uint256) {\n uint256 c = a + b;\n if (c \u003c a) return (false, 0);\n return (true, c);\n }\n\n /**\n * @dev Returns the substraction of two unsigned integers, with an overflow flag.\n *\n * _Available since v3.4._\n */\n function trySub(uint256 a, uint256 b) internal pure returns (bool, uint256) {\n if (b \u003e a) return (false, 0);\n return (true, a - b);\n }\n\n /**\n * @dev Returns the multiplication of two unsigned integers, with an overflow flag.\n *\n * _Available since v3.4._\n */\n function tryMul(uint256 a, uint256 b) internal pure returns (bool, uint256) {\n // Gas optimization: this is cheaper than requiring 'a' not being zero, but the\n // benefit is lost if 'b' is also tested.\n // See: https://github.com/OpenZeppelin/openzeppelin-contracts/pull/522\n if (a == 0) return (true, 0);\n uint256 c = a * b;\n if (c / a != b) return (false, 0);\n return (true, c);\n }\n\n /**\n * @dev Returns the division of two unsigned integers, with a division by zero flag.\n *\n * _Available since v3.4._\n */\n function tryDiv(uint256 a, uint256 b) internal pure returns (bool, uint256) {\n if (b == 0) return (false, 0);\n return (true, a / b);\n }\n\n /**\n * @dev Returns the remainder of dividing two unsigned integers, with a division by zero flag.\n *\n * _Available since v3.4._\n */\n function tryMod(uint256 a, uint256 b) internal pure returns (bool, uint256) {\n if (b == 0) return (false, 0);\n return (true, a % b);\n }\n\n /**\n * @dev Returns the addition of two unsigned integers, reverting on\n * overflow.\n *\n * Counterpart to Solidity's `+` operator.\n *\n * Requirements:\n *\n * - Addition cannot overflow.\n */\n function add(uint256 a, uint256 b) internal pure returns (uint256) {\n uint256 c = a + b;\n require(c \u003e= a, \"SafeMath: addition overflow\");\n return c;\n }\n\n /**\n * @dev Returns the subtraction of two unsigned integers, reverting on\n * overflow (when the result is negative).\n *\n * Counterpart to Solidity's `-` operator.\n *\n * Requirements:\n *\n * - Subtraction cannot overflow.\n */\n function sub(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b \u003c= a, \"SafeMath: subtraction overflow\");\n return a - b;\n }\n\n /**\n * @dev Returns the multiplication of two unsigned integers, reverting on\n * overflow.\n *\n * Counterpart to Solidity's `*` operator.\n *\n * Requirements:\n *\n * - Multiplication cannot overflow.\n */\n function mul(uint256 a, uint256 b) internal pure returns (uint256) {\n if (a == 0) return 0;\n uint256 c = a * b;\n require(c / a == b, \"SafeMath: multiplication overflow\");\n return c;\n }\n\n /**\n * @dev Returns the integer division of two unsigned integers, reverting on\n * division by zero. The result is rounded towards zero.\n *\n * Counterpart to Solidity's `/` operator. Note: this function uses a\n * `revert` opcode (which leaves remaining gas untouched) while Solidity\n * uses an invalid opcode to revert (consuming all remaining gas).\n *\n * Requirements:\n *\n * - The divisor cannot be zero.\n */\n function div(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b \u003e 0, \"SafeMath: division by zero\");\n return a / b;\n }\n\n /**\n * @dev Returns the remainder of dividing two unsigned integers. (unsigned integer modulo),\n * reverting when dividing by zero.\n *\n * Counterpart to Solidity's `%` operator. This function uses a `revert`\n * opcode (which leaves remaining gas untouched) while Solidity uses an\n * invalid opcode to revert (consuming all remaining gas).\n *\n * Requirements:\n *\n * - The divisor cannot be zero.\n */\n function mod(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b \u003e 0, \"SafeMath: modulo by zero\");\n return a % b;\n }\n\n /**\n * @dev Returns the subtraction of two unsigned integers, reverting with custom message on\n * overflow (when the result is negative).\n *\n * CAUTION: This function is deprecated because it requires allocating memory for the error\n * message unnecessarily. For custom revert reasons use {trySub}.\n *\n * Counterpart to Solidity's `-` operator.\n *\n * Requirements:\n *\n * - Subtraction cannot overflow.\n */\n function sub(uint256 a, uint256 b, string memory errorMessage) internal pure returns (uint256) {\n require(b \u003c= a, errorMessage);\n return a - b;\n }\n\n /**\n * @dev Returns the integer division of two unsigned integers, reverting with custom message on\n * division by zero. The result is rounded towards zero.\n *\n * CAUTION: This function is deprecated because it requires allocating memory for the error\n * message unnecessarily. For custom revert reasons use {tryDiv}.\n *\n * Counterpart to Solidity's `/` operator. Note: this function uses a\n * `revert` opcode (which leaves remaining gas untouched) while Solidity\n * uses an invalid opcode to revert (consuming all remaining gas).\n *\n * Requirements:\n *\n * - The divisor cannot be zero.\n */\n function div(uint256 a, uint256 b, string memory errorMessage) internal pure returns (uint256) {\n require(b \u003e 0, errorMessage);\n return a / b;\n }\n\n /**\n * @dev Returns the remainder of dividing two unsigned integers. (unsigned integer modulo),\n * reverting with custom message when dividing by zero.\n *\n * CAUTION: This function is deprecated because it requires allocating memory for the error\n * message unnecessarily. For custom revert reasons use {tryMod}.\n *\n * Counterpart to Solidity's `%` operator. This function uses a `revert`\n * opcode (which leaves remaining gas untouched) while Solidity uses an\n * invalid opcode to revert (consuming all remaining gas).\n *\n * Requirements:\n *\n * - The divisor cannot be zero.\n */\n function mod(uint256 a, uint256 b, string memory errorMessage) internal pure returns (uint256) {\n require(b \u003e 0, errorMessage);\n return a % b;\n }\n}\n\n/**\n * @dev Collection of functions related to the address type\n */\nlibrary Address {\n /**\n * @dev Returns true if `account` is a contract.\n *\n * [IMPORTANT]\n * ====\n * It is unsafe to assume that an address for which this function returns\n * false is an externally-owned account (EOA) and not a contract.\n *\n * Among others, `isContract` will return false for the following\n * types of addresses:\n *\n * - an externally-owned account\n * - a contract in construction\n * - an address where a contract will be created\n * - an address where a contract lived, but was destroyed\n * ====\n */\n function isContract(address account) internal view returns (bool) {\n // This method relies on extcodesize, which returns 0 for contracts in\n // construction, since the code is only stored at the end of the\n // constructor execution.\n\n uint256 size;\n // solhint-disable-next-line no-inline-assembly\n assembly { size := extcodesize(account) }\n return size \u003e 0;\n }\n\n /**\n * @dev Replacement for Solidity's `transfer`: sends `amount` wei to\n * `recipient`, forwarding all available gas and reverting on errors.\n *\n * https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost\n * of certain opcodes, possibly making contracts go over the 2300 gas limit\n * imposed by `transfer`, making them unable to receive funds via\n * `transfer`. {sendValue} removes this limitation.\n *\n * https://diligence.consensys.net/posts/2019/09/stop-using-soliditys-transfer-now/[Learn more].\n *\n * IMPORTANT: because control is transferred to `recipient`, care must be\n * taken to not create reentrancy vulnerabilities. Consider using\n * {ReentrancyGuard} or the\n * https://solidity.readthedocs.io/en/v0.5.11/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern].\n */\n function sendValue(address payable recipient, uint256 amount) internal {\n require(address(this).balance \u003e= amount, \"Address: insufficient balance\");\n\n // solhint-disable-next-line avoid-low-level-calls, avoid-call-value\n (bool success, ) = recipient.call{ value: amount }(\"\");\n require(success, \"Address: unable to send value, recipient may have reverted\");\n }\n\n /**\n * @dev Performs a Solidity function call using a low level `call`. A\n * plain`call` is an unsafe replacement for a function call: use this\n * function instead.\n *\n * If `target` reverts with a revert reason, it is bubbled up by this\n * function (like regular Solidity function calls).\n *\n * Returns the raw returned data. To convert to the expected return value,\n * use https://solidity.readthedocs.io/en/latest/units-and-global-variables.html?highlight=abi.decode#abi-encoding-and-decoding-functions[`abi.decode`].\n *\n * Requirements:\n *\n * - `target` must be a contract.\n * - calling `target` with `data` must not revert.\n *\n * _Available since v3.1._\n */\n function functionCall(address target, bytes memory data) internal returns (bytes memory) {\n return functionCall(target, data, \"Address: low-level call failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], but with\n * `errorMessage` as a fallback revert reason when `target` reverts.\n *\n * _Available since v3.1._\n */\n function functionCall(address target, bytes memory data, string memory errorMessage) internal returns (bytes memory) {\n return functionCallWithValue(target, data, 0, errorMessage);\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\n * but also transferring `value` wei to `target`.\n *\n * Requirements:\n *\n * - the calling contract must have an ETH balance of at least `value`.\n * - the called Solidity function must be `payable`.\n *\n * _Available since v3.1._\n */\n function functionCallWithValue(address target, bytes memory data, uint256 value) internal returns (bytes memory) {\n return functionCallWithValue(target, data, value, \"Address: low-level call with value failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCallWithValue-address-bytes-uint256-}[`functionCallWithValue`], but\n * with `errorMessage` as a fallback revert reason when `target` reverts.\n *\n * _Available since v3.1._\n */\n function functionCallWithValue(address target, bytes memory data, uint256 value, string memory errorMessage) internal returns (bytes memory) {\n require(address(this).balance \u003e= value, \"Address: insufficient balance for call\");\n require(isContract(target), \"Address: call to non-contract\");\n\n // solhint-disable-next-line avoid-low-level-calls\n (bool success, bytes memory returndata) = target.call{ value: value }(data);\n return _verifyCallResult(success, returndata, errorMessage);\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\n * but performing a static call.\n *\n * _Available since v3.3._\n */\n function functionStaticCall(address target, bytes memory data) internal view returns (bytes memory) {\n return functionStaticCall(target, data, \"Address: low-level static call failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],\n * but performing a static call.\n *\n * _Available since v3.3._\n */\n function functionStaticCall(address target, bytes memory data, string memory errorMessage) internal view returns (bytes memory) {\n require(isContract(target), \"Address: static call to non-contract\");\n\n // solhint-disable-next-line avoid-low-level-calls\n (bool success, bytes memory returndata) = target.staticcall(data);\n return _verifyCallResult(success, returndata, errorMessage);\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\n * but performing a delegate call.\n *\n * _Available since v3.4._\n */\n function functionDelegateCall(address target, bytes memory data) internal returns (bytes memory) {\n return functionDelegateCall(target, data, \"Address: low-level delegate call failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],\n * but performing a delegate call.\n *\n * _Available since v3.4._\n */\n function functionDelegateCall(address target, bytes memory data, string memory errorMessage) internal returns (bytes memory) {\n require(isContract(target), \"Address: delegate call to non-contract\");\n\n // solhint-disable-next-line avoid-low-level-calls\n (bool success, bytes memory returndata) = target.delegatecall(data);\n return _verifyCallResult(success, returndata, errorMessage);\n }\n\n function _verifyCallResult(bool success, bytes memory returndata, string memory errorMessage) private pure returns(bytes memory) {\n if (success) {\n return returndata;\n } else {\n // Look for revert reason and bubble it up if present\n if (returndata.length \u003e 0) {\n // The easiest way to bubble the revert reason is using memory via assembly\n\n // solhint-disable-next-line no-inline-assembly\n assembly {\n let returndata_size := mload(returndata)\n revert(add(32, returndata), returndata_size)\n }\n } else {\n revert(errorMessage);\n }\n }\n }\n}\n\n/**\n * @title SafeERC20\n * @dev Wrappers around ERC20 operations that throw on failure (when the token\n * contract returns false). Tokens that return no value (and instead revert or\n * throw on failure) are also supported, non-reverting calls are assumed to be\n * successful.\n * To use this library you can add a `using SafeERC20 for IERC20;` statement to your contract,\n * which allows you to call the safe operations as `token.safeTransfer(...)`, etc.\n */\nlibrary SafeERC20 {\n using SafeMath for uint256;\n using Address for address;\n\n function safeTransfer(IERC20 token, address to, uint256 value) internal {\n _callOptionalReturn(token, abi.encodeWithSelector(token.transfer.selector, to, value));\n }\n\n function safeTransferFrom(IERC20 token, address from, address to, uint256 value) internal {\n _callOptionalReturn(token, abi.encodeWithSelector(token.transferFrom.selector, from, to, value));\n }\n\n /**\n * @dev Deprecated. This function has issues similar to the ones found in\n * {IERC20-approve}, and its usage is discouraged.\n *\n * Whenever possible, use {safeIncreaseAllowance} and\n * {safeDecreaseAllowance} instead.\n */\n function safeApprove(IERC20 token, address spender, uint256 value) internal {\n // safeApprove should only be called when setting an initial allowance,\n // or when resetting it to zero. To increase and decrease it, use\n // 'safeIncreaseAllowance' and 'safeDecreaseAllowance'\n // solhint-disable-next-line max-line-length\n require((value == 0) || (token.allowance(address(this), spender) == 0),\n \"SafeERC20: approve from non-zero to non-zero allowance\"\n );\n _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, value));\n }\n\n function safeIncreaseAllowance(IERC20 token, address spender, uint256 value) internal {\n uint256 newAllowance = token.allowance(address(this), spender).add(value);\n _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, newAllowance));\n }\n\n function safeDecreaseAllowance(IERC20 token, address spender, uint256 value) internal {\n uint256 newAllowance = token.allowance(address(this), spender).sub(value, \"SafeERC20: decreased allowance below zero\");\n _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, newAllowance));\n }\n\n /**\n * @dev Imitates a Solidity high-level call (i.e. a regular function call to a contract), relaxing the requirement\n * on the return value: the return value is optional (but if data is returned, it must not be false).\n * @param token The token targeted by the call.\n * @param data The call data (encoded using abi.encode or one of its variants).\n */\n function _callOptionalReturn(IERC20 token, bytes memory data) private {\n // We need to perform a low level call here, to bypass Solidity's return data size checking mechanism, since\n // we're implementing it ourselves. We use {Address.functionCall} to perform this call, which verifies that\n // the target address contains contract code and also asserts for success in the low-level call.\n\n bytes memory returndata = address(token).functionCall(data, \"SafeERC20: low-level call failed\");\n if (returndata.length \u003e 0) { // Return data is optional\n // solhint-disable-next-line max-line-length\n require(abi.decode(returndata, (bool)), \"SafeERC20: ERC20 operation did not succeed\");\n }\n }\n}\n\n/**\n * @notice Base contract which allows children to rescue ERC20 locked in their contract.\n * @dev Forked from https://github.com/centrehq/centre-tokens/blob/0d3cab14ebd133a83fc834dbd48d0468bdf0b391/contracts/v1.1/Rescuable.sol\n * Modifications:\n * 1. Update Solidity version from 0.6.12 to 0.7.6 (8/23/2022)\n */\ncontract Rescuable is Ownable2Step {\n using SafeERC20 for IERC20;\n\n address private _rescuer;\n\n event RescuerChanged(address indexed newRescuer);\n\n /**\n * @notice Returns current rescuer\n * @return Rescuer's address\n */\n function rescuer() external view returns (address) {\n return _rescuer;\n }\n\n /**\n * @notice Revert if called by any account other than the rescuer.\n */\n modifier onlyRescuer() {\n require(msg.sender == _rescuer, \"Rescuable: caller is not the rescuer\");\n _;\n }\n\n /**\n * @notice Rescue ERC20 tokens locked up in this contract.\n * @param tokenContract ERC20 token contract address\n * @param to Recipient address\n * @param amount Amount to withdraw\n */\n function rescueERC20(\n IERC20 tokenContract,\n address to,\n uint256 amount\n ) external onlyRescuer {\n tokenContract.safeTransfer(to, amount);\n }\n\n /**\n * @notice Assign the rescuer role to a given address.\n * @param newRescuer New rescuer's address\n */\n function updateRescuer(address newRescuer) external onlyOwner {\n require(\n newRescuer != address(0),\n \"Rescuable: new rescuer is the zero address\"\n );\n _rescuer = newRescuer;\n emit RescuerChanged(newRescuer);\n }\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * @dev Library for managing\n * https://en.wikipedia.org/wiki/Set_(abstract_data_type)[sets] of primitive\n * types.\n *\n * Sets have the following properties:\n *\n * - Elements are added, removed, and checked for existence in constant time\n * (O(1)).\n * - Elements are enumerated in O(n). No guarantees are made on the ordering.\n *\n * ```\n * contract Example {\n * // Add the library methods\n * using EnumerableSet for EnumerableSet.AddressSet;\n *\n * // Declare a set state variable\n * EnumerableSet.AddressSet private mySet;\n * }\n * ```\n *\n * As of v3.3.0, sets of type `bytes32` (`Bytes32Set`), `address` (`AddressSet`)\n * and `uint256` (`UintSet`) are supported.\n */\nlibrary EnumerableSet {\n // To implement this library for multiple types with as little code\n // repetition as possible, we write it in terms of a generic Set type with\n // bytes32 values.\n // The Set implementation uses private functions, and user-facing\n // implementations (such as AddressSet) are just wrappers around the\n // underlying Set.\n // This means that we can only create new EnumerableSets for types that fit\n // in bytes32.\n\n struct Set {\n // Storage of set values\n bytes32[] _values;\n\n // Position of the value in the `values` array, plus 1 because index 0\n // means a value is not in the set.\n mapping (bytes32 =\u003e uint256) _indexes;\n }\n\n /**\n * @dev Add a value to a set. O(1).\n *\n * Returns true if the value was added to the set, that is if it was not\n * already present.\n */\n function _add(Set storage set, bytes32 value) private returns (bool) {\n if (!_contains(set, value)) {\n set._values.push(value);\n // The value is stored at length-1, but we add 1 to all indexes\n // and use 0 as a sentinel value\n set._indexes[value] = set._values.length;\n return true;\n } else {\n return false;\n }\n }\n\n /**\n * @dev Removes a value from a set. O(1).\n *\n * Returns true if the value was removed from the set, that is if it was\n * present.\n */\n function _remove(Set storage set, bytes32 value) private returns (bool) {\n // We read and store the value's index to prevent multiple reads from the same storage slot\n uint256 valueIndex = set._indexes[value];\n\n if (valueIndex != 0) { // Equivalent to contains(set, value)\n // To delete an element from the _values array in O(1), we swap the element to delete with the last one in\n // the array, and then remove the last element (sometimes called as 'swap and pop').\n // This modifies the order of the array, as noted in {at}.\n\n uint256 toDeleteIndex = valueIndex - 1;\n uint256 lastIndex = set._values.length - 1;\n\n // When the value to delete is the last one, the swap operation is unnecessary. However, since this occurs\n // so rarely, we still do the swap anyway to avoid the gas cost of adding an 'if' statement.\n\n bytes32 lastvalue = set._values[lastIndex];\n\n // Move the last value to the index where the value to delete is\n set._values[toDeleteIndex] = lastvalue;\n // Update the index for the moved value\n set._indexes[lastvalue] = toDeleteIndex + 1; // All indexes are 1-based\n\n // Delete the slot where the moved value was stored\n set._values.pop();\n\n // Delete the index for the deleted slot\n delete set._indexes[value];\n\n return true;\n } else {\n return false;\n }\n }\n\n /**\n * @dev Returns true if the value is in the set. O(1).\n */\n function _contains(Set storage set, bytes32 value) private view returns (bool) {\n return set._indexes[value] != 0;\n }\n\n /**\n * @dev Returns the number of values on the set. O(1).\n */\n function _length(Set storage set) private view returns (uint256) {\n return set._values.length;\n }\n\n /**\n * @dev Returns the value stored at position `index` in the set. O(1).\n *\n * Note that there are no guarantees on the ordering of values inside the\n * array, and it may change when more values are added or removed.\n *\n * Requirements:\n *\n * - `index` must be strictly less than {length}.\n */\n function _at(Set storage set, uint256 index) private view returns (bytes32) {\n require(set._values.length \u003e index, \"EnumerableSet: index out of bounds\");\n return set._values[index];\n }\n\n // Bytes32Set\n\n struct Bytes32Set {\n Set _inner;\n }\n\n /**\n * @dev Add a value to a set. O(1).\n *\n * Returns true if the value was added to the set, that is if it was not\n * already present.\n */\n function add(Bytes32Set storage set, bytes32 value) internal returns (bool) {\n return _add(set._inner, value);\n }\n\n /**\n * @dev Removes a value from a set. O(1).\n *\n * Returns true if the value was removed from the set, that is if it was\n * present.\n */\n function remove(Bytes32Set storage set, bytes32 value) internal returns (bool) {\n return _remove(set._inner, value);\n }\n\n /**\n * @dev Returns true if the value is in the set. O(1).\n */\n function contains(Bytes32Set storage set, bytes32 value) internal view returns (bool) {\n return _contains(set._inner, value);\n }\n\n /**\n * @dev Returns the number of values in the set. O(1).\n */\n function length(Bytes32Set storage set) internal view returns (uint256) {\n return _length(set._inner);\n }\n\n /**\n * @dev Returns the value stored at position `index` in the set. O(1).\n *\n * Note that there are no guarantees on the ordering of values inside the\n * array, and it may change when more values are added or removed.\n *\n * Requirements:\n *\n * - `index` must be strictly less than {length}.\n */\n function at(Bytes32Set storage set, uint256 index) internal view returns (bytes32) {\n return _at(set._inner, index);\n }\n\n // AddressSet\n\n struct AddressSet {\n Set _inner;\n }\n\n /**\n * @dev Add a value to a set. O(1).\n *\n * Returns true if the value was added to the set, that is if it was not\n * already present.\n */\n function add(AddressSet storage set, address value) internal returns (bool) {\n return _add(set._inner, bytes32(uint256(uint160(value))));\n }\n\n /**\n * @dev Removes a value from a set. O(1).\n *\n * Returns true if the value was removed from the set, that is if it was\n * present.\n */\n function remove(AddressSet storage set, address value) internal returns (bool) {\n return _remove(set._inner, bytes32(uint256(uint160(value))));\n }\n\n /**\n * @dev Returns true if the value is in the set. O(1).\n */\n function contains(AddressSet storage set, address value) internal view returns (bool) {\n return _contains(set._inner, bytes32(uint256(uint160(value))));\n }\n\n /**\n * @dev Returns the number of values in the set. O(1).\n */\n function length(AddressSet storage set) internal view returns (uint256) {\n return _length(set._inner);\n }\n\n /**\n * @dev Returns the value stored at position `index` in the set. O(1).\n *\n * Note that there are no guarantees on the ordering of values inside the\n * array, and it may change when more values are added or removed.\n *\n * Requirements:\n *\n * - `index` must be strictly less than {length}.\n */\n function at(AddressSet storage set, uint256 index) internal view returns (address) {\n return address(uint160(uint256(_at(set._inner, index))));\n }\n\n // UintSet\n\n struct UintSet {\n Set _inner;\n }\n\n /**\n * @dev Add a value to a set. O(1).\n *\n * Returns true if the value was added to the set, that is if it was not\n * already present.\n */\n function add(UintSet storage set, uint256 value) internal returns (bool) {\n return _add(set._inner, bytes32(value));\n }\n\n /**\n * @dev Removes a value from a set. O(1).\n *\n * Returns true if the value was removed from the set, that is if it was\n * present.\n */\n function remove(UintSet storage set, uint256 value) internal returns (bool) {\n return _remove(set._inner, bytes32(value));\n }\n\n /**\n * @dev Returns true if the value is in the set. O(1).\n */\n function contains(UintSet storage set, uint256 value) internal view returns (bool) {\n return _contains(set._inner, bytes32(value));\n }\n\n /**\n * @dev Returns the number of values on the set. O(1).\n */\n function length(UintSet storage set) internal view returns (uint256) {\n return _length(set._inner);\n }\n\n /**\n * @dev Returns the value stored at position `index` in the set. O(1).\n *\n * Note that there are no guarantees on the ordering of values inside the\n * array, and it may change when more values are added or removed.\n *\n * Requirements:\n *\n * - `index` must be strictly less than {length}.\n */\n function at(UintSet storage set, uint256 index) internal view returns (uint256) {\n return uint256(_at(set._inner, index));\n }\n}\n\n/**\n * @dev Elliptic Curve Digital Signature Algorithm (ECDSA) operations.\n *\n * These functions can be used to verify that a message was signed by the holder\n * of the private keys of a given address.\n */\nlibrary ECDSA {\n /**\n * @dev Returns the address that signed a hashed message (`hash`) with\n * `signature`. This address can then be used for verification purposes.\n *\n * The `ecrecover` EVM opcode allows for malleable (non-unique) signatures:\n * this function rejects them by requiring the `s` value to be in the lower\n * half order, and the `v` value to be either 27 or 28.\n *\n * IMPORTANT: `hash` _must_ be the result of a hash operation for the\n * verification to be secure: it is possible to craft signatures that\n * recover to arbitrary addresses for non-hashed data. A safe way to ensure\n * this is by receiving a hash of the original message (which may otherwise\n * be too long), and then calling {toEthSignedMessageHash} on it.\n */\n function recover(bytes32 hash, bytes memory signature) internal pure returns (address) {\n // Check the signature length\n if (signature.length != 65) {\n revert(\"ECDSA: invalid signature length\");\n }\n\n // Divide the signature in r, s and v variables\n bytes32 r;\n bytes32 s;\n uint8 v;\n\n // ecrecover takes the signature parameters, and the only way to get them\n // currently is to use assembly.\n // solhint-disable-next-line no-inline-assembly\n assembly {\n r := mload(add(signature, 0x20))\n s := mload(add(signature, 0x40))\n v := byte(0, mload(add(signature, 0x60)))\n }\n\n return recover(hash, v, r, s);\n }\n\n /**\n * @dev Overload of {ECDSA-recover-bytes32-bytes-} that receives the `v`,\n * `r` and `s` signature fields separately.\n */\n function recover(bytes32 hash, uint8 v, bytes32 r, bytes32 s) internal pure returns (address) {\n // EIP-2 still allows signature malleability for ecrecover(). Remove this possibility and make the signature\n // unique. Appendix F in the Ethereum Yellow paper (https://ethereum.github.io/yellowpaper/paper.pdf), defines\n // the valid range for s in (281): 0 \u003c s \u003c secp256k1n ÷ 2 + 1, and for v in (282): v ∈ {27, 28}. Most\n // signatures from current libraries generate a unique signature with an s-value in the lower half order.\n //\n // If your library generates malleable signatures, such as s-values in the upper range, calculate a new s-value\n // with 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141 - s1 and flip v from 27 to 28 or\n // vice versa. If your library also generates signatures with 0/1 for v instead 27/28, add 27 to v to accept\n // these malleable signatures as well.\n require(uint256(s) \u003c= 0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0, \"ECDSA: invalid signature 's' value\");\n require(v == 27 || v == 28, \"ECDSA: invalid signature 'v' value\");\n\n // If the signature is valid (and not malleable), return the signer address\n address signer = ecrecover(hash, v, r, s);\n require(signer != address(0), \"ECDSA: invalid signature\");\n\n return signer;\n }\n\n /**\n * @dev Returns an Ethereum Signed Message, created from a `hash`. This\n * replicates the behavior of the\n * https://github.com/ethereum/wiki/wiki/JSON-RPC#eth_sign[`eth_sign`]\n * JSON-RPC method.\n *\n * See {recover}.\n */\n function toEthSignedMessageHash(bytes32 hash) internal pure returns (bytes32) {\n // 32 is the length in bytes of hash,\n // enforced by the type signature above\n return keccak256(abi.encodePacked(\"\\x19Ethereum Signed Message:\\n32\", hash));\n }\n}\n\ncontract Attestable is Ownable2Step {\n // ============ Events ============\n /**\n * @notice Emitted when an attester is enabled\n * @param attester newly enabled attester\n */\n event AttesterEnabled(address indexed attester);\n\n /**\n * @notice Emitted when an attester is disabled\n * @param attester newly disabled attester\n */\n event AttesterDisabled(address indexed attester);\n\n /**\n * @notice Emitted when threshold number of attestations (m in m/n multisig) is updated\n * @param oldSignatureThreshold old signature threshold\n * @param newSignatureThreshold new signature threshold\n */\n event SignatureThresholdUpdated(\n uint256 oldSignatureThreshold,\n uint256 newSignatureThreshold\n );\n\n /**\n * @dev Emitted when attester manager address is updated\n * @param previousAttesterManager representing the address of the previous attester manager\n * @param newAttesterManager representing the address of the new attester manager\n */\n event AttesterManagerUpdated(\n address indexed previousAttesterManager,\n address indexed newAttesterManager\n );\n\n // ============ Libraries ============\n using EnumerableSet for EnumerableSet.AddressSet;\n\n // ============ State Variables ============\n // number of signatures from distinct attesters required for a message to be received (m in m/n multisig)\n uint256 public signatureThreshold;\n\n // 65-byte ECDSA signature: v (32) + r (32) + s (1)\n uint256 internal constant signatureLength = 65;\n\n // enabled attesters (message signers)\n // (length of enabledAttesters is n in m/n multisig of message signers)\n EnumerableSet.AddressSet private enabledAttesters;\n\n // Attester Manager of the contract\n address private _attesterManager;\n\n // ============ Modifiers ============\n /**\n * @dev Throws if called by any account other than the attester manager.\n */\n modifier onlyAttesterManager() {\n require(msg.sender == _attesterManager, \"Caller not attester manager\");\n _;\n }\n\n // ============ Constructor ============\n /**\n * @dev The constructor sets the original attester manager of the contract to the sender account.\n * @param attester attester to initialize\n */\n constructor(address attester) {\n _setAttesterManager(msg.sender);\n // Initially 1 signature is required. Threshold can be increased by attesterManager.\n signatureThreshold = 1;\n enableAttester(attester);\n }\n\n // ============ Public/External Functions ============\n /**\n * @notice Enables an attester\n * @dev Only callable by attesterManager. New attester must be nonzero, and currently disabled.\n * @param newAttester attester to enable\n */\n function enableAttester(address newAttester) public onlyAttesterManager {\n require(newAttester != address(0), \"New attester must be nonzero\");\n require(enabledAttesters.add(newAttester), \"Attester already enabled\");\n emit AttesterEnabled(newAttester);\n }\n\n /**\n * @notice returns true if given `attester` is enabled, else false\n * @param attester attester to check enabled status of\n * @return true if given `attester` is enabled, else false\n */\n function isEnabledAttester(address attester) public view returns (bool) {\n return enabledAttesters.contains(attester);\n }\n\n /**\n * @notice returns the number of enabled attesters\n * @return number of enabled attesters\n */\n function getNumEnabledAttesters() public view returns (uint256) {\n return enabledAttesters.length();\n }\n\n /**\n * @dev Allows the current attester manager to transfer control of the contract to a newAttesterManager.\n * @param newAttesterManager The address to update attester manager to.\n */\n function updateAttesterManager(address newAttesterManager)\n external\n onlyOwner\n {\n require(\n newAttesterManager != address(0),\n \"Invalid attester manager address\"\n );\n address _oldAttesterManager = _attesterManager;\n _setAttesterManager(newAttesterManager);\n emit AttesterManagerUpdated(_oldAttesterManager, newAttesterManager);\n }\n\n /**\n * @notice Disables an attester\n * @dev Only callable by attesterManager. Disabling the attester is not allowed if there is only one attester\n * enabled, or if it would cause the number of enabled attesters to become less than signatureThreshold.\n * (Attester must be currently enabled.)\n * @param attester attester to disable\n */\n function disableAttester(address attester) external onlyAttesterManager {\n // Disallow disabling attester if there is only 1 active attester\n uint256 _numEnabledAttesters = getNumEnabledAttesters();\n\n require(_numEnabledAttesters \u003e 1, \"Too few enabled attesters\");\n\n // Disallow disabling an attester if it would cause the n in m/n multisig to fall below m (threshold # of signers).\n require(\n _numEnabledAttesters \u003e signatureThreshold,\n \"Signature threshold is too low\"\n );\n\n require(enabledAttesters.remove(attester), \"Attester already disabled\");\n emit AttesterDisabled(attester);\n }\n\n /**\n * @notice Sets the threshold of signatures required to attest to a message.\n * (This is the m in m/n multisig.)\n * @dev new signature threshold must be nonzero, and must not exceed number\n * of enabled attesters.\n * @param newSignatureThreshold new signature threshold\n */\n function setSignatureThreshold(uint256 newSignatureThreshold)\n external\n onlyAttesterManager\n {\n require(newSignatureThreshold != 0, \"Invalid signature threshold\");\n\n // New signature threshold cannot exceed the number of enabled attesters\n require(\n newSignatureThreshold \u003c= enabledAttesters.length(),\n \"New signature threshold too high\"\n );\n\n require(\n newSignatureThreshold != signatureThreshold,\n \"Signature threshold already set\"\n );\n\n uint256 _oldSignatureThreshold = signatureThreshold;\n signatureThreshold = newSignatureThreshold;\n emit SignatureThresholdUpdated(\n _oldSignatureThreshold,\n signatureThreshold\n );\n }\n\n /**\n * @dev Returns the address of the attester manager\n * @return address of the attester manager\n */\n function attesterManager() external view returns (address) {\n return _attesterManager;\n }\n\n /**\n * @notice gets enabled attester at given `index`\n * @param index index of attester to check\n * @return enabled attester at given `index`\n */\n function getEnabledAttester(uint256 index) external view returns (address) {\n return enabledAttesters.at(index);\n }\n\n // ============ Internal Utils ============\n /**\n * @dev Sets a new attester manager address\n * @param _newAttesterManager attester manager address to set\n */\n function _setAttesterManager(address _newAttesterManager) internal {\n _attesterManager = _newAttesterManager;\n }\n\n /**\n * @notice reverts if the attestation, which is comprised of one or more concatenated 65-byte signatures, is invalid.\n * @dev Rules for valid attestation:\n * 1. length of `_attestation` == 65 (signature length) * signatureThreshold\n * 2. addresses recovered from attestation must be in increasing order.\n * For example, if signature A is signed by address 0x1..., and signature B\n * is signed by address 0x2..., attestation must be passed as AB.\n * 3. no duplicate signers\n * 4. all signers must be enabled attesters\n *\n * Based on Christian Lundkvist's Simple Multisig\n * (https://github.com/christianlundkvist/simple-multisig/tree/560c463c8651e0a4da331bd8f245ccd2a48ab63d)\n * @param _message message to verify attestation of\n * @param _attestation attestation of `_message`\n */\n function _verifyAttestationSignatures(\n bytes calldata _message,\n bytes calldata _attestation\n ) internal view {\n require(\n _attestation.length == signatureLength * signatureThreshold,\n \"Invalid attestation length\"\n );\n\n // (Attesters cannot be address(0))\n address _latestAttesterAddress = address(0);\n // Address recovered from signatures must be in increasing order, to prevent duplicates\n\n bytes32 _digest = keccak256(_message);\n\n for (uint256 i; i \u003c signatureThreshold; ++i) {\n bytes memory _signature = _attestation[i * signatureLength:i *\n signatureLength +\n signatureLength];\n\n address _recoveredAttester = _recoverAttesterSignature(\n _digest,\n _signature\n );\n\n // Signatures must be in increasing order of address, and may not duplicate signatures from same address\n require(\n _recoveredAttester \u003e _latestAttesterAddress,\n \"Invalid signature order or dupe\"\n );\n require(\n isEnabledAttester(_recoveredAttester),\n \"Invalid signature: not attester\"\n );\n _latestAttesterAddress = _recoveredAttester;\n }\n }\n\n /**\n * @notice Checks that signature was signed by attester\n * @param _digest message hash\n * @param _signature message signature\n * @return address of recovered signer\n **/\n function _recoverAttesterSignature(bytes32 _digest, bytes memory _signature)\n internal\n pure\n returns (address)\n {\n return (ECDSA.recover(_digest, _signature));\n }\n}\n\n/**\n * @title MessageTransmitter\n * @notice Contract responsible for sending and receiving messages across chains.\n */\ncontract MessageTransmitter is\n IMessageTransmitter,\n Pausable,\n Rescuable,\n Attestable\n{\n // ============ Events ============\n /**\n * @notice Emitted when a new message is dispatched\n * @param message Raw bytes of message\n */\n event MessageSent(bytes message);\n\n /**\n * @notice Emitted when a new message is received\n * @param caller Caller (msg.sender) on destination domain\n * @param sourceDomain The source domain this message originated from\n * @param nonce The nonce unique to this message\n * @param sender The sender of this message\n * @param messageBody message body bytes\n */\n event MessageReceived(\n address indexed caller,\n uint32 sourceDomain,\n uint64 indexed nonce,\n bytes32 sender,\n bytes messageBody\n );\n\n /**\n * @notice Emitted when max message body size is updated\n * @param newMaxMessageBodySize new maximum message body size, in bytes\n */\n event MaxMessageBodySizeUpdated(uint256 newMaxMessageBodySize);\n\n // ============ Libraries ============\n using TypedMemView for bytes;\n using TypedMemView for bytes29;\n using Message for bytes29;\n\n // ============ State Variables ============\n // Domain of chain on which the contract is deployed\n uint32 public immutable localDomain;\n\n // Message Format version\n uint32 public immutable version;\n\n // Maximum size of message body, in bytes.\n // This value is set by owner.\n uint256 public maxMessageBodySize;\n\n // Next available nonce from this source domain\n uint64 public nextAvailableNonce;\n\n // Maps a bytes32 hash of (sourceDomain, nonce) -\u003e uint256 (0 if unused, 1 if used)\n mapping(bytes32 =\u003e uint256) public usedNonces;\n\n // ============ Constructor ============\n constructor(\n uint32 _localDomain,\n address _attester,\n uint32 _maxMessageBodySize,\n uint32 _version\n ) Attestable(_attester) {\n localDomain = _localDomain;\n maxMessageBodySize = _maxMessageBodySize;\n version = _version;\n }\n\n // ============ External Functions ============\n /**\n * @notice Send the message to the destination domain and recipient\n * @dev Increment nonce, format the message, and emit `MessageSent` event with message information.\n * @param destinationDomain Domain of destination chain\n * @param recipient Address of message recipient on destination chain as bytes32\n * @param messageBody Raw bytes content of message\n * @return nonce reserved by message\n */\n function sendMessage(\n uint32 destinationDomain,\n bytes32 recipient,\n bytes calldata messageBody\n ) external override whenNotPaused returns (uint64) {\n bytes32 _emptyDestinationCaller = bytes32(0);\n uint64 _nonce = _reserveAndIncrementNonce();\n bytes32 _messageSender = Message.addressToBytes32(msg.sender);\n\n _sendMessage(\n destinationDomain,\n recipient,\n _emptyDestinationCaller,\n _messageSender,\n _nonce,\n messageBody\n );\n\n return _nonce;\n }\n\n /**\n * @notice Replace a message with a new message body and/or destination caller.\n * @dev The `originalAttestation` must be a valid attestation of `originalMessage`.\n * Reverts if msg.sender does not match sender of original message, or if the source domain of the original message\n * does not match this MessageTransmitter's local domain.\n * @param originalMessage original message to replace\n * @param originalAttestation attestation of `originalMessage`\n * @param newMessageBody new message body of replaced message\n * @param newDestinationCaller the new destination caller, which may be the\n * same as the original destination caller, a new destination caller, or an empty\n * destination caller (bytes32(0), indicating that any destination caller is valid.)\n */\n function replaceMessage(\n bytes calldata originalMessage,\n bytes calldata originalAttestation,\n bytes calldata newMessageBody,\n bytes32 newDestinationCaller\n ) external override whenNotPaused {\n // Validate each signature in the attestation\n _verifyAttestationSignatures(originalMessage, originalAttestation);\n\n bytes29 _originalMsg = originalMessage.ref(0);\n\n // Validate message format\n _originalMsg._validateMessageFormat();\n\n // Validate message sender\n bytes32 _sender = _originalMsg._sender();\n require(\n msg.sender == Message.bytes32ToAddress(_sender),\n \"Sender not permitted to use nonce\"\n );\n\n // Validate source domain\n uint32 _sourceDomain = _originalMsg._sourceDomain();\n require(\n _sourceDomain == localDomain,\n \"Message not originally sent from this domain\"\n );\n\n uint32 _destinationDomain = _originalMsg._destinationDomain();\n bytes32 _recipient = _originalMsg._recipient();\n uint64 _nonce = _originalMsg._nonce();\n\n _sendMessage(\n _destinationDomain,\n _recipient,\n newDestinationCaller,\n _sender,\n _nonce,\n newMessageBody\n );\n }\n\n /**\n * @notice Send the message to the destination domain and recipient, for a specified `destinationCaller` on the\n * destination domain.\n * @dev Increment nonce, format the message, and emit `MessageSent` event with message information.\n * WARNING: if the `destinationCaller` does not represent a valid address, then it will not be possible\n * to broadcast the message on the destination domain. This is an advanced feature, and the standard\n * sendMessage() should be preferred for use cases where a specific destination caller is not required.\n * @param destinationDomain Domain of destination chain\n * @param recipient Address of message recipient on destination domain as bytes32\n * @param destinationCaller caller on the destination domain, as bytes32\n * @param messageBody Raw bytes content of message\n * @return nonce reserved by message\n */\n function sendMessageWithCaller(\n uint32 destinationDomain,\n bytes32 recipient,\n bytes32 destinationCaller,\n bytes calldata messageBody\n ) external override whenNotPaused returns (uint64) {\n require(\n destinationCaller != bytes32(0),\n \"Destination caller must be nonzero\"\n );\n\n uint64 _nonce = _reserveAndIncrementNonce();\n bytes32 _messageSender = Message.addressToBytes32(msg.sender);\n\n _sendMessage(\n destinationDomain,\n recipient,\n destinationCaller,\n _messageSender,\n _nonce,\n messageBody\n );\n\n return _nonce;\n }\n\n /**\n * @notice Receive a message. Messages with a given nonce\n * can only be broadcast once for a (sourceDomain, destinationDomain)\n * pair. The message body of a valid message is passed to the\n * specified recipient for further processing.\n *\n * @dev Attestation format:\n * A valid attestation is the concatenated 65-byte signature(s) of exactly\n * `thresholdSignature` signatures, in increasing order of attester address.\n * ***If the attester addresses recovered from signatures are not in\n * increasing order, signature verification will fail.***\n * If incorrect number of signatures or duplicate signatures are supplied,\n * signature verification will fail.\n *\n * Message format:\n * Field Bytes Type Index\n * version 4 uint32 0\n * sourceDomain 4 uint32 4\n * destinationDomain 4 uint32 8\n * nonce 8 uint64 12\n * sender 32 bytes32 20\n * recipient 32 bytes32 52\n * messageBody dynamic bytes 84\n * @param message Message bytes\n * @param attestation Concatenated 65-byte signature(s) of `message`, in increasing order\n * of the attester address recovered from signatures.\n * @return success bool, true if successful\n */\n function receiveMessage(bytes calldata message, bytes calldata attestation)\n external\n override\n whenNotPaused\n returns (bool success)\n {\n // Validate each signature in the attestation\n _verifyAttestationSignatures(message, attestation);\n\n bytes29 _msg = message.ref(0);\n\n // Validate message format\n _msg._validateMessageFormat();\n\n // Validate domain\n require(\n _msg._destinationDomain() == localDomain,\n \"Invalid destination domain\"\n );\n\n // Validate destination caller\n if (_msg._destinationCaller() != bytes32(0)) {\n require(\n _msg._destinationCaller() ==\n Message.addressToBytes32(msg.sender),\n \"Invalid caller for message\"\n );\n }\n\n // Validate version\n require(_msg._version() == version, \"Invalid message version\");\n\n // Validate nonce is available\n uint32 _sourceDomain = _msg._sourceDomain();\n uint64 _nonce = _msg._nonce();\n bytes32 _sourceAndNonce = _hashSourceAndNonce(_sourceDomain, _nonce);\n require(usedNonces[_sourceAndNonce] == 0, \"Nonce already used\");\n // Mark nonce used\n usedNonces[_sourceAndNonce] = 1;\n\n // Handle receive message\n bytes32 _sender = _msg._sender();\n bytes memory _messageBody = _msg._messageBody().clone();\n require(\n IMessageHandler(Message.bytes32ToAddress(_msg._recipient()))\n .handleReceiveMessage(_sourceDomain, _sender, _messageBody),\n \"handleReceiveMessage() failed\"\n );\n\n // Emit MessageReceived event\n emit MessageReceived(\n msg.sender,\n _sourceDomain,\n _nonce,\n _sender,\n _messageBody\n );\n return true;\n }\n\n /**\n * @notice Sets the max message body size\n * @dev This value should not be reduced without good reason,\n * to avoid impacting users who rely on large messages.\n * @param newMaxMessageBodySize new max message body size, in bytes\n */\n function setMaxMessageBodySize(uint256 newMaxMessageBodySize)\n external\n onlyOwner\n {\n maxMessageBodySize = newMaxMessageBodySize;\n emit MaxMessageBodySizeUpdated(maxMessageBodySize);\n }\n\n // ============ Internal Utils ============\n /**\n * @notice Send the message to the destination domain and recipient. If `_destinationCaller` is not equal to bytes32(0),\n * the message can only be received on the destination chain when called by `_destinationCaller`.\n * @dev Format the message and emit `MessageSent` event with message information.\n * @param _destinationDomain Domain of destination chain\n * @param _recipient Address of message recipient on destination domain as bytes32\n * @param _destinationCaller caller on the destination domain, as bytes32\n * @param _sender message sender, as bytes32\n * @param _nonce nonce reserved for message\n * @param _messageBody Raw bytes content of message\n */\n function _sendMessage(\n uint32 _destinationDomain,\n bytes32 _recipient,\n bytes32 _destinationCaller,\n bytes32 _sender,\n uint64 _nonce,\n bytes calldata _messageBody\n ) internal {\n // Validate message body length\n require(\n _messageBody.length \u003c= maxMessageBodySize,\n \"Message body exceeds max size\"\n );\n\n require(_recipient != bytes32(0), \"Recipient must be nonzero\");\n\n // serialize message\n bytes memory _message = Message._formatMessage(\n version,\n localDomain,\n _destinationDomain,\n _nonce,\n _sender,\n _recipient,\n _destinationCaller,\n _messageBody\n );\n\n // Emit MessageSent event\n emit MessageSent(_message);\n }\n\n /**\n * @notice hashes `_source` and `_nonce`.\n * @param _source Domain of chain where the transfer originated\n * @param _nonce The unique identifier for the message from source to\n destination\n * @return hash of source and nonce\n */\n function _hashSourceAndNonce(uint32 _source, uint64 _nonce)\n internal\n pure\n returns (bytes32)\n {\n return keccak256(abi.encodePacked(_source, _nonce));\n }\n\n /**\n * Reserve and increment next available nonce\n * @return nonce reserved\n */\n function _reserveAndIncrementNonce() internal returns (uint64) {\n uint64 _nonceReserved = nextAvailableNonce;\n nextAvailableNonce = nextAvailableNonce + 1;\n return _nonceReserved;\n }\n}\n","language":"Solidity","languageVersion":"0.7.6","compilerVersion":"0.7.6","compilerOptions":"--combined-json bin,bin-runtime,srcmap,srcmap-runtime,abi,userdoc,devdoc,metadata,hashes --optimize --optimize-runs 10000 --allow-paths ., ./, ../","srcMap":"40892:4687:0:-:0;;;;;;;;;;;;;;;;;;;;;;;;;","srcMapRuntime":"40892:4687:0:-:0;;;;;;;;;;;;;;;;;;;;;;;;;;;;;45069:125;;;;;;;;;;;;;;;;-1:-1:-1;45069:125:0;;:::i;:::-;;;;;;;;;;;;;;;;;;;44588:127;;;;;;;;;;;;;;;;-1:-1:-1;44588:127:0;;;;:::i;:::-;;;;;;;;;;;;;;;;45069:125;45180:4;45069:125::o;44588:127::-;44685:22;;;44588:127::o","abiDefinition":[{"inputs":[{"internalType":"address","name":"addr","type":"address"}],"name":"addressToBytes32","outputs":[{"internalType":"bytes32","name":"","type":"bytes32"}],"stateMutability":"pure","type":"function"},{"inputs":[{"internalType":"bytes32","name":"_buf","type":"bytes32"}],"name":"bytes32ToAddress","outputs":[{"internalType":"address","name":"","type":"address"}],"stateMutability":"pure","type":"function"}],"userDoc":{"kind":"user","methods":{"addressToBytes32(address)":{"notice":"converts address to bytes32 (alignment preserving cast.)"},"bytes32ToAddress(bytes32)":{"notice":"converts bytes32 to address (alignment preserving cast.)"}},"notice":"Library for formatted messages used by Relayer and Receiver.","version":1},"developerDoc":{"details":"The message body is dynamically-sized to support custom message body formats. Other fields must be fixed-size to avoid hash collisions. Each other input value has an explicit type to guarantee fixed-size. Padding: uintNN fields are left-padded, and bytesNN fields are right-padded. Field Bytes Type Index version 4 uint32 0 sourceDomain 4 uint32 4 destinationDomain 4 uint32 8 nonce 8 uint64 12 sender 32 bytes32 20 recipient 32 bytes32 52 destinationCaller 32 bytes32 84 messageBody dynamic bytes 116*","kind":"dev","methods":{"addressToBytes32(address)":{"params":{"addr":"the address to convert to bytes32"}},"bytes32ToAddress(bytes32)":{"details":"Warning: it is possible to have different input values _buf map to the same address. For use cases where this is not acceptable, validate that the first 12 bytes of _buf are zero-padding.","params":{"_buf":"the bytes32 to convert to address"}}},"title":"Message Library","version":1},"metadata":"{\"compiler\":{\"version\":\"0.7.6+commit.7338295f\"},\"language\":\"Solidity\",\"output\":{\"abi\":[{\"inputs\":[{\"internalType\":\"address\",\"name\":\"addr\",\"type\":\"address\"}],\"name\":\"addressToBytes32\",\"outputs\":[{\"internalType\":\"bytes32\",\"name\":\"\",\"type\":\"bytes32\"}],\"stateMutability\":\"pure\",\"type\":\"function\"},{\"inputs\":[{\"internalType\":\"bytes32\",\"name\":\"_buf\",\"type\":\"bytes32\"}],\"name\":\"bytes32ToAddress\",\"outputs\":[{\"internalType\":\"address\",\"name\":\"\",\"type\":\"address\"}],\"stateMutability\":\"pure\",\"type\":\"function\"}],\"devdoc\":{\"details\":\"The message body is dynamically-sized to support custom message body formats. Other fields must be fixed-size to avoid hash collisions. Each other input value has an explicit type to guarantee fixed-size. Padding: uintNN fields are left-padded, and bytesNN fields are right-padded. Field Bytes Type Index version 4 uint32 0 sourceDomain 4 uint32 4 destinationDomain 4 uint32 8 nonce 8 uint64 12 sender 32 bytes32 20 recipient 32 bytes32 52 destinationCaller 32 bytes32 84 messageBody dynamic bytes 116*\",\"kind\":\"dev\",\"methods\":{\"addressToBytes32(address)\":{\"params\":{\"addr\":\"the address to convert to bytes32\"}},\"bytes32ToAddress(bytes32)\":{\"details\":\"Warning: it is possible to have different input values _buf map to the same address. For use cases where this is not acceptable, validate that the first 12 bytes of _buf are zero-padding.\",\"params\":{\"_buf\":\"the bytes32 to convert to address\"}}},\"title\":\"Message Library\",\"version\":1},\"userdoc\":{\"kind\":\"user\",\"methods\":{\"addressToBytes32(address)\":{\"notice\":\"converts address to bytes32 (alignment preserving cast.)\"},\"bytes32ToAddress(bytes32)\":{\"notice\":\"converts bytes32 to address (alignment preserving cast.)\"}},\"notice\":\"Library for formatted messages used by Relayer and Receiver.\",\"version\":1}},\"settings\":{\"compilationTarget\":{\"/solidity/MessageTransmitter.sol\":\"Message\"},\"evmVersion\":\"istanbul\",\"libraries\":{},\"metadata\":{\"bytecodeHash\":\"ipfs\"},\"optimizer\":{\"enabled\":true,\"runs\":10000},\"remappings\":[]},\"sources\":{\"/solidity/MessageTransmitter.sol\":{\"keccak256\":\"0x66482a7675b7a8f1b856597c0bcce83a042b7f528008def6999bc6ac352490c3\",\"urls\":[\"bzz-raw://1ac50e39d1d55ebb3768c40e3a059e0061a4b3604e6d696b344536449bf54493\",\"dweb:/ipfs/QmVs58APPUCVq74xCsVLCMdfB18yJTqFzgXNL5qEJu7GY6\"]}},\"version\":1}"},"hashes":{"addressToBytes32(address)":"82c947b7","bytes32ToAddress(bytes32)":"5ced058e"}},"/solidity/MessageTransmitter.sol:MessageTransmitter":{"code":"0x60c06040526002805460ff60a01b191690553480156200001e57600080fd5b5060405162003cb738038062003cb7833981810160405260808110156200004457600080fd5b508051602082015160408301516060909301519192909182620000706200006a620000bb565b620000bf565b6200007b33620000e9565b60016004556200008b816200010b565b506001600160e01b031960e094851b811660805263ffffffff9290921660085590921b90911660a0525062000342565b3390565b600180546001600160a01b0319169055620000e6816200026b602090811b62001dbb17901c565b50565b600780546001600160a01b0319166001600160a01b0392909216919091179055565b6007546001600160a01b031633146200016b576040805162461bcd60e51b815260206004820152601b60248201527f43616c6c6572206e6f74206174746573746572206d616e616765720000000000604482015290519081900360640190fd5b6001600160a01b038116620001c7576040805162461bcd60e51b815260206004820152601c60248201527f4e6577206174746573746572206d757374206265206e6f6e7a65726f00000000604482015290519081900360640190fd5b620001e2816005620002bb60201b62001e231790919060201c565b62000234576040805162461bcd60e51b815260206004820152601860248201527f417474657374657220616c726561647920656e61626c65640000000000000000604482015290519081900360640190fd5b6040516001600160a01b038216907f5b99bab45c72ce67e89466dbc47480b9c1fde1400e7268bbf463b8354ee4653f90600090a250565b600080546001600160a01b038381166001600160a01b0319831681178455604051919092169283917f8be0079c531659141344cd1fd0a4f28419497f9722a3daafe3b4186f6b6457e09190a35050565b6000620002d2836001600160a01b038416620002db565b90505b92915050565b6000620002e983836200032a565b6200032157508154600181810184556000848152602080822090930184905584548482528286019093526040902091909155620002d5565b506000620002d5565b60009081526001919091016020526040902054151590565b60805160e01c60a05160e01c6139326200038560003980610bac5280610efb5280611f33525080610d605280611481528061173d5280611f5452506139326000f3fe608060405234801561001057600080fd5b50600436106101e55760003560e01c80638da5cb5b1161010f578063bbde5374116100a2578063f2fde38b11610071578063f2fde38b1461067f578063f7259a75146106a5578063fae368791461072e578063feb6172414610754576101e5565b8063bbde537414610617578063beb673d814610634578063de7769d414610651578063e30c397814610677576101e5565b8063a82f2e26116100de578063a82f2e26146104bd578063af47b9bb146104c5578063b2118a8d146104cd578063b857b77414610503576101e5565b80638da5cb5b1461048857806392492c68146104905780639b0d94b7146104ad5780639fd0506d146104b5576101e5565b8063554bab3c116101875780637af82f60116101565780637af82f601461044a5780638371744e146104705780638456cb59146104785780638d3638f414610480576101e5565b8063554bab3c1461033e57806357ecfd28146103645780635c975abb1461043a57806379ba509714610442576101e5565b806338a63183116101c357806338a63183146102d75780633f4ba83a146102fb57806351079a531461030357806354fd4d501461031d576101e5565b80630ba469bc146101ea5780632ab60045146102895780632d025080146102b1575b600080fd5b61026c6004803603606081101561020057600080fd5b63ffffffff8235169160208101359181019060608101604082013564010000000081111561022d57600080fd5b82018360208201111561023f57600080fd5b8035906020019184600183028401116401000000008311171561026157600080fd5b509092509050610771565b6040805167ffffffffffffffff9092168252519081900360200190f35b6102af6004803603602081101561029f57600080fd5b50356001600160a01b0316610895565b005b6102af600480360360208110156102c757600080fd5b50356001600160a01b0316610944565b6102df610aee565b604080516001600160a01b039092168252519081900360200190f35b6102af610afd565b61030b610b99565b60408051918252519081900360200190f35b610325610baa565b6040805163ffffffff9092168252519081900360200190f35b6102af6004803603602081101561035457600080fd5b50356001600160a01b0316610bce565b6104266004803603604081101561037a57600080fd5b81019060208101813564010000000081111561039557600080fd5b8201836020820111156103a757600080fd5b803590602001918460018302840111640100000000831117156103c957600080fd5b9193909290916020810190356401000000008111156103e757600080fd5b8201836020820111156103f957600080fd5b8035906020019184600183028401116401000000008311171561041b57600080fd5b509092509050610c83565b604080519115158252519081900360200190f35b610426611317565b6102af611338565b6104266004803603602081101561046057600080fd5b50356001600160a01b03166113a7565b61026c6113bc565b6102af6113cc565b61032561147f565b6102df6114a3565b6102af600480360360208110156104a657600080fd5b50356114b2565b6102df6114f5565b6102df611504565b61030b611513565b61030b611519565b6102af600480360360608110156104e357600080fd5b506001600160a01b0381358116916020810135909116906040013561151f565b6102af6004803603608081101561051957600080fd5b81019060208101813564010000000081111561053457600080fd5b82018360208201111561054657600080fd5b8035906020019184600183028401116401000000008311171561056857600080fd5b91939092909160208101903564010000000081111561058657600080fd5b82018360208201111561059857600080fd5b803590602001918460018302840111640100000000831117156105ba57600080fd5b9193909290916020810190356401000000008111156105d857600080fd5b8201836020820111156105ea57600080fd5b8035906020019184600183028401116401000000008311171561060c57600080fd5b919350915035611581565b6102af6004803603602081101561062d57600080fd5b50356117fc565b6102df6004803603602081101561064a57600080fd5b50356119a9565b6102af6004803603602081101561066757600080fd5b50356001600160a01b03166119b6565b6102df611a72565b6102af6004803603602081101561069557600080fd5b50356001600160a01b0316611a81565b61026c600480360360808110156106bb57600080fd5b63ffffffff82351691602081013591604082013591908101906080810160608201356401000000008111156106ef57600080fd5b82018360208201111561070157600080fd5b8035906020019184600183028401116401000000008311171561072357600080fd5b509092509050611aff565b6102af6004803603602081101561074457600080fd5b50356001600160a01b0316611c5c565b61030b6004803603602081101561076a57600080fd5b5035611da9565b60025460009074010000000000000000000000000000000000000000900460ff16156107e4576040805162461bcd60e51b815260206004820152601060248201527f5061757361626c653a2070617573656400000000000000000000000000000000604482015290519081900360640190fd5b6000806107ef611e41565b9050600073__$287656b8b950fc4c24b77afe782f2d94b1$__6382c947b7336040518263ffffffff1660e01b815260040180826001600160a01b0316815260200191505060206040518083038186803b15801561084b57600080fd5b505af415801561085f573d6000803e3d6000fd5b505050506040513d602081101561087557600080fd5b5051905061088888888584868b8b611e83565b509150505b949350505050565b61089d612059565b6001600160a01b0381166108e25760405162461bcd60e51b815260040180806020018281038252602a8152602001806136c9602a913960400191505060405180910390fd5b600380547fffffffffffffffffffffffff0000000000000000000000000000000000000000166001600160a01b0383169081179091556040517fe475e580d85111348e40d8ca33cfdd74c30fe1655c2d8537a13abc10065ffa5a90600090a250565b6007546001600160a01b031633146109a3576040805162461bcd60e51b815260206004820152601b60248201527f43616c6c6572206e6f74206174746573746572206d616e616765720000000000604482015290519081900360640190fd5b60006109ad610b99565b905060018111610a04576040805162461bcd60e51b815260206004820152601960248201527f546f6f2066657720656e61626c65642061747465737465727300000000000000604482015290519081900360640190fd5b6004548111610a5a576040805162461bcd60e51b815260206004820152601e60248201527f5369676e6174757265207468726573686f6c6420697320746f6f206c6f770000604482015290519081900360640190fd5b610a656005836120cf565b610ab6576040805162461bcd60e51b815260206004820152601960248201527f417474657374657220616c72656164792064697361626c656400000000000000604482015290519081900360640190fd5b6040516001600160a01b038316907f78e573a18c75957b7cadaab01511aa1c19a659f06ecf53e01de37ed92d3261fc90600090a25050565b6003546001600160a01b031690565b6002546001600160a01b03163314610b465760405162461bcd60e51b81526004018080602001828103825260228152602001806138296022913960400191505060405180910390fd5b600280547fffffffffffffffffffffff00ffffffffffffffffffffffffffffffffffffffff1690556040517f7805862f689e2f13df9f062ff482ad3ad112aca9e0847911ed832e158c525b3390600090a1565b6000610ba560056120e4565b905090565b7f000000000000000000000000000000000000000000000000000000000000000081565b610bd6612059565b6001600160a01b038116610c1b5760405162461bcd60e51b81526004018080602001828103825260288152602001806136566028913960400191505060405180910390fd5b600280547fffffffffffffffffffffffff0000000000000000000000000000000000000000166001600160a01b0383811691909117918290556040519116907fb80482a293ca2e013eda8683c9bd7fc8347cfdaeea5ede58cba46df502c2a60490600090a250565b60025460009074010000000000000000000000000000000000000000900460ff1615610cf6576040805162461bcd60e51b815260206004820152601060248201527f5061757361626c653a2070617573656400000000000000000000000000000000604482015290519081900360640190fd5b610d02858585856120ef565b6000610d48600087878080601f01602080910402602001604051908101604052809392919081815260200183838082843760009201919091525092939250506122a49050565b9050610d5962ffffff1982166122c8565b63ffffffff7f000000000000000000000000000000000000000000000000000000000000000016610d8f62ffffff19831661239a565b63ffffffff1614610de7576040805162461bcd60e51b815260206004820152601a60248201527f496e76616c69642064657374696e6174696f6e20646f6d61696e000000000000604482015290519081900360640190fd5b6000610df862ffffff1983166123af565b14610ef457604080517f82c947b7000000000000000000000000000000000000000000000000000000008152336004820152905173__$287656b8b950fc4c24b77afe782f2d94b1$__916382c947b7916024808301926020929190829003018186803b158015610e6757600080fd5b505af4158015610e7b573d6000803e3d6000fd5b505050506040513d6020811015610e9157600080fd5b5051610ea262ffffff1983166123af565b14610ef4576040805162461bcd60e51b815260206004820152601a60248201527f496e76616c69642063616c6c657220666f72206d657373616765000000000000604482015290519081900360640190fd5b63ffffffff7f000000000000000000000000000000000000000000000000000000000000000016610f2a62ffffff1983166123c4565b63ffffffff1614610f82576040805162461bcd60e51b815260206004820152601760248201527f496e76616c6964206d6573736167652076657273696f6e000000000000000000604482015290519081900360640190fd5b6000610f9362ffffff1983166123d8565b90506000610fa662ffffff1984166123ec565b90506000610fb48383612401565b6000818152600a602052604090205490915015611018576040805162461bcd60e51b815260206004820152601260248201527f4e6f6e636520616c726561647920757365640000000000000000000000000000604482015290519081900360640190fd5b6000818152600a602052604081206001905561103962ffffff19861661247c565b9050600061105a61104f62ffffff198816612491565b62ffffff19166124c8565b905073__$287656b8b950fc4c24b77afe782f2d94b1$__635ced058e61108562ffffff19891661250c565b6040518263ffffffff1660e01b81526004018082815260200191505060206040518083038186803b1580156110b957600080fd5b505af41580156110cd573d6000803e3d6000fd5b505050506040513d60208110156110e357600080fd5b50516040517f96abeb7000000000000000000000000000000000000000000000000000000000815263ffffffff871660048201908152602482018590526060604483019081528451606484015284516001600160a01b03909416936396abeb70938a938893889391929091608490910190602085019080838360005b8381101561117757818101518382015260200161115f565b50505050905090810190601f1680156111a45780820380516001836020036101000a031916815260200191505b50945050505050602060405180830381600087803b1580156111c557600080fd5b505af11580156111d9573d6000803e3d6000fd5b505050506040513d60208110156111ef57600080fd5b5051611242576040805162461bcd60e51b815260206004820152601d60248201527f68616e646c65526563656976654d6573736167652829206661696c6564000000604482015290519081900360640190fd5b8367ffffffffffffffff16336001600160a01b03167f58200b4c34ae05ee816d710053fff3fb75af4395915d3d2a771b24aa10e3cc5d878585604051808463ffffffff16815260200183815260200180602001828103825283818151815260200191508051906020019080838360005b838110156112ca5781810151838201526020016112b2565b50505050905090810190601f1680156112f75780820380516001836020036101000a031916815260200191505b5094505050505060405180910390a35060019a9950505050505050505050565b60025474010000000000000000000000000000000000000000900460ff1681565b6000611342612521565b9050806001600160a01b0316611356611a72565b6001600160a01b03161461139b5760405162461bcd60e51b81526004018080602001828103825260298152602001806136a06029913960400191505060405180910390fd5b6113a481612525565b50565b60006113b4600583612556565b90505b919050565b60095467ffffffffffffffff1681565b6002546001600160a01b031633146114155760405162461bcd60e51b81526004018080602001828103825260228152602001806138296022913960400191505060405180910390fd5b600280547fffffffffffffffffffffff00ffffffffffffffffffffffffffffffffffffffff16740100000000000000000000000000000000000000001790556040517f6985a02210a168e66602d3235cb6db0e70f92b3ba4d376a33c0f3d9434bff62590600090a1565b7f000000000000000000000000000000000000000000000000000000000000000081565b6000546001600160a01b031690565b6114ba612059565b60088190556040805182815290517fb13bf6bebed03d1b318e3ea32e4b2a3ad9f5e2312cdf340a2f4bbfaee39f928d9181900360200190a150565b6007546001600160a01b031690565b6002546001600160a01b031690565b60045481565b60085481565b6003546001600160a01b031633146115685760405162461bcd60e51b81526004018080602001828103825260248152602001806137cb6024913960400191505060405180910390fd5b61157c6001600160a01b038416838361256b565b505050565b60025474010000000000000000000000000000000000000000900460ff16156115f1576040805162461bcd60e51b815260206004820152601060248201527f5061757361626c653a2070617573656400000000000000000000000000000000604482015290519081900360640190fd5b6115fd878787876120ef565b6000611643600089898080601f01602080910402602001604051908101604052809392919081815260200183838082843760009201919091525092939250506122a49050565b905061165462ffffff1982166122c8565b600061166562ffffff19831661247c565b905073__$287656b8b950fc4c24b77afe782f2d94b1$__635ced058e826040518263ffffffff1660e01b81526004018082815260200191505060206040518083038186803b1580156116b657600080fd5b505af41580156116ca573d6000803e3d6000fd5b505050506040513d60208110156116e057600080fd5b50516001600160a01b031633146117285760405162461bcd60e51b81526004018080602001828103825260218152602001806137676021913960400191505060405180910390fd5b600061173962ffffff1984166123d8565b90507f000000000000000000000000000000000000000000000000000000000000000063ffffffff168163ffffffff16146117a55760405162461bcd60e51b815260040180806020018281038252602c81526020018061373b602c913960400191505060405180910390fd5b60006117b662ffffff19851661239a565b905060006117c962ffffff19861661250c565b905060006117dc62ffffff1987166123ec565b90506117ed83838988858e8e611e83565b50505050505050505050505050565b6007546001600160a01b0316331461185b576040805162461bcd60e51b815260206004820152601b60248201527f43616c6c6572206e6f74206174746573746572206d616e616765720000000000604482015290519081900360640190fd5b806118ad576040805162461bcd60e51b815260206004820152601b60248201527f496e76616c6964207369676e6174757265207468726573686f6c640000000000604482015290519081900360640190fd5b6118b760056120e4565b81111561190b576040805162461bcd60e51b815260206004820181905260248201527f4e6577207369676e6174757265207468726573686f6c6420746f6f2068696768604482015290519081900360640190fd5b600454811415611962576040805162461bcd60e51b815260206004820152601f60248201527f5369676e6174757265207468726573686f6c6420616c72656164792073657400604482015290519081900360640190fd5b6004805490829055604080518281526020810184905281517f149153f58b4da003a8cfd4523709a202402182cb5aa335046911277a1be6eede929181900390910190a15050565b60006113b46005836125eb565b6119be612059565b6001600160a01b038116611a19576040805162461bcd60e51b815260206004820181905260248201527f496e76616c6964206174746573746572206d616e616765722061646472657373604482015290519081900360640190fd5b6007546001600160a01b0316611a2e826125f7565b816001600160a01b0316816001600160a01b03167f0cee1b7ae04f3c788dd3a46c6fa677eb95b913611ef7ab59524fdc09d346021960405160405180910390a35050565b6001546001600160a01b031690565b611a89612059565b600180547fffffffffffffffffffffffff0000000000000000000000000000000000000000166001600160a01b038316908117909155611ac76114a3565b6001600160a01b03167f38d16b8cac22d99fc7c124b9cd0de2d3fa1faef420bfe791d8c362d765e2270060405160405180910390a350565b60025460009074010000000000000000000000000000000000000000900460ff1615611b72576040805162461bcd60e51b815260206004820152601060248201527f5061757361626c653a2070617573656400000000000000000000000000000000604482015290519081900360640190fd5b83611bae5760405162461bcd60e51b815260040180806020018281038252602281526020018061367e6022913960400191505060405180910390fd5b6000611bb8611e41565b9050600073__$287656b8b950fc4c24b77afe782f2d94b1$__6382c947b7336040518263ffffffff1660e01b815260040180826001600160a01b0316815260200191505060206040518083038186803b158015611c1457600080fd5b505af4158015611c28573d6000803e3d6000fd5b505050506040513d6020811015611c3e57600080fd5b50519050611c5188888884868a8a611e83565b509695505050505050565b6007546001600160a01b03163314611cbb576040805162461bcd60e51b815260206004820152601b60248201527f43616c6c6572206e6f74206174746573746572206d616e616765720000000000604482015290519081900360640190fd5b6001600160a01b038116611d16576040805162461bcd60e51b815260206004820152601c60248201527f4e6577206174746573746572206d757374206265206e6f6e7a65726f00000000604482015290519081900360640190fd5b611d21600582611e23565b611d72576040805162461bcd60e51b815260206004820152601860248201527f417474657374657220616c726561647920656e61626c65640000000000000000604482015290519081900360640190fd5b6040516001600160a01b038216907f5b99bab45c72ce67e89466dbc47480b9c1fde1400e7268bbf463b8354ee4653f90600090a250565b600a6020526000908152604090205481565b600080546001600160a01b038381167fffffffffffffffffffffffff0000000000000000000000000000000000000000831681178455604051919092169283917f8be0079c531659141344cd1fd0a4f28419497f9722a3daafe3b4186f6b6457e09190a35050565b6000611e38836001600160a01b038416612631565b90505b92915050565b600980547fffffffffffffffffffffffffffffffffffffffffffffffff00000000000000008116600167ffffffffffffffff9283169081019092161790915590565b600854811115611eda576040805162461bcd60e51b815260206004820152601d60248201527f4d65737361676520626f64792065786365656473206d61782073697a65000000604482015290519081900360640190fd5b85611f2c576040805162461bcd60e51b815260206004820152601960248201527f526563697069656e74206d757374206265206e6f6e7a65726f00000000000000604482015290519081900360640190fd5b6000611fb47f00000000000000000000000000000000000000000000000000000000000000007f00000000000000000000000000000000000000000000000000000000000000008a87898c8c8a8a8080601f01602080910402602001604051908101604052809392919081815260200183838082843760009201919091525061267b92505050565b90507f8c5261668696ce22758910d05bab8f186d6eb247ceac2af2e82c7dc17669b036816040518080602001828103825283818151815260200191508051906020019080838360005b83811015612015578181015183820152602001611ffd565b50505050905090810190601f1680156120425780820380516001836020036101000a031916815260200191505b509250505060405180910390a15050505050505050565b612061612521565b6001600160a01b03166120726114a3565b6001600160a01b0316146120cd576040805162461bcd60e51b815260206004820181905260248201527f4f776e61626c653a2063616c6c6572206973206e6f7420746865206f776e6572604482015290519081900360640190fd5b565b6000611e38836001600160a01b038416612770565b60006113b482612854565b6004546041028114612148576040805162461bcd60e51b815260206004820152601a60248201527f496e76616c6964206174746573746174696f6e206c656e677468000000000000604482015290519081900360640190fd5b60008085856040518083838082843760405192018290039091209450600093505050505b60045481101561229b57600061218b604183810290810190878961360b565b8080601f01602080910402602001604051908101604052809392919081815260200183838082843760009201829052509394506121ce9250869150849050612858565b9050846001600160a01b0316816001600160a01b031611612236576040805162461bcd60e51b815260206004820152601f60248201527f496e76616c6964207369676e6174757265206f72646572206f72206475706500604482015290519081900360640190fd5b61223f816113a7565b612290576040805162461bcd60e51b815260206004820152601f60248201527f496e76616c6964207369676e61747572653a206e6f7420617474657374657200604482015290519081900360640190fd5b93505060010161216c565b50505050505050565b8151600090602084016122bf64ffffffffff85168284612864565b95945050505050565b6122d762ffffff1982166128a9565b612328576040805162461bcd60e51b815260206004820152601160248201527f4d616c666f726d6564206d657373616765000000000000000000000000000000604482015290519081900360640190fd5b607461233962ffffff1983166128e6565b6bffffffffffffffffffffffff1610156113a4576040805162461bcd60e51b815260206004820152601a60248201527f496e76616c6964206d6573736167653a20746f6f2073686f7274000000000000604482015290519081900360640190fd5b60006113b462ffffff198316600860046128fa565b60006113b462ffffff1983166054602061291b565b60006113b462ffffff1983168260046128fa565b60006113b462ffffff1983166004806128fa565b60006113b462ffffff198316600c60086128fa565b6040805160e09390931b7fffffffff000000000000000000000000000000000000000000000000000000001660208085019190915260c09290921b7fffffffffffffffff0000000000000000000000000000000000000000000000001660248401528051808403600c018152602c9093019052815191012090565b60006113b462ffffff1983166014602061291b565b60006113b46074806124a862ffffff1986166128e6565b62ffffff19861692916bffffffffffffffffffffffff9103166000612a92565b60606000806124d6846128e6565b6bffffffffffffffffffffffff16905060405191508192506124fb8483602001612b06565b508181016020016040529052919050565b60006113b462ffffff1983166034602061291b565b3390565b600180547fffffffffffffffffffffffff00000000000000000000000000000000000000001690556113a481611dbb565b6000611e38836001600160a01b038416612bfe565b604080516001600160a01b038416602482015260448082018490528251808303909101815260649091019091526020810180517bffffffffffffffffffffffffffffffffffffffffffffffffffffffff167fa9059cbb0000000000000000000000000000000000000000000000000000000017905261157c908490612c16565b6000611e388383612cc7565b600780547fffffffffffffffffffffffff0000000000000000000000000000000000000000166001600160a01b0392909216919091179055565b600061263d8383612bfe565b61267357508154600181810184556000848152602080822090930184905584548482528286019093526040902091909155611e3b565b506000611e3b565b60608888888888888888604051602001808963ffffffff1660e01b81526004018863ffffffff1660e01b81526004018763ffffffff1660e01b81526004018667ffffffffffffffff1660c01b815260080185815260200184815260200183815260200182805190602001908083835b6020831061272757805182527fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe090920191602091820191016126ea565b6001836020036101000a03801982511681845116808217855250505050505090500198505050505050505050604051602081830303815290604052905098975050505050505050565b6000818152600183016020526040812054801561284a5783547fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff80830191908101906000908790839081106127c157fe5b90600052602060002001549050808760000184815481106127de57fe5b60009182526020808320909101929092558281526001898101909252604090209084019055865487908061280e57fe5b60019003818190600052602060002001600090559055866001016000878152602001908152602001600020600090556001945050505050611e3b565b6000915050611e3b565b5490565b6000611e388383612d2b565b6000806128718484612da1565b9050604051811115612881575060005b806128935762ffffff199150506128a2565b61289e858585612dfb565b9150505b9392505050565b60006128b482612e0e565b64ffffffffff1664ffffffffff14156128cf575060006113b7565b60006128da83612e14565b60405110199392505050565b60181c6bffffffffffffffffffffffff1690565b60008160200360080260ff1661291185858561291b565b901c949350505050565b600060ff821661292d575060006128a2565b612936846128e6565b6bffffffffffffffffffffffff166129518460ff8516612da1565b1115612a165761299261296385612e3e565b6bffffffffffffffffffffffff1661297a866128e6565b6bffffffffffffffffffffffff16858560ff16612e52565b60405162461bcd60e51b81526004018080602001828103825283818151815260200191508051906020019080838360005b838110156129db5781810151838201526020016129c3565b50505050905090810190601f168015612a085780820380516001836020036101000a031916815260200191505b509250505060405180910390fd5b60208260ff161115612a595760405162461bcd60e51b815260040180806020018281038252603a8152602001806137ef603a913960400191505060405180910390fd5b600882026000612a6886612e3e565b6bffffffffffffffffffffffff1690506000612a8383612fad565b91909501511695945050505050565b600080612a9e86612e3e565b6bffffffffffffffffffffffff169050612ab786612e14565b612acb85612ac58489612da1565b90612da1565b1115612ade5762ffffff1991505061088d565b612ae88186612da1565b9050612afc8364ffffffffff168286612864565b9695505050505050565b6000612b1183612ff6565b612b4c5760405162461bcd60e51b81526004018080602001828103825260288152602001806138756028913960400191505060405180910390fd5b612b55836128a9565b612b905760405162461bcd60e51b815260040180806020018281038252602b81526020018061389d602b913960400191505060405180910390fd5b6000612b9b846128e6565b6bffffffffffffffffffffffff1690506000612bb685612e3e565b6bffffffffffffffffffffffff1690506000604051905084811115612bdb5760206060fd5b8285848460045afa50612afc612bf087612e0e565b64ffffffffff168685612dfb565b60009081526001919091016020526040902054151590565b6000612c6b826040518060400160405280602081526020017f5361666545524332303a206c6f772d6c6576656c2063616c6c206661696c6564815250856001600160a01b03166130089092919063ffffffff16565b80519091501561157c57808060200190516020811015612c8a57600080fd5b505161157c5760405162461bcd60e51b815260040180806020018281038252602a81526020018061384b602a913960400191505060405180910390fd5b81546000908210612d095760405162461bcd60e51b81526004018080602001828103825260228152602001806136346022913960400191505060405180910390fd5b826000018281548110612d1857fe5b9060005260206000200154905092915050565b60008151604114612d83576040805162461bcd60e51b815260206004820152601f60248201527f45434453413a20696e76616c6964207369676e6174757265206c656e67746800604482015290519081900360640190fd5b60208201516040830151606084015160001a612afc86828585613017565b600082820183811015611e38576040805162461bcd60e51b815260206004820152601b60248201527f536166654d6174683a206164646974696f6e206f766572666c6f770000000000604482015290519081900360640190fd5b606092831b9190911790911b1760181b90565b60d81c90565b6000612e1f826128e6565b612e2883612e3e565b016bffffffffffffffffffffffff169050919050565b60781c6bffffffffffffffffffffffff1690565b60606000612e5f866131aa565b9150506000612e6d866131aa565b9150506000612e7b866131aa565b9150506000612e89866131aa565b9150508383838360405160200180806138c8603591397fffffffffffff000000000000000000000000000000000000000000000000000060d087811b821660358401527f2077697468206c656e6774682030780000000000000000000000000000000000603b84015286901b16604a820152605001602161378882397fffffffffffff000000000000000000000000000000000000000000000000000060d094851b811660218301527f2077697468206c656e677468203078000000000000000000000000000000000060278301529290931b9091166036830152507f2e00000000000000000000000000000000000000000000000000000000000000603c82015260408051601d818403018152603d90920190529b9a5050505050505050505050565b7f80000000000000000000000000000000000000000000000000000000000000007fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff9091011d90565b60006130018261327e565b1592915050565b606061088d848460008561328a565b60007f7fffffffffffffffffffffffffffffff5d576e7357a4501ddfe92f46681b20a08211156130785760405162461bcd60e51b81526004018080602001828103825260228152602001806136f36022913960400191505060405180910390fd5b8360ff16601b148061308d57508360ff16601c145b6130c85760405162461bcd60e51b81526004018080602001828103825260228152602001806137a96022913960400191505060405180910390fd5b600060018686868660405160008152602001604052604051808581526020018460ff1681526020018381526020018281526020019450505050506020604051602081039080840390855afa158015613124573d6000803e3d6000fd5b50506040517fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe001519150506001600160a01b0381166122bf576040805162461bcd60e51b815260206004820152601860248201527f45434453413a20696e76616c6964207369676e61747572650000000000000000604482015290519081900360640190fd5b600080601f5b600f8160ff1611156132125760ff600882021684901c6131cf81613403565b61ffff16841793508160ff166010146131ea57601084901b93505b507fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff016131b0565b50600f5b60ff8160ff1610156132785760ff600882021684901c61323581613403565b61ffff16831792508160ff1660001461325057601083901b92505b507fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff01613216565b50915091565b62ffffff199081161490565b6060824710156132cb5760405162461bcd60e51b81526004018080602001828103825260268152602001806137156026913960400191505060405180910390fd5b6132d485613433565b613325576040805162461bcd60e51b815260206004820152601d60248201527f416464726573733a2063616c6c20746f206e6f6e2d636f6e7472616374000000604482015290519081900360640190fd5b600080866001600160a01b031685876040518082805190602001908083835b6020831061338157805182527fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe09092019160209182019101613344565b6001836020036101000a03801982511681845116808217855250505050505090500191505060006040518083038185875af1925050503d80600081146133e3576040519150601f19603f3d011682016040523d82523d6000602084013e6133e8565b606091505b50915091506133f8828286613439565b979650505050505050565b600061341560048360ff16901c61349f565b60ff161760081b62ffff001661342a8261349f565b60ff1617919050565b3b151590565b606083156134485750816128a2565b8251156134585782518084602001fd5b60405162461bcd60e51b81526020600482018181528451602484015284518593919283926044019190850190808383600083156129db5781810151838201526020016129c3565b600060f08083179060ff821614156134bb5760309150506113b7565b8060ff1660f114156134d15760319150506113b7565b8060ff1660f214156134e75760329150506113b7565b8060ff1660f314156134fd5760339150506113b7565b8060ff1660f414156135135760349150506113b7565b8060ff1660f514156135295760359150506113b7565b8060ff1660f6141561353f5760369150506113b7565b8060ff1660f714156135555760379150506113b7565b8060ff1660f8141561356b5760389150506113b7565b8060ff1660f914156135815760399150506113b7565b8060ff1660fa14156135975760619150506113b7565b8060ff1660fb14156135ad5760629150506113b7565b8060ff1660fc14156135c35760639150506113b7565b8060ff1660fd14156135d95760649150506113b7565b8060ff1660fe14156135ef5760659150506113b7565b8060ff1660ff14156136055760669150506113b7565b50919050565b6000808585111561361a578182fd5b83861115613626578182fd5b505082019391909203915056fe456e756d657261626c655365743a20696e646578206f7574206f6620626f756e64735061757361626c653a206e65772070617573657220697320746865207a65726f206164647265737344657374696e6174696f6e2063616c6c6572206d757374206265206e6f6e7a65726f4f776e61626c6532537465703a2063616c6c6572206973206e6f7420746865206e6577206f776e6572526573637561626c653a206e6577207265736375657220697320746865207a65726f206164647265737345434453413a20696e76616c6964207369676e6174757265202773272076616c7565416464726573733a20696e73756666696369656e742062616c616e636520666f722063616c6c4d657373616765206e6f74206f726967696e616c6c792073656e742066726f6d207468697320646f6d61696e53656e646572206e6f74207065726d697474656420746f20757365206e6f6e63652e20417474656d7074656420746f20696e646578206174206f666673657420307845434453413a20696e76616c6964207369676e6174757265202776272076616c7565526573637561626c653a2063616c6c6572206973206e6f7420746865207265736375657254797065644d656d566965772f696e646578202d20417474656d7074656420746f20696e646578206d6f7265207468616e2033322062797465735061757361626c653a2063616c6c6572206973206e6f7420746865207061757365725361666545524332303a204552433230206f7065726174696f6e20646964206e6f74207375636365656454797065644d656d566965772f636f7079546f202d204e756c6c20706f696e74657220646572656654797065644d656d566965772f636f7079546f202d20496e76616c696420706f696e74657220646572656654797065644d656d566965772f696e646578202d204f76657272616e2074686520766965772e20536c696365206973206174203078a264697066735822122080a00769da33d6f2913e3780432f8f71ea1b1e56d8fe2a3b7b18047055d2b51764736f6c63430007060033","runtime-code":"0x608060405234801561001057600080fd5b50600436106101e55760003560e01c80638da5cb5b1161010f578063bbde5374116100a2578063f2fde38b11610071578063f2fde38b1461067f578063f7259a75146106a5578063fae368791461072e578063feb6172414610754576101e5565b8063bbde537414610617578063beb673d814610634578063de7769d414610651578063e30c397814610677576101e5565b8063a82f2e26116100de578063a82f2e26146104bd578063af47b9bb146104c5578063b2118a8d146104cd578063b857b77414610503576101e5565b80638da5cb5b1461048857806392492c68146104905780639b0d94b7146104ad5780639fd0506d146104b5576101e5565b8063554bab3c116101875780637af82f60116101565780637af82f601461044a5780638371744e146104705780638456cb59146104785780638d3638f414610480576101e5565b8063554bab3c1461033e57806357ecfd28146103645780635c975abb1461043a57806379ba509714610442576101e5565b806338a63183116101c357806338a63183146102d75780633f4ba83a146102fb57806351079a531461030357806354fd4d501461031d576101e5565b80630ba469bc146101ea5780632ab60045146102895780632d025080146102b1575b600080fd5b61026c6004803603606081101561020057600080fd5b63ffffffff8235169160208101359181019060608101604082013564010000000081111561022d57600080fd5b82018360208201111561023f57600080fd5b8035906020019184600183028401116401000000008311171561026157600080fd5b509092509050610771565b6040805167ffffffffffffffff9092168252519081900360200190f35b6102af6004803603602081101561029f57600080fd5b50356001600160a01b0316610895565b005b6102af600480360360208110156102c757600080fd5b50356001600160a01b0316610944565b6102df610aee565b604080516001600160a01b039092168252519081900360200190f35b6102af610afd565b61030b610b99565b60408051918252519081900360200190f35b610325610baa565b6040805163ffffffff9092168252519081900360200190f35b6102af6004803603602081101561035457600080fd5b50356001600160a01b0316610bce565b6104266004803603604081101561037a57600080fd5b81019060208101813564010000000081111561039557600080fd5b8201836020820111156103a757600080fd5b803590602001918460018302840111640100000000831117156103c957600080fd5b9193909290916020810190356401000000008111156103e757600080fd5b8201836020820111156103f957600080fd5b8035906020019184600183028401116401000000008311171561041b57600080fd5b509092509050610c83565b604080519115158252519081900360200190f35b610426611317565b6102af611338565b6104266004803603602081101561046057600080fd5b50356001600160a01b03166113a7565b61026c6113bc565b6102af6113cc565b61032561147f565b6102df6114a3565b6102af600480360360208110156104a657600080fd5b50356114b2565b6102df6114f5565b6102df611504565b61030b611513565b61030b611519565b6102af600480360360608110156104e357600080fd5b506001600160a01b0381358116916020810135909116906040013561151f565b6102af6004803603608081101561051957600080fd5b81019060208101813564010000000081111561053457600080fd5b82018360208201111561054657600080fd5b8035906020019184600183028401116401000000008311171561056857600080fd5b91939092909160208101903564010000000081111561058657600080fd5b82018360208201111561059857600080fd5b803590602001918460018302840111640100000000831117156105ba57600080fd5b9193909290916020810190356401000000008111156105d857600080fd5b8201836020820111156105ea57600080fd5b8035906020019184600183028401116401000000008311171561060c57600080fd5b919350915035611581565b6102af6004803603602081101561062d57600080fd5b50356117fc565b6102df6004803603602081101561064a57600080fd5b50356119a9565b6102af6004803603602081101561066757600080fd5b50356001600160a01b03166119b6565b6102df611a72565b6102af6004803603602081101561069557600080fd5b50356001600160a01b0316611a81565b61026c600480360360808110156106bb57600080fd5b63ffffffff82351691602081013591604082013591908101906080810160608201356401000000008111156106ef57600080fd5b82018360208201111561070157600080fd5b8035906020019184600183028401116401000000008311171561072357600080fd5b509092509050611aff565b6102af6004803603602081101561074457600080fd5b50356001600160a01b0316611c5c565b61030b6004803603602081101561076a57600080fd5b5035611da9565b60025460009074010000000000000000000000000000000000000000900460ff16156107e4576040805162461bcd60e51b815260206004820152601060248201527f5061757361626c653a2070617573656400000000000000000000000000000000604482015290519081900360640190fd5b6000806107ef611e41565b9050600073__$287656b8b950fc4c24b77afe782f2d94b1$__6382c947b7336040518263ffffffff1660e01b815260040180826001600160a01b0316815260200191505060206040518083038186803b15801561084b57600080fd5b505af415801561085f573d6000803e3d6000fd5b505050506040513d602081101561087557600080fd5b5051905061088888888584868b8b611e83565b509150505b949350505050565b61089d612059565b6001600160a01b0381166108e25760405162461bcd60e51b815260040180806020018281038252602a8152602001806136c9602a913960400191505060405180910390fd5b600380547fffffffffffffffffffffffff0000000000000000000000000000000000000000166001600160a01b0383169081179091556040517fe475e580d85111348e40d8ca33cfdd74c30fe1655c2d8537a13abc10065ffa5a90600090a250565b6007546001600160a01b031633146109a3576040805162461bcd60e51b815260206004820152601b60248201527f43616c6c6572206e6f74206174746573746572206d616e616765720000000000604482015290519081900360640190fd5b60006109ad610b99565b905060018111610a04576040805162461bcd60e51b815260206004820152601960248201527f546f6f2066657720656e61626c65642061747465737465727300000000000000604482015290519081900360640190fd5b6004548111610a5a576040805162461bcd60e51b815260206004820152601e60248201527f5369676e6174757265207468726573686f6c6420697320746f6f206c6f770000604482015290519081900360640190fd5b610a656005836120cf565b610ab6576040805162461bcd60e51b815260206004820152601960248201527f417474657374657220616c72656164792064697361626c656400000000000000604482015290519081900360640190fd5b6040516001600160a01b038316907f78e573a18c75957b7cadaab01511aa1c19a659f06ecf53e01de37ed92d3261fc90600090a25050565b6003546001600160a01b031690565b6002546001600160a01b03163314610b465760405162461bcd60e51b81526004018080602001828103825260228152602001806138296022913960400191505060405180910390fd5b600280547fffffffffffffffffffffff00ffffffffffffffffffffffffffffffffffffffff1690556040517f7805862f689e2f13df9f062ff482ad3ad112aca9e0847911ed832e158c525b3390600090a1565b6000610ba560056120e4565b905090565b7f000000000000000000000000000000000000000000000000000000000000000081565b610bd6612059565b6001600160a01b038116610c1b5760405162461bcd60e51b81526004018080602001828103825260288152602001806136566028913960400191505060405180910390fd5b600280547fffffffffffffffffffffffff0000000000000000000000000000000000000000166001600160a01b0383811691909117918290556040519116907fb80482a293ca2e013eda8683c9bd7fc8347cfdaeea5ede58cba46df502c2a60490600090a250565b60025460009074010000000000000000000000000000000000000000900460ff1615610cf6576040805162461bcd60e51b815260206004820152601060248201527f5061757361626c653a2070617573656400000000000000000000000000000000604482015290519081900360640190fd5b610d02858585856120ef565b6000610d48600087878080601f01602080910402602001604051908101604052809392919081815260200183838082843760009201919091525092939250506122a49050565b9050610d5962ffffff1982166122c8565b63ffffffff7f000000000000000000000000000000000000000000000000000000000000000016610d8f62ffffff19831661239a565b63ffffffff1614610de7576040805162461bcd60e51b815260206004820152601a60248201527f496e76616c69642064657374696e6174696f6e20646f6d61696e000000000000604482015290519081900360640190fd5b6000610df862ffffff1983166123af565b14610ef457604080517f82c947b7000000000000000000000000000000000000000000000000000000008152336004820152905173__$287656b8b950fc4c24b77afe782f2d94b1$__916382c947b7916024808301926020929190829003018186803b158015610e6757600080fd5b505af4158015610e7b573d6000803e3d6000fd5b505050506040513d6020811015610e9157600080fd5b5051610ea262ffffff1983166123af565b14610ef4576040805162461bcd60e51b815260206004820152601a60248201527f496e76616c69642063616c6c657220666f72206d657373616765000000000000604482015290519081900360640190fd5b63ffffffff7f000000000000000000000000000000000000000000000000000000000000000016610f2a62ffffff1983166123c4565b63ffffffff1614610f82576040805162461bcd60e51b815260206004820152601760248201527f496e76616c6964206d6573736167652076657273696f6e000000000000000000604482015290519081900360640190fd5b6000610f9362ffffff1983166123d8565b90506000610fa662ffffff1984166123ec565b90506000610fb48383612401565b6000818152600a602052604090205490915015611018576040805162461bcd60e51b815260206004820152601260248201527f4e6f6e636520616c726561647920757365640000000000000000000000000000604482015290519081900360640190fd5b6000818152600a602052604081206001905561103962ffffff19861661247c565b9050600061105a61104f62ffffff198816612491565b62ffffff19166124c8565b905073__$287656b8b950fc4c24b77afe782f2d94b1$__635ced058e61108562ffffff19891661250c565b6040518263ffffffff1660e01b81526004018082815260200191505060206040518083038186803b1580156110b957600080fd5b505af41580156110cd573d6000803e3d6000fd5b505050506040513d60208110156110e357600080fd5b50516040517f96abeb7000000000000000000000000000000000000000000000000000000000815263ffffffff871660048201908152602482018590526060604483019081528451606484015284516001600160a01b03909416936396abeb70938a938893889391929091608490910190602085019080838360005b8381101561117757818101518382015260200161115f565b50505050905090810190601f1680156111a45780820380516001836020036101000a031916815260200191505b50945050505050602060405180830381600087803b1580156111c557600080fd5b505af11580156111d9573d6000803e3d6000fd5b505050506040513d60208110156111ef57600080fd5b5051611242576040805162461bcd60e51b815260206004820152601d60248201527f68616e646c65526563656976654d6573736167652829206661696c6564000000604482015290519081900360640190fd5b8367ffffffffffffffff16336001600160a01b03167f58200b4c34ae05ee816d710053fff3fb75af4395915d3d2a771b24aa10e3cc5d878585604051808463ffffffff16815260200183815260200180602001828103825283818151815260200191508051906020019080838360005b838110156112ca5781810151838201526020016112b2565b50505050905090810190601f1680156112f75780820380516001836020036101000a031916815260200191505b5094505050505060405180910390a35060019a9950505050505050505050565b60025474010000000000000000000000000000000000000000900460ff1681565b6000611342612521565b9050806001600160a01b0316611356611a72565b6001600160a01b03161461139b5760405162461bcd60e51b81526004018080602001828103825260298152602001806136a06029913960400191505060405180910390fd5b6113a481612525565b50565b60006113b4600583612556565b90505b919050565b60095467ffffffffffffffff1681565b6002546001600160a01b031633146114155760405162461bcd60e51b81526004018080602001828103825260228152602001806138296022913960400191505060405180910390fd5b600280547fffffffffffffffffffffff00ffffffffffffffffffffffffffffffffffffffff16740100000000000000000000000000000000000000001790556040517f6985a02210a168e66602d3235cb6db0e70f92b3ba4d376a33c0f3d9434bff62590600090a1565b7f000000000000000000000000000000000000000000000000000000000000000081565b6000546001600160a01b031690565b6114ba612059565b60088190556040805182815290517fb13bf6bebed03d1b318e3ea32e4b2a3ad9f5e2312cdf340a2f4bbfaee39f928d9181900360200190a150565b6007546001600160a01b031690565b6002546001600160a01b031690565b60045481565b60085481565b6003546001600160a01b031633146115685760405162461bcd60e51b81526004018080602001828103825260248152602001806137cb6024913960400191505060405180910390fd5b61157c6001600160a01b038416838361256b565b505050565b60025474010000000000000000000000000000000000000000900460ff16156115f1576040805162461bcd60e51b815260206004820152601060248201527f5061757361626c653a2070617573656400000000000000000000000000000000604482015290519081900360640190fd5b6115fd878787876120ef565b6000611643600089898080601f01602080910402602001604051908101604052809392919081815260200183838082843760009201919091525092939250506122a49050565b905061165462ffffff1982166122c8565b600061166562ffffff19831661247c565b905073__$287656b8b950fc4c24b77afe782f2d94b1$__635ced058e826040518263ffffffff1660e01b81526004018082815260200191505060206040518083038186803b1580156116b657600080fd5b505af41580156116ca573d6000803e3d6000fd5b505050506040513d60208110156116e057600080fd5b50516001600160a01b031633146117285760405162461bcd60e51b81526004018080602001828103825260218152602001806137676021913960400191505060405180910390fd5b600061173962ffffff1984166123d8565b90507f000000000000000000000000000000000000000000000000000000000000000063ffffffff168163ffffffff16146117a55760405162461bcd60e51b815260040180806020018281038252602c81526020018061373b602c913960400191505060405180910390fd5b60006117b662ffffff19851661239a565b905060006117c962ffffff19861661250c565b905060006117dc62ffffff1987166123ec565b90506117ed83838988858e8e611e83565b50505050505050505050505050565b6007546001600160a01b0316331461185b576040805162461bcd60e51b815260206004820152601b60248201527f43616c6c6572206e6f74206174746573746572206d616e616765720000000000604482015290519081900360640190fd5b806118ad576040805162461bcd60e51b815260206004820152601b60248201527f496e76616c6964207369676e6174757265207468726573686f6c640000000000604482015290519081900360640190fd5b6118b760056120e4565b81111561190b576040805162461bcd60e51b815260206004820181905260248201527f4e6577207369676e6174757265207468726573686f6c6420746f6f2068696768604482015290519081900360640190fd5b600454811415611962576040805162461bcd60e51b815260206004820152601f60248201527f5369676e6174757265207468726573686f6c6420616c72656164792073657400604482015290519081900360640190fd5b6004805490829055604080518281526020810184905281517f149153f58b4da003a8cfd4523709a202402182cb5aa335046911277a1be6eede929181900390910190a15050565b60006113b46005836125eb565b6119be612059565b6001600160a01b038116611a19576040805162461bcd60e51b815260206004820181905260248201527f496e76616c6964206174746573746572206d616e616765722061646472657373604482015290519081900360640190fd5b6007546001600160a01b0316611a2e826125f7565b816001600160a01b0316816001600160a01b03167f0cee1b7ae04f3c788dd3a46c6fa677eb95b913611ef7ab59524fdc09d346021960405160405180910390a35050565b6001546001600160a01b031690565b611a89612059565b600180547fffffffffffffffffffffffff0000000000000000000000000000000000000000166001600160a01b038316908117909155611ac76114a3565b6001600160a01b03167f38d16b8cac22d99fc7c124b9cd0de2d3fa1faef420bfe791d8c362d765e2270060405160405180910390a350565b60025460009074010000000000000000000000000000000000000000900460ff1615611b72576040805162461bcd60e51b815260206004820152601060248201527f5061757361626c653a2070617573656400000000000000000000000000000000604482015290519081900360640190fd5b83611bae5760405162461bcd60e51b815260040180806020018281038252602281526020018061367e6022913960400191505060405180910390fd5b6000611bb8611e41565b9050600073__$287656b8b950fc4c24b77afe782f2d94b1$__6382c947b7336040518263ffffffff1660e01b815260040180826001600160a01b0316815260200191505060206040518083038186803b158015611c1457600080fd5b505af4158015611c28573d6000803e3d6000fd5b505050506040513d6020811015611c3e57600080fd5b50519050611c5188888884868a8a611e83565b509695505050505050565b6007546001600160a01b03163314611cbb576040805162461bcd60e51b815260206004820152601b60248201527f43616c6c6572206e6f74206174746573746572206d616e616765720000000000604482015290519081900360640190fd5b6001600160a01b038116611d16576040805162461bcd60e51b815260206004820152601c60248201527f4e6577206174746573746572206d757374206265206e6f6e7a65726f00000000604482015290519081900360640190fd5b611d21600582611e23565b611d72576040805162461bcd60e51b815260206004820152601860248201527f417474657374657220616c726561647920656e61626c65640000000000000000604482015290519081900360640190fd5b6040516001600160a01b038216907f5b99bab45c72ce67e89466dbc47480b9c1fde1400e7268bbf463b8354ee4653f90600090a250565b600a6020526000908152604090205481565b600080546001600160a01b038381167fffffffffffffffffffffffff0000000000000000000000000000000000000000831681178455604051919092169283917f8be0079c531659141344cd1fd0a4f28419497f9722a3daafe3b4186f6b6457e09190a35050565b6000611e38836001600160a01b038416612631565b90505b92915050565b600980547fffffffffffffffffffffffffffffffffffffffffffffffff00000000000000008116600167ffffffffffffffff9283169081019092161790915590565b600854811115611eda576040805162461bcd60e51b815260206004820152601d60248201527f4d65737361676520626f64792065786365656473206d61782073697a65000000604482015290519081900360640190fd5b85611f2c576040805162461bcd60e51b815260206004820152601960248201527f526563697069656e74206d757374206265206e6f6e7a65726f00000000000000604482015290519081900360640190fd5b6000611fb47f00000000000000000000000000000000000000000000000000000000000000007f00000000000000000000000000000000000000000000000000000000000000008a87898c8c8a8a8080601f01602080910402602001604051908101604052809392919081815260200183838082843760009201919091525061267b92505050565b90507f8c5261668696ce22758910d05bab8f186d6eb247ceac2af2e82c7dc17669b036816040518080602001828103825283818151815260200191508051906020019080838360005b83811015612015578181015183820152602001611ffd565b50505050905090810190601f1680156120425780820380516001836020036101000a031916815260200191505b509250505060405180910390a15050505050505050565b612061612521565b6001600160a01b03166120726114a3565b6001600160a01b0316146120cd576040805162461bcd60e51b815260206004820181905260248201527f4f776e61626c653a2063616c6c6572206973206e6f7420746865206f776e6572604482015290519081900360640190fd5b565b6000611e38836001600160a01b038416612770565b60006113b482612854565b6004546041028114612148576040805162461bcd60e51b815260206004820152601a60248201527f496e76616c6964206174746573746174696f6e206c656e677468000000000000604482015290519081900360640190fd5b60008085856040518083838082843760405192018290039091209450600093505050505b60045481101561229b57600061218b604183810290810190878961360b565b8080601f01602080910402602001604051908101604052809392919081815260200183838082843760009201829052509394506121ce9250869150849050612858565b9050846001600160a01b0316816001600160a01b031611612236576040805162461bcd60e51b815260206004820152601f60248201527f496e76616c6964207369676e6174757265206f72646572206f72206475706500604482015290519081900360640190fd5b61223f816113a7565b612290576040805162461bcd60e51b815260206004820152601f60248201527f496e76616c6964207369676e61747572653a206e6f7420617474657374657200604482015290519081900360640190fd5b93505060010161216c565b50505050505050565b8151600090602084016122bf64ffffffffff85168284612864565b95945050505050565b6122d762ffffff1982166128a9565b612328576040805162461bcd60e51b815260206004820152601160248201527f4d616c666f726d6564206d657373616765000000000000000000000000000000604482015290519081900360640190fd5b607461233962ffffff1983166128e6565b6bffffffffffffffffffffffff1610156113a4576040805162461bcd60e51b815260206004820152601a60248201527f496e76616c6964206d6573736167653a20746f6f2073686f7274000000000000604482015290519081900360640190fd5b60006113b462ffffff198316600860046128fa565b60006113b462ffffff1983166054602061291b565b60006113b462ffffff1983168260046128fa565b60006113b462ffffff1983166004806128fa565b60006113b462ffffff198316600c60086128fa565b6040805160e09390931b7fffffffff000000000000000000000000000000000000000000000000000000001660208085019190915260c09290921b7fffffffffffffffff0000000000000000000000000000000000000000000000001660248401528051808403600c018152602c9093019052815191012090565b60006113b462ffffff1983166014602061291b565b60006113b46074806124a862ffffff1986166128e6565b62ffffff19861692916bffffffffffffffffffffffff9103166000612a92565b60606000806124d6846128e6565b6bffffffffffffffffffffffff16905060405191508192506124fb8483602001612b06565b508181016020016040529052919050565b60006113b462ffffff1983166034602061291b565b3390565b600180547fffffffffffffffffffffffff00000000000000000000000000000000000000001690556113a481611dbb565b6000611e38836001600160a01b038416612bfe565b604080516001600160a01b038416602482015260448082018490528251808303909101815260649091019091526020810180517bffffffffffffffffffffffffffffffffffffffffffffffffffffffff167fa9059cbb0000000000000000000000000000000000000000000000000000000017905261157c908490612c16565b6000611e388383612cc7565b600780547fffffffffffffffffffffffff0000000000000000000000000000000000000000166001600160a01b0392909216919091179055565b600061263d8383612bfe565b61267357508154600181810184556000848152602080822090930184905584548482528286019093526040902091909155611e3b565b506000611e3b565b60608888888888888888604051602001808963ffffffff1660e01b81526004018863ffffffff1660e01b81526004018763ffffffff1660e01b81526004018667ffffffffffffffff1660c01b815260080185815260200184815260200183815260200182805190602001908083835b6020831061272757805182527fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe090920191602091820191016126ea565b6001836020036101000a03801982511681845116808217855250505050505090500198505050505050505050604051602081830303815290604052905098975050505050505050565b6000818152600183016020526040812054801561284a5783547fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff80830191908101906000908790839081106127c157fe5b90600052602060002001549050808760000184815481106127de57fe5b60009182526020808320909101929092558281526001898101909252604090209084019055865487908061280e57fe5b60019003818190600052602060002001600090559055866001016000878152602001908152602001600020600090556001945050505050611e3b565b6000915050611e3b565b5490565b6000611e388383612d2b565b6000806128718484612da1565b9050604051811115612881575060005b806128935762ffffff199150506128a2565b61289e858585612dfb565b9150505b9392505050565b60006128b482612e0e565b64ffffffffff1664ffffffffff14156128cf575060006113b7565b60006128da83612e14565b60405110199392505050565b60181c6bffffffffffffffffffffffff1690565b60008160200360080260ff1661291185858561291b565b901c949350505050565b600060ff821661292d575060006128a2565b612936846128e6565b6bffffffffffffffffffffffff166129518460ff8516612da1565b1115612a165761299261296385612e3e565b6bffffffffffffffffffffffff1661297a866128e6565b6bffffffffffffffffffffffff16858560ff16612e52565b60405162461bcd60e51b81526004018080602001828103825283818151815260200191508051906020019080838360005b838110156129db5781810151838201526020016129c3565b50505050905090810190601f168015612a085780820380516001836020036101000a031916815260200191505b509250505060405180910390fd5b60208260ff161115612a595760405162461bcd60e51b815260040180806020018281038252603a8152602001806137ef603a913960400191505060405180910390fd5b600882026000612a6886612e3e565b6bffffffffffffffffffffffff1690506000612a8383612fad565b91909501511695945050505050565b600080612a9e86612e3e565b6bffffffffffffffffffffffff169050612ab786612e14565b612acb85612ac58489612da1565b90612da1565b1115612ade5762ffffff1991505061088d565b612ae88186612da1565b9050612afc8364ffffffffff168286612864565b9695505050505050565b6000612b1183612ff6565b612b4c5760405162461bcd60e51b81526004018080602001828103825260288152602001806138756028913960400191505060405180910390fd5b612b55836128a9565b612b905760405162461bcd60e51b815260040180806020018281038252602b81526020018061389d602b913960400191505060405180910390fd5b6000612b9b846128e6565b6bffffffffffffffffffffffff1690506000612bb685612e3e565b6bffffffffffffffffffffffff1690506000604051905084811115612bdb5760206060fd5b8285848460045afa50612afc612bf087612e0e565b64ffffffffff168685612dfb565b60009081526001919091016020526040902054151590565b6000612c6b826040518060400160405280602081526020017f5361666545524332303a206c6f772d6c6576656c2063616c6c206661696c6564815250856001600160a01b03166130089092919063ffffffff16565b80519091501561157c57808060200190516020811015612c8a57600080fd5b505161157c5760405162461bcd60e51b815260040180806020018281038252602a81526020018061384b602a913960400191505060405180910390fd5b81546000908210612d095760405162461bcd60e51b81526004018080602001828103825260228152602001806136346022913960400191505060405180910390fd5b826000018281548110612d1857fe5b9060005260206000200154905092915050565b60008151604114612d83576040805162461bcd60e51b815260206004820152601f60248201527f45434453413a20696e76616c6964207369676e6174757265206c656e67746800604482015290519081900360640190fd5b60208201516040830151606084015160001a612afc86828585613017565b600082820183811015611e38576040805162461bcd60e51b815260206004820152601b60248201527f536166654d6174683a206164646974696f6e206f766572666c6f770000000000604482015290519081900360640190fd5b606092831b9190911790911b1760181b90565b60d81c90565b6000612e1f826128e6565b612e2883612e3e565b016bffffffffffffffffffffffff169050919050565b60781c6bffffffffffffffffffffffff1690565b60606000612e5f866131aa565b9150506000612e6d866131aa565b9150506000612e7b866131aa565b9150506000612e89866131aa565b9150508383838360405160200180806138c8603591397fffffffffffff000000000000000000000000000000000000000000000000000060d087811b821660358401527f2077697468206c656e6774682030780000000000000000000000000000000000603b84015286901b16604a820152605001602161378882397fffffffffffff000000000000000000000000000000000000000000000000000060d094851b811660218301527f2077697468206c656e677468203078000000000000000000000000000000000060278301529290931b9091166036830152507f2e00000000000000000000000000000000000000000000000000000000000000603c82015260408051601d818403018152603d90920190529b9a5050505050505050505050565b7f80000000000000000000000000000000000000000000000000000000000000007fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff9091011d90565b60006130018261327e565b1592915050565b606061088d848460008561328a565b60007f7fffffffffffffffffffffffffffffff5d576e7357a4501ddfe92f46681b20a08211156130785760405162461bcd60e51b81526004018080602001828103825260228152602001806136f36022913960400191505060405180910390fd5b8360ff16601b148061308d57508360ff16601c145b6130c85760405162461bcd60e51b81526004018080602001828103825260228152602001806137a96022913960400191505060405180910390fd5b600060018686868660405160008152602001604052604051808581526020018460ff1681526020018381526020018281526020019450505050506020604051602081039080840390855afa158015613124573d6000803e3d6000fd5b50506040517fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe001519150506001600160a01b0381166122bf576040805162461bcd60e51b815260206004820152601860248201527f45434453413a20696e76616c6964207369676e61747572650000000000000000604482015290519081900360640190fd5b600080601f5b600f8160ff1611156132125760ff600882021684901c6131cf81613403565b61ffff16841793508160ff166010146131ea57601084901b93505b507fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff016131b0565b50600f5b60ff8160ff1610156132785760ff600882021684901c61323581613403565b61ffff16831792508160ff1660001461325057601083901b92505b507fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff01613216565b50915091565b62ffffff199081161490565b6060824710156132cb5760405162461bcd60e51b81526004018080602001828103825260268152602001806137156026913960400191505060405180910390fd5b6132d485613433565b613325576040805162461bcd60e51b815260206004820152601d60248201527f416464726573733a2063616c6c20746f206e6f6e2d636f6e7472616374000000604482015290519081900360640190fd5b600080866001600160a01b031685876040518082805190602001908083835b6020831061338157805182527fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe09092019160209182019101613344565b6001836020036101000a03801982511681845116808217855250505050505090500191505060006040518083038185875af1925050503d80600081146133e3576040519150601f19603f3d011682016040523d82523d6000602084013e6133e8565b606091505b50915091506133f8828286613439565b979650505050505050565b600061341560048360ff16901c61349f565b60ff161760081b62ffff001661342a8261349f565b60ff1617919050565b3b151590565b606083156134485750816128a2565b8251156134585782518084602001fd5b60405162461bcd60e51b81526020600482018181528451602484015284518593919283926044019190850190808383600083156129db5781810151838201526020016129c3565b600060f08083179060ff821614156134bb5760309150506113b7565b8060ff1660f114156134d15760319150506113b7565b8060ff1660f214156134e75760329150506113b7565b8060ff1660f314156134fd5760339150506113b7565b8060ff1660f414156135135760349150506113b7565b8060ff1660f514156135295760359150506113b7565b8060ff1660f6141561353f5760369150506113b7565b8060ff1660f714156135555760379150506113b7565b8060ff1660f8141561356b5760389150506113b7565b8060ff1660f914156135815760399150506113b7565b8060ff1660fa14156135975760619150506113b7565b8060ff1660fb14156135ad5760629150506113b7565b8060ff1660fc14156135c35760639150506113b7565b8060ff1660fd14156135d95760649150506113b7565b8060ff1660fe14156135ef5760659150506113b7565b8060ff1660ff14156136055760669150506113b7565b50919050565b6000808585111561361a578182fd5b83861115613626578182fd5b505082019391909203915056fe456e756d657261626c655365743a20696e646578206f7574206f6620626f756e64735061757361626c653a206e65772070617573657220697320746865207a65726f206164647265737344657374696e6174696f6e2063616c6c6572206d757374206265206e6f6e7a65726f4f776e61626c6532537465703a2063616c6c6572206973206e6f7420746865206e6577206f776e6572526573637561626c653a206e6577207265736375657220697320746865207a65726f206164647265737345434453413a20696e76616c6964207369676e6174757265202773272076616c7565416464726573733a20696e73756666696369656e742062616c616e636520666f722063616c6c4d657373616765206e6f74206f726967696e616c6c792073656e742066726f6d207468697320646f6d61696e53656e646572206e6f74207065726d697474656420746f20757365206e6f6e63652e20417474656d7074656420746f20696e646578206174206f666673657420307845434453413a20696e76616c6964207369676e6174757265202776272076616c7565526573637561626c653a2063616c6c6572206973206e6f7420746865207265736375657254797065644d656d566965772f696e646578202d20417474656d7074656420746f20696e646578206d6f7265207468616e2033322062797465735061757361626c653a2063616c6c6572206973206e6f7420746865207061757365725361666545524332303a204552433230206f7065726174696f6e20646964206e6f74207375636365656454797065644d656d566965772f636f7079546f202d204e756c6c20706f696e74657220646572656654797065644d656d566965772f636f7079546f202d20496e76616c696420706f696e74657220646572656654797065644d656d566965772f696e646578202d204f76657272616e2074686520766965772e20536c696365206973206174203078a264697066735822122080a00769da33d6f2913e3780432f8f71ea1b1e56d8fe2a3b7b18047055d2b51764736f6c63430007060033","info":{"source":"/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npragma solidity 0.7.6;\n\n/*\nThe MIT License (MIT)\n\nCopyright (c) 2016 Smart Contract Solutions, Inc.\n\nPermission is hereby granted, free of charge, to any person obtaining\na copy of this software and associated documentation files (the\n\"Software\"), to deal in the Software without restriction, including\nwithout limitation the rights to use, copy, modify, merge, publish,\ndistribute, sublicense, and/or sell copies of the Software, and to\npermit persons to whom the Software is furnished to do so, subject to\nthe following conditions:\n\nThe above copyright notice and this permission notice shall be included\nin all copies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS\nOR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF\nMERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.\nIN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY\nCLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,\nTORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE\nSOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n*/\n\nlibrary TypedMemView {\n using SafeMath for uint256;\n\n // Why does this exist?\n // the solidity `bytes memory` type has a few weaknesses.\n // 1. You can't index ranges effectively\n // 2. You can't slice without copying\n // 3. The underlying data may represent any type\n // 4. Solidity never deallocates memory, and memory costs grow\n // superlinearly\n\n // By using a memory view instead of a `bytes memory` we get the following\n // advantages:\n // 1. Slices are done on the stack, by manipulating the pointer\n // 2. We can index arbitrary ranges and quickly convert them to stack types\n // 3. We can insert type info into the pointer, and typecheck at runtime\n\n // This makes `TypedMemView` a useful tool for efficient zero-copy\n // algorithms.\n\n // Why bytes29?\n // We want to avoid confusion between views, digests, and other common\n // types so we chose a large and uncommonly used odd number of bytes\n //\n // Note that while bytes are left-aligned in a word, integers and addresses\n // are right-aligned. This means when working in assembly we have to\n // account for the 3 unused bytes on the righthand side\n //\n // First 5 bytes are a type flag.\n // - ff_ffff_fffe is reserved for unknown type.\n // - ff_ffff_ffff is reserved for invalid types/errors.\n // next 12 are memory address\n // next 12 are len\n // bottom 3 bytes are empty\n\n // Assumptions:\n // - non-modification of memory.\n // - No Solidity updates\n // - - wrt free mem point\n // - - wrt bytes representation in memory\n // - - wrt memory addressing in general\n\n // Usage:\n // - create type constants\n // - use `assertType` for runtime type assertions\n // - - unfortunately we can't do this at compile time yet :(\n // - recommended: implement modifiers that perform type checking\n // - - e.g.\n // - - `uint40 constant MY_TYPE = 3;`\n // - - ` modifer onlyMyType(bytes29 myView) { myView.assertType(MY_TYPE); }`\n // - instantiate a typed view from a bytearray using `ref`\n // - use `index` to inspect the contents of the view\n // - use `slice` to create smaller views into the same memory\n // - - `slice` can increase the offset\n // - - `slice can decrease the length`\n // - - must specify the output type of `slice`\n // - - `slice` will return a null view if you try to overrun\n // - - make sure to explicitly check for this with `notNull` or `assertType`\n // - use `equal` for typed comparisons.\n\n // The null view\n bytes29 public constant NULL = hex\"ffffffffffffffffffffffffffffffffffffffffffffffffffffffffff\";\n uint256 constant LOW_12_MASK = 0xffffffffffffffffffffffff;\n uint8 constant TWELVE_BYTES = 96;\n\n /**\n * @notice Returns the encoded hex character that represents the lower 4 bits of the argument.\n * @param _b The byte\n * @return char - The encoded hex character\n */\n function nibbleHex(uint8 _b) internal pure returns (uint8 char) {\n // This can probably be done more efficiently, but it's only in error\n // paths, so we don't really care :)\n uint8 _nibble = _b | 0xf0; // set top 4, keep bottom 4\n if (_nibble == 0xf0) {return 0x30;} // 0\n if (_nibble == 0xf1) {return 0x31;} // 1\n if (_nibble == 0xf2) {return 0x32;} // 2\n if (_nibble == 0xf3) {return 0x33;} // 3\n if (_nibble == 0xf4) {return 0x34;} // 4\n if (_nibble == 0xf5) {return 0x35;} // 5\n if (_nibble == 0xf6) {return 0x36;} // 6\n if (_nibble == 0xf7) {return 0x37;} // 7\n if (_nibble == 0xf8) {return 0x38;} // 8\n if (_nibble == 0xf9) {return 0x39;} // 9\n if (_nibble == 0xfa) {return 0x61;} // a\n if (_nibble == 0xfb) {return 0x62;} // b\n if (_nibble == 0xfc) {return 0x63;} // c\n if (_nibble == 0xfd) {return 0x64;} // d\n if (_nibble == 0xfe) {return 0x65;} // e\n if (_nibble == 0xff) {return 0x66;} // f\n }\n\n /**\n * @notice Returns a uint16 containing the hex-encoded byte.\n * @param _b The byte\n * @return encoded - The hex-encoded byte\n */\n function byteHex(uint8 _b) internal pure returns (uint16 encoded) {\n encoded |= nibbleHex(_b \u003e\u003e 4); // top 4 bits\n encoded \u003c\u003c= 8;\n encoded |= nibbleHex(_b); // lower 4 bits\n }\n\n /**\n * @notice Encodes the uint256 to hex. `first` contains the encoded top 16 bytes.\n * `second` contains the encoded lower 16 bytes.\n *\n * @param _b The 32 bytes as uint256\n * @return first - The top 16 bytes\n * @return second - The bottom 16 bytes\n */\n function encodeHex(uint256 _b) internal pure returns (uint256 first, uint256 second) {\n for (uint8 i = 31; i \u003e 15; i -= 1) {\n uint8 _byte = uint8(_b \u003e\u003e (i * 8));\n first |= byteHex(_byte);\n if (i != 16) {\n first \u003c\u003c= 16;\n }\n }\n\n // abusing underflow here =_=\n for (uint8 i = 15; i \u003c 255 ; i -= 1) {\n uint8 _byte = uint8(_b \u003e\u003e (i * 8));\n second |= byteHex(_byte);\n if (i != 0) {\n second \u003c\u003c= 16;\n }\n }\n }\n\n /**\n * @notice Changes the endianness of a uint256.\n * @dev https://graphics.stanford.edu/~seander/bithacks.html#ReverseParallel\n * @param _b The unsigned integer to reverse\n * @return v - The reversed value\n */\n function reverseUint256(uint256 _b) internal pure returns (uint256 v) {\n v = _b;\n\n // swap bytes\n v = ((v \u003e\u003e 8) \u0026 0x00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF) |\n ((v \u0026 0x00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF) \u003c\u003c 8);\n // swap 2-byte long pairs\n v = ((v \u003e\u003e 16) \u0026 0x0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF) |\n ((v \u0026 0x0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF) \u003c\u003c 16);\n // swap 4-byte long pairs\n v = ((v \u003e\u003e 32) \u0026 0x00000000FFFFFFFF00000000FFFFFFFF00000000FFFFFFFF00000000FFFFFFFF) |\n ((v \u0026 0x00000000FFFFFFFF00000000FFFFFFFF00000000FFFFFFFF00000000FFFFFFFF) \u003c\u003c 32);\n // swap 8-byte long pairs\n v = ((v \u003e\u003e 64) \u0026 0x0000000000000000FFFFFFFFFFFFFFFF0000000000000000FFFFFFFFFFFFFFFF) |\n ((v \u0026 0x0000000000000000FFFFFFFFFFFFFFFF0000000000000000FFFFFFFFFFFFFFFF) \u003c\u003c 64);\n // swap 16-byte long pairs\n v = (v \u003e\u003e 128) | (v \u003c\u003c 128);\n }\n\n /**\n * @notice Create a mask with the highest `_len` bits set.\n * @param _len The length\n * @return mask - The mask\n */\n function leftMask(uint8 _len) private pure returns (uint256 mask) {\n // ugly. redo without assembly?\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n mask := sar(\n sub(_len, 1),\n 0x8000000000000000000000000000000000000000000000000000000000000000\n )\n }\n }\n\n /**\n * @notice Return the null view.\n * @return bytes29 - The null view\n */\n function nullView() internal pure returns (bytes29) {\n return NULL;\n }\n\n /**\n * @notice Check if the view is null.\n * @return bool - True if the view is null\n */\n function isNull(bytes29 memView) internal pure returns (bool) {\n return memView == NULL;\n }\n\n /**\n * @notice Check if the view is not null.\n * @return bool - True if the view is not null\n */\n function notNull(bytes29 memView) internal pure returns (bool) {\n return !isNull(memView);\n }\n\n /**\n * @notice Check if the view is of a valid type and points to a valid location\n * in memory.\n * @dev We perform this check by examining solidity's unallocated memory\n * pointer and ensuring that the view's upper bound is less than that.\n * @param memView The view\n * @return ret - True if the view is valid\n */\n function isValid(bytes29 memView) internal pure returns (bool ret) {\n if (typeOf(memView) == 0xffffffffff) {return false;}\n uint256 _end = end(memView);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n ret := not(gt(_end, mload(0x40)))\n }\n }\n\n /**\n * @notice Require that a typed memory view be valid.\n * @dev Returns the view for easy chaining.\n * @param memView The view\n * @return bytes29 - The validated view\n */\n function assertValid(bytes29 memView) internal pure returns (bytes29) {\n require(isValid(memView), \"Validity assertion failed\");\n return memView;\n }\n\n /**\n * @notice Return true if the memview is of the expected type. Otherwise false.\n * @param memView The view\n * @param _expected The expected type\n * @return bool - True if the memview is of the expected type\n */\n function isType(bytes29 memView, uint40 _expected) internal pure returns (bool) {\n return typeOf(memView) == _expected;\n }\n\n /**\n * @notice Require that a typed memory view has a specific type.\n * @dev Returns the view for easy chaining.\n * @param memView The view\n * @param _expected The expected type\n * @return bytes29 - The view with validated type\n */\n function assertType(bytes29 memView, uint40 _expected) internal pure returns (bytes29) {\n if (!isType(memView, _expected)) {\n (, uint256 g) = encodeHex(uint256(typeOf(memView)));\n (, uint256 e) = encodeHex(uint256(_expected));\n string memory err = string(\n abi.encodePacked(\n \"Type assertion failed. Got 0x\",\n uint80(g),\n \". Expected 0x\",\n uint80(e)\n )\n );\n revert(err);\n }\n return memView;\n }\n\n /**\n * @notice Return an identical view with a different type.\n * @param memView The view\n * @param _newType The new type\n * @return newView - The new view with the specified type\n */\n function castTo(bytes29 memView, uint40 _newType) internal pure returns (bytes29 newView) {\n // then | in the new type\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n // shift off the top 5 bytes\n newView := or(newView, shr(40, shl(40, memView)))\n newView := or(newView, shl(216, _newType))\n }\n }\n\n /**\n * @notice Unsafe raw pointer construction. This should generally not be called\n * directly. Prefer `ref` wherever possible.\n * @dev Unsafe raw pointer construction. This should generally not be called\n * directly. Prefer `ref` wherever possible.\n * @param _type The type\n * @param _loc The memory address\n * @param _len The length\n * @return newView - The new view with the specified type, location and length\n */\n function unsafeBuildUnchecked(uint256 _type, uint256 _loc, uint256 _len) private pure returns (bytes29 newView) {\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n newView := shl(96, or(newView, _type)) // insert type\n newView := shl(96, or(newView, _loc)) // insert loc\n newView := shl(24, or(newView, _len)) // empty bottom 3 bytes\n }\n }\n\n /**\n * @notice Instantiate a new memory view. This should generally not be called\n * directly. Prefer `ref` wherever possible.\n * @dev Instantiate a new memory view. This should generally not be called\n * directly. Prefer `ref` wherever possible.\n * @param _type The type\n * @param _loc The memory address\n * @param _len The length\n * @return newView - The new view with the specified type, location and length\n */\n function build(uint256 _type, uint256 _loc, uint256 _len) internal pure returns (bytes29 newView) {\n uint256 _end = _loc.add(_len);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n if gt(_end, mload(0x40)) {\n _end := 0\n }\n }\n if (_end == 0) {\n return NULL;\n }\n newView = unsafeBuildUnchecked(_type, _loc, _len);\n }\n\n /**\n * @notice Instantiate a memory view from a byte array.\n * @dev Note that due to Solidity memory representation, it is not possible to\n * implement a deref, as the `bytes` type stores its len in memory.\n * @param arr The byte array\n * @param newType The type\n * @return bytes29 - The memory view\n */\n function ref(bytes memory arr, uint40 newType) internal pure returns (bytes29) {\n uint256 _len = arr.length;\n\n uint256 _loc;\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n _loc := add(arr, 0x20) // our view is of the data, not the struct\n }\n\n return build(newType, _loc, _len);\n }\n\n /**\n * @notice Return the associated type information.\n * @param memView The memory view\n * @return _type - The type associated with the view\n */\n function typeOf(bytes29 memView) internal pure returns (uint40 _type) {\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n // 216 == 256 - 40\n _type := shr(216, memView) // shift out lower 24 bytes\n }\n }\n\n /**\n * @notice Optimized type comparison. Checks that the 5-byte type flag is equal.\n * @param left The first view\n * @param right The second view\n * @return bool - True if the 5-byte type flag is equal\n */\n function sameType(bytes29 left, bytes29 right) internal pure returns (bool) {\n return (left ^ right) \u003e\u003e (2 * TWELVE_BYTES) == 0;\n }\n\n /**\n * @notice Return the memory address of the underlying bytes.\n * @param memView The view\n * @return _loc - The memory address\n */\n function loc(bytes29 memView) internal pure returns (uint96 _loc) {\n uint256 _mask = LOW_12_MASK; // assembly can't use globals\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n // 120 bits = 12 bytes (the encoded loc) + 3 bytes (empty low space)\n _loc := and(shr(120, memView), _mask)\n }\n }\n\n /**\n * @notice The number of memory words this memory view occupies, rounded up.\n * @param memView The view\n * @return uint256 - The number of memory words\n */\n function words(bytes29 memView) internal pure returns (uint256) {\n return uint256(len(memView)).add(32) / 32;\n }\n\n /**\n * @notice The in-memory footprint of a fresh copy of the view.\n * @param memView The view\n * @return uint256 - The in-memory footprint of a fresh copy of the view.\n */\n function footprint(bytes29 memView) internal pure returns (uint256) {\n return words(memView) * 32;\n }\n\n /**\n * @notice The number of bytes of the view.\n * @param memView The view\n * @return _len - The length of the view\n */\n function len(bytes29 memView) internal pure returns (uint96 _len) {\n uint256 _mask = LOW_12_MASK; // assembly can't use globals\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n _len := and(shr(24, memView), _mask)\n }\n }\n\n /**\n * @notice Returns the endpoint of `memView`.\n * @param memView The view\n * @return uint256 - The endpoint of `memView`\n */\n function end(bytes29 memView) internal pure returns (uint256) {\n return loc(memView) + len(memView);\n }\n\n /**\n * @notice Safe slicing without memory modification.\n * @param memView The view\n * @param _index The start index\n * @param _len The length\n * @param newType The new type\n * @return bytes29 - The new view\n */\n function slice(bytes29 memView, uint256 _index, uint256 _len, uint40 newType) internal pure returns (bytes29) {\n uint256 _loc = loc(memView);\n\n // Ensure it doesn't overrun the view\n if (_loc.add(_index).add(_len) \u003e end(memView)) {\n return NULL;\n }\n\n _loc = _loc.add(_index);\n return build(newType, _loc, _len);\n }\n\n /**\n * @notice Shortcut to `slice`. Gets a view representing the first `_len` bytes.\n * @param memView The view\n * @param _len The length\n * @param newType The new type\n * @return bytes29 - The new view\n */\n function prefix(bytes29 memView, uint256 _len, uint40 newType) internal pure returns (bytes29) {\n return slice(memView, 0, _len, newType);\n }\n\n /**\n * @notice Shortcut to `slice`. Gets a view representing the last `_len` byte.\n * @param memView The view\n * @param _len The length\n * @param newType The new type\n * @return bytes29 - The new view\n */\n function postfix(bytes29 memView, uint256 _len, uint40 newType) internal pure returns (bytes29) {\n return slice(memView, uint256(len(memView)).sub(_len), _len, newType);\n }\n\n /**\n * @notice Construct an error message for an indexing overrun.\n * @param _loc The memory address\n * @param _len The length\n * @param _index The index\n * @param _slice The slice where the overrun occurred\n * @return err - The err\n */\n function indexErrOverrun(\n uint256 _loc,\n uint256 _len,\n uint256 _index,\n uint256 _slice\n ) internal pure returns (string memory err) {\n (, uint256 a) = encodeHex(_loc);\n (, uint256 b) = encodeHex(_len);\n (, uint256 c) = encodeHex(_index);\n (, uint256 d) = encodeHex(_slice);\n err = string(\n abi.encodePacked(\n \"TypedMemView/index - Overran the view. Slice is at 0x\",\n uint48(a),\n \" with length 0x\",\n uint48(b),\n \". Attempted to index at offset 0x\",\n uint48(c),\n \" with length 0x\",\n uint48(d),\n \".\"\n )\n );\n }\n\n /**\n * @notice Load up to 32 bytes from the view onto the stack.\n * @dev Returns a bytes32 with only the `_bytes` highest bytes set.\n * This can be immediately cast to a smaller fixed-length byte array.\n * To automatically cast to an integer, use `indexUint`.\n * @param memView The view\n * @param _index The index\n * @param _bytes The bytes\n * @return result - The 32 byte result\n */\n function index(bytes29 memView, uint256 _index, uint8 _bytes) internal pure returns (bytes32 result) {\n if (_bytes == 0) {return bytes32(0);}\n if (_index.add(_bytes) \u003e len(memView)) {\n revert(indexErrOverrun(loc(memView), len(memView), _index, uint256(_bytes)));\n }\n require(_bytes \u003c= 32, \"TypedMemView/index - Attempted to index more than 32 bytes\");\n\n uint8 bitLength = _bytes * 8;\n uint256 _loc = loc(memView);\n uint256 _mask = leftMask(bitLength);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n result := and(mload(add(_loc, _index)), _mask)\n }\n }\n\n /**\n * @notice Parse an unsigned integer from the view at `_index`.\n * @dev Requires that the view have \u003e= `_bytes` bytes following that index.\n * @param memView The view\n * @param _index The index\n * @param _bytes The bytes\n * @return result - The unsigned integer\n */\n function indexUint(bytes29 memView, uint256 _index, uint8 _bytes) internal pure returns (uint256 result) {\n return uint256(index(memView, _index, _bytes)) \u003e\u003e ((32 - _bytes) * 8);\n }\n\n /**\n * @notice Parse an unsigned integer from LE bytes.\n * @param memView The view\n * @param _index The index\n * @param _bytes The bytes\n * @return result - The unsigned integer\n */\n function indexLEUint(bytes29 memView, uint256 _index, uint8 _bytes) internal pure returns (uint256 result) {\n return reverseUint256(uint256(index(memView, _index, _bytes)));\n }\n\n /**\n * @notice Parse an address from the view at `_index`. Requires that the view have \u003e= 20 bytes\n * following that index.\n * @param memView The view\n * @param _index The index\n * @return address - The address\n */\n function indexAddress(bytes29 memView, uint256 _index) internal pure returns (address) {\n return address(uint160(indexUint(memView, _index, 20)));\n }\n\n /**\n * @notice Return the keccak256 hash of the underlying memory\n * @param memView The view\n * @return digest - The keccak256 hash of the underlying memory\n */\n function keccak(bytes29 memView) internal pure returns (bytes32 digest) {\n uint256 _loc = loc(memView);\n uint256 _len = len(memView);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n digest := keccak256(_loc, _len)\n }\n }\n\n /**\n * @notice Return the sha2 digest of the underlying memory.\n * @dev We explicitly deallocate memory afterwards.\n * @param memView The view\n * @return digest - The sha2 hash of the underlying memory\n */\n function sha2(bytes29 memView) internal view returns (bytes32 digest) {\n uint256 _loc = loc(memView);\n uint256 _len = len(memView);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n let ptr := mload(0x40)\n pop(staticcall(gas(), 2, _loc, _len, ptr, 0x20)) // sha2 #1\n digest := mload(ptr)\n }\n }\n\n /**\n * @notice Implements bitcoin's hash160 (rmd160(sha2()))\n * @param memView The pre-image\n * @return digest - the Digest\n */\n function hash160(bytes29 memView) internal view returns (bytes20 digest) {\n uint256 _loc = loc(memView);\n uint256 _len = len(memView);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n let ptr := mload(0x40)\n pop(staticcall(gas(), 2, _loc, _len, ptr, 0x20)) // sha2\n pop(staticcall(gas(), 3, ptr, 0x20, ptr, 0x20)) // rmd160\n digest := mload(add(ptr, 0xc)) // return value is 0-prefixed.\n }\n }\n\n /**\n * @notice Implements bitcoin's hash256 (double sha2)\n * @param memView A view of the preimage\n * @return digest - the Digest\n */\n function hash256(bytes29 memView) internal view returns (bytes32 digest) {\n uint256 _loc = loc(memView);\n uint256 _len = len(memView);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n let ptr := mload(0x40)\n pop(staticcall(gas(), 2, _loc, _len, ptr, 0x20)) // sha2 #1\n pop(staticcall(gas(), 2, ptr, 0x20, ptr, 0x20)) // sha2 #2\n digest := mload(ptr)\n }\n }\n\n /**\n * @notice Return true if the underlying memory is equal. Else false.\n * @param left The first view\n * @param right The second view\n * @return bool - True if the underlying memory is equal\n */\n function untypedEqual(bytes29 left, bytes29 right) internal pure returns (bool) {\n return (loc(left) == loc(right) \u0026\u0026 len(left) == len(right)) || keccak(left) == keccak(right);\n }\n\n /**\n * @notice Return false if the underlying memory is equal. Else true.\n * @param left The first view\n * @param right The second view\n * @return bool - False if the underlying memory is equal\n */\n function untypedNotEqual(bytes29 left, bytes29 right) internal pure returns (bool) {\n return !untypedEqual(left, right);\n }\n\n /**\n * @notice Compares type equality.\n * @dev Shortcuts if the pointers are identical, otherwise compares type and digest.\n * @param left The first view\n * @param right The second view\n * @return bool - True if the types are the same\n */\n function equal(bytes29 left, bytes29 right) internal pure returns (bool) {\n return left == right || (typeOf(left) == typeOf(right) \u0026\u0026 keccak(left) == keccak(right));\n }\n\n /**\n * @notice Compares type inequality.\n * @dev Shortcuts if the pointers are identical, otherwise compares type and digest.\n * @param left The first view\n * @param right The second view\n * @return bool - True if the types are not the same\n */\n function notEqual(bytes29 left, bytes29 right) internal pure returns (bool) {\n return !equal(left, right);\n }\n\n /**\n * @notice Copy the view to a location, return an unsafe memory reference\n * @dev Super Dangerous direct memory access.\n *\n * This reference can be overwritten if anything else modifies memory (!!!).\n * As such it MUST be consumed IMMEDIATELY.\n * This function is private to prevent unsafe usage by callers.\n * @param memView The view\n * @param _newLoc The new location\n * @return written - the unsafe memory reference\n */\n function unsafeCopyTo(bytes29 memView, uint256 _newLoc) private view returns (bytes29 written) {\n require(notNull(memView), \"TypedMemView/copyTo - Null pointer deref\");\n require(isValid(memView), \"TypedMemView/copyTo - Invalid pointer deref\");\n uint256 _len = len(memView);\n uint256 _oldLoc = loc(memView);\n\n uint256 ptr;\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n ptr := mload(0x40)\n // revert if we're writing in occupied memory\n if gt(ptr, _newLoc) {\n revert(0x60, 0x20) // empty revert message\n }\n\n // use the identity precompile to copy\n // guaranteed not to fail, so pop the success\n pop(staticcall(gas(), 4, _oldLoc, _len, _newLoc, _len))\n }\n\n written = unsafeBuildUnchecked(typeOf(memView), _newLoc, _len);\n }\n\n /**\n * @notice Copies the referenced memory to a new loc in memory, returning a `bytes` pointing to\n * the new memory\n * @dev Shortcuts if the pointers are identical, otherwise compares type and digest.\n * @param memView The view\n * @return ret - The view pointing to the new memory\n */\n function clone(bytes29 memView) internal view returns (bytes memory ret) {\n uint256 ptr;\n uint256 _len = len(memView);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n ptr := mload(0x40) // load unused memory pointer\n ret := ptr\n }\n unsafeCopyTo(memView, ptr + 0x20);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n mstore(0x40, add(add(ptr, _len), 0x20)) // write new unused pointer\n mstore(ptr, _len) // write len of new array (in bytes)\n }\n }\n\n /**\n * @notice Join the views in memory, return an unsafe reference to the memory.\n * @dev Super Dangerous direct memory access.\n *\n * This reference can be overwritten if anything else modifies memory (!!!).\n * As such it MUST be consumed IMMEDIATELY.\n * This function is private to prevent unsafe usage by callers.\n * @param memViews The views\n * @return unsafeView - The conjoined view pointing to the new memory\n */\n function unsafeJoin(bytes29[] memory memViews, uint256 _location) private view returns (bytes29 unsafeView) {\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n let ptr := mload(0x40)\n // revert if we're writing in occupied memory\n if gt(ptr, _location) {\n revert(0x60, 0x20) // empty revert message\n }\n }\n\n uint256 _offset = 0;\n for (uint256 i = 0; i \u003c memViews.length; i ++) {\n bytes29 memView = memViews[i];\n unsafeCopyTo(memView, _location + _offset);\n _offset += len(memView);\n }\n unsafeView = unsafeBuildUnchecked(0, _location, _offset);\n }\n\n /**\n * @notice Produce the keccak256 digest of the concatenated contents of multiple views.\n * @param memViews The views\n * @return bytes32 - The keccak256 digest\n */\n function joinKeccak(bytes29[] memory memViews) internal view returns (bytes32) {\n uint256 ptr;\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n ptr := mload(0x40) // load unused memory pointer\n }\n return keccak(unsafeJoin(memViews, ptr));\n }\n\n /**\n * @notice Produce the sha256 digest of the concatenated contents of multiple views.\n * @param memViews The views\n * @return bytes32 - The sha256 digest\n */\n function joinSha2(bytes29[] memory memViews) internal view returns (bytes32) {\n uint256 ptr;\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n ptr := mload(0x40) // load unused memory pointer\n }\n return sha2(unsafeJoin(memViews, ptr));\n }\n\n /**\n * @notice copies all views, joins them into a new bytearray.\n * @param memViews The views\n * @return ret - The new byte array\n */\n function join(bytes29[] memory memViews) internal view returns (bytes memory ret) {\n uint256 ptr;\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n ptr := mload(0x40) // load unused memory pointer\n }\n\n bytes29 _newView = unsafeJoin(memViews, ptr + 0x20);\n uint256 _written = len(_newView);\n uint256 _footprint = footprint(_newView);\n\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n // store the legnth\n mstore(ptr, _written)\n // new pointer is old + 0x20 + the footprint of the body\n mstore(0x40, add(add(ptr, _footprint), 0x20))\n ret := ptr\n }\n }\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * @title IRelayer\n * @notice Sends messages from source domain to destination domain\n */\ninterface IRelayer {\n /**\n * @notice Sends an outgoing message from the source domain.\n * @dev Increment nonce, format the message, and emit `MessageSent` event with message information.\n * @param destinationDomain Domain of destination chain\n * @param recipient Address of message recipient on destination domain as bytes32\n * @param messageBody Raw bytes content of message\n * @return nonce reserved by message\n */\n function sendMessage(\n uint32 destinationDomain,\n bytes32 recipient,\n bytes calldata messageBody\n ) external returns (uint64);\n\n /**\n * @notice Sends an outgoing message from the source domain, with a specified caller on the\n * destination domain.\n * @dev Increment nonce, format the message, and emit `MessageSent` event with message information.\n * WARNING: if the `destinationCaller` does not represent a valid address as bytes32, then it will not be possible\n * to broadcast the message on the destination domain. This is an advanced feature, and the standard\n * sendMessage() should be preferred for use cases where a specific destination caller is not required.\n * @param destinationDomain Domain of destination chain\n * @param recipient Address of message recipient on destination domain as bytes32\n * @param destinationCaller caller on the destination domain, as bytes32\n * @param messageBody Raw bytes content of message\n * @return nonce reserved by message\n */\n function sendMessageWithCaller(\n uint32 destinationDomain,\n bytes32 recipient,\n bytes32 destinationCaller,\n bytes calldata messageBody\n ) external returns (uint64);\n\n /**\n * @notice Replace a message with a new message body and/or destination caller.\n * @dev The `originalAttestation` must be a valid attestation of `originalMessage`.\n * @param originalMessage original message to replace\n * @param originalAttestation attestation of `originalMessage`\n * @param newMessageBody new message body of replaced message\n * @param newDestinationCaller the new destination caller\n */\n function replaceMessage(\n bytes calldata originalMessage,\n bytes calldata originalAttestation,\n bytes calldata newMessageBody,\n bytes32 newDestinationCaller\n ) external;\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * @title IReceiver\n * @notice Receives messages on destination chain and forwards them to IMessageDestinationHandler\n */\ninterface IReceiver {\n /**\n * @notice Receives an incoming message, validating the header and passing\n * the body to application-specific handler.\n * @param message The message raw bytes\n * @param signature The message signature\n * @return success bool, true if successful\n */\n function receiveMessage(bytes calldata message, bytes calldata signature)\n external\n returns (bool success);\n}\n\n/**\n * @title IMessageTransmitter\n * @notice Interface for message transmitters, which both relay and receive messages.\n */\ninterface IMessageTransmitter is IRelayer, IReceiver {\n\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * @title IMessageHandler\n * @notice Handles messages on destination domain forwarded from\n * an IReceiver\n */\ninterface IMessageHandler {\n /**\n * @notice handles an incoming message from a Receiver\n * @param sourceDomain the source domain of the message\n * @param sender the sender of the message\n * @param messageBody The message raw bytes\n * @return success bool, true if successful\n */\n function handleReceiveMessage(\n uint32 sourceDomain,\n bytes32 sender,\n bytes calldata messageBody\n ) external returns (bool);\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * @title Message Library\n * @notice Library for formatted messages used by Relayer and Receiver.\n *\n * @dev The message body is dynamically-sized to support custom message body\n * formats. Other fields must be fixed-size to avoid hash collisions.\n * Each other input value has an explicit type to guarantee fixed-size.\n * Padding: uintNN fields are left-padded, and bytesNN fields are right-padded.\n *\n * Field Bytes Type Index\n * version 4 uint32 0\n * sourceDomain 4 uint32 4\n * destinationDomain 4 uint32 8\n * nonce 8 uint64 12\n * sender 32 bytes32 20\n * recipient 32 bytes32 52\n * destinationCaller 32 bytes32 84\n * messageBody dynamic bytes 116\n *\n **/\nlibrary Message {\n using TypedMemView for bytes;\n using TypedMemView for bytes29;\n\n // Indices of each field in message\n uint8 private constant VERSION_INDEX = 0;\n uint8 private constant SOURCE_DOMAIN_INDEX = 4;\n uint8 private constant DESTINATION_DOMAIN_INDEX = 8;\n uint8 private constant NONCE_INDEX = 12;\n uint8 private constant SENDER_INDEX = 20;\n uint8 private constant RECIPIENT_INDEX = 52;\n uint8 private constant DESTINATION_CALLER_INDEX = 84;\n uint8 private constant MESSAGE_BODY_INDEX = 116;\n\n /**\n * @notice Returns formatted (packed) message with provided fields\n * @param _msgVersion the version of the message format\n * @param _msgSourceDomain Domain of home chain\n * @param _msgDestinationDomain Domain of destination chain\n * @param _msgNonce Destination-specific nonce\n * @param _msgSender Address of sender on source chain as bytes32\n * @param _msgRecipient Address of recipient on destination chain as bytes32\n * @param _msgDestinationCaller Address of caller on destination chain as bytes32\n * @param _msgRawBody Raw bytes of message body\n * @return Formatted message\n **/\n function _formatMessage(\n uint32 _msgVersion,\n uint32 _msgSourceDomain,\n uint32 _msgDestinationDomain,\n uint64 _msgNonce,\n bytes32 _msgSender,\n bytes32 _msgRecipient,\n bytes32 _msgDestinationCaller,\n bytes memory _msgRawBody\n ) internal pure returns (bytes memory) {\n return\n abi.encodePacked(\n _msgVersion,\n _msgSourceDomain,\n _msgDestinationDomain,\n _msgNonce,\n _msgSender,\n _msgRecipient,\n _msgDestinationCaller,\n _msgRawBody\n );\n }\n\n // @notice Returns _message's version field\n function _version(bytes29 _message) internal pure returns (uint32) {\n return uint32(_message.indexUint(VERSION_INDEX, 4));\n }\n\n // @notice Returns _message's sourceDomain field\n function _sourceDomain(bytes29 _message) internal pure returns (uint32) {\n return uint32(_message.indexUint(SOURCE_DOMAIN_INDEX, 4));\n }\n\n // @notice Returns _message's destinationDomain field\n function _destinationDomain(bytes29 _message)\n internal\n pure\n returns (uint32)\n {\n return uint32(_message.indexUint(DESTINATION_DOMAIN_INDEX, 4));\n }\n\n // @notice Returns _message's nonce field\n function _nonce(bytes29 _message) internal pure returns (uint64) {\n return uint64(_message.indexUint(NONCE_INDEX, 8));\n }\n\n // @notice Returns _message's sender field\n function _sender(bytes29 _message) internal pure returns (bytes32) {\n return _message.index(SENDER_INDEX, 32);\n }\n\n // @notice Returns _message's recipient field\n function _recipient(bytes29 _message) internal pure returns (bytes32) {\n return _message.index(RECIPIENT_INDEX, 32);\n }\n\n // @notice Returns _message's destinationCaller field\n function _destinationCaller(bytes29 _message)\n internal\n pure\n returns (bytes32)\n {\n return _message.index(DESTINATION_CALLER_INDEX, 32);\n }\n\n // @notice Returns _message's messageBody field\n function _messageBody(bytes29 _message) internal pure returns (bytes29) {\n return\n _message.slice(\n MESSAGE_BODY_INDEX,\n _message.len() - MESSAGE_BODY_INDEX,\n 0\n );\n }\n\n /**\n * @notice converts address to bytes32 (alignment preserving cast.)\n * @param addr the address to convert to bytes32\n */\n function addressToBytes32(address addr) external pure returns (bytes32) {\n return bytes32(uint256(uint160(addr)));\n }\n\n /**\n * @notice converts bytes32 to address (alignment preserving cast.)\n * @dev Warning: it is possible to have different input values _buf map to the same address.\n * For use cases where this is not acceptable, validate that the first 12 bytes of _buf are zero-padding.\n * @param _buf the bytes32 to convert to address\n */\n function bytes32ToAddress(bytes32 _buf) public pure returns (address) {\n return address(uint160(uint256(_buf)));\n }\n\n /**\n * @notice Reverts if message is malformed or incorrect length\n * @param _message The message as bytes29\n */\n function _validateMessageFormat(bytes29 _message) internal pure {\n require(_message.isValid(), \"Malformed message\");\n require(\n _message.len() \u003e= MESSAGE_BODY_INDEX,\n \"Invalid message: too short\"\n );\n }\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/*\n * @dev Provides information about the current execution context, including the\n * sender of the transaction and its data. While these are generally available\n * via msg.sender and msg.data, they should not be accessed in such a direct\n * manner, since when dealing with GSN meta-transactions the account sending and\n * paying for execution may not be the actual sender (as far as an application\n * is concerned).\n *\n * This contract is only required for intermediate, library-like contracts.\n */\nabstract contract Context {\n function _msgSender() internal view virtual returns (address payable) {\n return msg.sender;\n }\n\n function _msgData() internal view virtual returns (bytes memory) {\n this; // silence state mutability warning without generating bytecode - see https://github.com/ethereum/solidity/issues/2691\n return msg.data;\n }\n}\n\n/**\n * @dev forked from https://github.com/OpenZeppelin/openzeppelin-contracts/blob/7c5f6bc2c8743d83443fa46395d75f2f3f99054a/contracts/access/Ownable.sol\n * Modifications:\n * 1. Update Solidity version from 0.8.0 to 0.7.6 (11/9/2022). (v8 was used\n * as base because it includes internal _transferOwnership method.)\n * 2. Remove renounceOwnership function\n *\n * Description\n * Contract module which provides a basic access control mechanism, where\n * there is an account (an owner) that can be granted exclusive access to\n * specific functions.\n *\n * By default, the owner account will be the one that deploys the contract. This\n * can later be changed with {transferOwnership}.\n *\n * This module is used through inheritance. It will make available the modifier\n * `onlyOwner`, which can be applied to your functions to restrict their use to\n * the owner.\n */\nabstract contract Ownable is Context {\n address private _owner;\n\n event OwnershipTransferred(\n address indexed previousOwner,\n address indexed newOwner\n );\n\n /**\n * @dev Initializes the contract setting the deployer as the initial owner.\n */\n constructor() {\n _transferOwnership(_msgSender());\n }\n\n /**\n * @dev Throws if called by any account other than the owner.\n */\n modifier onlyOwner() {\n _checkOwner();\n _;\n }\n\n /**\n * @dev Returns the address of the current owner.\n */\n function owner() public view virtual returns (address) {\n return _owner;\n }\n\n /**\n * @dev Throws if the sender is not the owner.\n */\n function _checkOwner() internal view virtual {\n require(owner() == _msgSender(), \"Ownable: caller is not the owner\");\n }\n\n /**\n * @dev Transfers ownership of the contract to a new account (`newOwner`).\n * Can only be called by the current owner.\n */\n function transferOwnership(address newOwner) public virtual onlyOwner {\n require(\n newOwner != address(0),\n \"Ownable: new owner is the zero address\"\n );\n _transferOwnership(newOwner);\n }\n\n /**\n * @dev Transfers ownership of the contract to a new account (`newOwner`).\n * Internal function without access restriction.\n */\n function _transferOwnership(address newOwner) internal virtual {\n address oldOwner = _owner;\n _owner = newOwner;\n emit OwnershipTransferred(oldOwner, newOwner);\n }\n}\n\n/**\n * @dev forked from https://github.com/OpenZeppelin/openzeppelin-contracts/blob/7c5f6bc2c8743d83443fa46395d75f2f3f99054a/contracts/access/Ownable2Step.sol\n * Modifications:\n * 1. Update Solidity version from 0.8.0 to 0.7.6. Version 0.8.0 was used\n * as base because this contract was added to OZ repo after version 0.8.0.\n *\n * Contract module which provides access control mechanism, where\n * there is an account (an owner) that can be granted exclusive access to\n * specific functions.\n *\n * By default, the owner account will be the one that deploys the contract. This\n * can later be changed with {transferOwnership} and {acceptOwnership}.\n *\n * This module is used through inheritance. It will make available all functions\n * from parent (Ownable).\n */\nabstract contract Ownable2Step is Ownable {\n address private _pendingOwner;\n\n event OwnershipTransferStarted(\n address indexed previousOwner,\n address indexed newOwner\n );\n\n /**\n * @dev Returns the address of the pending owner.\n */\n function pendingOwner() public view virtual returns (address) {\n return _pendingOwner;\n }\n\n /**\n * @dev Starts the ownership transfer of the contract to a new account. Replaces the pending transfer if there is one.\n * Can only be called by the current owner.\n */\n function transferOwnership(address newOwner)\n public\n virtual\n override\n onlyOwner\n {\n _pendingOwner = newOwner;\n emit OwnershipTransferStarted(owner(), newOwner);\n }\n\n /**\n * @dev Transfers ownership of the contract to a new account (`newOwner`) and deletes any pending owner.\n * Internal function without access restriction.\n */\n function _transferOwnership(address newOwner) internal virtual override {\n delete _pendingOwner;\n super._transferOwnership(newOwner);\n }\n\n /**\n * @dev The new owner accepts the ownership transfer.\n */\n function acceptOwnership() external {\n address sender = _msgSender();\n require(\n pendingOwner() == sender,\n \"Ownable2Step: caller is not the new owner\"\n );\n _transferOwnership(sender);\n }\n}\n\n/**\n * @notice Base contract which allows children to implement an emergency stop\n * mechanism\n * @dev Forked from https://github.com/centrehq/centre-tokens/blob/0d3cab14ebd133a83fc834dbd48d0468bdf0b391/contracts/v1/Pausable.sol\n * Modifications:\n * 1. Update Solidity version from 0.6.12 to 0.7.6 (8/23/2022)\n * 2. Change pauser visibility to private, declare external getter (11/19/22)\n */\ncontract Pausable is Ownable2Step {\n event Pause();\n event Unpause();\n event PauserChanged(address indexed newAddress);\n\n address private _pauser;\n bool public paused = false;\n\n /**\n * @dev Modifier to make a function callable only when the contract is not paused.\n */\n modifier whenNotPaused() {\n require(!paused, \"Pausable: paused\");\n _;\n }\n\n /**\n * @dev throws if called by any account other than the pauser\n */\n modifier onlyPauser() {\n require(msg.sender == _pauser, \"Pausable: caller is not the pauser\");\n _;\n }\n\n /**\n * @notice Returns current pauser\n * @return Pauser's address\n */\n function pauser() external view returns (address) {\n return _pauser;\n }\n\n /**\n * @dev called by the owner to pause, triggers stopped state\n */\n function pause() external onlyPauser {\n paused = true;\n emit Pause();\n }\n\n /**\n * @dev called by the owner to unpause, returns to normal state\n */\n function unpause() external onlyPauser {\n paused = false;\n emit Unpause();\n }\n\n /**\n * @dev update the pauser role\n */\n function updatePauser(address _newPauser) external onlyOwner {\n require(\n _newPauser != address(0),\n \"Pausable: new pauser is the zero address\"\n );\n _pauser = _newPauser;\n emit PauserChanged(_pauser);\n }\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * @dev Interface of the ERC20 standard as defined in the EIP.\n */\ninterface IERC20 {\n /**\n * @dev Returns the amount of tokens in existence.\n */\n function totalSupply() external view returns (uint256);\n\n /**\n * @dev Returns the amount of tokens owned by `account`.\n */\n function balanceOf(address account) external view returns (uint256);\n\n /**\n * @dev Moves `amount` tokens from the caller's account to `recipient`.\n *\n * Returns a boolean value indicating whether the operation succeeded.\n *\n * Emits a {Transfer} event.\n */\n function transfer(address recipient, uint256 amount) external returns (bool);\n\n /**\n * @dev Returns the remaining number of tokens that `spender` will be\n * allowed to spend on behalf of `owner` through {transferFrom}. This is\n * zero by default.\n *\n * This value changes when {approve} or {transferFrom} are called.\n */\n function allowance(address owner, address spender) external view returns (uint256);\n\n /**\n * @dev Sets `amount` as the allowance of `spender` over the caller's tokens.\n *\n * Returns a boolean value indicating whether the operation succeeded.\n *\n * IMPORTANT: Beware that changing an allowance with this method brings the risk\n * that someone may use both the old and the new allowance by unfortunate\n * transaction ordering. One possible solution to mitigate this race\n * condition is to first reduce the spender's allowance to 0 and set the\n * desired value afterwards:\n * https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729\n *\n * Emits an {Approval} event.\n */\n function approve(address spender, uint256 amount) external returns (bool);\n\n /**\n * @dev Moves `amount` tokens from `sender` to `recipient` using the\n * allowance mechanism. `amount` is then deducted from the caller's\n * allowance.\n *\n * Returns a boolean value indicating whether the operation succeeded.\n *\n * Emits a {Transfer} event.\n */\n function transferFrom(address sender, address recipient, uint256 amount) external returns (bool);\n\n /**\n * @dev Emitted when `value` tokens are moved from one account (`from`) to\n * another (`to`).\n *\n * Note that `value` may be zero.\n */\n event Transfer(address indexed from, address indexed to, uint256 value);\n\n /**\n * @dev Emitted when the allowance of a `spender` for an `owner` is set by\n * a call to {approve}. `value` is the new allowance.\n */\n event Approval(address indexed owner, address indexed spender, uint256 value);\n}\n\n/**\n * @dev Wrappers over Solidity's arithmetic operations with added overflow\n * checks.\n *\n * Arithmetic operations in Solidity wrap on overflow. This can easily result\n * in bugs, because programmers usually assume that an overflow raises an\n * error, which is the standard behavior in high level programming languages.\n * `SafeMath` restores this intuition by reverting the transaction when an\n * operation overflows.\n *\n * Using this library instead of the unchecked operations eliminates an entire\n * class of bugs, so it's recommended to use it always.\n */\nlibrary SafeMath {\n /**\n * @dev Returns the addition of two unsigned integers, with an overflow flag.\n *\n * _Available since v3.4._\n */\n function tryAdd(uint256 a, uint256 b) internal pure returns (bool, uint256) {\n uint256 c = a + b;\n if (c \u003c a) return (false, 0);\n return (true, c);\n }\n\n /**\n * @dev Returns the substraction of two unsigned integers, with an overflow flag.\n *\n * _Available since v3.4._\n */\n function trySub(uint256 a, uint256 b) internal pure returns (bool, uint256) {\n if (b \u003e a) return (false, 0);\n return (true, a - b);\n }\n\n /**\n * @dev Returns the multiplication of two unsigned integers, with an overflow flag.\n *\n * _Available since v3.4._\n */\n function tryMul(uint256 a, uint256 b) internal pure returns (bool, uint256) {\n // Gas optimization: this is cheaper than requiring 'a' not being zero, but the\n // benefit is lost if 'b' is also tested.\n // See: https://github.com/OpenZeppelin/openzeppelin-contracts/pull/522\n if (a == 0) return (true, 0);\n uint256 c = a * b;\n if (c / a != b) return (false, 0);\n return (true, c);\n }\n\n /**\n * @dev Returns the division of two unsigned integers, with a division by zero flag.\n *\n * _Available since v3.4._\n */\n function tryDiv(uint256 a, uint256 b) internal pure returns (bool, uint256) {\n if (b == 0) return (false, 0);\n return (true, a / b);\n }\n\n /**\n * @dev Returns the remainder of dividing two unsigned integers, with a division by zero flag.\n *\n * _Available since v3.4._\n */\n function tryMod(uint256 a, uint256 b) internal pure returns (bool, uint256) {\n if (b == 0) return (false, 0);\n return (true, a % b);\n }\n\n /**\n * @dev Returns the addition of two unsigned integers, reverting on\n * overflow.\n *\n * Counterpart to Solidity's `+` operator.\n *\n * Requirements:\n *\n * - Addition cannot overflow.\n */\n function add(uint256 a, uint256 b) internal pure returns (uint256) {\n uint256 c = a + b;\n require(c \u003e= a, \"SafeMath: addition overflow\");\n return c;\n }\n\n /**\n * @dev Returns the subtraction of two unsigned integers, reverting on\n * overflow (when the result is negative).\n *\n * Counterpart to Solidity's `-` operator.\n *\n * Requirements:\n *\n * - Subtraction cannot overflow.\n */\n function sub(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b \u003c= a, \"SafeMath: subtraction overflow\");\n return a - b;\n }\n\n /**\n * @dev Returns the multiplication of two unsigned integers, reverting on\n * overflow.\n *\n * Counterpart to Solidity's `*` operator.\n *\n * Requirements:\n *\n * - Multiplication cannot overflow.\n */\n function mul(uint256 a, uint256 b) internal pure returns (uint256) {\n if (a == 0) return 0;\n uint256 c = a * b;\n require(c / a == b, \"SafeMath: multiplication overflow\");\n return c;\n }\n\n /**\n * @dev Returns the integer division of two unsigned integers, reverting on\n * division by zero. The result is rounded towards zero.\n *\n * Counterpart to Solidity's `/` operator. Note: this function uses a\n * `revert` opcode (which leaves remaining gas untouched) while Solidity\n * uses an invalid opcode to revert (consuming all remaining gas).\n *\n * Requirements:\n *\n * - The divisor cannot be zero.\n */\n function div(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b \u003e 0, \"SafeMath: division by zero\");\n return a / b;\n }\n\n /**\n * @dev Returns the remainder of dividing two unsigned integers. (unsigned integer modulo),\n * reverting when dividing by zero.\n *\n * Counterpart to Solidity's `%` operator. This function uses a `revert`\n * opcode (which leaves remaining gas untouched) while Solidity uses an\n * invalid opcode to revert (consuming all remaining gas).\n *\n * Requirements:\n *\n * - The divisor cannot be zero.\n */\n function mod(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b \u003e 0, \"SafeMath: modulo by zero\");\n return a % b;\n }\n\n /**\n * @dev Returns the subtraction of two unsigned integers, reverting with custom message on\n * overflow (when the result is negative).\n *\n * CAUTION: This function is deprecated because it requires allocating memory for the error\n * message unnecessarily. For custom revert reasons use {trySub}.\n *\n * Counterpart to Solidity's `-` operator.\n *\n * Requirements:\n *\n * - Subtraction cannot overflow.\n */\n function sub(uint256 a, uint256 b, string memory errorMessage) internal pure returns (uint256) {\n require(b \u003c= a, errorMessage);\n return a - b;\n }\n\n /**\n * @dev Returns the integer division of two unsigned integers, reverting with custom message on\n * division by zero. The result is rounded towards zero.\n *\n * CAUTION: This function is deprecated because it requires allocating memory for the error\n * message unnecessarily. For custom revert reasons use {tryDiv}.\n *\n * Counterpart to Solidity's `/` operator. Note: this function uses a\n * `revert` opcode (which leaves remaining gas untouched) while Solidity\n * uses an invalid opcode to revert (consuming all remaining gas).\n *\n * Requirements:\n *\n * - The divisor cannot be zero.\n */\n function div(uint256 a, uint256 b, string memory errorMessage) internal pure returns (uint256) {\n require(b \u003e 0, errorMessage);\n return a / b;\n }\n\n /**\n * @dev Returns the remainder of dividing two unsigned integers. (unsigned integer modulo),\n * reverting with custom message when dividing by zero.\n *\n * CAUTION: This function is deprecated because it requires allocating memory for the error\n * message unnecessarily. For custom revert reasons use {tryMod}.\n *\n * Counterpart to Solidity's `%` operator. This function uses a `revert`\n * opcode (which leaves remaining gas untouched) while Solidity uses an\n * invalid opcode to revert (consuming all remaining gas).\n *\n * Requirements:\n *\n * - The divisor cannot be zero.\n */\n function mod(uint256 a, uint256 b, string memory errorMessage) internal pure returns (uint256) {\n require(b \u003e 0, errorMessage);\n return a % b;\n }\n}\n\n/**\n * @dev Collection of functions related to the address type\n */\nlibrary Address {\n /**\n * @dev Returns true if `account` is a contract.\n *\n * [IMPORTANT]\n * ====\n * It is unsafe to assume that an address for which this function returns\n * false is an externally-owned account (EOA) and not a contract.\n *\n * Among others, `isContract` will return false for the following\n * types of addresses:\n *\n * - an externally-owned account\n * - a contract in construction\n * - an address where a contract will be created\n * - an address where a contract lived, but was destroyed\n * ====\n */\n function isContract(address account) internal view returns (bool) {\n // This method relies on extcodesize, which returns 0 for contracts in\n // construction, since the code is only stored at the end of the\n // constructor execution.\n\n uint256 size;\n // solhint-disable-next-line no-inline-assembly\n assembly { size := extcodesize(account) }\n return size \u003e 0;\n }\n\n /**\n * @dev Replacement for Solidity's `transfer`: sends `amount` wei to\n * `recipient`, forwarding all available gas and reverting on errors.\n *\n * https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost\n * of certain opcodes, possibly making contracts go over the 2300 gas limit\n * imposed by `transfer`, making them unable to receive funds via\n * `transfer`. {sendValue} removes this limitation.\n *\n * https://diligence.consensys.net/posts/2019/09/stop-using-soliditys-transfer-now/[Learn more].\n *\n * IMPORTANT: because control is transferred to `recipient`, care must be\n * taken to not create reentrancy vulnerabilities. Consider using\n * {ReentrancyGuard} or the\n * https://solidity.readthedocs.io/en/v0.5.11/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern].\n */\n function sendValue(address payable recipient, uint256 amount) internal {\n require(address(this).balance \u003e= amount, \"Address: insufficient balance\");\n\n // solhint-disable-next-line avoid-low-level-calls, avoid-call-value\n (bool success, ) = recipient.call{ value: amount }(\"\");\n require(success, \"Address: unable to send value, recipient may have reverted\");\n }\n\n /**\n * @dev Performs a Solidity function call using a low level `call`. A\n * plain`call` is an unsafe replacement for a function call: use this\n * function instead.\n *\n * If `target` reverts with a revert reason, it is bubbled up by this\n * function (like regular Solidity function calls).\n *\n * Returns the raw returned data. To convert to the expected return value,\n * use https://solidity.readthedocs.io/en/latest/units-and-global-variables.html?highlight=abi.decode#abi-encoding-and-decoding-functions[`abi.decode`].\n *\n * Requirements:\n *\n * - `target` must be a contract.\n * - calling `target` with `data` must not revert.\n *\n * _Available since v3.1._\n */\n function functionCall(address target, bytes memory data) internal returns (bytes memory) {\n return functionCall(target, data, \"Address: low-level call failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], but with\n * `errorMessage` as a fallback revert reason when `target` reverts.\n *\n * _Available since v3.1._\n */\n function functionCall(address target, bytes memory data, string memory errorMessage) internal returns (bytes memory) {\n return functionCallWithValue(target, data, 0, errorMessage);\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\n * but also transferring `value` wei to `target`.\n *\n * Requirements:\n *\n * - the calling contract must have an ETH balance of at least `value`.\n * - the called Solidity function must be `payable`.\n *\n * _Available since v3.1._\n */\n function functionCallWithValue(address target, bytes memory data, uint256 value) internal returns (bytes memory) {\n return functionCallWithValue(target, data, value, \"Address: low-level call with value failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCallWithValue-address-bytes-uint256-}[`functionCallWithValue`], but\n * with `errorMessage` as a fallback revert reason when `target` reverts.\n *\n * _Available since v3.1._\n */\n function functionCallWithValue(address target, bytes memory data, uint256 value, string memory errorMessage) internal returns (bytes memory) {\n require(address(this).balance \u003e= value, \"Address: insufficient balance for call\");\n require(isContract(target), \"Address: call to non-contract\");\n\n // solhint-disable-next-line avoid-low-level-calls\n (bool success, bytes memory returndata) = target.call{ value: value }(data);\n return _verifyCallResult(success, returndata, errorMessage);\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\n * but performing a static call.\n *\n * _Available since v3.3._\n */\n function functionStaticCall(address target, bytes memory data) internal view returns (bytes memory) {\n return functionStaticCall(target, data, \"Address: low-level static call failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],\n * but performing a static call.\n *\n * _Available since v3.3._\n */\n function functionStaticCall(address target, bytes memory data, string memory errorMessage) internal view returns (bytes memory) {\n require(isContract(target), \"Address: static call to non-contract\");\n\n // solhint-disable-next-line avoid-low-level-calls\n (bool success, bytes memory returndata) = target.staticcall(data);\n return _verifyCallResult(success, returndata, errorMessage);\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\n * but performing a delegate call.\n *\n * _Available since v3.4._\n */\n function functionDelegateCall(address target, bytes memory data) internal returns (bytes memory) {\n return functionDelegateCall(target, data, \"Address: low-level delegate call failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],\n * but performing a delegate call.\n *\n * _Available since v3.4._\n */\n function functionDelegateCall(address target, bytes memory data, string memory errorMessage) internal returns (bytes memory) {\n require(isContract(target), \"Address: delegate call to non-contract\");\n\n // solhint-disable-next-line avoid-low-level-calls\n (bool success, bytes memory returndata) = target.delegatecall(data);\n return _verifyCallResult(success, returndata, errorMessage);\n }\n\n function _verifyCallResult(bool success, bytes memory returndata, string memory errorMessage) private pure returns(bytes memory) {\n if (success) {\n return returndata;\n } else {\n // Look for revert reason and bubble it up if present\n if (returndata.length \u003e 0) {\n // The easiest way to bubble the revert reason is using memory via assembly\n\n // solhint-disable-next-line no-inline-assembly\n assembly {\n let returndata_size := mload(returndata)\n revert(add(32, returndata), returndata_size)\n }\n } else {\n revert(errorMessage);\n }\n }\n }\n}\n\n/**\n * @title SafeERC20\n * @dev Wrappers around ERC20 operations that throw on failure (when the token\n * contract returns false). Tokens that return no value (and instead revert or\n * throw on failure) are also supported, non-reverting calls are assumed to be\n * successful.\n * To use this library you can add a `using SafeERC20 for IERC20;` statement to your contract,\n * which allows you to call the safe operations as `token.safeTransfer(...)`, etc.\n */\nlibrary SafeERC20 {\n using SafeMath for uint256;\n using Address for address;\n\n function safeTransfer(IERC20 token, address to, uint256 value) internal {\n _callOptionalReturn(token, abi.encodeWithSelector(token.transfer.selector, to, value));\n }\n\n function safeTransferFrom(IERC20 token, address from, address to, uint256 value) internal {\n _callOptionalReturn(token, abi.encodeWithSelector(token.transferFrom.selector, from, to, value));\n }\n\n /**\n * @dev Deprecated. This function has issues similar to the ones found in\n * {IERC20-approve}, and its usage is discouraged.\n *\n * Whenever possible, use {safeIncreaseAllowance} and\n * {safeDecreaseAllowance} instead.\n */\n function safeApprove(IERC20 token, address spender, uint256 value) internal {\n // safeApprove should only be called when setting an initial allowance,\n // or when resetting it to zero. To increase and decrease it, use\n // 'safeIncreaseAllowance' and 'safeDecreaseAllowance'\n // solhint-disable-next-line max-line-length\n require((value == 0) || (token.allowance(address(this), spender) == 0),\n \"SafeERC20: approve from non-zero to non-zero allowance\"\n );\n _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, value));\n }\n\n function safeIncreaseAllowance(IERC20 token, address spender, uint256 value) internal {\n uint256 newAllowance = token.allowance(address(this), spender).add(value);\n _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, newAllowance));\n }\n\n function safeDecreaseAllowance(IERC20 token, address spender, uint256 value) internal {\n uint256 newAllowance = token.allowance(address(this), spender).sub(value, \"SafeERC20: decreased allowance below zero\");\n _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, newAllowance));\n }\n\n /**\n * @dev Imitates a Solidity high-level call (i.e. a regular function call to a contract), relaxing the requirement\n * on the return value: the return value is optional (but if data is returned, it must not be false).\n * @param token The token targeted by the call.\n * @param data The call data (encoded using abi.encode or one of its variants).\n */\n function _callOptionalReturn(IERC20 token, bytes memory data) private {\n // We need to perform a low level call here, to bypass Solidity's return data size checking mechanism, since\n // we're implementing it ourselves. We use {Address.functionCall} to perform this call, which verifies that\n // the target address contains contract code and also asserts for success in the low-level call.\n\n bytes memory returndata = address(token).functionCall(data, \"SafeERC20: low-level call failed\");\n if (returndata.length \u003e 0) { // Return data is optional\n // solhint-disable-next-line max-line-length\n require(abi.decode(returndata, (bool)), \"SafeERC20: ERC20 operation did not succeed\");\n }\n }\n}\n\n/**\n * @notice Base contract which allows children to rescue ERC20 locked in their contract.\n * @dev Forked from https://github.com/centrehq/centre-tokens/blob/0d3cab14ebd133a83fc834dbd48d0468bdf0b391/contracts/v1.1/Rescuable.sol\n * Modifications:\n * 1. Update Solidity version from 0.6.12 to 0.7.6 (8/23/2022)\n */\ncontract Rescuable is Ownable2Step {\n using SafeERC20 for IERC20;\n\n address private _rescuer;\n\n event RescuerChanged(address indexed newRescuer);\n\n /**\n * @notice Returns current rescuer\n * @return Rescuer's address\n */\n function rescuer() external view returns (address) {\n return _rescuer;\n }\n\n /**\n * @notice Revert if called by any account other than the rescuer.\n */\n modifier onlyRescuer() {\n require(msg.sender == _rescuer, \"Rescuable: caller is not the rescuer\");\n _;\n }\n\n /**\n * @notice Rescue ERC20 tokens locked up in this contract.\n * @param tokenContract ERC20 token contract address\n * @param to Recipient address\n * @param amount Amount to withdraw\n */\n function rescueERC20(\n IERC20 tokenContract,\n address to,\n uint256 amount\n ) external onlyRescuer {\n tokenContract.safeTransfer(to, amount);\n }\n\n /**\n * @notice Assign the rescuer role to a given address.\n * @param newRescuer New rescuer's address\n */\n function updateRescuer(address newRescuer) external onlyOwner {\n require(\n newRescuer != address(0),\n \"Rescuable: new rescuer is the zero address\"\n );\n _rescuer = newRescuer;\n emit RescuerChanged(newRescuer);\n }\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * @dev Library for managing\n * https://en.wikipedia.org/wiki/Set_(abstract_data_type)[sets] of primitive\n * types.\n *\n * Sets have the following properties:\n *\n * - Elements are added, removed, and checked for existence in constant time\n * (O(1)).\n * - Elements are enumerated in O(n). No guarantees are made on the ordering.\n *\n * ```\n * contract Example {\n * // Add the library methods\n * using EnumerableSet for EnumerableSet.AddressSet;\n *\n * // Declare a set state variable\n * EnumerableSet.AddressSet private mySet;\n * }\n * ```\n *\n * As of v3.3.0, sets of type `bytes32` (`Bytes32Set`), `address` (`AddressSet`)\n * and `uint256` (`UintSet`) are supported.\n */\nlibrary EnumerableSet {\n // To implement this library for multiple types with as little code\n // repetition as possible, we write it in terms of a generic Set type with\n // bytes32 values.\n // The Set implementation uses private functions, and user-facing\n // implementations (such as AddressSet) are just wrappers around the\n // underlying Set.\n // This means that we can only create new EnumerableSets for types that fit\n // in bytes32.\n\n struct Set {\n // Storage of set values\n bytes32[] _values;\n\n // Position of the value in the `values` array, plus 1 because index 0\n // means a value is not in the set.\n mapping (bytes32 =\u003e uint256) _indexes;\n }\n\n /**\n * @dev Add a value to a set. O(1).\n *\n * Returns true if the value was added to the set, that is if it was not\n * already present.\n */\n function _add(Set storage set, bytes32 value) private returns (bool) {\n if (!_contains(set, value)) {\n set._values.push(value);\n // The value is stored at length-1, but we add 1 to all indexes\n // and use 0 as a sentinel value\n set._indexes[value] = set._values.length;\n return true;\n } else {\n return false;\n }\n }\n\n /**\n * @dev Removes a value from a set. O(1).\n *\n * Returns true if the value was removed from the set, that is if it was\n * present.\n */\n function _remove(Set storage set, bytes32 value) private returns (bool) {\n // We read and store the value's index to prevent multiple reads from the same storage slot\n uint256 valueIndex = set._indexes[value];\n\n if (valueIndex != 0) { // Equivalent to contains(set, value)\n // To delete an element from the _values array in O(1), we swap the element to delete with the last one in\n // the array, and then remove the last element (sometimes called as 'swap and pop').\n // This modifies the order of the array, as noted in {at}.\n\n uint256 toDeleteIndex = valueIndex - 1;\n uint256 lastIndex = set._values.length - 1;\n\n // When the value to delete is the last one, the swap operation is unnecessary. However, since this occurs\n // so rarely, we still do the swap anyway to avoid the gas cost of adding an 'if' statement.\n\n bytes32 lastvalue = set._values[lastIndex];\n\n // Move the last value to the index where the value to delete is\n set._values[toDeleteIndex] = lastvalue;\n // Update the index for the moved value\n set._indexes[lastvalue] = toDeleteIndex + 1; // All indexes are 1-based\n\n // Delete the slot where the moved value was stored\n set._values.pop();\n\n // Delete the index for the deleted slot\n delete set._indexes[value];\n\n return true;\n } else {\n return false;\n }\n }\n\n /**\n * @dev Returns true if the value is in the set. O(1).\n */\n function _contains(Set storage set, bytes32 value) private view returns (bool) {\n return set._indexes[value] != 0;\n }\n\n /**\n * @dev Returns the number of values on the set. O(1).\n */\n function _length(Set storage set) private view returns (uint256) {\n return set._values.length;\n }\n\n /**\n * @dev Returns the value stored at position `index` in the set. O(1).\n *\n * Note that there are no guarantees on the ordering of values inside the\n * array, and it may change when more values are added or removed.\n *\n * Requirements:\n *\n * - `index` must be strictly less than {length}.\n */\n function _at(Set storage set, uint256 index) private view returns (bytes32) {\n require(set._values.length \u003e index, \"EnumerableSet: index out of bounds\");\n return set._values[index];\n }\n\n // Bytes32Set\n\n struct Bytes32Set {\n Set _inner;\n }\n\n /**\n * @dev Add a value to a set. O(1).\n *\n * Returns true if the value was added to the set, that is if it was not\n * already present.\n */\n function add(Bytes32Set storage set, bytes32 value) internal returns (bool) {\n return _add(set._inner, value);\n }\n\n /**\n * @dev Removes a value from a set. O(1).\n *\n * Returns true if the value was removed from the set, that is if it was\n * present.\n */\n function remove(Bytes32Set storage set, bytes32 value) internal returns (bool) {\n return _remove(set._inner, value);\n }\n\n /**\n * @dev Returns true if the value is in the set. O(1).\n */\n function contains(Bytes32Set storage set, bytes32 value) internal view returns (bool) {\n return _contains(set._inner, value);\n }\n\n /**\n * @dev Returns the number of values in the set. O(1).\n */\n function length(Bytes32Set storage set) internal view returns (uint256) {\n return _length(set._inner);\n }\n\n /**\n * @dev Returns the value stored at position `index` in the set. O(1).\n *\n * Note that there are no guarantees on the ordering of values inside the\n * array, and it may change when more values are added or removed.\n *\n * Requirements:\n *\n * - `index` must be strictly less than {length}.\n */\n function at(Bytes32Set storage set, uint256 index) internal view returns (bytes32) {\n return _at(set._inner, index);\n }\n\n // AddressSet\n\n struct AddressSet {\n Set _inner;\n }\n\n /**\n * @dev Add a value to a set. O(1).\n *\n * Returns true if the value was added to the set, that is if it was not\n * already present.\n */\n function add(AddressSet storage set, address value) internal returns (bool) {\n return _add(set._inner, bytes32(uint256(uint160(value))));\n }\n\n /**\n * @dev Removes a value from a set. O(1).\n *\n * Returns true if the value was removed from the set, that is if it was\n * present.\n */\n function remove(AddressSet storage set, address value) internal returns (bool) {\n return _remove(set._inner, bytes32(uint256(uint160(value))));\n }\n\n /**\n * @dev Returns true if the value is in the set. O(1).\n */\n function contains(AddressSet storage set, address value) internal view returns (bool) {\n return _contains(set._inner, bytes32(uint256(uint160(value))));\n }\n\n /**\n * @dev Returns the number of values in the set. O(1).\n */\n function length(AddressSet storage set) internal view returns (uint256) {\n return _length(set._inner);\n }\n\n /**\n * @dev Returns the value stored at position `index` in the set. O(1).\n *\n * Note that there are no guarantees on the ordering of values inside the\n * array, and it may change when more values are added or removed.\n *\n * Requirements:\n *\n * - `index` must be strictly less than {length}.\n */\n function at(AddressSet storage set, uint256 index) internal view returns (address) {\n return address(uint160(uint256(_at(set._inner, index))));\n }\n\n // UintSet\n\n struct UintSet {\n Set _inner;\n }\n\n /**\n * @dev Add a value to a set. O(1).\n *\n * Returns true if the value was added to the set, that is if it was not\n * already present.\n */\n function add(UintSet storage set, uint256 value) internal returns (bool) {\n return _add(set._inner, bytes32(value));\n }\n\n /**\n * @dev Removes a value from a set. O(1).\n *\n * Returns true if the value was removed from the set, that is if it was\n * present.\n */\n function remove(UintSet storage set, uint256 value) internal returns (bool) {\n return _remove(set._inner, bytes32(value));\n }\n\n /**\n * @dev Returns true if the value is in the set. O(1).\n */\n function contains(UintSet storage set, uint256 value) internal view returns (bool) {\n return _contains(set._inner, bytes32(value));\n }\n\n /**\n * @dev Returns the number of values on the set. O(1).\n */\n function length(UintSet storage set) internal view returns (uint256) {\n return _length(set._inner);\n }\n\n /**\n * @dev Returns the value stored at position `index` in the set. O(1).\n *\n * Note that there are no guarantees on the ordering of values inside the\n * array, and it may change when more values are added or removed.\n *\n * Requirements:\n *\n * - `index` must be strictly less than {length}.\n */\n function at(UintSet storage set, uint256 index) internal view returns (uint256) {\n return uint256(_at(set._inner, index));\n }\n}\n\n/**\n * @dev Elliptic Curve Digital Signature Algorithm (ECDSA) operations.\n *\n * These functions can be used to verify that a message was signed by the holder\n * of the private keys of a given address.\n */\nlibrary ECDSA {\n /**\n * @dev Returns the address that signed a hashed message (`hash`) with\n * `signature`. This address can then be used for verification purposes.\n *\n * The `ecrecover` EVM opcode allows for malleable (non-unique) signatures:\n * this function rejects them by requiring the `s` value to be in the lower\n * half order, and the `v` value to be either 27 or 28.\n *\n * IMPORTANT: `hash` _must_ be the result of a hash operation for the\n * verification to be secure: it is possible to craft signatures that\n * recover to arbitrary addresses for non-hashed data. A safe way to ensure\n * this is by receiving a hash of the original message (which may otherwise\n * be too long), and then calling {toEthSignedMessageHash} on it.\n */\n function recover(bytes32 hash, bytes memory signature) internal pure returns (address) {\n // Check the signature length\n if (signature.length != 65) {\n revert(\"ECDSA: invalid signature length\");\n }\n\n // Divide the signature in r, s and v variables\n bytes32 r;\n bytes32 s;\n uint8 v;\n\n // ecrecover takes the signature parameters, and the only way to get them\n // currently is to use assembly.\n // solhint-disable-next-line no-inline-assembly\n assembly {\n r := mload(add(signature, 0x20))\n s := mload(add(signature, 0x40))\n v := byte(0, mload(add(signature, 0x60)))\n }\n\n return recover(hash, v, r, s);\n }\n\n /**\n * @dev Overload of {ECDSA-recover-bytes32-bytes-} that receives the `v`,\n * `r` and `s` signature fields separately.\n */\n function recover(bytes32 hash, uint8 v, bytes32 r, bytes32 s) internal pure returns (address) {\n // EIP-2 still allows signature malleability for ecrecover(). Remove this possibility and make the signature\n // unique. Appendix F in the Ethereum Yellow paper (https://ethereum.github.io/yellowpaper/paper.pdf), defines\n // the valid range for s in (281): 0 \u003c s \u003c secp256k1n ÷ 2 + 1, and for v in (282): v ∈ {27, 28}. Most\n // signatures from current libraries generate a unique signature with an s-value in the lower half order.\n //\n // If your library generates malleable signatures, such as s-values in the upper range, calculate a new s-value\n // with 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141 - s1 and flip v from 27 to 28 or\n // vice versa. If your library also generates signatures with 0/1 for v instead 27/28, add 27 to v to accept\n // these malleable signatures as well.\n require(uint256(s) \u003c= 0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0, \"ECDSA: invalid signature 's' value\");\n require(v == 27 || v == 28, \"ECDSA: invalid signature 'v' value\");\n\n // If the signature is valid (and not malleable), return the signer address\n address signer = ecrecover(hash, v, r, s);\n require(signer != address(0), \"ECDSA: invalid signature\");\n\n return signer;\n }\n\n /**\n * @dev Returns an Ethereum Signed Message, created from a `hash`. This\n * replicates the behavior of the\n * https://github.com/ethereum/wiki/wiki/JSON-RPC#eth_sign[`eth_sign`]\n * JSON-RPC method.\n *\n * See {recover}.\n */\n function toEthSignedMessageHash(bytes32 hash) internal pure returns (bytes32) {\n // 32 is the length in bytes of hash,\n // enforced by the type signature above\n return keccak256(abi.encodePacked(\"\\x19Ethereum Signed Message:\\n32\", hash));\n }\n}\n\ncontract Attestable is Ownable2Step {\n // ============ Events ============\n /**\n * @notice Emitted when an attester is enabled\n * @param attester newly enabled attester\n */\n event AttesterEnabled(address indexed attester);\n\n /**\n * @notice Emitted when an attester is disabled\n * @param attester newly disabled attester\n */\n event AttesterDisabled(address indexed attester);\n\n /**\n * @notice Emitted when threshold number of attestations (m in m/n multisig) is updated\n * @param oldSignatureThreshold old signature threshold\n * @param newSignatureThreshold new signature threshold\n */\n event SignatureThresholdUpdated(\n uint256 oldSignatureThreshold,\n uint256 newSignatureThreshold\n );\n\n /**\n * @dev Emitted when attester manager address is updated\n * @param previousAttesterManager representing the address of the previous attester manager\n * @param newAttesterManager representing the address of the new attester manager\n */\n event AttesterManagerUpdated(\n address indexed previousAttesterManager,\n address indexed newAttesterManager\n );\n\n // ============ Libraries ============\n using EnumerableSet for EnumerableSet.AddressSet;\n\n // ============ State Variables ============\n // number of signatures from distinct attesters required for a message to be received (m in m/n multisig)\n uint256 public signatureThreshold;\n\n // 65-byte ECDSA signature: v (32) + r (32) + s (1)\n uint256 internal constant signatureLength = 65;\n\n // enabled attesters (message signers)\n // (length of enabledAttesters is n in m/n multisig of message signers)\n EnumerableSet.AddressSet private enabledAttesters;\n\n // Attester Manager of the contract\n address private _attesterManager;\n\n // ============ Modifiers ============\n /**\n * @dev Throws if called by any account other than the attester manager.\n */\n modifier onlyAttesterManager() {\n require(msg.sender == _attesterManager, \"Caller not attester manager\");\n _;\n }\n\n // ============ Constructor ============\n /**\n * @dev The constructor sets the original attester manager of the contract to the sender account.\n * @param attester attester to initialize\n */\n constructor(address attester) {\n _setAttesterManager(msg.sender);\n // Initially 1 signature is required. Threshold can be increased by attesterManager.\n signatureThreshold = 1;\n enableAttester(attester);\n }\n\n // ============ Public/External Functions ============\n /**\n * @notice Enables an attester\n * @dev Only callable by attesterManager. New attester must be nonzero, and currently disabled.\n * @param newAttester attester to enable\n */\n function enableAttester(address newAttester) public onlyAttesterManager {\n require(newAttester != address(0), \"New attester must be nonzero\");\n require(enabledAttesters.add(newAttester), \"Attester already enabled\");\n emit AttesterEnabled(newAttester);\n }\n\n /**\n * @notice returns true if given `attester` is enabled, else false\n * @param attester attester to check enabled status of\n * @return true if given `attester` is enabled, else false\n */\n function isEnabledAttester(address attester) public view returns (bool) {\n return enabledAttesters.contains(attester);\n }\n\n /**\n * @notice returns the number of enabled attesters\n * @return number of enabled attesters\n */\n function getNumEnabledAttesters() public view returns (uint256) {\n return enabledAttesters.length();\n }\n\n /**\n * @dev Allows the current attester manager to transfer control of the contract to a newAttesterManager.\n * @param newAttesterManager The address to update attester manager to.\n */\n function updateAttesterManager(address newAttesterManager)\n external\n onlyOwner\n {\n require(\n newAttesterManager != address(0),\n \"Invalid attester manager address\"\n );\n address _oldAttesterManager = _attesterManager;\n _setAttesterManager(newAttesterManager);\n emit AttesterManagerUpdated(_oldAttesterManager, newAttesterManager);\n }\n\n /**\n * @notice Disables an attester\n * @dev Only callable by attesterManager. Disabling the attester is not allowed if there is only one attester\n * enabled, or if it would cause the number of enabled attesters to become less than signatureThreshold.\n * (Attester must be currently enabled.)\n * @param attester attester to disable\n */\n function disableAttester(address attester) external onlyAttesterManager {\n // Disallow disabling attester if there is only 1 active attester\n uint256 _numEnabledAttesters = getNumEnabledAttesters();\n\n require(_numEnabledAttesters \u003e 1, \"Too few enabled attesters\");\n\n // Disallow disabling an attester if it would cause the n in m/n multisig to fall below m (threshold # of signers).\n require(\n _numEnabledAttesters \u003e signatureThreshold,\n \"Signature threshold is too low\"\n );\n\n require(enabledAttesters.remove(attester), \"Attester already disabled\");\n emit AttesterDisabled(attester);\n }\n\n /**\n * @notice Sets the threshold of signatures required to attest to a message.\n * (This is the m in m/n multisig.)\n * @dev new signature threshold must be nonzero, and must not exceed number\n * of enabled attesters.\n * @param newSignatureThreshold new signature threshold\n */\n function setSignatureThreshold(uint256 newSignatureThreshold)\n external\n onlyAttesterManager\n {\n require(newSignatureThreshold != 0, \"Invalid signature threshold\");\n\n // New signature threshold cannot exceed the number of enabled attesters\n require(\n newSignatureThreshold \u003c= enabledAttesters.length(),\n \"New signature threshold too high\"\n );\n\n require(\n newSignatureThreshold != signatureThreshold,\n \"Signature threshold already set\"\n );\n\n uint256 _oldSignatureThreshold = signatureThreshold;\n signatureThreshold = newSignatureThreshold;\n emit SignatureThresholdUpdated(\n _oldSignatureThreshold,\n signatureThreshold\n );\n }\n\n /**\n * @dev Returns the address of the attester manager\n * @return address of the attester manager\n */\n function attesterManager() external view returns (address) {\n return _attesterManager;\n }\n\n /**\n * @notice gets enabled attester at given `index`\n * @param index index of attester to check\n * @return enabled attester at given `index`\n */\n function getEnabledAttester(uint256 index) external view returns (address) {\n return enabledAttesters.at(index);\n }\n\n // ============ Internal Utils ============\n /**\n * @dev Sets a new attester manager address\n * @param _newAttesterManager attester manager address to set\n */\n function _setAttesterManager(address _newAttesterManager) internal {\n _attesterManager = _newAttesterManager;\n }\n\n /**\n * @notice reverts if the attestation, which is comprised of one or more concatenated 65-byte signatures, is invalid.\n * @dev Rules for valid attestation:\n * 1. length of `_attestation` == 65 (signature length) * signatureThreshold\n * 2. addresses recovered from attestation must be in increasing order.\n * For example, if signature A is signed by address 0x1..., and signature B\n * is signed by address 0x2..., attestation must be passed as AB.\n * 3. no duplicate signers\n * 4. all signers must be enabled attesters\n *\n * Based on Christian Lundkvist's Simple Multisig\n * (https://github.com/christianlundkvist/simple-multisig/tree/560c463c8651e0a4da331bd8f245ccd2a48ab63d)\n * @param _message message to verify attestation of\n * @param _attestation attestation of `_message`\n */\n function _verifyAttestationSignatures(\n bytes calldata _message,\n bytes calldata _attestation\n ) internal view {\n require(\n _attestation.length == signatureLength * signatureThreshold,\n \"Invalid attestation length\"\n );\n\n // (Attesters cannot be address(0))\n address _latestAttesterAddress = address(0);\n // Address recovered from signatures must be in increasing order, to prevent duplicates\n\n bytes32 _digest = keccak256(_message);\n\n for (uint256 i; i \u003c signatureThreshold; ++i) {\n bytes memory _signature = _attestation[i * signatureLength:i *\n signatureLength +\n signatureLength];\n\n address _recoveredAttester = _recoverAttesterSignature(\n _digest,\n _signature\n );\n\n // Signatures must be in increasing order of address, and may not duplicate signatures from same address\n require(\n _recoveredAttester \u003e _latestAttesterAddress,\n \"Invalid signature order or dupe\"\n );\n require(\n isEnabledAttester(_recoveredAttester),\n \"Invalid signature: not attester\"\n );\n _latestAttesterAddress = _recoveredAttester;\n }\n }\n\n /**\n * @notice Checks that signature was signed by attester\n * @param _digest message hash\n * @param _signature message signature\n * @return address of recovered signer\n **/\n function _recoverAttesterSignature(bytes32 _digest, bytes memory _signature)\n internal\n pure\n returns (address)\n {\n return (ECDSA.recover(_digest, _signature));\n }\n}\n\n/**\n * @title MessageTransmitter\n * @notice Contract responsible for sending and receiving messages across chains.\n */\ncontract MessageTransmitter is\n IMessageTransmitter,\n Pausable,\n Rescuable,\n Attestable\n{\n // ============ Events ============\n /**\n * @notice Emitted when a new message is dispatched\n * @param message Raw bytes of message\n */\n event MessageSent(bytes message);\n\n /**\n * @notice Emitted when a new message is received\n * @param caller Caller (msg.sender) on destination domain\n * @param sourceDomain The source domain this message originated from\n * @param nonce The nonce unique to this message\n * @param sender The sender of this message\n * @param messageBody message body bytes\n */\n event MessageReceived(\n address indexed caller,\n uint32 sourceDomain,\n uint64 indexed nonce,\n bytes32 sender,\n bytes messageBody\n );\n\n /**\n * @notice Emitted when max message body size is updated\n * @param newMaxMessageBodySize new maximum message body size, in bytes\n */\n event MaxMessageBodySizeUpdated(uint256 newMaxMessageBodySize);\n\n // ============ Libraries ============\n using TypedMemView for bytes;\n using TypedMemView for bytes29;\n using Message for bytes29;\n\n // ============ State Variables ============\n // Domain of chain on which the contract is deployed\n uint32 public immutable localDomain;\n\n // Message Format version\n uint32 public immutable version;\n\n // Maximum size of message body, in bytes.\n // This value is set by owner.\n uint256 public maxMessageBodySize;\n\n // Next available nonce from this source domain\n uint64 public nextAvailableNonce;\n\n // Maps a bytes32 hash of (sourceDomain, nonce) -\u003e uint256 (0 if unused, 1 if used)\n mapping(bytes32 =\u003e uint256) public usedNonces;\n\n // ============ Constructor ============\n constructor(\n uint32 _localDomain,\n address _attester,\n uint32 _maxMessageBodySize,\n uint32 _version\n ) Attestable(_attester) {\n localDomain = _localDomain;\n maxMessageBodySize = _maxMessageBodySize;\n version = _version;\n }\n\n // ============ External Functions ============\n /**\n * @notice Send the message to the destination domain and recipient\n * @dev Increment nonce, format the message, and emit `MessageSent` event with message information.\n * @param destinationDomain Domain of destination chain\n * @param recipient Address of message recipient on destination chain as bytes32\n * @param messageBody Raw bytes content of message\n * @return nonce reserved by message\n */\n function sendMessage(\n uint32 destinationDomain,\n bytes32 recipient,\n bytes calldata messageBody\n ) external override whenNotPaused returns (uint64) {\n bytes32 _emptyDestinationCaller = bytes32(0);\n uint64 _nonce = _reserveAndIncrementNonce();\n bytes32 _messageSender = Message.addressToBytes32(msg.sender);\n\n _sendMessage(\n destinationDomain,\n recipient,\n _emptyDestinationCaller,\n _messageSender,\n _nonce,\n messageBody\n );\n\n return _nonce;\n }\n\n /**\n * @notice Replace a message with a new message body and/or destination caller.\n * @dev The `originalAttestation` must be a valid attestation of `originalMessage`.\n * Reverts if msg.sender does not match sender of original message, or if the source domain of the original message\n * does not match this MessageTransmitter's local domain.\n * @param originalMessage original message to replace\n * @param originalAttestation attestation of `originalMessage`\n * @param newMessageBody new message body of replaced message\n * @param newDestinationCaller the new destination caller, which may be the\n * same as the original destination caller, a new destination caller, or an empty\n * destination caller (bytes32(0), indicating that any destination caller is valid.)\n */\n function replaceMessage(\n bytes calldata originalMessage,\n bytes calldata originalAttestation,\n bytes calldata newMessageBody,\n bytes32 newDestinationCaller\n ) external override whenNotPaused {\n // Validate each signature in the attestation\n _verifyAttestationSignatures(originalMessage, originalAttestation);\n\n bytes29 _originalMsg = originalMessage.ref(0);\n\n // Validate message format\n _originalMsg._validateMessageFormat();\n\n // Validate message sender\n bytes32 _sender = _originalMsg._sender();\n require(\n msg.sender == Message.bytes32ToAddress(_sender),\n \"Sender not permitted to use nonce\"\n );\n\n // Validate source domain\n uint32 _sourceDomain = _originalMsg._sourceDomain();\n require(\n _sourceDomain == localDomain,\n \"Message not originally sent from this domain\"\n );\n\n uint32 _destinationDomain = _originalMsg._destinationDomain();\n bytes32 _recipient = _originalMsg._recipient();\n uint64 _nonce = _originalMsg._nonce();\n\n _sendMessage(\n _destinationDomain,\n _recipient,\n newDestinationCaller,\n _sender,\n _nonce,\n newMessageBody\n );\n }\n\n /**\n * @notice Send the message to the destination domain and recipient, for a specified `destinationCaller` on the\n * destination domain.\n * @dev Increment nonce, format the message, and emit `MessageSent` event with message information.\n * WARNING: if the `destinationCaller` does not represent a valid address, then it will not be possible\n * to broadcast the message on the destination domain. This is an advanced feature, and the standard\n * sendMessage() should be preferred for use cases where a specific destination caller is not required.\n * @param destinationDomain Domain of destination chain\n * @param recipient Address of message recipient on destination domain as bytes32\n * @param destinationCaller caller on the destination domain, as bytes32\n * @param messageBody Raw bytes content of message\n * @return nonce reserved by message\n */\n function sendMessageWithCaller(\n uint32 destinationDomain,\n bytes32 recipient,\n bytes32 destinationCaller,\n bytes calldata messageBody\n ) external override whenNotPaused returns (uint64) {\n require(\n destinationCaller != bytes32(0),\n \"Destination caller must be nonzero\"\n );\n\n uint64 _nonce = _reserveAndIncrementNonce();\n bytes32 _messageSender = Message.addressToBytes32(msg.sender);\n\n _sendMessage(\n destinationDomain,\n recipient,\n destinationCaller,\n _messageSender,\n _nonce,\n messageBody\n );\n\n return _nonce;\n }\n\n /**\n * @notice Receive a message. Messages with a given nonce\n * can only be broadcast once for a (sourceDomain, destinationDomain)\n * pair. The message body of a valid message is passed to the\n * specified recipient for further processing.\n *\n * @dev Attestation format:\n * A valid attestation is the concatenated 65-byte signature(s) of exactly\n * `thresholdSignature` signatures, in increasing order of attester address.\n * ***If the attester addresses recovered from signatures are not in\n * increasing order, signature verification will fail.***\n * If incorrect number of signatures or duplicate signatures are supplied,\n * signature verification will fail.\n *\n * Message format:\n * Field Bytes Type Index\n * version 4 uint32 0\n * sourceDomain 4 uint32 4\n * destinationDomain 4 uint32 8\n * nonce 8 uint64 12\n * sender 32 bytes32 20\n * recipient 32 bytes32 52\n * messageBody dynamic bytes 84\n * @param message Message bytes\n * @param attestation Concatenated 65-byte signature(s) of `message`, in increasing order\n * of the attester address recovered from signatures.\n * @return success bool, true if successful\n */\n function receiveMessage(bytes calldata message, bytes calldata attestation)\n external\n override\n whenNotPaused\n returns (bool success)\n {\n // Validate each signature in the attestation\n _verifyAttestationSignatures(message, attestation);\n\n bytes29 _msg = message.ref(0);\n\n // Validate message format\n _msg._validateMessageFormat();\n\n // Validate domain\n require(\n _msg._destinationDomain() == localDomain,\n \"Invalid destination domain\"\n );\n\n // Validate destination caller\n if (_msg._destinationCaller() != bytes32(0)) {\n require(\n _msg._destinationCaller() ==\n Message.addressToBytes32(msg.sender),\n \"Invalid caller for message\"\n );\n }\n\n // Validate version\n require(_msg._version() == version, \"Invalid message version\");\n\n // Validate nonce is available\n uint32 _sourceDomain = _msg._sourceDomain();\n uint64 _nonce = _msg._nonce();\n bytes32 _sourceAndNonce = _hashSourceAndNonce(_sourceDomain, _nonce);\n require(usedNonces[_sourceAndNonce] == 0, \"Nonce already used\");\n // Mark nonce used\n usedNonces[_sourceAndNonce] = 1;\n\n // Handle receive message\n bytes32 _sender = _msg._sender();\n bytes memory _messageBody = _msg._messageBody().clone();\n require(\n IMessageHandler(Message.bytes32ToAddress(_msg._recipient()))\n .handleReceiveMessage(_sourceDomain, _sender, _messageBody),\n \"handleReceiveMessage() failed\"\n );\n\n // Emit MessageReceived event\n emit MessageReceived(\n msg.sender,\n _sourceDomain,\n _nonce,\n _sender,\n _messageBody\n );\n return true;\n }\n\n /**\n * @notice Sets the max message body size\n * @dev This value should not be reduced without good reason,\n * to avoid impacting users who rely on large messages.\n * @param newMaxMessageBodySize new max message body size, in bytes\n */\n function setMaxMessageBodySize(uint256 newMaxMessageBodySize)\n external\n onlyOwner\n {\n maxMessageBodySize = newMaxMessageBodySize;\n emit MaxMessageBodySizeUpdated(maxMessageBodySize);\n }\n\n // ============ Internal Utils ============\n /**\n * @notice Send the message to the destination domain and recipient. If `_destinationCaller` is not equal to bytes32(0),\n * the message can only be received on the destination chain when called by `_destinationCaller`.\n * @dev Format the message and emit `MessageSent` event with message information.\n * @param _destinationDomain Domain of destination chain\n * @param _recipient Address of message recipient on destination domain as bytes32\n * @param _destinationCaller caller on the destination domain, as bytes32\n * @param _sender message sender, as bytes32\n * @param _nonce nonce reserved for message\n * @param _messageBody Raw bytes content of message\n */\n function _sendMessage(\n uint32 _destinationDomain,\n bytes32 _recipient,\n bytes32 _destinationCaller,\n bytes32 _sender,\n uint64 _nonce,\n bytes calldata _messageBody\n ) internal {\n // Validate message body length\n require(\n _messageBody.length \u003c= maxMessageBodySize,\n \"Message body exceeds max size\"\n );\n\n require(_recipient != bytes32(0), \"Recipient must be nonzero\");\n\n // serialize message\n bytes memory _message = Message._formatMessage(\n version,\n localDomain,\n _destinationDomain,\n _nonce,\n _sender,\n _recipient,\n _destinationCaller,\n _messageBody\n );\n\n // Emit MessageSent event\n emit MessageSent(_message);\n }\n\n /**\n * @notice hashes `_source` and `_nonce`.\n * @param _source Domain of chain where the transfer originated\n * @param _nonce The unique identifier for the message from source to\n destination\n * @return hash of source and nonce\n */\n function _hashSourceAndNonce(uint32 _source, uint64 _nonce)\n internal\n pure\n returns (bytes32)\n {\n return keccak256(abi.encodePacked(_source, _nonce));\n }\n\n /**\n * Reserve and increment next available nonce\n * @return nonce reserved\n */\n function _reserveAndIncrementNonce() internal returns (uint64) {\n uint64 _nonceReserved = nextAvailableNonce;\n nextAvailableNonce = nextAvailableNonce + 1;\n return _nonceReserved;\n }\n}\n","language":"Solidity","languageVersion":"0.7.6","compilerVersion":"0.7.6","compilerOptions":"--combined-json bin,bin-runtime,srcmap,srcmap-runtime,abi,userdoc,devdoc,metadata,hashes --optimize --optimize-runs 10000 --allow-paths ., ./, ../","srcMap":"101905:13053:0:-:0;;;53514:26;;;-1:-1:-1;;;;53514:26:0;;;103715:278;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;-1:-1:-1;103715:278:0;;;;;;;;;;;;;;;;;;;;49481:32;49500:12;:10;:12::i;:::-;49481:18;:32::i;:::-;94318:31;94338:10;94318:19;:31::i;:::-;94473:1;94452:18;:22;94484:24;94499:8;94484:14;:24::i;:::-;-1:-1:-1;;;;;;;103882:26:0::1;::::0;;;;;::::1;::::0;::::1;103918:40:::0;;;::::1;:18;:40:::0;103968:18;;;;;;::::1;::::0;-1:-1:-1;101905:13053:0;;47973:104;48060:10;47973:104;:::o;52482:153::-;52571:13;52564:20;;-1:-1:-1;;;;;;52564:20:0;;;52594:34;52619:8;52594:24;;;;;;;:34;;:::i;:::-;52482:153;:::o;99082:122::-;99159:16;:38;;-1:-1:-1;;;;;;99159:38:0;-1:-1:-1;;;;;99159:38:0;;;;;;;;;;99082:122::o;94777:278::-;93997:16;;-1:-1:-1;;;;;93997:16:0;93983:10;:30;93975:70;;;;;-1:-1:-1;;;93975:70:0;;;;;;;;;;;;;;;;;;;;;;;;;;;;-1:-1:-1;;;;;94867:25:0;::::1;94859:66;;;::::0;;-1:-1:-1;;;94859:66:0;;::::1;;::::0;::::1;::::0;::::1;::::0;;;;::::1;::::0;;;;;;;;;;;;;::::1;;94943:33;94964:11;94943:16;:20;;;;;;:33;;;;:::i;:::-;94935:70;;;::::0;;-1:-1:-1;;;94935:70:0;;::::1;;::::0;::::1;::::0;::::1;::::0;;;;::::1;::::0;;;;;;;;;;;;;::::1;;95020:28;::::0;-1:-1:-1;;;;;95020:28:0;::::1;::::0;::::1;::::0;;;::::1;94777:278:::0;:::o;50569:187::-;50642:16;50661:6;;-1:-1:-1;;;;;50677:17:0;;;-1:-1:-1;;;;;;50677:17:0;;;;;;50709:40;;50661:6;;;;;;;50709:40;;50642:16;50709:40;50569:187;;:::o;85176:150::-;85246:4;85269:50;85274:3;-1:-1:-1;;;;;85294:23:0;;85269:4;:50::i;:::-;85262:57;;85176:150;;;;;:::o;80387:404::-;80450:4;80471:21;80481:3;80486:5;80471:9;:21::i;:::-;80466:319;;-1:-1:-1;80508:23:0;;;;;;;;:11;:23;;;;;;;;;;;;;80688:18;;80666:19;;;:12;;;:19;;;;;;:40;;;;80720:11;;80466:319;-1:-1:-1;80769:5:0;80762:12;;82552:127;82625:4;82648:19;;;:12;;;;;:19;;;;;;:24;;;82552:127::o;101905:13053::-;;;;;;;;;;;;;;;;;","srcMapRuntime":"101905:13053:0:-:0;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;104485:579;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;-1:-1:-1;104485:579:0;;-1:-1:-1;104485:579:0;-1:-1:-1;104485:579:0;:::i;:::-;;;;;;;;;;;;;;;;;;;77925:264;;;;;;;;;;;;;;;;-1:-1:-1;77925:264:0;-1:-1:-1;;;;;77925:264:0;;:::i;:::-;;96619:667;;;;;;;;;;;;;;;;-1:-1:-1;96619:667:0;-1:-1:-1;;;;;96619:667:0;;:::i;77095:83::-;;;:::i;:::-;;;;-1:-1:-1;;;;;77095:83:0;;;;;;;;;;;;;;54384:94;;;:::i;95521:113::-;;;:::i;:::-;;;;;;;;;;;;;;;;103279:31;;;:::i;:::-;;;;;;;;;;;;;;;;;;;54535:256;;;;;;;;;;;;;;;;-1:-1:-1;54535:256:0;-1:-1:-1;;;;;54535:256:0;;:::i;110223:1877::-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;-1:-1:-1;110223:1877:0;;-1:-1:-1;110223:1877:0;-1:-1:-1;110223:1877:0;:::i;:::-;;;;;;;;;;;;;;;;;;53514:26;;;:::i;52715:240::-;;;:::i;95270:131::-;;;;;;;;;;;;;;;;-1:-1:-1;95270:131:0;-1:-1:-1;;;;;95270:131:0;;:::i;103491:32::-;;;:::i;54205:89::-;;;:::i;103207:35::-;;;:::i;49746:85::-;;;:::i;112366:220::-;;;;;;;;;;;;;;;;-1:-1:-1;112366:220:0;;:::i;98502:99::-;;;:::i;54037:81::-;;;:::i;93395:33::-;;;:::i;103399:::-;;;:::i;77620:177::-;;;;;;;;;;;;;;;;-1:-1:-1;;;;;;77620:177:0;;;;;;;;;;;;;;;;;:::i;105886:1314::-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;-1:-1:-1;105886:1314:0;-1:-1:-1;105886:1314:0;;:::i;97598:779::-;;;;;;;;;;;;;;;;-1:-1:-1;97598:779:0;;:::i;98773:125::-;;;;;;;;;;;;;;;;-1:-1:-1;98773:125:0;;:::i;95841:409::-;;;;;;;;;;;;;;;;-1:-1:-1;95841:409:0;-1:-1:-1;;;;;95841:409:0;;:::i;51792:99::-;;;:::i;52084:214::-;;;;;;;;;;;;;;;;-1:-1:-1;52084:214:0;-1:-1:-1;;;;;52084:214:0;;:::i;108109:687::-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;-1:-1:-1;108109:687:0;;-1:-1:-1;108109:687:0;-1:-1:-1;108109:687:0;:::i;94777:278::-;;;;;;;;;;;;;;;;-1:-1:-1;94777:278:0;-1:-1:-1;;;;;94777:278:0;;:::i;103618:45::-;;;;;;;;;;;;;;;;-1:-1:-1;103618:45:0;;:::i;104485:579::-;53694:6;;104650;;53694;;;;;53693:7;53685:36;;;;;-1:-1:-1;;;53685:36:0;;;;;;;;;;;;;;;;;;;;;;;;;;;;104668:31:::1;::::0;104738:27:::1;:25;:27::i;:::-;104722:43;;104775:22;104800:7;:24;104825:10;104800:36;;;;;;;;;;;;;-1:-1:-1::0;;;;;104800:36:0::1;;;;;;;;;;;;;;;;;;;;;;;;::::0;::::1;;;;;;;;;;;;::::0;::::1;;;;;;;;;;;;;;;;;;;::::0;::::1;;-1:-1:-1::0;104800:36:0;;-1:-1:-1;104847:186:0::1;104873:17:::0;104904:9;104927:23;104800:36;104992:6;105012:11;;104847:12:::1;:186::i;:::-;-1:-1:-1::0;105051:6:0;-1:-1:-1;;53731:1:0::1;104485:579:::0;;;;;;:::o;77925:264::-;49639:13;:11;:13::i;:::-;-1:-1:-1;;;;;78018:24:0;::::1;77997:113;;;;-1:-1:-1::0;;;77997:113:0::1;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;78120:8;:21:::0;;;::::1;-1:-1:-1::0;;;;;78120:21:0;::::1;::::0;;::::1;::::0;;;78156:26:::1;::::0;::::1;::::0;-1:-1:-1;;78156:26:0::1;77925:264:::0;:::o;96619:667::-;93997:16;;-1:-1:-1;;;;;93997:16:0;93983:10;:30;93975:70;;;;;-1:-1:-1;;;93975:70:0;;;;;;;;;;;;;;;;;;;;;;;;;;;;96775:28:::1;96806:24;:22;:24::i;:::-;96775:55;;96872:1;96849:20;:24;96841:62;;;::::0;;-1:-1:-1;;;96841:62:0;;::::1;;::::0;::::1;::::0;::::1;::::0;;;;::::1;::::0;;;;;;;;;;;;;::::1;;97082:18;;97059:20;:41;97038:118;;;::::0;;-1:-1:-1;;;97038:118:0;;::::1;;::::0;::::1;::::0;::::1;::::0;;;;::::1;::::0;;;;;;;;;;;;;::::1;;97175:33;:16;97199:8:::0;97175:23:::1;:33::i;:::-;97167:71;;;::::0;;-1:-1:-1;;;97167:71:0;;::::1;;::::0;::::1;::::0;::::1;::::0;;;;::::1;::::0;;;;;;;;;;;;;::::1;;97253:26;::::0;-1:-1:-1;;;;;97253:26:0;::::1;::::0;::::1;::::0;;;::::1;94055:1;96619:667:::0;:::o;77095:83::-;77163:8;;-1:-1:-1;;;;;77163:8:0;77095:83;:::o;54384:94::-;53881:7;;-1:-1:-1;;;;;53881:7:0;53867:10;:21;53859:68;;;;-1:-1:-1;;;53859:68:0;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;54433:6:::1;:14:::0;;;::::1;::::0;;54462:9:::1;::::0;::::1;::::0;54442:5:::1;::::0;54462:9:::1;54384:94::o:0;95521:113::-;95576:7;95602:25;:16;:23;:25::i;:::-;95595:32;;95521:113;:::o;103279:31::-;;;:::o;54535:256::-;49639:13;:11;:13::i;:::-;-1:-1:-1;;;;;54627:24:0;::::1;54606:111;;;;-1:-1:-1::0;;;54606:111:0::1;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;54727:7;:20:::0;;;::::1;-1:-1:-1::0;;;;;54727:20:0;;::::1;::::0;;;::::1;::::0;;;;54762:22:::1;::::0;54776:7;::::1;::::0;54762:22:::1;::::0;-1:-1:-1;;54762:22:0::1;54535:256:::0;:::o;110223:1877::-;53694:6;;110372:12;;53694:6;;;;;53693:7;53685:36;;;;;-1:-1:-1;;;53685:36:0;;;;;;;;;;;;;;;;;;;;;;;;;;;;110454:50:::1;110483:7;;110492:11;;110454:28;:50::i;:::-;110515:12;110530:14;110542:1;110530:7;;:11;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;::::0;::::1;::::0;;;;-1:-1:-1;110530:11:0;;:14;-1:-1:-1;;110530:11:0::1;:14:::0;-1:-1:-1;110530:14:0:i:1;:::-;110515:29:::0;-1:-1:-1;110590:29:0::1;-1:-1:-1::0;;110590:27:0;::::1;;:29::i;:::-;110678:40;110707:11;110678:40;:25;-1:-1:-1::0;;110678:23:0;::::1;;:25::i;:::-;:40;;;110657:113;;;::::0;;-1:-1:-1;;;110657:113:0;;::::1;;::::0;::::1;::::0;::::1;::::0;;;;::::1;::::0;;;;;;;;;;;;;::::1;;110861:1;110824:25;-1:-1:-1::0;;110824:23:0;::::1;;:25::i;:::-;:39;110820:240;;110953:36;::::0;;;;;110978:10:::1;110953:36;::::0;::::1;::::0;;;:7:::1;::::0;:24:::1;::::0;:36;;;;;::::1;::::0;;;;;;;;:7;:36;::::1;;::::0;::::1;;;;::::0;::::1;;;;;;;;;;;;::::0;::::1;;;;;;;;;;;;;;;;;;;::::0;::::1;;-1:-1:-1::0;110953:36:0;110904:25:::1;-1:-1:-1::0;;110904:23:0;::::1;;:25::i;:::-;:85;110879:170;;;::::0;;-1:-1:-1;;;110879:170:0;;::::1;;::::0;::::1;::::0;::::1;::::0;;;;::::1;::::0;;;;;;;;;;;;;::::1;;111106:26;111125:7;111106:26;:15;-1:-1:-1::0;;111106:13:0;::::1;;:15::i;:::-;:26;;;111098:62;;;::::0;;-1:-1:-1;;;111098:62:0;;::::1;;::::0;::::1;::::0;::::1;::::0;;;;::::1;::::0;;;;;;;;;;;;;::::1;;111210:20;111233;-1:-1:-1::0;;111233:18:0;::::1;;:20::i;:::-;111210:43:::0;-1:-1:-1;111263:13:0::1;111279;-1:-1:-1::0;;111279:11:0;::::1;;:13::i;:::-;111263:29;;111302:23;111328:42;111348:13;111363:6;111328:19;:42::i;:::-;111388:27;::::0;;;:10:::1;:27;::::0;;;;;111302:68;;-1:-1:-1;111388:32:0;111380:63:::1;;;::::0;;-1:-1:-1;;;111380:63:0;;::::1;;::::0;::::1;::::0;::::1;::::0;;;;::::1;::::0;;;;;;;;;;;;;::::1;;111480:27;::::0;;;:10:::1;:27;::::0;;;;111510:1:::1;111480:31:::0;;111574:14:::1;-1:-1:-1::0;;111574:12:0;::::1;;:14::i;:::-;111556:32:::0;-1:-1:-1;111598:25:0::1;111626:27;:19;-1:-1:-1::0;;111626:17:0;::::1;;:19::i;:::-;-1:-1:-1::0;;111626:25:0::1;;:27::i;:::-;111598:55:::0;-1:-1:-1;111700:7:0::1;:24;111725:17;-1:-1:-1::0;;111725:15:0;::::1;;:17::i;:::-;111700:43;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;::::0;::::1;;;;;;;;;;;;::::0;::::1;;;;;;;;;;;;;;;;;;;::::0;::::1;;-1:-1:-1::0;111700:43:0;111684:136:::1;::::0;;;;::::1;::::0;::::1;;::::0;::::1;::::0;;;;;;;;;;;;;;;;;;;;;;;;-1:-1:-1;;;;;111684:98:0;;::::1;::::0;::::1;::::0;111783:13;;111798:7;;111807:12;;111684:136;;;;;;;;;111700:43:::1;111684:136:::0;::::1;::::0;;;;-1:-1:-1;111684:136:0::1;;;;;;;::::0;;::::1;::::0;;;::::1;::::0;::::1;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;::::0;::::1;;;;;;;;;;;;::::0;::::1;;;;;;;;;;;;;;;;;;;::::0;::::1;;-1:-1:-1::0;111684:136:0;111663:212:::1;;;::::0;;-1:-1:-1;;;111663:212:0;;::::1;;::::0;::::1;::::0;::::1;::::0;;;;::::1;::::0;;;;;;;;;;;;;::::1;;112009:6;111929:143;;111958:10;-1:-1:-1::0;;;;;111929:143:0::1;;111982:13;112029:7;112050:12;111929:143;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;::::0;;::::1;::::0;;;::::1;::::0;::::1;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;-1:-1:-1::0;112089:4:0::1;::::0;110223:1877;-1:-1:-1;;;;;;;;;;110223:1877:0:o;53514:26::-;;;;;;;;;:::o;52715:240::-;52761:14;52778:12;:10;:12::i;:::-;52761:29;;52839:6;-1:-1:-1;;;;;52821:24:0;:14;:12;:14::i;:::-;-1:-1:-1;;;;;52821:24:0;;52800:112;;;;-1:-1:-1;;;52800:112:0;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;52922:26;52941:6;52922:18;:26::i;:::-;52715:240;:::o;95270:131::-;95336:4;95359:35;:16;95385:8;95359:25;:35::i;:::-;95352:42;;95270:131;;;;:::o;103491:32::-;;;;;;:::o;54205:89::-;53881:7;;-1:-1:-1;;;;;53881:7:0;53867:10;:21;53859:68;;;;-1:-1:-1;;;53859:68:0;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;54252:6:::1;:13:::0;;;::::1;::::0;::::1;::::0;;54280:7:::1;::::0;::::1;::::0;54252:13;;54280:7:::1;54205:89::o:0;103207:35::-;;;:::o;49746:85::-;49792:7;49818:6;-1:-1:-1;;;;;49818:6:0;49746:85;:::o;112366:220::-;49639:13;:11;:13::i;:::-;112477:18:::1;:42:::0;;;112534:45:::1;::::0;;;;;;;::::1;::::0;;;;::::1;::::0;;::::1;112366:220:::0;:::o;98502:99::-;98578:16;;-1:-1:-1;;;;;98578:16:0;98502:99;:::o;54037:81::-;54104:7;;-1:-1:-1;;;;;54104:7:0;54037:81;:::o;93395:33::-;;;;:::o;103399:::-;;;;:::o;77620:177::-;77326:8;;-1:-1:-1;;;;;77326:8:0;77312:10;:22;77304:71;;;;-1:-1:-1;;;77304:71:0;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;77752:38:::1;-1:-1:-1::0;;;;;77752:26:0;::::1;77779:2:::0;77783:6;77752:26:::1;:38::i;:::-;77620:177:::0;;;:::o;105886:1314::-;53694:6;;;;;;;53693:7;53685:36;;;;;-1:-1:-1;;;53685:36:0;;;;;;;;;;;;;;;;;;;;;;;;;;;;106173:66:::1;106202:15;;106219:19;;106173:28;:66::i;:::-;106250:20;106273:22;106293:1;106273:15;;:19;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;::::0;::::1;::::0;;;;-1:-1:-1;106273:19:0;;:22;-1:-1:-1;;106273:19:0::1;:22:::0;-1:-1:-1;106273:22:0:i:1;:::-;106250:45:::0;-1:-1:-1;106341:37:0::1;-1:-1:-1::0;;106341:35:0;::::1;;:37::i;:::-;106424:15;106442:22;-1:-1:-1::0;;106442:20:0;::::1;;:22::i;:::-;106424:40;;106509:7;:24;106534:7;106509:33;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;::::0;::::1;;;;;;;;;;;;::::0;::::1;;;;;;;;;;;;;;;;;;;::::0;::::1;;-1:-1:-1::0;106509:33:0;-1:-1:-1;;;;;106495:47:0::1;:10;:47;106474:127;;;;-1:-1:-1::0;;;106474:127:0::1;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;106646:20;106669:28;-1:-1:-1::0;;106669:26:0;::::1;;:28::i;:::-;106646:51;;106745:11;106728:28;;:13;:28;;;106707:119;;;;-1:-1:-1::0;;;106707:119:0::1;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;106837:25;106865:33;-1:-1:-1::0;;106865:31:0;::::1;;:33::i;:::-;106837:61:::0;-1:-1:-1;106908:18:0::1;106929:25;-1:-1:-1::0;;106929:23:0;::::1;;:25::i;:::-;106908:46:::0;-1:-1:-1;106964:13:0::1;106980:21;-1:-1:-1::0;;106980:19:0;::::1;;:21::i;:::-;106964:37;;107012:181;107038:18;107070:10;107094:20;107128:7;107149:6;107169:14;;107012:12;:181::i;:::-;53731:1;;;;;;105886:1314:::0;;;;;;;:::o;97598:779::-;93997:16;;-1:-1:-1;;;;;93997:16:0;93983:10;:30;93975:70;;;;;-1:-1:-1;;;93975:70:0;;;;;;;;;;;;;;;;;;;;;;;;;;;;97727:26;97719:66:::1;;;::::0;;-1:-1:-1;;;97719:66:0;;::::1;;::::0;::::1;::::0;::::1;::::0;;;;::::1;::::0;;;;;;;;;;;;;::::1;;97923:25;:16;:23;:25::i;:::-;97898:21;:50;;97877:129;;;::::0;;-1:-1:-1;;;97877:129:0;;::::1;;::::0;::::1;::::0;;;;;;;::::1;::::0;;;;;;;;;;;;;::::1;;98063:18;;98038:21;:43;;98017:121;;;::::0;;-1:-1:-1;;;98017:121:0;;::::1;;::::0;::::1;::::0;::::1;::::0;;;;::::1;::::0;;;;;;;;;;;;;::::1;;98182:18;::::0;;98210:42;;;;98267:103:::1;::::0;;;;;::::1;::::0;::::1;::::0;;;;;::::1;::::0;;;;;;;;;::::1;94055:1;97598:779:::0;:::o;98773:125::-;98839:7;98865:26;:16;98885:5;98865:19;:26::i;95841:409::-;49639:13;:11;:13::i;:::-;-1:-1:-1;;;;;95970:32:0;::::1;95949:111;;;::::0;;-1:-1:-1;;;95949:111:0;;::::1;;::::0;::::1;::::0;;;;;;;::::1;::::0;;;;;;;;;;;;;::::1;;96100:16;::::0;-1:-1:-1;;;;;96100:16:0::1;96126:39;96146:18:::0;96126:19:::1;:39::i;:::-;96224:18;-1:-1:-1::0;;;;;96180:63:0::1;96203:19;-1:-1:-1::0;;;;;96180:63:0::1;;;;;;;;;;;49662:1;95841:409:::0;:::o;51792:99::-;51871:13;;-1:-1:-1;;;;;51871:13:0;51792:99;:::o;52084:214::-;49639:13;:11;:13::i;:::-;52209::::1;:24:::0;;;::::1;-1:-1:-1::0;;;;;52209:24:0;::::1;::::0;;::::1;::::0;;;52273:7:::1;:5;:7::i;:::-;-1:-1:-1::0;;;;;52248:43:0::1;;;;;;;;;;;52084:214:::0;:::o;108109:687::-;53694:6;;108319;;53694;;;;;53693:7;53685:36;;;;;-1:-1:-1;;;53685:36:0;;;;;;;;;;;;;;;;;;;;;;;;;;;;108358:31;108337:112:::1;;;;-1:-1:-1::0;;;108337:112:0::1;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;108460:13;108476:27;:25;:27::i;:::-;108460:43;;108513:22;108538:7;:24;108563:10;108538:36;;;;;;;;;;;;;-1:-1:-1::0;;;;;108538:36:0::1;;;;;;;;;;;;;;;;;;;;;;;;::::0;::::1;;;;;;;;;;;;::::0;::::1;;;;;;;;;;;;;;;;;;;::::0;::::1;;-1:-1:-1::0;108538:36:0;;-1:-1:-1;108585:180:0::1;108611:17:::0;108642:9;108665:17;108538:36;108724:6;108744:11;;108585:12:::1;:180::i;:::-;-1:-1:-1::0;108783:6:0;108109:687;-1:-1:-1;;;;;;108109:687:0:o;94777:278::-;93997:16;;-1:-1:-1;;;;;93997:16:0;93983:10;:30;93975:70;;;;;-1:-1:-1;;;93975:70:0;;;;;;;;;;;;;;;;;;;;;;;;;;;;-1:-1:-1;;;;;94867:25:0;::::1;94859:66;;;::::0;;-1:-1:-1;;;94859:66:0;;::::1;;::::0;::::1;::::0;::::1;::::0;;;;::::1;::::0;;;;;;;;;;;;;::::1;;94943:33;:16;94964:11:::0;94943:20:::1;:33::i;:::-;94935:70;;;::::0;;-1:-1:-1;;;94935:70:0;;::::1;;::::0;::::1;::::0;::::1;::::0;;;;::::1;::::0;;;;;;;;;;;;;::::1;;95020:28;::::0;-1:-1:-1;;;;;95020:28:0;::::1;::::0;::::1;::::0;;;::::1;94777:278:::0;:::o;103618:45::-;;;;;;;;;;;;;:::o;50569:187::-;50642:16;50661:6;;-1:-1:-1;;;;;50677:17:0;;;;;;;;;;50709:40;;50661:6;;;;;;;50709:40;;50642:16;50709:40;50569:187;;:::o;85176:150::-;85246:4;85269:50;85274:3;-1:-1:-1;;;;;85294:23:0;;85269:4;:50::i;:::-;85262:57;;85176:150;;;;;:::o;114750:206::-;114847:18;;;114875:43;;;114847:18;;;;;114896:22;;;114875:43;;;;;;;114847:18;114750:206::o;113348:836::-;113663:18;;113640:41;;;113619:117;;;;;-1:-1:-1;;;113619:117:0;;;;;;;;;;;;;;;;;;;;;;;;;;;;113755:24;113747:62;;;;;-1:-1:-1;;;113747:62:0;;;;;;;;;;;;;;;;;;;;;;;;;;;;113849:21;113873:233;113909:7;113930:11;113955:18;113987:6;114007:7;114028:10;114052:18;114084:12;;113873:233;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;-1:-1:-1;113873:22:0;;-1:-1:-1;;;113873:233:0:i;:::-;113849:257;;114156:21;114168:8;114156:21;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;113348:836;;;;;;;;:::o;49904:130::-;49978:12;:10;:12::i;:::-;-1:-1:-1;;;;;49967:23:0;:7;:5;:7::i;:::-;-1:-1:-1;;;;;49967:23:0;;49959:68;;;;;-1:-1:-1;;;49959:68:0;;;;;;;;;;;;;;;;;;;;;;;;;;;;;49904:130::o;85494:156::-;85567:4;85590:53;85598:3;-1:-1:-1;;;;;85618:23:0;;85590:7;:53::i;85977:115::-;86040:7;86066:19;86074:3;86066:7;:19::i;100054:1327::-;100254:18;;93535:2;100236:36;100213:59;;100192:132;;;;;-1:-1:-1;;;100192:132:0;;;;;;;;;;;;;;;;;;;;;;;;;;;;100379:30;100529:15;100557:8;;100547:19;;;;;;;;;;;;;;;;;;;;-1:-1:-1;100582:9:0;;-1:-1:-1;;;;100577:798:0;100597:18;;100593:1;:22;100577:798;;;100636:23;100662:103;93535:2;100675:19;;;100695:69;;;;100662:12;;:103;:::i;:::-;100636:129;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;-1:-1:-1;100636:129:0;;-1:-1:-1;100809:92:0;;-1:-1:-1;100852:7:0;;-1:-1:-1;100636:129:0;;-1:-1:-1;100809:25:0;:92::i;:::-;100780:121;;101079:22;-1:-1:-1;;;;;101058:43:0;:18;-1:-1:-1;;;;;101058:43:0;;101033:133;;;;;-1:-1:-1;;;101033:133:0;;;;;;;;;;;;;;;;;;;;;;;;;;;;101205:37;101223:18;101205:17;:37::i;:::-;101180:127;;;;;-1:-1:-1;;;101180:127:0;;;;;;;;;;;;;;;;;;;;;;;;;;;;101346:18;-1:-1:-1;;100617:3:0;;100577:798;;;;100054:1327;;;;;;:::o;14861:368::-;14965:10;;14931:7;;15120:4;15111:14;;15196:26;;;;15111:14;14965:10;15196:5;:26::i;:::-;15189:33;14861:368;-1:-1:-1;;;;;14861:368:0:o;45329:248::-;45411:18;-1:-1:-1;;45411:16:0;;;:18::i;:::-;45403:48;;;;;-1:-1:-1;;;45403:48:0;;;;;;;;;;;;;;;;;;;;;;;;;;;;41422:3;45482:14;-1:-1:-1;;45482:12:0;;;:14::i;:::-;:36;;;;45461:109;;;;;-1:-1:-1;;;45461:109:0;;;;;;;;;;;;;;;;;;;;;;;;;;;43173:184;43266:6;43302:47;-1:-1:-1;;43302:18:0;;41173:1;43347;43302:18;:47::i;43965:174::-;44058:7;44088:44;-1:-1:-1;;44088:14:0;;41370:2;44129;44088:14;:44::i;42769:135::-;42828:6;42860:36;-1:-1:-1;;42860:18:0;;42828:6;42894:1;42860:18;:36::i;42963:146::-;43027:6;43059:42;-1:-1:-1;;43059:18:0;;41116:1;;43059:18;:42::i;43409:131::-;43466:6;43498:34;-1:-1:-1;;43498:18:0;;41217:2;43530:1;43498:18;:34::i;114460:188::-;114607:33;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;114597:44;;;;;;114460:188::o;43593:123::-;43651:7;43677:32;-1:-1:-1;;43677:14:0;;41263:2;43706;43677:14;:32::i;44197:244::-;44260:7;44298:136;41422:3;;44366:14;-1:-1:-1;;44366:12:0;;;:14::i;:::-;-1:-1:-1;;44298:14:0;;;:136;;44366:35;;44298:136;44419:1;44298:14;:136::i;29304:614::-;29359:16;29387:11;29408:12;29423;29427:7;29423:3;:12::i;:::-;29408:27;;;;29553:4;29547:11;29540:18;;29608:3;29601:10;;29630:33;29643:7;29652:3;29658:4;29652:10;29630:12;:33::i;:::-;-1:-1:-1;29785:14:0;;;29801:4;29781:25;29775:4;29768:39;29848:17;;29682:230;;-1:-1:-1;29682:230:0:o;43772:129::-;43833:7;43859:35;-1:-1:-1;;43859:14:0;;41312:2;43891;43859:14;:35::i;47973:104::-;48060:10;47973:104;:::o;52482:153::-;52571:13;52564:20;;;;;;52594:34;52619:8;52594:24;:34::i;85731:165::-;85811:4;85834:55;85844:3;-1:-1:-1;;;;;85864:23:0;;85834:9;:55::i;73514:175::-;73623:58;;;-1:-1:-1;;;;;73623:58:0;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;73646:23;73623:58;;;73596:86;;73616:5;;73596:19;:86::i;86424:156::-;86498:7;86548:22;86552:3;86564:5;86548:3;:22::i;99082:122::-;99159:16;:38;;;;-1:-1:-1;;;;;99159:38:0;;;;;;;;;;99082:122::o;80387:404::-;80450:4;80471:21;80481:3;80486:5;80471:9;:21::i;:::-;80466:319;;-1:-1:-1;80508:23:0;;;;;;;;:11;:23;;;;;;;;;;;;;80688:18;;80666:19;;;:12;;;:19;;;;;;:40;;;;80720:11;;80466:319;-1:-1:-1;80769:5:0;80762:12;;42069:646;42379:12;42456:11;42485:16;42519:21;42558:9;42585:10;42613:13;42644:21;42683:11;42422:286;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;42403:305;;42069:646;;;;;;;;;;:::o;80959:1512::-;81025:4;81162:19;;;:12;;;:19;;;;;;81196:15;;81192:1273;;81625:18;;81577:14;;;;;81625:22;;;;81553:21;;81625:3;;:22;;81907;;;;;;;;;;;;;;81887:42;;82050:9;82021:3;:11;;82033:13;82021:26;;;;;;;;;;;;;;;;;;;:38;;;;82125:23;;;82167:1;82125:12;;;:23;;;;;;82151:17;;;82125:43;;82274:17;;82125:3;;82274:17;;;;;;;;;;;;;;;;;;;;;;82366:3;:12;;:19;82379:5;82366:19;;;;;;;;;;;82359:26;;;82407:4;82400:11;;;;;;;;81192:1273;82449:5;82442:12;;;;;82760:107;82842:18;;82760:107::o;101585:197::-;101709:7;101740:34;101754:7;101763:10;101740:13;:34::i;14021:443::-;14102:15;;14144:14;:4;14153;14144:8;:14::i;:::-;14129:29;;14281:4;14275:11;14269:4;14266:21;14263:2;;;-1:-1:-1;14314:1:0;14263:2;14352:9;14348:51;;-1:-1:-1;;14377:11:0;;;;;14348:51;14418:39;14439:5;14446:4;14452;14418:20;:39::i;:::-;14408:49;;14021:443;;;;;;;:::o;9896:319::-;9953:8;9977:15;9984:7;9977:6;:15::i;:::-;:31;;9996:12;9977:31;9973:52;;;-1:-1:-1;10018:5:0;10011:12;;9973:52;10034:12;10049;10053:7;10049:3;:12::i;:::-;10192:4;10186:11;-1:-1:-1;10173:26:0;;10080:129;-1:-1:-1;;;10080:129:0:o;17479:291::-;17734:2;17730:16;4424:26;17726:28;;17632:132::o;22149:191::-;22238:14;22321:6;22316:2;:11;22331:1;22315:17;22271:62;;22279:30;22285:7;22294:6;22302;22279:5;:30::i;:::-;22271:62;;;22149:191;-1:-1:-1;;;;22149:191:0:o;21126:677::-;21211:14;21241:11;;;21237:37;;-1:-1:-1;21270:1:0;21255:17;;21237:37;21308:12;21312:7;21308:3;:12::i;:::-;21287:33;;:18;:6;:18;;;:10;:18::i;:::-;:33;21283:140;;;21343:68;21359:12;21363:7;21359:3;:12::i;:::-;21343:68;;21373:12;21377:7;21373:3;:12::i;:::-;21343:68;;21387:6;21403;21395:15;;21343;:68::i;:::-;21336:76;;-1:-1:-1;;;21336:76:0;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;21283:140;21450:2;21440:6;:12;;;;21432:83;;;;-1:-1:-1;;;21432:83:0;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;21553:1;21544:10;;21526:15;21579:12;21583:7;21579:3;:12::i;:::-;21564:27;;;;21601:13;21617:19;21626:9;21617:8;:19::i;:::-;21761:17;;;;21755:24;21751:36;;;-1:-1:-1;;;;;21655:142:0:o;18337:370::-;18438:7;18457:12;18472;18476:7;18472:3;:12::i;:::-;18457:27;;;;18574:12;18578:7;18574:3;:12::i;:::-;18545:26;18566:4;18545:16;:4;18554:6;18545:8;:16::i;:::-;:20;;:26::i;:::-;:41;18541:83;;;-1:-1:-1;;18602:11:0;;;;;18541:83;18641:16;:4;18650:6;18641:8;:16::i;:::-;18634:23;;18674:26;18680:7;18674:26;;18689:4;18695;18674:5;:26::i;:::-;18667:33;18337:370;-1:-1:-1;;;;;;18337:370:0:o;28024:910::-;28102:15;28137:16;28145:7;28137;:16::i;:::-;28129:69;;;;-1:-1:-1;;;28129:69:0;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;28216:16;28224:7;28216;:16::i;:::-;28208:72;;;;-1:-1:-1;;;28208:72:0;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;28290:12;28305;28309:7;28305:3;:12::i;:::-;28290:27;;;;28327:15;28345:12;28349:7;28345:3;:12::i;:::-;28327:30;;;;28368:11;28497:4;28491:11;28484:18;;28584:7;28579:3;28576:16;28573:2;;;28624:4;28618;28611:18;28573:2;28839:4;28830:7;28824:4;28815:7;28812:1;28805:5;28794:50;28790:55;28875:52;28896:15;28903:7;28896:6;:15::i;:::-;28875:52;;28913:7;28922:4;28875:20;:52::i;82552:127::-;82625:4;82648:19;;;:12;;;;;:19;;;;;;:24;;;82552:127::o;75777:751::-;76196:23;76222:69;76250:4;76222:69;;;;;;;;;;;;;;;;;76230:5;-1:-1:-1;;;;;76222:27:0;;;:69;;;;;:::i;:::-;76305:17;;76196:95;;-1:-1:-1;76305:21:0;76301:221;;76445:10;76434:30;;;;;;;;;;;;;;;-1:-1:-1;76434:30:0;76426:85;;;;-1:-1:-1;;;76426:85:0;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;83199:201;83293:18;;83266:7;;83293:26;-1:-1:-1;83285:73:0;;;;-1:-1:-1;;;83285:73:0;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;83375:3;:11;;83387:5;83375:18;;;;;;;;;;;;;;;;83368:25;;83199:201;;;;:::o;89141:740::-;89219:7;89280:9;:16;89300:2;89280:22;89276:94;;89318:41;;;-1:-1:-1;;;89318:41:0;;;;;;;;;;;;;;;;;;;;;;;;;;;89276:94;89720:4;89705:20;;89699:27;89765:4;89750:20;;89744:27;89818:4;89803:20;;89797:27;89436:9;89789:36;89852:22;89860:4;89789:36;89699:27;89744;89852:7;:22::i;60678:175::-;60736:7;60767:5;;;60790:6;;;;60782:46;;;;;-1:-1:-1;;;60782:46:0;;;;;;;;;;;;;;;;;;;;;;;;;;;13056:426;13288:2;13284:27;;;13358:17;;;;13350:26;;;13423:17;13419:2;13415:26;;13187:289::o;15421:276::-;15640:3;15636:17;;15510:181::o;17944:113::-;17997:7;18038:12;18042:7;18038:3;:12::i;:::-;18023;18027:7;18023:3;:12::i;:::-;:27;18016:34;;;;17944:113;;;:::o;16282:373::-;16618:3;16614:17;4424:26;16610:29;;16435:214::o;19883:741::-;20029:17;20061:9;20074:15;20084:4;20074:9;:15::i;:::-;20058:31;;;20102:9;20115:15;20125:4;20115:9;:15::i;:::-;20099:31;;;20143:9;20156:17;20166:6;20156:9;:17::i;:::-;20140:33;;;20186:9;20199:17;20209:6;20199:9;:17::i;:::-;20183:33;;;20366:1;20428;20508;20570;20252:355;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;-1:-1:-1;20252:355:0;;;;;;;;;;;;;;;;;;;;;;19883:741;-1:-1:-1;;;;;;;;;;;19883:741:0:o;8469:366::-;8739:66;8709:12;;;;8688:131;;8594:235::o;9374:103::-;9431:4;9455:15;9462:7;9455:6;:15::i;:::-;9454:16;;9374:103;-1:-1:-1;;9374:103:0:o;68729:193::-;68832:12;68863:52;68885:6;68893:4;68899:1;68902:12;68863:21;:52::i;90029:1414::-;90114:7;91029:66;91015:80;;;91007:127;;;;-1:-1:-1;;;91007:127:0;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;91152:1;:7;;91157:2;91152:7;:18;;;;91163:1;:7;;91168:2;91163:7;91152:18;91144:65;;;;-1:-1:-1;;;91144:65:0;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;91304:14;91321:24;91331:4;91337:1;91340;91343;91321:24;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;-1:-1:-1;;91321:24:0;;;;;;-1:-1:-1;;;;;;;91363:20:0;;91355:57;;;;;-1:-1:-1;;;91355:57:0;;;;;;;;;;;;;;;;;;;;;;;;;;;6433:556;6487:13;;6543:2;6528:202;6551:2;6547:1;:6;;;6528:202;;;6597:13;6608:1;6604:5;;6597:13;;;;6634:14;6597:13;6634:7;:14::i;:::-;6625:23;;;;;;6666:1;:7;;6671:2;6666:7;6662:58;;6703:2;6693:12;;;;;6662:58;-1:-1:-1;6555:6:0;;6528:202;;;-1:-1:-1;6793:2:0;6778:205;6801:3;6797:1;:7;;;6778:205;;;6849:13;6860:1;6856:5;;6849:13;;;;6887:14;6849:13;6887:7;:14::i;:::-;6877:24;;;;;;6919:1;:6;;6924:1;6919:6;6915:58;;6956:2;6945:13;;;;;6915:58;-1:-1:-1;6807:6:0;;6778:205;;;;6433:556;;;:::o;9144:101::-;-1:-1:-1;;9223:15:0;;;;;9144:101::o;69756:523::-;69883:12;69940:5;69915:21;:30;;69907:81;;;;-1:-1:-1;;;69907:81:0;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;70006:18;70017:6;70006:10;:18::i;:::-;69998:60;;;;;-1:-1:-1;;;69998:60:0;;;;;;;;;;;;;;;;;;;;;;;;;;;;70129:12;70143:23;70170:6;-1:-1:-1;;;;;70170:11:0;70190:5;70198:4;70170:33;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;70128:75;;;;70220:52;70238:7;70247:10;70259:12;70220:17;:52::i;:::-;70213:59;69756:523;-1:-1:-1;;;;;;;69756:523:0:o;5910:199::-;5960:14;5997:18;6013:1;6007:2;:7;;;;5997:9;:18::i;:::-;5986:29;;;6051:1;6039:13;;;6073;6083:2;6073:9;:13::i;:::-;6062:24;;;;5910:199;-1:-1:-1;5910:199:0:o;65874:413::-;66234:20;66272:8;;;65874:413::o;72239:725::-;72354:12;72382:7;72378:580;;;-1:-1:-1;72412:10:0;72405:17;;72378:580;72523:17;;:21;72519:429;;72781:10;72775:17;72841:15;72828:10;72824:2;72820:19;72813:44;72730:145;72913:20;;-1:-1:-1;;;72913:20:0;;;;;;;;;;;;;;;;;72920:12;;72913:20;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;4697:1041;4749:10;4915:4;4910:9;;;;4961:15;;;;4957:35;;;4986:4;4979:11;;;;;4957:35;5010:7;:15;;5021:4;5010:15;5006:35;;;5035:4;5028:11;;;;;5006:35;5059:7;:15;;5070:4;5059:15;5055:35;;;5084:4;5077:11;;;;;5055:35;5108:7;:15;;5119:4;5108:15;5104:35;;;5133:4;5126:11;;;;;5104:35;5157:7;:15;;5168:4;5157:15;5153:35;;;5182:4;5175:11;;;;;5153:35;5206:7;:15;;5217:4;5206:15;5202:35;;;5231:4;5224:11;;;;;5202:35;5255:7;:15;;5266:4;5255:15;5251:35;;;5280:4;5273:11;;;;;5251:35;5304:7;:15;;5315:4;5304:15;5300:35;;;5329:4;5322:11;;;;;5300:35;5353:7;:15;;5364:4;5353:15;5349:35;;;5378:4;5371:11;;;;;5349:35;5402:7;:15;;5413:4;5402:15;5398:35;;;5427:4;5420:11;;;;;5398:35;5451:7;:15;;5462:4;5451:15;5447:35;;;5476:4;5469:11;;;;;5447:35;5500:7;:15;;5511:4;5500:15;5496:35;;;5525:4;5518:11;;;;;5496:35;5549:7;:15;;5560:4;5549:15;5545:35;;;5574:4;5567:11;;;;;5545:35;5598:7;:15;;5609:4;5598:15;5594:35;;;5623:4;5616:11;;;;;5594:35;5647:7;:15;;5658:4;5647:15;5643:35;;;5672:4;5665:11;;;;;5643:35;5696:7;:15;;5707:4;5696:15;5692:35;;;5721:4;5714:11;;;;;5692:35;4697:1041;;;;:::o;14:363:1:-;;;172:8;160:10;157:24;154:2;;;202:9;191;184:28;154:2;239:6;229:8;226:20;223:2;;;267:9;256;249:28;223:2;-1:-1:-1;;301:23:1;;;346:25;;;;;-1:-1:-1;144:233:1:o","abiDefinition":[{"inputs":[{"internalType":"uint32","name":"_localDomain","type":"uint32"},{"internalType":"address","name":"_attester","type":"address"},{"internalType":"uint32","name":"_maxMessageBodySize","type":"uint32"},{"internalType":"uint32","name":"_version","type":"uint32"}],"stateMutability":"nonpayable","type":"constructor"},{"anonymous":false,"inputs":[{"indexed":true,"internalType":"address","name":"attester","type":"address"}],"name":"AttesterDisabled","type":"event"},{"anonymous":false,"inputs":[{"indexed":true,"internalType":"address","name":"attester","type":"address"}],"name":"AttesterEnabled","type":"event"},{"anonymous":false,"inputs":[{"indexed":true,"internalType":"address","name":"previousAttesterManager","type":"address"},{"indexed":true,"internalType":"address","name":"newAttesterManager","type":"address"}],"name":"AttesterManagerUpdated","type":"event"},{"anonymous":false,"inputs":[{"indexed":false,"internalType":"uint256","name":"newMaxMessageBodySize","type":"uint256"}],"name":"MaxMessageBodySizeUpdated","type":"event"},{"anonymous":false,"inputs":[{"indexed":true,"internalType":"address","name":"caller","type":"address"},{"indexed":false,"internalType":"uint32","name":"sourceDomain","type":"uint32"},{"indexed":true,"internalType":"uint64","name":"nonce","type":"uint64"},{"indexed":false,"internalType":"bytes32","name":"sender","type":"bytes32"},{"indexed":false,"internalType":"bytes","name":"messageBody","type":"bytes"}],"name":"MessageReceived","type":"event"},{"anonymous":false,"inputs":[{"indexed":false,"internalType":"bytes","name":"message","type":"bytes"}],"name":"MessageSent","type":"event"},{"anonymous":false,"inputs":[{"indexed":true,"internalType":"address","name":"previousOwner","type":"address"},{"indexed":true,"internalType":"address","name":"newOwner","type":"address"}],"name":"OwnershipTransferStarted","type":"event"},{"anonymous":false,"inputs":[{"indexed":true,"internalType":"address","name":"previousOwner","type":"address"},{"indexed":true,"internalType":"address","name":"newOwner","type":"address"}],"name":"OwnershipTransferred","type":"event"},{"anonymous":false,"inputs":[],"name":"Pause","type":"event"},{"anonymous":false,"inputs":[{"indexed":true,"internalType":"address","name":"newAddress","type":"address"}],"name":"PauserChanged","type":"event"},{"anonymous":false,"inputs":[{"indexed":true,"internalType":"address","name":"newRescuer","type":"address"}],"name":"RescuerChanged","type":"event"},{"anonymous":false,"inputs":[{"indexed":false,"internalType":"uint256","name":"oldSignatureThreshold","type":"uint256"},{"indexed":false,"internalType":"uint256","name":"newSignatureThreshold","type":"uint256"}],"name":"SignatureThresholdUpdated","type":"event"},{"anonymous":false,"inputs":[],"name":"Unpause","type":"event"},{"inputs":[],"name":"acceptOwnership","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[],"name":"attesterManager","outputs":[{"internalType":"address","name":"","type":"address"}],"stateMutability":"view","type":"function"},{"inputs":[{"internalType":"address","name":"attester","type":"address"}],"name":"disableAttester","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[{"internalType":"address","name":"newAttester","type":"address"}],"name":"enableAttester","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[{"internalType":"uint256","name":"index","type":"uint256"}],"name":"getEnabledAttester","outputs":[{"internalType":"address","name":"","type":"address"}],"stateMutability":"view","type":"function"},{"inputs":[],"name":"getNumEnabledAttesters","outputs":[{"internalType":"uint256","name":"","type":"uint256"}],"stateMutability":"view","type":"function"},{"inputs":[{"internalType":"address","name":"attester","type":"address"}],"name":"isEnabledAttester","outputs":[{"internalType":"bool","name":"","type":"bool"}],"stateMutability":"view","type":"function"},{"inputs":[],"name":"localDomain","outputs":[{"internalType":"uint32","name":"","type":"uint32"}],"stateMutability":"view","type":"function"},{"inputs":[],"name":"maxMessageBodySize","outputs":[{"internalType":"uint256","name":"","type":"uint256"}],"stateMutability":"view","type":"function"},{"inputs":[],"name":"nextAvailableNonce","outputs":[{"internalType":"uint64","name":"","type":"uint64"}],"stateMutability":"view","type":"function"},{"inputs":[],"name":"owner","outputs":[{"internalType":"address","name":"","type":"address"}],"stateMutability":"view","type":"function"},{"inputs":[],"name":"pause","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[],"name":"paused","outputs":[{"internalType":"bool","name":"","type":"bool"}],"stateMutability":"view","type":"function"},{"inputs":[],"name":"pauser","outputs":[{"internalType":"address","name":"","type":"address"}],"stateMutability":"view","type":"function"},{"inputs":[],"name":"pendingOwner","outputs":[{"internalType":"address","name":"","type":"address"}],"stateMutability":"view","type":"function"},{"inputs":[{"internalType":"bytes","name":"message","type":"bytes"},{"internalType":"bytes","name":"attestation","type":"bytes"}],"name":"receiveMessage","outputs":[{"internalType":"bool","name":"success","type":"bool"}],"stateMutability":"nonpayable","type":"function"},{"inputs":[{"internalType":"bytes","name":"originalMessage","type":"bytes"},{"internalType":"bytes","name":"originalAttestation","type":"bytes"},{"internalType":"bytes","name":"newMessageBody","type":"bytes"},{"internalType":"bytes32","name":"newDestinationCaller","type":"bytes32"}],"name":"replaceMessage","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[{"internalType":"contract IERC20","name":"tokenContract","type":"address"},{"internalType":"address","name":"to","type":"address"},{"internalType":"uint256","name":"amount","type":"uint256"}],"name":"rescueERC20","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[],"name":"rescuer","outputs":[{"internalType":"address","name":"","type":"address"}],"stateMutability":"view","type":"function"},{"inputs":[{"internalType":"uint32","name":"destinationDomain","type":"uint32"},{"internalType":"bytes32","name":"recipient","type":"bytes32"},{"internalType":"bytes","name":"messageBody","type":"bytes"}],"name":"sendMessage","outputs":[{"internalType":"uint64","name":"","type":"uint64"}],"stateMutability":"nonpayable","type":"function"},{"inputs":[{"internalType":"uint32","name":"destinationDomain","type":"uint32"},{"internalType":"bytes32","name":"recipient","type":"bytes32"},{"internalType":"bytes32","name":"destinationCaller","type":"bytes32"},{"internalType":"bytes","name":"messageBody","type":"bytes"}],"name":"sendMessageWithCaller","outputs":[{"internalType":"uint64","name":"","type":"uint64"}],"stateMutability":"nonpayable","type":"function"},{"inputs":[{"internalType":"uint256","name":"newMaxMessageBodySize","type":"uint256"}],"name":"setMaxMessageBodySize","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[{"internalType":"uint256","name":"newSignatureThreshold","type":"uint256"}],"name":"setSignatureThreshold","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[],"name":"signatureThreshold","outputs":[{"internalType":"uint256","name":"","type":"uint256"}],"stateMutability":"view","type":"function"},{"inputs":[{"internalType":"address","name":"newOwner","type":"address"}],"name":"transferOwnership","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[],"name":"unpause","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[{"internalType":"address","name":"newAttesterManager","type":"address"}],"name":"updateAttesterManager","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[{"internalType":"address","name":"_newPauser","type":"address"}],"name":"updatePauser","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[{"internalType":"address","name":"newRescuer","type":"address"}],"name":"updateRescuer","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[{"internalType":"bytes32","name":"","type":"bytes32"}],"name":"usedNonces","outputs":[{"internalType":"uint256","name":"","type":"uint256"}],"stateMutability":"view","type":"function"},{"inputs":[],"name":"version","outputs":[{"internalType":"uint32","name":"","type":"uint32"}],"stateMutability":"view","type":"function"}],"userDoc":{"events":{"AttesterDisabled(address)":{"notice":"Emitted when an attester is disabled"},"AttesterEnabled(address)":{"notice":"Emitted when an attester is enabled"},"MaxMessageBodySizeUpdated(uint256)":{"notice":"Emitted when max message body size is updated"},"MessageReceived(address,uint32,uint64,bytes32,bytes)":{"notice":"Emitted when a new message is received"},"MessageSent(bytes)":{"notice":"Emitted when a new message is dispatched"},"SignatureThresholdUpdated(uint256,uint256)":{"notice":"Emitted when threshold number of attestations (m in m/n multisig) is updated"}},"kind":"user","methods":{"disableAttester(address)":{"notice":"Disables an attester"},"enableAttester(address)":{"notice":"Enables an attester"},"getEnabledAttester(uint256)":{"notice":"gets enabled attester at given `index`"},"getNumEnabledAttesters()":{"notice":"returns the number of enabled attesters"},"isEnabledAttester(address)":{"notice":"returns true if given `attester` is enabled, else false"},"pauser()":{"notice":"Returns current pauser"},"receiveMessage(bytes,bytes)":{"notice":"Receive a message. Messages with a given nonce can only be broadcast once for a (sourceDomain, destinationDomain) pair. The message body of a valid message is passed to the specified recipient for further processing."},"replaceMessage(bytes,bytes,bytes,bytes32)":{"notice":"Replace a message with a new message body and/or destination caller."},"rescueERC20(address,address,uint256)":{"notice":"Rescue ERC20 tokens locked up in this contract."},"rescuer()":{"notice":"Returns current rescuer"},"sendMessage(uint32,bytes32,bytes)":{"notice":"Send the message to the destination domain and recipient"},"sendMessageWithCaller(uint32,bytes32,bytes32,bytes)":{"notice":"Send the message to the destination domain and recipient, for a specified `destinationCaller` on the destination domain."},"setMaxMessageBodySize(uint256)":{"notice":"Sets the max message body size"},"setSignatureThreshold(uint256)":{"notice":"Sets the threshold of signatures required to attest to a message. (This is the m in m/n multisig.)"},"updateRescuer(address)":{"notice":"Assign the rescuer role to a given address."}},"notice":"Contract responsible for sending and receiving messages across chains.","version":1},"developerDoc":{"events":{"MaxMessageBodySizeUpdated(uint256)":{"params":{"newMaxMessageBodySize":"new maximum message body size, in bytes"}},"MessageReceived(address,uint32,uint64,bytes32,bytes)":{"params":{"caller":"Caller (msg.sender) on destination domain","messageBody":"message body bytes","nonce":"The nonce unique to this message","sender":"The sender of this message","sourceDomain":"The source domain this message originated from"}},"MessageSent(bytes)":{"params":{"message":"Raw bytes of message"}}},"kind":"dev","methods":{"acceptOwnership()":{"details":"The new owner accepts the ownership transfer."},"attesterManager()":{"details":"Returns the address of the attester manager","returns":{"_0":"address of the attester manager"}},"disableAttester(address)":{"details":"Only callable by attesterManager. Disabling the attester is not allowed if there is only one attester enabled, or if it would cause the number of enabled attesters to become less than signatureThreshold. (Attester must be currently enabled.)","params":{"attester":"attester to disable"}},"enableAttester(address)":{"details":"Only callable by attesterManager. New attester must be nonzero, and currently disabled.","params":{"newAttester":"attester to enable"}},"getEnabledAttester(uint256)":{"params":{"index":"index of attester to check"},"returns":{"_0":"enabled attester at given `index`"}},"getNumEnabledAttesters()":{"returns":{"_0":"number of enabled attesters"}},"isEnabledAttester(address)":{"params":{"attester":"attester to check enabled status of"},"returns":{"_0":"true if given `attester` is enabled, else false"}},"owner()":{"details":"Returns the address of the current owner."},"pause()":{"details":"called by the owner to pause, triggers stopped state"},"pauser()":{"returns":{"_0":"Pauser's address"}},"pendingOwner()":{"details":"Returns the address of the pending owner."},"receiveMessage(bytes,bytes)":{"details":"Attestation format: A valid attestation is the concatenated 65-byte signature(s) of exactly `thresholdSignature` signatures, in increasing order of attester address. ***If the attester addresses recovered from signatures are not in increasing order, signature verification will fail.*** If incorrect number of signatures or duplicate signatures are supplied, signature verification will fail. Message format: Field Bytes Type Index version 4 uint32 0 sourceDomain 4 uint32 4 destinationDomain 4 uint32 8 nonce 8 uint64 12 sender 32 bytes32 20 recipient 32 bytes32 52 messageBody dynamic bytes 84","params":{"attestation":"Concatenated 65-byte signature(s) of `message`, in increasing order of the attester address recovered from signatures.","message":"Message bytes"},"returns":{"success":"bool, true if successful"}},"replaceMessage(bytes,bytes,bytes,bytes32)":{"details":"The `originalAttestation` must be a valid attestation of `originalMessage`. Reverts if msg.sender does not match sender of original message, or if the source domain of the original message does not match this MessageTransmitter's local domain.","params":{"newDestinationCaller":"the new destination caller, which may be the same as the original destination caller, a new destination caller, or an empty destination caller (bytes32(0), indicating that any destination caller is valid.)","newMessageBody":"new message body of replaced message","originalAttestation":"attestation of `originalMessage`","originalMessage":"original message to replace"}},"rescueERC20(address,address,uint256)":{"params":{"amount":"Amount to withdraw","to":"Recipient address","tokenContract":"ERC20 token contract address"}},"rescuer()":{"returns":{"_0":"Rescuer's address"}},"sendMessage(uint32,bytes32,bytes)":{"details":"Increment nonce, format the message, and emit `MessageSent` event with message information.","params":{"destinationDomain":"Domain of destination chain","messageBody":"Raw bytes content of message","recipient":"Address of message recipient on destination chain as bytes32"},"returns":{"_0":"nonce reserved by message"}},"sendMessageWithCaller(uint32,bytes32,bytes32,bytes)":{"details":"Increment nonce, format the message, and emit `MessageSent` event with message information. WARNING: if the `destinationCaller` does not represent a valid address, then it will not be possible to broadcast the message on the destination domain. This is an advanced feature, and the standard sendMessage() should be preferred for use cases where a specific destination caller is not required.","params":{"destinationCaller":"caller on the destination domain, as bytes32","destinationDomain":"Domain of destination chain","messageBody":"Raw bytes content of message","recipient":"Address of message recipient on destination domain as bytes32"},"returns":{"_0":"nonce reserved by message"}},"setMaxMessageBodySize(uint256)":{"details":"This value should not be reduced without good reason, to avoid impacting users who rely on large messages.","params":{"newMaxMessageBodySize":"new max message body size, in bytes"}},"setSignatureThreshold(uint256)":{"details":"new signature threshold must be nonzero, and must not exceed number of enabled attesters.","params":{"newSignatureThreshold":"new signature threshold"}},"transferOwnership(address)":{"details":"Starts the ownership transfer of the contract to a new account. Replaces the pending transfer if there is one. Can only be called by the current owner."},"unpause()":{"details":"called by the owner to unpause, returns to normal state"},"updateAttesterManager(address)":{"details":"Allows the current attester manager to transfer control of the contract to a newAttesterManager.","params":{"newAttesterManager":"The address to update attester manager to."}},"updatePauser(address)":{"details":"update the pauser role"},"updateRescuer(address)":{"params":{"newRescuer":"New rescuer's address"}}},"title":"MessageTransmitter","version":1},"metadata":"{\"compiler\":{\"version\":\"0.7.6+commit.7338295f\"},\"language\":\"Solidity\",\"output\":{\"abi\":[{\"inputs\":[{\"internalType\":\"uint32\",\"name\":\"_localDomain\",\"type\":\"uint32\"},{\"internalType\":\"address\",\"name\":\"_attester\",\"type\":\"address\"},{\"internalType\":\"uint32\",\"name\":\"_maxMessageBodySize\",\"type\":\"uint32\"},{\"internalType\":\"uint32\",\"name\":\"_version\",\"type\":\"uint32\"}],\"stateMutability\":\"nonpayable\",\"type\":\"constructor\"},{\"anonymous\":false,\"inputs\":[{\"indexed\":true,\"internalType\":\"address\",\"name\":\"attester\",\"type\":\"address\"}],\"name\":\"AttesterDisabled\",\"type\":\"event\"},{\"anonymous\":false,\"inputs\":[{\"indexed\":true,\"internalType\":\"address\",\"name\":\"attester\",\"type\":\"address\"}],\"name\":\"AttesterEnabled\",\"type\":\"event\"},{\"anonymous\":false,\"inputs\":[{\"indexed\":true,\"internalType\":\"address\",\"name\":\"previousAttesterManager\",\"type\":\"address\"},{\"indexed\":true,\"internalType\":\"address\",\"name\":\"newAttesterManager\",\"type\":\"address\"}],\"name\":\"AttesterManagerUpdated\",\"type\":\"event\"},{\"anonymous\":false,\"inputs\":[{\"indexed\":false,\"internalType\":\"uint256\",\"name\":\"newMaxMessageBodySize\",\"type\":\"uint256\"}],\"name\":\"MaxMessageBodySizeUpdated\",\"type\":\"event\"},{\"anonymous\":false,\"inputs\":[{\"indexed\":true,\"internalType\":\"address\",\"name\":\"caller\",\"type\":\"address\"},{\"indexed\":false,\"internalType\":\"uint32\",\"name\":\"sourceDomain\",\"type\":\"uint32\"},{\"indexed\":true,\"internalType\":\"uint64\",\"name\":\"nonce\",\"type\":\"uint64\"},{\"indexed\":false,\"internalType\":\"bytes32\",\"name\":\"sender\",\"type\":\"bytes32\"},{\"indexed\":false,\"internalType\":\"bytes\",\"name\":\"messageBody\",\"type\":\"bytes\"}],\"name\":\"MessageReceived\",\"type\":\"event\"},{\"anonymous\":false,\"inputs\":[{\"indexed\":false,\"internalType\":\"bytes\",\"name\":\"message\",\"type\":\"bytes\"}],\"name\":\"MessageSent\",\"type\":\"event\"},{\"anonymous\":false,\"inputs\":[{\"indexed\":true,\"internalType\":\"address\",\"name\":\"previousOwner\",\"type\":\"address\"},{\"indexed\":true,\"internalType\":\"address\",\"name\":\"newOwner\",\"type\":\"address\"}],\"name\":\"OwnershipTransferStarted\",\"type\":\"event\"},{\"anonymous\":false,\"inputs\":[{\"indexed\":true,\"internalType\":\"address\",\"name\":\"previousOwner\",\"type\":\"address\"},{\"indexed\":true,\"internalType\":\"address\",\"name\":\"newOwner\",\"type\":\"address\"}],\"name\":\"OwnershipTransferred\",\"type\":\"event\"},{\"anonymous\":false,\"inputs\":[],\"name\":\"Pause\",\"type\":\"event\"},{\"anonymous\":false,\"inputs\":[{\"indexed\":true,\"internalType\":\"address\",\"name\":\"newAddress\",\"type\":\"address\"}],\"name\":\"PauserChanged\",\"type\":\"event\"},{\"anonymous\":false,\"inputs\":[{\"indexed\":true,\"internalType\":\"address\",\"name\":\"newRescuer\",\"type\":\"address\"}],\"name\":\"RescuerChanged\",\"type\":\"event\"},{\"anonymous\":false,\"inputs\":[{\"indexed\":false,\"internalType\":\"uint256\",\"name\":\"oldSignatureThreshold\",\"type\":\"uint256\"},{\"indexed\":false,\"internalType\":\"uint256\",\"name\":\"newSignatureThreshold\",\"type\":\"uint256\"}],\"name\":\"SignatureThresholdUpdated\",\"type\":\"event\"},{\"anonymous\":false,\"inputs\":[],\"name\":\"Unpause\",\"type\":\"event\"},{\"inputs\":[],\"name\":\"acceptOwnership\",\"outputs\":[],\"stateMutability\":\"nonpayable\",\"type\":\"function\"},{\"inputs\":[],\"name\":\"attesterManager\",\"outputs\":[{\"internalType\":\"address\",\"name\":\"\",\"type\":\"address\"}],\"stateMutability\":\"view\",\"type\":\"function\"},{\"inputs\":[{\"internalType\":\"address\",\"name\":\"attester\",\"type\":\"address\"}],\"name\":\"disableAttester\",\"outputs\":[],\"stateMutability\":\"nonpayable\",\"type\":\"function\"},{\"inputs\":[{\"internalType\":\"address\",\"name\":\"newAttester\",\"type\":\"address\"}],\"name\":\"enableAttester\",\"outputs\":[],\"stateMutability\":\"nonpayable\",\"type\":\"function\"},{\"inputs\":[{\"internalType\":\"uint256\",\"name\":\"index\",\"type\":\"uint256\"}],\"name\":\"getEnabledAttester\",\"outputs\":[{\"internalType\":\"address\",\"name\":\"\",\"type\":\"address\"}],\"stateMutability\":\"view\",\"type\":\"function\"},{\"inputs\":[],\"name\":\"getNumEnabledAttesters\",\"outputs\":[{\"internalType\":\"uint256\",\"name\":\"\",\"type\":\"uint256\"}],\"stateMutability\":\"view\",\"type\":\"function\"},{\"inputs\":[{\"internalType\":\"address\",\"name\":\"attester\",\"type\":\"address\"}],\"name\":\"isEnabledAttester\",\"outputs\":[{\"internalType\":\"bool\",\"name\":\"\",\"type\":\"bool\"}],\"stateMutability\":\"view\",\"type\":\"function\"},{\"inputs\":[],\"name\":\"localDomain\",\"outputs\":[{\"internalType\":\"uint32\",\"name\":\"\",\"type\":\"uint32\"}],\"stateMutability\":\"view\",\"type\":\"function\"},{\"inputs\":[],\"name\":\"maxMessageBodySize\",\"outputs\":[{\"internalType\":\"uint256\",\"name\":\"\",\"type\":\"uint256\"}],\"stateMutability\":\"view\",\"type\":\"function\"},{\"inputs\":[],\"name\":\"nextAvailableNonce\",\"outputs\":[{\"internalType\":\"uint64\",\"name\":\"\",\"type\":\"uint64\"}],\"stateMutability\":\"view\",\"type\":\"function\"},{\"inputs\":[],\"name\":\"owner\",\"outputs\":[{\"internalType\":\"address\",\"name\":\"\",\"type\":\"address\"}],\"stateMutability\":\"view\",\"type\":\"function\"},{\"inputs\":[],\"name\":\"pause\",\"outputs\":[],\"stateMutability\":\"nonpayable\",\"type\":\"function\"},{\"inputs\":[],\"name\":\"paused\",\"outputs\":[{\"internalType\":\"bool\",\"name\":\"\",\"type\":\"bool\"}],\"stateMutability\":\"view\",\"type\":\"function\"},{\"inputs\":[],\"name\":\"pauser\",\"outputs\":[{\"internalType\":\"address\",\"name\":\"\",\"type\":\"address\"}],\"stateMutability\":\"view\",\"type\":\"function\"},{\"inputs\":[],\"name\":\"pendingOwner\",\"outputs\":[{\"internalType\":\"address\",\"name\":\"\",\"type\":\"address\"}],\"stateMutability\":\"view\",\"type\":\"function\"},{\"inputs\":[{\"internalType\":\"bytes\",\"name\":\"message\",\"type\":\"bytes\"},{\"internalType\":\"bytes\",\"name\":\"attestation\",\"type\":\"bytes\"}],\"name\":\"receiveMessage\",\"outputs\":[{\"internalType\":\"bool\",\"name\":\"success\",\"type\":\"bool\"}],\"stateMutability\":\"nonpayable\",\"type\":\"function\"},{\"inputs\":[{\"internalType\":\"bytes\",\"name\":\"originalMessage\",\"type\":\"bytes\"},{\"internalType\":\"bytes\",\"name\":\"originalAttestation\",\"type\":\"bytes\"},{\"internalType\":\"bytes\",\"name\":\"newMessageBody\",\"type\":\"bytes\"},{\"internalType\":\"bytes32\",\"name\":\"newDestinationCaller\",\"type\":\"bytes32\"}],\"name\":\"replaceMessage\",\"outputs\":[],\"stateMutability\":\"nonpayable\",\"type\":\"function\"},{\"inputs\":[{\"internalType\":\"contract IERC20\",\"name\":\"tokenContract\",\"type\":\"address\"},{\"internalType\":\"address\",\"name\":\"to\",\"type\":\"address\"},{\"internalType\":\"uint256\",\"name\":\"amount\",\"type\":\"uint256\"}],\"name\":\"rescueERC20\",\"outputs\":[],\"stateMutability\":\"nonpayable\",\"type\":\"function\"},{\"inputs\":[],\"name\":\"rescuer\",\"outputs\":[{\"internalType\":\"address\",\"name\":\"\",\"type\":\"address\"}],\"stateMutability\":\"view\",\"type\":\"function\"},{\"inputs\":[{\"internalType\":\"uint32\",\"name\":\"destinationDomain\",\"type\":\"uint32\"},{\"internalType\":\"bytes32\",\"name\":\"recipient\",\"type\":\"bytes32\"},{\"internalType\":\"bytes\",\"name\":\"messageBody\",\"type\":\"bytes\"}],\"name\":\"sendMessage\",\"outputs\":[{\"internalType\":\"uint64\",\"name\":\"\",\"type\":\"uint64\"}],\"stateMutability\":\"nonpayable\",\"type\":\"function\"},{\"inputs\":[{\"internalType\":\"uint32\",\"name\":\"destinationDomain\",\"type\":\"uint32\"},{\"internalType\":\"bytes32\",\"name\":\"recipient\",\"type\":\"bytes32\"},{\"internalType\":\"bytes32\",\"name\":\"destinationCaller\",\"type\":\"bytes32\"},{\"internalType\":\"bytes\",\"name\":\"messageBody\",\"type\":\"bytes\"}],\"name\":\"sendMessageWithCaller\",\"outputs\":[{\"internalType\":\"uint64\",\"name\":\"\",\"type\":\"uint64\"}],\"stateMutability\":\"nonpayable\",\"type\":\"function\"},{\"inputs\":[{\"internalType\":\"uint256\",\"name\":\"newMaxMessageBodySize\",\"type\":\"uint256\"}],\"name\":\"setMaxMessageBodySize\",\"outputs\":[],\"stateMutability\":\"nonpayable\",\"type\":\"function\"},{\"inputs\":[{\"internalType\":\"uint256\",\"name\":\"newSignatureThreshold\",\"type\":\"uint256\"}],\"name\":\"setSignatureThreshold\",\"outputs\":[],\"stateMutability\":\"nonpayable\",\"type\":\"function\"},{\"inputs\":[],\"name\":\"signatureThreshold\",\"outputs\":[{\"internalType\":\"uint256\",\"name\":\"\",\"type\":\"uint256\"}],\"stateMutability\":\"view\",\"type\":\"function\"},{\"inputs\":[{\"internalType\":\"address\",\"name\":\"newOwner\",\"type\":\"address\"}],\"name\":\"transferOwnership\",\"outputs\":[],\"stateMutability\":\"nonpayable\",\"type\":\"function\"},{\"inputs\":[],\"name\":\"unpause\",\"outputs\":[],\"stateMutability\":\"nonpayable\",\"type\":\"function\"},{\"inputs\":[{\"internalType\":\"address\",\"name\":\"newAttesterManager\",\"type\":\"address\"}],\"name\":\"updateAttesterManager\",\"outputs\":[],\"stateMutability\":\"nonpayable\",\"type\":\"function\"},{\"inputs\":[{\"internalType\":\"address\",\"name\":\"_newPauser\",\"type\":\"address\"}],\"name\":\"updatePauser\",\"outputs\":[],\"stateMutability\":\"nonpayable\",\"type\":\"function\"},{\"inputs\":[{\"internalType\":\"address\",\"name\":\"newRescuer\",\"type\":\"address\"}],\"name\":\"updateRescuer\",\"outputs\":[],\"stateMutability\":\"nonpayable\",\"type\":\"function\"},{\"inputs\":[{\"internalType\":\"bytes32\",\"name\":\"\",\"type\":\"bytes32\"}],\"name\":\"usedNonces\",\"outputs\":[{\"internalType\":\"uint256\",\"name\":\"\",\"type\":\"uint256\"}],\"stateMutability\":\"view\",\"type\":\"function\"},{\"inputs\":[],\"name\":\"version\",\"outputs\":[{\"internalType\":\"uint32\",\"name\":\"\",\"type\":\"uint32\"}],\"stateMutability\":\"view\",\"type\":\"function\"}],\"devdoc\":{\"events\":{\"MaxMessageBodySizeUpdated(uint256)\":{\"params\":{\"newMaxMessageBodySize\":\"new maximum message body size, in bytes\"}},\"MessageReceived(address,uint32,uint64,bytes32,bytes)\":{\"params\":{\"caller\":\"Caller (msg.sender) on destination domain\",\"messageBody\":\"message body bytes\",\"nonce\":\"The nonce unique to this message\",\"sender\":\"The sender of this message\",\"sourceDomain\":\"The source domain this message originated from\"}},\"MessageSent(bytes)\":{\"params\":{\"message\":\"Raw bytes of message\"}}},\"kind\":\"dev\",\"methods\":{\"acceptOwnership()\":{\"details\":\"The new owner accepts the ownership transfer.\"},\"attesterManager()\":{\"details\":\"Returns the address of the attester manager\",\"returns\":{\"_0\":\"address of the attester manager\"}},\"disableAttester(address)\":{\"details\":\"Only callable by attesterManager. Disabling the attester is not allowed if there is only one attester enabled, or if it would cause the number of enabled attesters to become less than signatureThreshold. (Attester must be currently enabled.)\",\"params\":{\"attester\":\"attester to disable\"}},\"enableAttester(address)\":{\"details\":\"Only callable by attesterManager. New attester must be nonzero, and currently disabled.\",\"params\":{\"newAttester\":\"attester to enable\"}},\"getEnabledAttester(uint256)\":{\"params\":{\"index\":\"index of attester to check\"},\"returns\":{\"_0\":\"enabled attester at given `index`\"}},\"getNumEnabledAttesters()\":{\"returns\":{\"_0\":\"number of enabled attesters\"}},\"isEnabledAttester(address)\":{\"params\":{\"attester\":\"attester to check enabled status of\"},\"returns\":{\"_0\":\"true if given `attester` is enabled, else false\"}},\"owner()\":{\"details\":\"Returns the address of the current owner.\"},\"pause()\":{\"details\":\"called by the owner to pause, triggers stopped state\"},\"pauser()\":{\"returns\":{\"_0\":\"Pauser's address\"}},\"pendingOwner()\":{\"details\":\"Returns the address of the pending owner.\"},\"receiveMessage(bytes,bytes)\":{\"details\":\"Attestation format: A valid attestation is the concatenated 65-byte signature(s) of exactly `thresholdSignature` signatures, in increasing order of attester address. ***If the attester addresses recovered from signatures are not in increasing order, signature verification will fail.*** If incorrect number of signatures or duplicate signatures are supplied, signature verification will fail. Message format: Field Bytes Type Index version 4 uint32 0 sourceDomain 4 uint32 4 destinationDomain 4 uint32 8 nonce 8 uint64 12 sender 32 bytes32 20 recipient 32 bytes32 52 messageBody dynamic bytes 84\",\"params\":{\"attestation\":\"Concatenated 65-byte signature(s) of `message`, in increasing order of the attester address recovered from signatures.\",\"message\":\"Message bytes\"},\"returns\":{\"success\":\"bool, true if successful\"}},\"replaceMessage(bytes,bytes,bytes,bytes32)\":{\"details\":\"The `originalAttestation` must be a valid attestation of `originalMessage`. Reverts if msg.sender does not match sender of original message, or if the source domain of the original message does not match this MessageTransmitter's local domain.\",\"params\":{\"newDestinationCaller\":\"the new destination caller, which may be the same as the original destination caller, a new destination caller, or an empty destination caller (bytes32(0), indicating that any destination caller is valid.)\",\"newMessageBody\":\"new message body of replaced message\",\"originalAttestation\":\"attestation of `originalMessage`\",\"originalMessage\":\"original message to replace\"}},\"rescueERC20(address,address,uint256)\":{\"params\":{\"amount\":\"Amount to withdraw\",\"to\":\"Recipient address\",\"tokenContract\":\"ERC20 token contract address\"}},\"rescuer()\":{\"returns\":{\"_0\":\"Rescuer's address\"}},\"sendMessage(uint32,bytes32,bytes)\":{\"details\":\"Increment nonce, format the message, and emit `MessageSent` event with message information.\",\"params\":{\"destinationDomain\":\"Domain of destination chain\",\"messageBody\":\"Raw bytes content of message\",\"recipient\":\"Address of message recipient on destination chain as bytes32\"},\"returns\":{\"_0\":\"nonce reserved by message\"}},\"sendMessageWithCaller(uint32,bytes32,bytes32,bytes)\":{\"details\":\"Increment nonce, format the message, and emit `MessageSent` event with message information. WARNING: if the `destinationCaller` does not represent a valid address, then it will not be possible to broadcast the message on the destination domain. This is an advanced feature, and the standard sendMessage() should be preferred for use cases where a specific destination caller is not required.\",\"params\":{\"destinationCaller\":\"caller on the destination domain, as bytes32\",\"destinationDomain\":\"Domain of destination chain\",\"messageBody\":\"Raw bytes content of message\",\"recipient\":\"Address of message recipient on destination domain as bytes32\"},\"returns\":{\"_0\":\"nonce reserved by message\"}},\"setMaxMessageBodySize(uint256)\":{\"details\":\"This value should not be reduced without good reason, to avoid impacting users who rely on large messages.\",\"params\":{\"newMaxMessageBodySize\":\"new max message body size, in bytes\"}},\"setSignatureThreshold(uint256)\":{\"details\":\"new signature threshold must be nonzero, and must not exceed number of enabled attesters.\",\"params\":{\"newSignatureThreshold\":\"new signature threshold\"}},\"transferOwnership(address)\":{\"details\":\"Starts the ownership transfer of the contract to a new account. Replaces the pending transfer if there is one. Can only be called by the current owner.\"},\"unpause()\":{\"details\":\"called by the owner to unpause, returns to normal state\"},\"updateAttesterManager(address)\":{\"details\":\"Allows the current attester manager to transfer control of the contract to a newAttesterManager.\",\"params\":{\"newAttesterManager\":\"The address to update attester manager to.\"}},\"updatePauser(address)\":{\"details\":\"update the pauser role\"},\"updateRescuer(address)\":{\"params\":{\"newRescuer\":\"New rescuer's address\"}}},\"title\":\"MessageTransmitter\",\"version\":1},\"userdoc\":{\"events\":{\"AttesterDisabled(address)\":{\"notice\":\"Emitted when an attester is disabled\"},\"AttesterEnabled(address)\":{\"notice\":\"Emitted when an attester is enabled\"},\"MaxMessageBodySizeUpdated(uint256)\":{\"notice\":\"Emitted when max message body size is updated\"},\"MessageReceived(address,uint32,uint64,bytes32,bytes)\":{\"notice\":\"Emitted when a new message is received\"},\"MessageSent(bytes)\":{\"notice\":\"Emitted when a new message is dispatched\"},\"SignatureThresholdUpdated(uint256,uint256)\":{\"notice\":\"Emitted when threshold number of attestations (m in m/n multisig) is updated\"}},\"kind\":\"user\",\"methods\":{\"disableAttester(address)\":{\"notice\":\"Disables an attester\"},\"enableAttester(address)\":{\"notice\":\"Enables an attester\"},\"getEnabledAttester(uint256)\":{\"notice\":\"gets enabled attester at given `index`\"},\"getNumEnabledAttesters()\":{\"notice\":\"returns the number of enabled attesters\"},\"isEnabledAttester(address)\":{\"notice\":\"returns true if given `attester` is enabled, else false\"},\"pauser()\":{\"notice\":\"Returns current pauser\"},\"receiveMessage(bytes,bytes)\":{\"notice\":\"Receive a message. Messages with a given nonce can only be broadcast once for a (sourceDomain, destinationDomain) pair. The message body of a valid message is passed to the specified recipient for further processing.\"},\"replaceMessage(bytes,bytes,bytes,bytes32)\":{\"notice\":\"Replace a message with a new message body and/or destination caller.\"},\"rescueERC20(address,address,uint256)\":{\"notice\":\"Rescue ERC20 tokens locked up in this contract.\"},\"rescuer()\":{\"notice\":\"Returns current rescuer\"},\"sendMessage(uint32,bytes32,bytes)\":{\"notice\":\"Send the message to the destination domain and recipient\"},\"sendMessageWithCaller(uint32,bytes32,bytes32,bytes)\":{\"notice\":\"Send the message to the destination domain and recipient, for a specified `destinationCaller` on the destination domain.\"},\"setMaxMessageBodySize(uint256)\":{\"notice\":\"Sets the max message body size\"},\"setSignatureThreshold(uint256)\":{\"notice\":\"Sets the threshold of signatures required to attest to a message. (This is the m in m/n multisig.)\"},\"updateRescuer(address)\":{\"notice\":\"Assign the rescuer role to a given address.\"}},\"notice\":\"Contract responsible for sending and receiving messages across chains.\",\"version\":1}},\"settings\":{\"compilationTarget\":{\"/solidity/MessageTransmitter.sol\":\"MessageTransmitter\"},\"evmVersion\":\"istanbul\",\"libraries\":{},\"metadata\":{\"bytecodeHash\":\"ipfs\"},\"optimizer\":{\"enabled\":true,\"runs\":10000},\"remappings\":[]},\"sources\":{\"/solidity/MessageTransmitter.sol\":{\"keccak256\":\"0x66482a7675b7a8f1b856597c0bcce83a042b7f528008def6999bc6ac352490c3\",\"urls\":[\"bzz-raw://1ac50e39d1d55ebb3768c40e3a059e0061a4b3604e6d696b344536449bf54493\",\"dweb:/ipfs/QmVs58APPUCVq74xCsVLCMdfB18yJTqFzgXNL5qEJu7GY6\"]}},\"version\":1}"},"hashes":{"acceptOwnership()":"79ba5097","attesterManager()":"9b0d94b7","disableAttester(address)":"2d025080","enableAttester(address)":"fae36879","getEnabledAttester(uint256)":"beb673d8","getNumEnabledAttesters()":"51079a53","isEnabledAttester(address)":"7af82f60","localDomain()":"8d3638f4","maxMessageBodySize()":"af47b9bb","nextAvailableNonce()":"8371744e","owner()":"8da5cb5b","pause()":"8456cb59","paused()":"5c975abb","pauser()":"9fd0506d","pendingOwner()":"e30c3978","receiveMessage(bytes,bytes)":"57ecfd28","replaceMessage(bytes,bytes,bytes,bytes32)":"b857b774","rescueERC20(address,address,uint256)":"b2118a8d","rescuer()":"38a63183","sendMessage(uint32,bytes32,bytes)":"0ba469bc","sendMessageWithCaller(uint32,bytes32,bytes32,bytes)":"f7259a75","setMaxMessageBodySize(uint256)":"92492c68","setSignatureThreshold(uint256)":"bbde5374","signatureThreshold()":"a82f2e26","transferOwnership(address)":"f2fde38b","unpause()":"3f4ba83a","updateAttesterManager(address)":"de7769d4","updatePauser(address)":"554bab3c","updateRescuer(address)":"2ab60045","usedNonces(bytes32)":"feb61724","version()":"54fd4d50"}},"/solidity/MessageTransmitter.sol:Ownable":{"code":"0x","runtime-code":"0x","info":{"source":"/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npragma solidity 0.7.6;\n\n/*\nThe MIT License (MIT)\n\nCopyright (c) 2016 Smart Contract Solutions, Inc.\n\nPermission is hereby granted, free of charge, to any person obtaining\na copy of this software and associated documentation files (the\n\"Software\"), to deal in the Software without restriction, including\nwithout limitation the rights to use, copy, modify, merge, publish,\ndistribute, sublicense, and/or sell copies of the Software, and to\npermit persons to whom the Software is furnished to do so, subject to\nthe following conditions:\n\nThe above copyright notice and this permission notice shall be included\nin all copies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS\nOR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF\nMERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.\nIN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY\nCLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,\nTORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE\nSOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n*/\n\nlibrary TypedMemView {\n using SafeMath for uint256;\n\n // Why does this exist?\n // the solidity `bytes memory` type has a few weaknesses.\n // 1. You can't index ranges effectively\n // 2. You can't slice without copying\n // 3. The underlying data may represent any type\n // 4. Solidity never deallocates memory, and memory costs grow\n // superlinearly\n\n // By using a memory view instead of a `bytes memory` we get the following\n // advantages:\n // 1. Slices are done on the stack, by manipulating the pointer\n // 2. We can index arbitrary ranges and quickly convert them to stack types\n // 3. We can insert type info into the pointer, and typecheck at runtime\n\n // This makes `TypedMemView` a useful tool for efficient zero-copy\n // algorithms.\n\n // Why bytes29?\n // We want to avoid confusion between views, digests, and other common\n // types so we chose a large and uncommonly used odd number of bytes\n //\n // Note that while bytes are left-aligned in a word, integers and addresses\n // are right-aligned. This means when working in assembly we have to\n // account for the 3 unused bytes on the righthand side\n //\n // First 5 bytes are a type flag.\n // - ff_ffff_fffe is reserved for unknown type.\n // - ff_ffff_ffff is reserved for invalid types/errors.\n // next 12 are memory address\n // next 12 are len\n // bottom 3 bytes are empty\n\n // Assumptions:\n // - non-modification of memory.\n // - No Solidity updates\n // - - wrt free mem point\n // - - wrt bytes representation in memory\n // - - wrt memory addressing in general\n\n // Usage:\n // - create type constants\n // - use `assertType` for runtime type assertions\n // - - unfortunately we can't do this at compile time yet :(\n // - recommended: implement modifiers that perform type checking\n // - - e.g.\n // - - `uint40 constant MY_TYPE = 3;`\n // - - ` modifer onlyMyType(bytes29 myView) { myView.assertType(MY_TYPE); }`\n // - instantiate a typed view from a bytearray using `ref`\n // - use `index` to inspect the contents of the view\n // - use `slice` to create smaller views into the same memory\n // - - `slice` can increase the offset\n // - - `slice can decrease the length`\n // - - must specify the output type of `slice`\n // - - `slice` will return a null view if you try to overrun\n // - - make sure to explicitly check for this with `notNull` or `assertType`\n // - use `equal` for typed comparisons.\n\n // The null view\n bytes29 public constant NULL = hex\"ffffffffffffffffffffffffffffffffffffffffffffffffffffffffff\";\n uint256 constant LOW_12_MASK = 0xffffffffffffffffffffffff;\n uint8 constant TWELVE_BYTES = 96;\n\n /**\n * @notice Returns the encoded hex character that represents the lower 4 bits of the argument.\n * @param _b The byte\n * @return char - The encoded hex character\n */\n function nibbleHex(uint8 _b) internal pure returns (uint8 char) {\n // This can probably be done more efficiently, but it's only in error\n // paths, so we don't really care :)\n uint8 _nibble = _b | 0xf0; // set top 4, keep bottom 4\n if (_nibble == 0xf0) {return 0x30;} // 0\n if (_nibble == 0xf1) {return 0x31;} // 1\n if (_nibble == 0xf2) {return 0x32;} // 2\n if (_nibble == 0xf3) {return 0x33;} // 3\n if (_nibble == 0xf4) {return 0x34;} // 4\n if (_nibble == 0xf5) {return 0x35;} // 5\n if (_nibble == 0xf6) {return 0x36;} // 6\n if (_nibble == 0xf7) {return 0x37;} // 7\n if (_nibble == 0xf8) {return 0x38;} // 8\n if (_nibble == 0xf9) {return 0x39;} // 9\n if (_nibble == 0xfa) {return 0x61;} // a\n if (_nibble == 0xfb) {return 0x62;} // b\n if (_nibble == 0xfc) {return 0x63;} // c\n if (_nibble == 0xfd) {return 0x64;} // d\n if (_nibble == 0xfe) {return 0x65;} // e\n if (_nibble == 0xff) {return 0x66;} // f\n }\n\n /**\n * @notice Returns a uint16 containing the hex-encoded byte.\n * @param _b The byte\n * @return encoded - The hex-encoded byte\n */\n function byteHex(uint8 _b) internal pure returns (uint16 encoded) {\n encoded |= nibbleHex(_b \u003e\u003e 4); // top 4 bits\n encoded \u003c\u003c= 8;\n encoded |= nibbleHex(_b); // lower 4 bits\n }\n\n /**\n * @notice Encodes the uint256 to hex. `first` contains the encoded top 16 bytes.\n * `second` contains the encoded lower 16 bytes.\n *\n * @param _b The 32 bytes as uint256\n * @return first - The top 16 bytes\n * @return second - The bottom 16 bytes\n */\n function encodeHex(uint256 _b) internal pure returns (uint256 first, uint256 second) {\n for (uint8 i = 31; i \u003e 15; i -= 1) {\n uint8 _byte = uint8(_b \u003e\u003e (i * 8));\n first |= byteHex(_byte);\n if (i != 16) {\n first \u003c\u003c= 16;\n }\n }\n\n // abusing underflow here =_=\n for (uint8 i = 15; i \u003c 255 ; i -= 1) {\n uint8 _byte = uint8(_b \u003e\u003e (i * 8));\n second |= byteHex(_byte);\n if (i != 0) {\n second \u003c\u003c= 16;\n }\n }\n }\n\n /**\n * @notice Changes the endianness of a uint256.\n * @dev https://graphics.stanford.edu/~seander/bithacks.html#ReverseParallel\n * @param _b The unsigned integer to reverse\n * @return v - The reversed value\n */\n function reverseUint256(uint256 _b) internal pure returns (uint256 v) {\n v = _b;\n\n // swap bytes\n v = ((v \u003e\u003e 8) \u0026 0x00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF) |\n ((v \u0026 0x00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF) \u003c\u003c 8);\n // swap 2-byte long pairs\n v = ((v \u003e\u003e 16) \u0026 0x0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF) |\n ((v \u0026 0x0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF) \u003c\u003c 16);\n // swap 4-byte long pairs\n v = ((v \u003e\u003e 32) \u0026 0x00000000FFFFFFFF00000000FFFFFFFF00000000FFFFFFFF00000000FFFFFFFF) |\n ((v \u0026 0x00000000FFFFFFFF00000000FFFFFFFF00000000FFFFFFFF00000000FFFFFFFF) \u003c\u003c 32);\n // swap 8-byte long pairs\n v = ((v \u003e\u003e 64) \u0026 0x0000000000000000FFFFFFFFFFFFFFFF0000000000000000FFFFFFFFFFFFFFFF) |\n ((v \u0026 0x0000000000000000FFFFFFFFFFFFFFFF0000000000000000FFFFFFFFFFFFFFFF) \u003c\u003c 64);\n // swap 16-byte long pairs\n v = (v \u003e\u003e 128) | (v \u003c\u003c 128);\n }\n\n /**\n * @notice Create a mask with the highest `_len` bits set.\n * @param _len The length\n * @return mask - The mask\n */\n function leftMask(uint8 _len) private pure returns (uint256 mask) {\n // ugly. redo without assembly?\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n mask := sar(\n sub(_len, 1),\n 0x8000000000000000000000000000000000000000000000000000000000000000\n )\n }\n }\n\n /**\n * @notice Return the null view.\n * @return bytes29 - The null view\n */\n function nullView() internal pure returns (bytes29) {\n return NULL;\n }\n\n /**\n * @notice Check if the view is null.\n * @return bool - True if the view is null\n */\n function isNull(bytes29 memView) internal pure returns (bool) {\n return memView == NULL;\n }\n\n /**\n * @notice Check if the view is not null.\n * @return bool - True if the view is not null\n */\n function notNull(bytes29 memView) internal pure returns (bool) {\n return !isNull(memView);\n }\n\n /**\n * @notice Check if the view is of a valid type and points to a valid location\n * in memory.\n * @dev We perform this check by examining solidity's unallocated memory\n * pointer and ensuring that the view's upper bound is less than that.\n * @param memView The view\n * @return ret - True if the view is valid\n */\n function isValid(bytes29 memView) internal pure returns (bool ret) {\n if (typeOf(memView) == 0xffffffffff) {return false;}\n uint256 _end = end(memView);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n ret := not(gt(_end, mload(0x40)))\n }\n }\n\n /**\n * @notice Require that a typed memory view be valid.\n * @dev Returns the view for easy chaining.\n * @param memView The view\n * @return bytes29 - The validated view\n */\n function assertValid(bytes29 memView) internal pure returns (bytes29) {\n require(isValid(memView), \"Validity assertion failed\");\n return memView;\n }\n\n /**\n * @notice Return true if the memview is of the expected type. Otherwise false.\n * @param memView The view\n * @param _expected The expected type\n * @return bool - True if the memview is of the expected type\n */\n function isType(bytes29 memView, uint40 _expected) internal pure returns (bool) {\n return typeOf(memView) == _expected;\n }\n\n /**\n * @notice Require that a typed memory view has a specific type.\n * @dev Returns the view for easy chaining.\n * @param memView The view\n * @param _expected The expected type\n * @return bytes29 - The view with validated type\n */\n function assertType(bytes29 memView, uint40 _expected) internal pure returns (bytes29) {\n if (!isType(memView, _expected)) {\n (, uint256 g) = encodeHex(uint256(typeOf(memView)));\n (, uint256 e) = encodeHex(uint256(_expected));\n string memory err = string(\n abi.encodePacked(\n \"Type assertion failed. Got 0x\",\n uint80(g),\n \". Expected 0x\",\n uint80(e)\n )\n );\n revert(err);\n }\n return memView;\n }\n\n /**\n * @notice Return an identical view with a different type.\n * @param memView The view\n * @param _newType The new type\n * @return newView - The new view with the specified type\n */\n function castTo(bytes29 memView, uint40 _newType) internal pure returns (bytes29 newView) {\n // then | in the new type\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n // shift off the top 5 bytes\n newView := or(newView, shr(40, shl(40, memView)))\n newView := or(newView, shl(216, _newType))\n }\n }\n\n /**\n * @notice Unsafe raw pointer construction. This should generally not be called\n * directly. Prefer `ref` wherever possible.\n * @dev Unsafe raw pointer construction. This should generally not be called\n * directly. Prefer `ref` wherever possible.\n * @param _type The type\n * @param _loc The memory address\n * @param _len The length\n * @return newView - The new view with the specified type, location and length\n */\n function unsafeBuildUnchecked(uint256 _type, uint256 _loc, uint256 _len) private pure returns (bytes29 newView) {\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n newView := shl(96, or(newView, _type)) // insert type\n newView := shl(96, or(newView, _loc)) // insert loc\n newView := shl(24, or(newView, _len)) // empty bottom 3 bytes\n }\n }\n\n /**\n * @notice Instantiate a new memory view. This should generally not be called\n * directly. Prefer `ref` wherever possible.\n * @dev Instantiate a new memory view. This should generally not be called\n * directly. Prefer `ref` wherever possible.\n * @param _type The type\n * @param _loc The memory address\n * @param _len The length\n * @return newView - The new view with the specified type, location and length\n */\n function build(uint256 _type, uint256 _loc, uint256 _len) internal pure returns (bytes29 newView) {\n uint256 _end = _loc.add(_len);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n if gt(_end, mload(0x40)) {\n _end := 0\n }\n }\n if (_end == 0) {\n return NULL;\n }\n newView = unsafeBuildUnchecked(_type, _loc, _len);\n }\n\n /**\n * @notice Instantiate a memory view from a byte array.\n * @dev Note that due to Solidity memory representation, it is not possible to\n * implement a deref, as the `bytes` type stores its len in memory.\n * @param arr The byte array\n * @param newType The type\n * @return bytes29 - The memory view\n */\n function ref(bytes memory arr, uint40 newType) internal pure returns (bytes29) {\n uint256 _len = arr.length;\n\n uint256 _loc;\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n _loc := add(arr, 0x20) // our view is of the data, not the struct\n }\n\n return build(newType, _loc, _len);\n }\n\n /**\n * @notice Return the associated type information.\n * @param memView The memory view\n * @return _type - The type associated with the view\n */\n function typeOf(bytes29 memView) internal pure returns (uint40 _type) {\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n // 216 == 256 - 40\n _type := shr(216, memView) // shift out lower 24 bytes\n }\n }\n\n /**\n * @notice Optimized type comparison. Checks that the 5-byte type flag is equal.\n * @param left The first view\n * @param right The second view\n * @return bool - True if the 5-byte type flag is equal\n */\n function sameType(bytes29 left, bytes29 right) internal pure returns (bool) {\n return (left ^ right) \u003e\u003e (2 * TWELVE_BYTES) == 0;\n }\n\n /**\n * @notice Return the memory address of the underlying bytes.\n * @param memView The view\n * @return _loc - The memory address\n */\n function loc(bytes29 memView) internal pure returns (uint96 _loc) {\n uint256 _mask = LOW_12_MASK; // assembly can't use globals\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n // 120 bits = 12 bytes (the encoded loc) + 3 bytes (empty low space)\n _loc := and(shr(120, memView), _mask)\n }\n }\n\n /**\n * @notice The number of memory words this memory view occupies, rounded up.\n * @param memView The view\n * @return uint256 - The number of memory words\n */\n function words(bytes29 memView) internal pure returns (uint256) {\n return uint256(len(memView)).add(32) / 32;\n }\n\n /**\n * @notice The in-memory footprint of a fresh copy of the view.\n * @param memView The view\n * @return uint256 - The in-memory footprint of a fresh copy of the view.\n */\n function footprint(bytes29 memView) internal pure returns (uint256) {\n return words(memView) * 32;\n }\n\n /**\n * @notice The number of bytes of the view.\n * @param memView The view\n * @return _len - The length of the view\n */\n function len(bytes29 memView) internal pure returns (uint96 _len) {\n uint256 _mask = LOW_12_MASK; // assembly can't use globals\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n _len := and(shr(24, memView), _mask)\n }\n }\n\n /**\n * @notice Returns the endpoint of `memView`.\n * @param memView The view\n * @return uint256 - The endpoint of `memView`\n */\n function end(bytes29 memView) internal pure returns (uint256) {\n return loc(memView) + len(memView);\n }\n\n /**\n * @notice Safe slicing without memory modification.\n * @param memView The view\n * @param _index The start index\n * @param _len The length\n * @param newType The new type\n * @return bytes29 - The new view\n */\n function slice(bytes29 memView, uint256 _index, uint256 _len, uint40 newType) internal pure returns (bytes29) {\n uint256 _loc = loc(memView);\n\n // Ensure it doesn't overrun the view\n if (_loc.add(_index).add(_len) \u003e end(memView)) {\n return NULL;\n }\n\n _loc = _loc.add(_index);\n return build(newType, _loc, _len);\n }\n\n /**\n * @notice Shortcut to `slice`. Gets a view representing the first `_len` bytes.\n * @param memView The view\n * @param _len The length\n * @param newType The new type\n * @return bytes29 - The new view\n */\n function prefix(bytes29 memView, uint256 _len, uint40 newType) internal pure returns (bytes29) {\n return slice(memView, 0, _len, newType);\n }\n\n /**\n * @notice Shortcut to `slice`. Gets a view representing the last `_len` byte.\n * @param memView The view\n * @param _len The length\n * @param newType The new type\n * @return bytes29 - The new view\n */\n function postfix(bytes29 memView, uint256 _len, uint40 newType) internal pure returns (bytes29) {\n return slice(memView, uint256(len(memView)).sub(_len), _len, newType);\n }\n\n /**\n * @notice Construct an error message for an indexing overrun.\n * @param _loc The memory address\n * @param _len The length\n * @param _index The index\n * @param _slice The slice where the overrun occurred\n * @return err - The err\n */\n function indexErrOverrun(\n uint256 _loc,\n uint256 _len,\n uint256 _index,\n uint256 _slice\n ) internal pure returns (string memory err) {\n (, uint256 a) = encodeHex(_loc);\n (, uint256 b) = encodeHex(_len);\n (, uint256 c) = encodeHex(_index);\n (, uint256 d) = encodeHex(_slice);\n err = string(\n abi.encodePacked(\n \"TypedMemView/index - Overran the view. Slice is at 0x\",\n uint48(a),\n \" with length 0x\",\n uint48(b),\n \". Attempted to index at offset 0x\",\n uint48(c),\n \" with length 0x\",\n uint48(d),\n \".\"\n )\n );\n }\n\n /**\n * @notice Load up to 32 bytes from the view onto the stack.\n * @dev Returns a bytes32 with only the `_bytes` highest bytes set.\n * This can be immediately cast to a smaller fixed-length byte array.\n * To automatically cast to an integer, use `indexUint`.\n * @param memView The view\n * @param _index The index\n * @param _bytes The bytes\n * @return result - The 32 byte result\n */\n function index(bytes29 memView, uint256 _index, uint8 _bytes) internal pure returns (bytes32 result) {\n if (_bytes == 0) {return bytes32(0);}\n if (_index.add(_bytes) \u003e len(memView)) {\n revert(indexErrOverrun(loc(memView), len(memView), _index, uint256(_bytes)));\n }\n require(_bytes \u003c= 32, \"TypedMemView/index - Attempted to index more than 32 bytes\");\n\n uint8 bitLength = _bytes * 8;\n uint256 _loc = loc(memView);\n uint256 _mask = leftMask(bitLength);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n result := and(mload(add(_loc, _index)), _mask)\n }\n }\n\n /**\n * @notice Parse an unsigned integer from the view at `_index`.\n * @dev Requires that the view have \u003e= `_bytes` bytes following that index.\n * @param memView The view\n * @param _index The index\n * @param _bytes The bytes\n * @return result - The unsigned integer\n */\n function indexUint(bytes29 memView, uint256 _index, uint8 _bytes) internal pure returns (uint256 result) {\n return uint256(index(memView, _index, _bytes)) \u003e\u003e ((32 - _bytes) * 8);\n }\n\n /**\n * @notice Parse an unsigned integer from LE bytes.\n * @param memView The view\n * @param _index The index\n * @param _bytes The bytes\n * @return result - The unsigned integer\n */\n function indexLEUint(bytes29 memView, uint256 _index, uint8 _bytes) internal pure returns (uint256 result) {\n return reverseUint256(uint256(index(memView, _index, _bytes)));\n }\n\n /**\n * @notice Parse an address from the view at `_index`. Requires that the view have \u003e= 20 bytes\n * following that index.\n * @param memView The view\n * @param _index The index\n * @return address - The address\n */\n function indexAddress(bytes29 memView, uint256 _index) internal pure returns (address) {\n return address(uint160(indexUint(memView, _index, 20)));\n }\n\n /**\n * @notice Return the keccak256 hash of the underlying memory\n * @param memView The view\n * @return digest - The keccak256 hash of the underlying memory\n */\n function keccak(bytes29 memView) internal pure returns (bytes32 digest) {\n uint256 _loc = loc(memView);\n uint256 _len = len(memView);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n digest := keccak256(_loc, _len)\n }\n }\n\n /**\n * @notice Return the sha2 digest of the underlying memory.\n * @dev We explicitly deallocate memory afterwards.\n * @param memView The view\n * @return digest - The sha2 hash of the underlying memory\n */\n function sha2(bytes29 memView) internal view returns (bytes32 digest) {\n uint256 _loc = loc(memView);\n uint256 _len = len(memView);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n let ptr := mload(0x40)\n pop(staticcall(gas(), 2, _loc, _len, ptr, 0x20)) // sha2 #1\n digest := mload(ptr)\n }\n }\n\n /**\n * @notice Implements bitcoin's hash160 (rmd160(sha2()))\n * @param memView The pre-image\n * @return digest - the Digest\n */\n function hash160(bytes29 memView) internal view returns (bytes20 digest) {\n uint256 _loc = loc(memView);\n uint256 _len = len(memView);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n let ptr := mload(0x40)\n pop(staticcall(gas(), 2, _loc, _len, ptr, 0x20)) // sha2\n pop(staticcall(gas(), 3, ptr, 0x20, ptr, 0x20)) // rmd160\n digest := mload(add(ptr, 0xc)) // return value is 0-prefixed.\n }\n }\n\n /**\n * @notice Implements bitcoin's hash256 (double sha2)\n * @param memView A view of the preimage\n * @return digest - the Digest\n */\n function hash256(bytes29 memView) internal view returns (bytes32 digest) {\n uint256 _loc = loc(memView);\n uint256 _len = len(memView);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n let ptr := mload(0x40)\n pop(staticcall(gas(), 2, _loc, _len, ptr, 0x20)) // sha2 #1\n pop(staticcall(gas(), 2, ptr, 0x20, ptr, 0x20)) // sha2 #2\n digest := mload(ptr)\n }\n }\n\n /**\n * @notice Return true if the underlying memory is equal. Else false.\n * @param left The first view\n * @param right The second view\n * @return bool - True if the underlying memory is equal\n */\n function untypedEqual(bytes29 left, bytes29 right) internal pure returns (bool) {\n return (loc(left) == loc(right) \u0026\u0026 len(left) == len(right)) || keccak(left) == keccak(right);\n }\n\n /**\n * @notice Return false if the underlying memory is equal. Else true.\n * @param left The first view\n * @param right The second view\n * @return bool - False if the underlying memory is equal\n */\n function untypedNotEqual(bytes29 left, bytes29 right) internal pure returns (bool) {\n return !untypedEqual(left, right);\n }\n\n /**\n * @notice Compares type equality.\n * @dev Shortcuts if the pointers are identical, otherwise compares type and digest.\n * @param left The first view\n * @param right The second view\n * @return bool - True if the types are the same\n */\n function equal(bytes29 left, bytes29 right) internal pure returns (bool) {\n return left == right || (typeOf(left) == typeOf(right) \u0026\u0026 keccak(left) == keccak(right));\n }\n\n /**\n * @notice Compares type inequality.\n * @dev Shortcuts if the pointers are identical, otherwise compares type and digest.\n * @param left The first view\n * @param right The second view\n * @return bool - True if the types are not the same\n */\n function notEqual(bytes29 left, bytes29 right) internal pure returns (bool) {\n return !equal(left, right);\n }\n\n /**\n * @notice Copy the view to a location, return an unsafe memory reference\n * @dev Super Dangerous direct memory access.\n *\n * This reference can be overwritten if anything else modifies memory (!!!).\n * As such it MUST be consumed IMMEDIATELY.\n * This function is private to prevent unsafe usage by callers.\n * @param memView The view\n * @param _newLoc The new location\n * @return written - the unsafe memory reference\n */\n function unsafeCopyTo(bytes29 memView, uint256 _newLoc) private view returns (bytes29 written) {\n require(notNull(memView), \"TypedMemView/copyTo - Null pointer deref\");\n require(isValid(memView), \"TypedMemView/copyTo - Invalid pointer deref\");\n uint256 _len = len(memView);\n uint256 _oldLoc = loc(memView);\n\n uint256 ptr;\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n ptr := mload(0x40)\n // revert if we're writing in occupied memory\n if gt(ptr, _newLoc) {\n revert(0x60, 0x20) // empty revert message\n }\n\n // use the identity precompile to copy\n // guaranteed not to fail, so pop the success\n pop(staticcall(gas(), 4, _oldLoc, _len, _newLoc, _len))\n }\n\n written = unsafeBuildUnchecked(typeOf(memView), _newLoc, _len);\n }\n\n /**\n * @notice Copies the referenced memory to a new loc in memory, returning a `bytes` pointing to\n * the new memory\n * @dev Shortcuts if the pointers are identical, otherwise compares type and digest.\n * @param memView The view\n * @return ret - The view pointing to the new memory\n */\n function clone(bytes29 memView) internal view returns (bytes memory ret) {\n uint256 ptr;\n uint256 _len = len(memView);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n ptr := mload(0x40) // load unused memory pointer\n ret := ptr\n }\n unsafeCopyTo(memView, ptr + 0x20);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n mstore(0x40, add(add(ptr, _len), 0x20)) // write new unused pointer\n mstore(ptr, _len) // write len of new array (in bytes)\n }\n }\n\n /**\n * @notice Join the views in memory, return an unsafe reference to the memory.\n * @dev Super Dangerous direct memory access.\n *\n * This reference can be overwritten if anything else modifies memory (!!!).\n * As such it MUST be consumed IMMEDIATELY.\n * This function is private to prevent unsafe usage by callers.\n * @param memViews The views\n * @return unsafeView - The conjoined view pointing to the new memory\n */\n function unsafeJoin(bytes29[] memory memViews, uint256 _location) private view returns (bytes29 unsafeView) {\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n let ptr := mload(0x40)\n // revert if we're writing in occupied memory\n if gt(ptr, _location) {\n revert(0x60, 0x20) // empty revert message\n }\n }\n\n uint256 _offset = 0;\n for (uint256 i = 0; i \u003c memViews.length; i ++) {\n bytes29 memView = memViews[i];\n unsafeCopyTo(memView, _location + _offset);\n _offset += len(memView);\n }\n unsafeView = unsafeBuildUnchecked(0, _location, _offset);\n }\n\n /**\n * @notice Produce the keccak256 digest of the concatenated contents of multiple views.\n * @param memViews The views\n * @return bytes32 - The keccak256 digest\n */\n function joinKeccak(bytes29[] memory memViews) internal view returns (bytes32) {\n uint256 ptr;\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n ptr := mload(0x40) // load unused memory pointer\n }\n return keccak(unsafeJoin(memViews, ptr));\n }\n\n /**\n * @notice Produce the sha256 digest of the concatenated contents of multiple views.\n * @param memViews The views\n * @return bytes32 - The sha256 digest\n */\n function joinSha2(bytes29[] memory memViews) internal view returns (bytes32) {\n uint256 ptr;\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n ptr := mload(0x40) // load unused memory pointer\n }\n return sha2(unsafeJoin(memViews, ptr));\n }\n\n /**\n * @notice copies all views, joins them into a new bytearray.\n * @param memViews The views\n * @return ret - The new byte array\n */\n function join(bytes29[] memory memViews) internal view returns (bytes memory ret) {\n uint256 ptr;\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n ptr := mload(0x40) // load unused memory pointer\n }\n\n bytes29 _newView = unsafeJoin(memViews, ptr + 0x20);\n uint256 _written = len(_newView);\n uint256 _footprint = footprint(_newView);\n\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n // store the legnth\n mstore(ptr, _written)\n // new pointer is old + 0x20 + the footprint of the body\n mstore(0x40, add(add(ptr, _footprint), 0x20))\n ret := ptr\n }\n }\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * @title IRelayer\n * @notice Sends messages from source domain to destination domain\n */\ninterface IRelayer {\n /**\n * @notice Sends an outgoing message from the source domain.\n * @dev Increment nonce, format the message, and emit `MessageSent` event with message information.\n * @param destinationDomain Domain of destination chain\n * @param recipient Address of message recipient on destination domain as bytes32\n * @param messageBody Raw bytes content of message\n * @return nonce reserved by message\n */\n function sendMessage(\n uint32 destinationDomain,\n bytes32 recipient,\n bytes calldata messageBody\n ) external returns (uint64);\n\n /**\n * @notice Sends an outgoing message from the source domain, with a specified caller on the\n * destination domain.\n * @dev Increment nonce, format the message, and emit `MessageSent` event with message information.\n * WARNING: if the `destinationCaller` does not represent a valid address as bytes32, then it will not be possible\n * to broadcast the message on the destination domain. This is an advanced feature, and the standard\n * sendMessage() should be preferred for use cases where a specific destination caller is not required.\n * @param destinationDomain Domain of destination chain\n * @param recipient Address of message recipient on destination domain as bytes32\n * @param destinationCaller caller on the destination domain, as bytes32\n * @param messageBody Raw bytes content of message\n * @return nonce reserved by message\n */\n function sendMessageWithCaller(\n uint32 destinationDomain,\n bytes32 recipient,\n bytes32 destinationCaller,\n bytes calldata messageBody\n ) external returns (uint64);\n\n /**\n * @notice Replace a message with a new message body and/or destination caller.\n * @dev The `originalAttestation` must be a valid attestation of `originalMessage`.\n * @param originalMessage original message to replace\n * @param originalAttestation attestation of `originalMessage`\n * @param newMessageBody new message body of replaced message\n * @param newDestinationCaller the new destination caller\n */\n function replaceMessage(\n bytes calldata originalMessage,\n bytes calldata originalAttestation,\n bytes calldata newMessageBody,\n bytes32 newDestinationCaller\n ) external;\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * @title IReceiver\n * @notice Receives messages on destination chain and forwards them to IMessageDestinationHandler\n */\ninterface IReceiver {\n /**\n * @notice Receives an incoming message, validating the header and passing\n * the body to application-specific handler.\n * @param message The message raw bytes\n * @param signature The message signature\n * @return success bool, true if successful\n */\n function receiveMessage(bytes calldata message, bytes calldata signature)\n external\n returns (bool success);\n}\n\n/**\n * @title IMessageTransmitter\n * @notice Interface for message transmitters, which both relay and receive messages.\n */\ninterface IMessageTransmitter is IRelayer, IReceiver {\n\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * @title IMessageHandler\n * @notice Handles messages on destination domain forwarded from\n * an IReceiver\n */\ninterface IMessageHandler {\n /**\n * @notice handles an incoming message from a Receiver\n * @param sourceDomain the source domain of the message\n * @param sender the sender of the message\n * @param messageBody The message raw bytes\n * @return success bool, true if successful\n */\n function handleReceiveMessage(\n uint32 sourceDomain,\n bytes32 sender,\n bytes calldata messageBody\n ) external returns (bool);\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * @title Message Library\n * @notice Library for formatted messages used by Relayer and Receiver.\n *\n * @dev The message body is dynamically-sized to support custom message body\n * formats. Other fields must be fixed-size to avoid hash collisions.\n * Each other input value has an explicit type to guarantee fixed-size.\n * Padding: uintNN fields are left-padded, and bytesNN fields are right-padded.\n *\n * Field Bytes Type Index\n * version 4 uint32 0\n * sourceDomain 4 uint32 4\n * destinationDomain 4 uint32 8\n * nonce 8 uint64 12\n * sender 32 bytes32 20\n * recipient 32 bytes32 52\n * destinationCaller 32 bytes32 84\n * messageBody dynamic bytes 116\n *\n **/\nlibrary Message {\n using TypedMemView for bytes;\n using TypedMemView for bytes29;\n\n // Indices of each field in message\n uint8 private constant VERSION_INDEX = 0;\n uint8 private constant SOURCE_DOMAIN_INDEX = 4;\n uint8 private constant DESTINATION_DOMAIN_INDEX = 8;\n uint8 private constant NONCE_INDEX = 12;\n uint8 private constant SENDER_INDEX = 20;\n uint8 private constant RECIPIENT_INDEX = 52;\n uint8 private constant DESTINATION_CALLER_INDEX = 84;\n uint8 private constant MESSAGE_BODY_INDEX = 116;\n\n /**\n * @notice Returns formatted (packed) message with provided fields\n * @param _msgVersion the version of the message format\n * @param _msgSourceDomain Domain of home chain\n * @param _msgDestinationDomain Domain of destination chain\n * @param _msgNonce Destination-specific nonce\n * @param _msgSender Address of sender on source chain as bytes32\n * @param _msgRecipient Address of recipient on destination chain as bytes32\n * @param _msgDestinationCaller Address of caller on destination chain as bytes32\n * @param _msgRawBody Raw bytes of message body\n * @return Formatted message\n **/\n function _formatMessage(\n uint32 _msgVersion,\n uint32 _msgSourceDomain,\n uint32 _msgDestinationDomain,\n uint64 _msgNonce,\n bytes32 _msgSender,\n bytes32 _msgRecipient,\n bytes32 _msgDestinationCaller,\n bytes memory _msgRawBody\n ) internal pure returns (bytes memory) {\n return\n abi.encodePacked(\n _msgVersion,\n _msgSourceDomain,\n _msgDestinationDomain,\n _msgNonce,\n _msgSender,\n _msgRecipient,\n _msgDestinationCaller,\n _msgRawBody\n );\n }\n\n // @notice Returns _message's version field\n function _version(bytes29 _message) internal pure returns (uint32) {\n return uint32(_message.indexUint(VERSION_INDEX, 4));\n }\n\n // @notice Returns _message's sourceDomain field\n function _sourceDomain(bytes29 _message) internal pure returns (uint32) {\n return uint32(_message.indexUint(SOURCE_DOMAIN_INDEX, 4));\n }\n\n // @notice Returns _message's destinationDomain field\n function _destinationDomain(bytes29 _message)\n internal\n pure\n returns (uint32)\n {\n return uint32(_message.indexUint(DESTINATION_DOMAIN_INDEX, 4));\n }\n\n // @notice Returns _message's nonce field\n function _nonce(bytes29 _message) internal pure returns (uint64) {\n return uint64(_message.indexUint(NONCE_INDEX, 8));\n }\n\n // @notice Returns _message's sender field\n function _sender(bytes29 _message) internal pure returns (bytes32) {\n return _message.index(SENDER_INDEX, 32);\n }\n\n // @notice Returns _message's recipient field\n function _recipient(bytes29 _message) internal pure returns (bytes32) {\n return _message.index(RECIPIENT_INDEX, 32);\n }\n\n // @notice Returns _message's destinationCaller field\n function _destinationCaller(bytes29 _message)\n internal\n pure\n returns (bytes32)\n {\n return _message.index(DESTINATION_CALLER_INDEX, 32);\n }\n\n // @notice Returns _message's messageBody field\n function _messageBody(bytes29 _message) internal pure returns (bytes29) {\n return\n _message.slice(\n MESSAGE_BODY_INDEX,\n _message.len() - MESSAGE_BODY_INDEX,\n 0\n );\n }\n\n /**\n * @notice converts address to bytes32 (alignment preserving cast.)\n * @param addr the address to convert to bytes32\n */\n function addressToBytes32(address addr) external pure returns (bytes32) {\n return bytes32(uint256(uint160(addr)));\n }\n\n /**\n * @notice converts bytes32 to address (alignment preserving cast.)\n * @dev Warning: it is possible to have different input values _buf map to the same address.\n * For use cases where this is not acceptable, validate that the first 12 bytes of _buf are zero-padding.\n * @param _buf the bytes32 to convert to address\n */\n function bytes32ToAddress(bytes32 _buf) public pure returns (address) {\n return address(uint160(uint256(_buf)));\n }\n\n /**\n * @notice Reverts if message is malformed or incorrect length\n * @param _message The message as bytes29\n */\n function _validateMessageFormat(bytes29 _message) internal pure {\n require(_message.isValid(), \"Malformed message\");\n require(\n _message.len() \u003e= MESSAGE_BODY_INDEX,\n \"Invalid message: too short\"\n );\n }\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/*\n * @dev Provides information about the current execution context, including the\n * sender of the transaction and its data. While these are generally available\n * via msg.sender and msg.data, they should not be accessed in such a direct\n * manner, since when dealing with GSN meta-transactions the account sending and\n * paying for execution may not be the actual sender (as far as an application\n * is concerned).\n *\n * This contract is only required for intermediate, library-like contracts.\n */\nabstract contract Context {\n function _msgSender() internal view virtual returns (address payable) {\n return msg.sender;\n }\n\n function _msgData() internal view virtual returns (bytes memory) {\n this; // silence state mutability warning without generating bytecode - see https://github.com/ethereum/solidity/issues/2691\n return msg.data;\n }\n}\n\n/**\n * @dev forked from https://github.com/OpenZeppelin/openzeppelin-contracts/blob/7c5f6bc2c8743d83443fa46395d75f2f3f99054a/contracts/access/Ownable.sol\n * Modifications:\n * 1. Update Solidity version from 0.8.0 to 0.7.6 (11/9/2022). (v8 was used\n * as base because it includes internal _transferOwnership method.)\n * 2. Remove renounceOwnership function\n *\n * Description\n * Contract module which provides a basic access control mechanism, where\n * there is an account (an owner) that can be granted exclusive access to\n * specific functions.\n *\n * By default, the owner account will be the one that deploys the contract. This\n * can later be changed with {transferOwnership}.\n *\n * This module is used through inheritance. It will make available the modifier\n * `onlyOwner`, which can be applied to your functions to restrict their use to\n * the owner.\n */\nabstract contract Ownable is Context {\n address private _owner;\n\n event OwnershipTransferred(\n address indexed previousOwner,\n address indexed newOwner\n );\n\n /**\n * @dev Initializes the contract setting the deployer as the initial owner.\n */\n constructor() {\n _transferOwnership(_msgSender());\n }\n\n /**\n * @dev Throws if called by any account other than the owner.\n */\n modifier onlyOwner() {\n _checkOwner();\n _;\n }\n\n /**\n * @dev Returns the address of the current owner.\n */\n function owner() public view virtual returns (address) {\n return _owner;\n }\n\n /**\n * @dev Throws if the sender is not the owner.\n */\n function _checkOwner() internal view virtual {\n require(owner() == _msgSender(), \"Ownable: caller is not the owner\");\n }\n\n /**\n * @dev Transfers ownership of the contract to a new account (`newOwner`).\n * Can only be called by the current owner.\n */\n function transferOwnership(address newOwner) public virtual onlyOwner {\n require(\n newOwner != address(0),\n \"Ownable: new owner is the zero address\"\n );\n _transferOwnership(newOwner);\n }\n\n /**\n * @dev Transfers ownership of the contract to a new account (`newOwner`).\n * Internal function without access restriction.\n */\n function _transferOwnership(address newOwner) internal virtual {\n address oldOwner = _owner;\n _owner = newOwner;\n emit OwnershipTransferred(oldOwner, newOwner);\n }\n}\n\n/**\n * @dev forked from https://github.com/OpenZeppelin/openzeppelin-contracts/blob/7c5f6bc2c8743d83443fa46395d75f2f3f99054a/contracts/access/Ownable2Step.sol\n * Modifications:\n * 1. Update Solidity version from 0.8.0 to 0.7.6. Version 0.8.0 was used\n * as base because this contract was added to OZ repo after version 0.8.0.\n *\n * Contract module which provides access control mechanism, where\n * there is an account (an owner) that can be granted exclusive access to\n * specific functions.\n *\n * By default, the owner account will be the one that deploys the contract. This\n * can later be changed with {transferOwnership} and {acceptOwnership}.\n *\n * This module is used through inheritance. It will make available all functions\n * from parent (Ownable).\n */\nabstract contract Ownable2Step is Ownable {\n address private _pendingOwner;\n\n event OwnershipTransferStarted(\n address indexed previousOwner,\n address indexed newOwner\n );\n\n /**\n * @dev Returns the address of the pending owner.\n */\n function pendingOwner() public view virtual returns (address) {\n return _pendingOwner;\n }\n\n /**\n * @dev Starts the ownership transfer of the contract to a new account. Replaces the pending transfer if there is one.\n * Can only be called by the current owner.\n */\n function transferOwnership(address newOwner)\n public\n virtual\n override\n onlyOwner\n {\n _pendingOwner = newOwner;\n emit OwnershipTransferStarted(owner(), newOwner);\n }\n\n /**\n * @dev Transfers ownership of the contract to a new account (`newOwner`) and deletes any pending owner.\n * Internal function without access restriction.\n */\n function _transferOwnership(address newOwner) internal virtual override {\n delete _pendingOwner;\n super._transferOwnership(newOwner);\n }\n\n /**\n * @dev The new owner accepts the ownership transfer.\n */\n function acceptOwnership() external {\n address sender = _msgSender();\n require(\n pendingOwner() == sender,\n \"Ownable2Step: caller is not the new owner\"\n );\n _transferOwnership(sender);\n }\n}\n\n/**\n * @notice Base contract which allows children to implement an emergency stop\n * mechanism\n * @dev Forked from https://github.com/centrehq/centre-tokens/blob/0d3cab14ebd133a83fc834dbd48d0468bdf0b391/contracts/v1/Pausable.sol\n * Modifications:\n * 1. Update Solidity version from 0.6.12 to 0.7.6 (8/23/2022)\n * 2. Change pauser visibility to private, declare external getter (11/19/22)\n */\ncontract Pausable is Ownable2Step {\n event Pause();\n event Unpause();\n event PauserChanged(address indexed newAddress);\n\n address private _pauser;\n bool public paused = false;\n\n /**\n * @dev Modifier to make a function callable only when the contract is not paused.\n */\n modifier whenNotPaused() {\n require(!paused, \"Pausable: paused\");\n _;\n }\n\n /**\n * @dev throws if called by any account other than the pauser\n */\n modifier onlyPauser() {\n require(msg.sender == _pauser, \"Pausable: caller is not the pauser\");\n _;\n }\n\n /**\n * @notice Returns current pauser\n * @return Pauser's address\n */\n function pauser() external view returns (address) {\n return _pauser;\n }\n\n /**\n * @dev called by the owner to pause, triggers stopped state\n */\n function pause() external onlyPauser {\n paused = true;\n emit Pause();\n }\n\n /**\n * @dev called by the owner to unpause, returns to normal state\n */\n function unpause() external onlyPauser {\n paused = false;\n emit Unpause();\n }\n\n /**\n * @dev update the pauser role\n */\n function updatePauser(address _newPauser) external onlyOwner {\n require(\n _newPauser != address(0),\n \"Pausable: new pauser is the zero address\"\n );\n _pauser = _newPauser;\n emit PauserChanged(_pauser);\n }\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * @dev Interface of the ERC20 standard as defined in the EIP.\n */\ninterface IERC20 {\n /**\n * @dev Returns the amount of tokens in existence.\n */\n function totalSupply() external view returns (uint256);\n\n /**\n * @dev Returns the amount of tokens owned by `account`.\n */\n function balanceOf(address account) external view returns (uint256);\n\n /**\n * @dev Moves `amount` tokens from the caller's account to `recipient`.\n *\n * Returns a boolean value indicating whether the operation succeeded.\n *\n * Emits a {Transfer} event.\n */\n function transfer(address recipient, uint256 amount) external returns (bool);\n\n /**\n * @dev Returns the remaining number of tokens that `spender` will be\n * allowed to spend on behalf of `owner` through {transferFrom}. This is\n * zero by default.\n *\n * This value changes when {approve} or {transferFrom} are called.\n */\n function allowance(address owner, address spender) external view returns (uint256);\n\n /**\n * @dev Sets `amount` as the allowance of `spender` over the caller's tokens.\n *\n * Returns a boolean value indicating whether the operation succeeded.\n *\n * IMPORTANT: Beware that changing an allowance with this method brings the risk\n * that someone may use both the old and the new allowance by unfortunate\n * transaction ordering. One possible solution to mitigate this race\n * condition is to first reduce the spender's allowance to 0 and set the\n * desired value afterwards:\n * https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729\n *\n * Emits an {Approval} event.\n */\n function approve(address spender, uint256 amount) external returns (bool);\n\n /**\n * @dev Moves `amount` tokens from `sender` to `recipient` using the\n * allowance mechanism. `amount` is then deducted from the caller's\n * allowance.\n *\n * Returns a boolean value indicating whether the operation succeeded.\n *\n * Emits a {Transfer} event.\n */\n function transferFrom(address sender, address recipient, uint256 amount) external returns (bool);\n\n /**\n * @dev Emitted when `value` tokens are moved from one account (`from`) to\n * another (`to`).\n *\n * Note that `value` may be zero.\n */\n event Transfer(address indexed from, address indexed to, uint256 value);\n\n /**\n * @dev Emitted when the allowance of a `spender` for an `owner` is set by\n * a call to {approve}. `value` is the new allowance.\n */\n event Approval(address indexed owner, address indexed spender, uint256 value);\n}\n\n/**\n * @dev Wrappers over Solidity's arithmetic operations with added overflow\n * checks.\n *\n * Arithmetic operations in Solidity wrap on overflow. This can easily result\n * in bugs, because programmers usually assume that an overflow raises an\n * error, which is the standard behavior in high level programming languages.\n * `SafeMath` restores this intuition by reverting the transaction when an\n * operation overflows.\n *\n * Using this library instead of the unchecked operations eliminates an entire\n * class of bugs, so it's recommended to use it always.\n */\nlibrary SafeMath {\n /**\n * @dev Returns the addition of two unsigned integers, with an overflow flag.\n *\n * _Available since v3.4._\n */\n function tryAdd(uint256 a, uint256 b) internal pure returns (bool, uint256) {\n uint256 c = a + b;\n if (c \u003c a) return (false, 0);\n return (true, c);\n }\n\n /**\n * @dev Returns the substraction of two unsigned integers, with an overflow flag.\n *\n * _Available since v3.4._\n */\n function trySub(uint256 a, uint256 b) internal pure returns (bool, uint256) {\n if (b \u003e a) return (false, 0);\n return (true, a - b);\n }\n\n /**\n * @dev Returns the multiplication of two unsigned integers, with an overflow flag.\n *\n * _Available since v3.4._\n */\n function tryMul(uint256 a, uint256 b) internal pure returns (bool, uint256) {\n // Gas optimization: this is cheaper than requiring 'a' not being zero, but the\n // benefit is lost if 'b' is also tested.\n // See: https://github.com/OpenZeppelin/openzeppelin-contracts/pull/522\n if (a == 0) return (true, 0);\n uint256 c = a * b;\n if (c / a != b) return (false, 0);\n return (true, c);\n }\n\n /**\n * @dev Returns the division of two unsigned integers, with a division by zero flag.\n *\n * _Available since v3.4._\n */\n function tryDiv(uint256 a, uint256 b) internal pure returns (bool, uint256) {\n if (b == 0) return (false, 0);\n return (true, a / b);\n }\n\n /**\n * @dev Returns the remainder of dividing two unsigned integers, with a division by zero flag.\n *\n * _Available since v3.4._\n */\n function tryMod(uint256 a, uint256 b) internal pure returns (bool, uint256) {\n if (b == 0) return (false, 0);\n return (true, a % b);\n }\n\n /**\n * @dev Returns the addition of two unsigned integers, reverting on\n * overflow.\n *\n * Counterpart to Solidity's `+` operator.\n *\n * Requirements:\n *\n * - Addition cannot overflow.\n */\n function add(uint256 a, uint256 b) internal pure returns (uint256) {\n uint256 c = a + b;\n require(c \u003e= a, \"SafeMath: addition overflow\");\n return c;\n }\n\n /**\n * @dev Returns the subtraction of two unsigned integers, reverting on\n * overflow (when the result is negative).\n *\n * Counterpart to Solidity's `-` operator.\n *\n * Requirements:\n *\n * - Subtraction cannot overflow.\n */\n function sub(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b \u003c= a, \"SafeMath: subtraction overflow\");\n return a - b;\n }\n\n /**\n * @dev Returns the multiplication of two unsigned integers, reverting on\n * overflow.\n *\n * Counterpart to Solidity's `*` operator.\n *\n * Requirements:\n *\n * - Multiplication cannot overflow.\n */\n function mul(uint256 a, uint256 b) internal pure returns (uint256) {\n if (a == 0) return 0;\n uint256 c = a * b;\n require(c / a == b, \"SafeMath: multiplication overflow\");\n return c;\n }\n\n /**\n * @dev Returns the integer division of two unsigned integers, reverting on\n * division by zero. The result is rounded towards zero.\n *\n * Counterpart to Solidity's `/` operator. Note: this function uses a\n * `revert` opcode (which leaves remaining gas untouched) while Solidity\n * uses an invalid opcode to revert (consuming all remaining gas).\n *\n * Requirements:\n *\n * - The divisor cannot be zero.\n */\n function div(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b \u003e 0, \"SafeMath: division by zero\");\n return a / b;\n }\n\n /**\n * @dev Returns the remainder of dividing two unsigned integers. (unsigned integer modulo),\n * reverting when dividing by zero.\n *\n * Counterpart to Solidity's `%` operator. This function uses a `revert`\n * opcode (which leaves remaining gas untouched) while Solidity uses an\n * invalid opcode to revert (consuming all remaining gas).\n *\n * Requirements:\n *\n * - The divisor cannot be zero.\n */\n function mod(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b \u003e 0, \"SafeMath: modulo by zero\");\n return a % b;\n }\n\n /**\n * @dev Returns the subtraction of two unsigned integers, reverting with custom message on\n * overflow (when the result is negative).\n *\n * CAUTION: This function is deprecated because it requires allocating memory for the error\n * message unnecessarily. For custom revert reasons use {trySub}.\n *\n * Counterpart to Solidity's `-` operator.\n *\n * Requirements:\n *\n * - Subtraction cannot overflow.\n */\n function sub(uint256 a, uint256 b, string memory errorMessage) internal pure returns (uint256) {\n require(b \u003c= a, errorMessage);\n return a - b;\n }\n\n /**\n * @dev Returns the integer division of two unsigned integers, reverting with custom message on\n * division by zero. The result is rounded towards zero.\n *\n * CAUTION: This function is deprecated because it requires allocating memory for the error\n * message unnecessarily. For custom revert reasons use {tryDiv}.\n *\n * Counterpart to Solidity's `/` operator. Note: this function uses a\n * `revert` opcode (which leaves remaining gas untouched) while Solidity\n * uses an invalid opcode to revert (consuming all remaining gas).\n *\n * Requirements:\n *\n * - The divisor cannot be zero.\n */\n function div(uint256 a, uint256 b, string memory errorMessage) internal pure returns (uint256) {\n require(b \u003e 0, errorMessage);\n return a / b;\n }\n\n /**\n * @dev Returns the remainder of dividing two unsigned integers. (unsigned integer modulo),\n * reverting with custom message when dividing by zero.\n *\n * CAUTION: This function is deprecated because it requires allocating memory for the error\n * message unnecessarily. For custom revert reasons use {tryMod}.\n *\n * Counterpart to Solidity's `%` operator. This function uses a `revert`\n * opcode (which leaves remaining gas untouched) while Solidity uses an\n * invalid opcode to revert (consuming all remaining gas).\n *\n * Requirements:\n *\n * - The divisor cannot be zero.\n */\n function mod(uint256 a, uint256 b, string memory errorMessage) internal pure returns (uint256) {\n require(b \u003e 0, errorMessage);\n return a % b;\n }\n}\n\n/**\n * @dev Collection of functions related to the address type\n */\nlibrary Address {\n /**\n * @dev Returns true if `account` is a contract.\n *\n * [IMPORTANT]\n * ====\n * It is unsafe to assume that an address for which this function returns\n * false is an externally-owned account (EOA) and not a contract.\n *\n * Among others, `isContract` will return false for the following\n * types of addresses:\n *\n * - an externally-owned account\n * - a contract in construction\n * - an address where a contract will be created\n * - an address where a contract lived, but was destroyed\n * ====\n */\n function isContract(address account) internal view returns (bool) {\n // This method relies on extcodesize, which returns 0 for contracts in\n // construction, since the code is only stored at the end of the\n // constructor execution.\n\n uint256 size;\n // solhint-disable-next-line no-inline-assembly\n assembly { size := extcodesize(account) }\n return size \u003e 0;\n }\n\n /**\n * @dev Replacement for Solidity's `transfer`: sends `amount` wei to\n * `recipient`, forwarding all available gas and reverting on errors.\n *\n * https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost\n * of certain opcodes, possibly making contracts go over the 2300 gas limit\n * imposed by `transfer`, making them unable to receive funds via\n * `transfer`. {sendValue} removes this limitation.\n *\n * https://diligence.consensys.net/posts/2019/09/stop-using-soliditys-transfer-now/[Learn more].\n *\n * IMPORTANT: because control is transferred to `recipient`, care must be\n * taken to not create reentrancy vulnerabilities. Consider using\n * {ReentrancyGuard} or the\n * https://solidity.readthedocs.io/en/v0.5.11/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern].\n */\n function sendValue(address payable recipient, uint256 amount) internal {\n require(address(this).balance \u003e= amount, \"Address: insufficient balance\");\n\n // solhint-disable-next-line avoid-low-level-calls, avoid-call-value\n (bool success, ) = recipient.call{ value: amount }(\"\");\n require(success, \"Address: unable to send value, recipient may have reverted\");\n }\n\n /**\n * @dev Performs a Solidity function call using a low level `call`. A\n * plain`call` is an unsafe replacement for a function call: use this\n * function instead.\n *\n * If `target` reverts with a revert reason, it is bubbled up by this\n * function (like regular Solidity function calls).\n *\n * Returns the raw returned data. To convert to the expected return value,\n * use https://solidity.readthedocs.io/en/latest/units-and-global-variables.html?highlight=abi.decode#abi-encoding-and-decoding-functions[`abi.decode`].\n *\n * Requirements:\n *\n * - `target` must be a contract.\n * - calling `target` with `data` must not revert.\n *\n * _Available since v3.1._\n */\n function functionCall(address target, bytes memory data) internal returns (bytes memory) {\n return functionCall(target, data, \"Address: low-level call failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], but with\n * `errorMessage` as a fallback revert reason when `target` reverts.\n *\n * _Available since v3.1._\n */\n function functionCall(address target, bytes memory data, string memory errorMessage) internal returns (bytes memory) {\n return functionCallWithValue(target, data, 0, errorMessage);\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\n * but also transferring `value` wei to `target`.\n *\n * Requirements:\n *\n * - the calling contract must have an ETH balance of at least `value`.\n * - the called Solidity function must be `payable`.\n *\n * _Available since v3.1._\n */\n function functionCallWithValue(address target, bytes memory data, uint256 value) internal returns (bytes memory) {\n return functionCallWithValue(target, data, value, \"Address: low-level call with value failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCallWithValue-address-bytes-uint256-}[`functionCallWithValue`], but\n * with `errorMessage` as a fallback revert reason when `target` reverts.\n *\n * _Available since v3.1._\n */\n function functionCallWithValue(address target, bytes memory data, uint256 value, string memory errorMessage) internal returns (bytes memory) {\n require(address(this).balance \u003e= value, \"Address: insufficient balance for call\");\n require(isContract(target), \"Address: call to non-contract\");\n\n // solhint-disable-next-line avoid-low-level-calls\n (bool success, bytes memory returndata) = target.call{ value: value }(data);\n return _verifyCallResult(success, returndata, errorMessage);\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\n * but performing a static call.\n *\n * _Available since v3.3._\n */\n function functionStaticCall(address target, bytes memory data) internal view returns (bytes memory) {\n return functionStaticCall(target, data, \"Address: low-level static call failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],\n * but performing a static call.\n *\n * _Available since v3.3._\n */\n function functionStaticCall(address target, bytes memory data, string memory errorMessage) internal view returns (bytes memory) {\n require(isContract(target), \"Address: static call to non-contract\");\n\n // solhint-disable-next-line avoid-low-level-calls\n (bool success, bytes memory returndata) = target.staticcall(data);\n return _verifyCallResult(success, returndata, errorMessage);\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\n * but performing a delegate call.\n *\n * _Available since v3.4._\n */\n function functionDelegateCall(address target, bytes memory data) internal returns (bytes memory) {\n return functionDelegateCall(target, data, \"Address: low-level delegate call failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],\n * but performing a delegate call.\n *\n * _Available since v3.4._\n */\n function functionDelegateCall(address target, bytes memory data, string memory errorMessage) internal returns (bytes memory) {\n require(isContract(target), \"Address: delegate call to non-contract\");\n\n // solhint-disable-next-line avoid-low-level-calls\n (bool success, bytes memory returndata) = target.delegatecall(data);\n return _verifyCallResult(success, returndata, errorMessage);\n }\n\n function _verifyCallResult(bool success, bytes memory returndata, string memory errorMessage) private pure returns(bytes memory) {\n if (success) {\n return returndata;\n } else {\n // Look for revert reason and bubble it up if present\n if (returndata.length \u003e 0) {\n // The easiest way to bubble the revert reason is using memory via assembly\n\n // solhint-disable-next-line no-inline-assembly\n assembly {\n let returndata_size := mload(returndata)\n revert(add(32, returndata), returndata_size)\n }\n } else {\n revert(errorMessage);\n }\n }\n }\n}\n\n/**\n * @title SafeERC20\n * @dev Wrappers around ERC20 operations that throw on failure (when the token\n * contract returns false). Tokens that return no value (and instead revert or\n * throw on failure) are also supported, non-reverting calls are assumed to be\n * successful.\n * To use this library you can add a `using SafeERC20 for IERC20;` statement to your contract,\n * which allows you to call the safe operations as `token.safeTransfer(...)`, etc.\n */\nlibrary SafeERC20 {\n using SafeMath for uint256;\n using Address for address;\n\n function safeTransfer(IERC20 token, address to, uint256 value) internal {\n _callOptionalReturn(token, abi.encodeWithSelector(token.transfer.selector, to, value));\n }\n\n function safeTransferFrom(IERC20 token, address from, address to, uint256 value) internal {\n _callOptionalReturn(token, abi.encodeWithSelector(token.transferFrom.selector, from, to, value));\n }\n\n /**\n * @dev Deprecated. This function has issues similar to the ones found in\n * {IERC20-approve}, and its usage is discouraged.\n *\n * Whenever possible, use {safeIncreaseAllowance} and\n * {safeDecreaseAllowance} instead.\n */\n function safeApprove(IERC20 token, address spender, uint256 value) internal {\n // safeApprove should only be called when setting an initial allowance,\n // or when resetting it to zero. To increase and decrease it, use\n // 'safeIncreaseAllowance' and 'safeDecreaseAllowance'\n // solhint-disable-next-line max-line-length\n require((value == 0) || (token.allowance(address(this), spender) == 0),\n \"SafeERC20: approve from non-zero to non-zero allowance\"\n );\n _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, value));\n }\n\n function safeIncreaseAllowance(IERC20 token, address spender, uint256 value) internal {\n uint256 newAllowance = token.allowance(address(this), spender).add(value);\n _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, newAllowance));\n }\n\n function safeDecreaseAllowance(IERC20 token, address spender, uint256 value) internal {\n uint256 newAllowance = token.allowance(address(this), spender).sub(value, \"SafeERC20: decreased allowance below zero\");\n _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, newAllowance));\n }\n\n /**\n * @dev Imitates a Solidity high-level call (i.e. a regular function call to a contract), relaxing the requirement\n * on the return value: the return value is optional (but if data is returned, it must not be false).\n * @param token The token targeted by the call.\n * @param data The call data (encoded using abi.encode or one of its variants).\n */\n function _callOptionalReturn(IERC20 token, bytes memory data) private {\n // We need to perform a low level call here, to bypass Solidity's return data size checking mechanism, since\n // we're implementing it ourselves. We use {Address.functionCall} to perform this call, which verifies that\n // the target address contains contract code and also asserts for success in the low-level call.\n\n bytes memory returndata = address(token).functionCall(data, \"SafeERC20: low-level call failed\");\n if (returndata.length \u003e 0) { // Return data is optional\n // solhint-disable-next-line max-line-length\n require(abi.decode(returndata, (bool)), \"SafeERC20: ERC20 operation did not succeed\");\n }\n }\n}\n\n/**\n * @notice Base contract which allows children to rescue ERC20 locked in their contract.\n * @dev Forked from https://github.com/centrehq/centre-tokens/blob/0d3cab14ebd133a83fc834dbd48d0468bdf0b391/contracts/v1.1/Rescuable.sol\n * Modifications:\n * 1. Update Solidity version from 0.6.12 to 0.7.6 (8/23/2022)\n */\ncontract Rescuable is Ownable2Step {\n using SafeERC20 for IERC20;\n\n address private _rescuer;\n\n event RescuerChanged(address indexed newRescuer);\n\n /**\n * @notice Returns current rescuer\n * @return Rescuer's address\n */\n function rescuer() external view returns (address) {\n return _rescuer;\n }\n\n /**\n * @notice Revert if called by any account other than the rescuer.\n */\n modifier onlyRescuer() {\n require(msg.sender == _rescuer, \"Rescuable: caller is not the rescuer\");\n _;\n }\n\n /**\n * @notice Rescue ERC20 tokens locked up in this contract.\n * @param tokenContract ERC20 token contract address\n * @param to Recipient address\n * @param amount Amount to withdraw\n */\n function rescueERC20(\n IERC20 tokenContract,\n address to,\n uint256 amount\n ) external onlyRescuer {\n tokenContract.safeTransfer(to, amount);\n }\n\n /**\n * @notice Assign the rescuer role to a given address.\n * @param newRescuer New rescuer's address\n */\n function updateRescuer(address newRescuer) external onlyOwner {\n require(\n newRescuer != address(0),\n \"Rescuable: new rescuer is the zero address\"\n );\n _rescuer = newRescuer;\n emit RescuerChanged(newRescuer);\n }\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * @dev Library for managing\n * https://en.wikipedia.org/wiki/Set_(abstract_data_type)[sets] of primitive\n * types.\n *\n * Sets have the following properties:\n *\n * - Elements are added, removed, and checked for existence in constant time\n * (O(1)).\n * - Elements are enumerated in O(n). No guarantees are made on the ordering.\n *\n * ```\n * contract Example {\n * // Add the library methods\n * using EnumerableSet for EnumerableSet.AddressSet;\n *\n * // Declare a set state variable\n * EnumerableSet.AddressSet private mySet;\n * }\n * ```\n *\n * As of v3.3.0, sets of type `bytes32` (`Bytes32Set`), `address` (`AddressSet`)\n * and `uint256` (`UintSet`) are supported.\n */\nlibrary EnumerableSet {\n // To implement this library for multiple types with as little code\n // repetition as possible, we write it in terms of a generic Set type with\n // bytes32 values.\n // The Set implementation uses private functions, and user-facing\n // implementations (such as AddressSet) are just wrappers around the\n // underlying Set.\n // This means that we can only create new EnumerableSets for types that fit\n // in bytes32.\n\n struct Set {\n // Storage of set values\n bytes32[] _values;\n\n // Position of the value in the `values` array, plus 1 because index 0\n // means a value is not in the set.\n mapping (bytes32 =\u003e uint256) _indexes;\n }\n\n /**\n * @dev Add a value to a set. O(1).\n *\n * Returns true if the value was added to the set, that is if it was not\n * already present.\n */\n function _add(Set storage set, bytes32 value) private returns (bool) {\n if (!_contains(set, value)) {\n set._values.push(value);\n // The value is stored at length-1, but we add 1 to all indexes\n // and use 0 as a sentinel value\n set._indexes[value] = set._values.length;\n return true;\n } else {\n return false;\n }\n }\n\n /**\n * @dev Removes a value from a set. O(1).\n *\n * Returns true if the value was removed from the set, that is if it was\n * present.\n */\n function _remove(Set storage set, bytes32 value) private returns (bool) {\n // We read and store the value's index to prevent multiple reads from the same storage slot\n uint256 valueIndex = set._indexes[value];\n\n if (valueIndex != 0) { // Equivalent to contains(set, value)\n // To delete an element from the _values array in O(1), we swap the element to delete with the last one in\n // the array, and then remove the last element (sometimes called as 'swap and pop').\n // This modifies the order of the array, as noted in {at}.\n\n uint256 toDeleteIndex = valueIndex - 1;\n uint256 lastIndex = set._values.length - 1;\n\n // When the value to delete is the last one, the swap operation is unnecessary. However, since this occurs\n // so rarely, we still do the swap anyway to avoid the gas cost of adding an 'if' statement.\n\n bytes32 lastvalue = set._values[lastIndex];\n\n // Move the last value to the index where the value to delete is\n set._values[toDeleteIndex] = lastvalue;\n // Update the index for the moved value\n set._indexes[lastvalue] = toDeleteIndex + 1; // All indexes are 1-based\n\n // Delete the slot where the moved value was stored\n set._values.pop();\n\n // Delete the index for the deleted slot\n delete set._indexes[value];\n\n return true;\n } else {\n return false;\n }\n }\n\n /**\n * @dev Returns true if the value is in the set. O(1).\n */\n function _contains(Set storage set, bytes32 value) private view returns (bool) {\n return set._indexes[value] != 0;\n }\n\n /**\n * @dev Returns the number of values on the set. O(1).\n */\n function _length(Set storage set) private view returns (uint256) {\n return set._values.length;\n }\n\n /**\n * @dev Returns the value stored at position `index` in the set. O(1).\n *\n * Note that there are no guarantees on the ordering of values inside the\n * array, and it may change when more values are added or removed.\n *\n * Requirements:\n *\n * - `index` must be strictly less than {length}.\n */\n function _at(Set storage set, uint256 index) private view returns (bytes32) {\n require(set._values.length \u003e index, \"EnumerableSet: index out of bounds\");\n return set._values[index];\n }\n\n // Bytes32Set\n\n struct Bytes32Set {\n Set _inner;\n }\n\n /**\n * @dev Add a value to a set. O(1).\n *\n * Returns true if the value was added to the set, that is if it was not\n * already present.\n */\n function add(Bytes32Set storage set, bytes32 value) internal returns (bool) {\n return _add(set._inner, value);\n }\n\n /**\n * @dev Removes a value from a set. O(1).\n *\n * Returns true if the value was removed from the set, that is if it was\n * present.\n */\n function remove(Bytes32Set storage set, bytes32 value) internal returns (bool) {\n return _remove(set._inner, value);\n }\n\n /**\n * @dev Returns true if the value is in the set. O(1).\n */\n function contains(Bytes32Set storage set, bytes32 value) internal view returns (bool) {\n return _contains(set._inner, value);\n }\n\n /**\n * @dev Returns the number of values in the set. O(1).\n */\n function length(Bytes32Set storage set) internal view returns (uint256) {\n return _length(set._inner);\n }\n\n /**\n * @dev Returns the value stored at position `index` in the set. O(1).\n *\n * Note that there are no guarantees on the ordering of values inside the\n * array, and it may change when more values are added or removed.\n *\n * Requirements:\n *\n * - `index` must be strictly less than {length}.\n */\n function at(Bytes32Set storage set, uint256 index) internal view returns (bytes32) {\n return _at(set._inner, index);\n }\n\n // AddressSet\n\n struct AddressSet {\n Set _inner;\n }\n\n /**\n * @dev Add a value to a set. O(1).\n *\n * Returns true if the value was added to the set, that is if it was not\n * already present.\n */\n function add(AddressSet storage set, address value) internal returns (bool) {\n return _add(set._inner, bytes32(uint256(uint160(value))));\n }\n\n /**\n * @dev Removes a value from a set. O(1).\n *\n * Returns true if the value was removed from the set, that is if it was\n * present.\n */\n function remove(AddressSet storage set, address value) internal returns (bool) {\n return _remove(set._inner, bytes32(uint256(uint160(value))));\n }\n\n /**\n * @dev Returns true if the value is in the set. O(1).\n */\n function contains(AddressSet storage set, address value) internal view returns (bool) {\n return _contains(set._inner, bytes32(uint256(uint160(value))));\n }\n\n /**\n * @dev Returns the number of values in the set. O(1).\n */\n function length(AddressSet storage set) internal view returns (uint256) {\n return _length(set._inner);\n }\n\n /**\n * @dev Returns the value stored at position `index` in the set. O(1).\n *\n * Note that there are no guarantees on the ordering of values inside the\n * array, and it may change when more values are added or removed.\n *\n * Requirements:\n *\n * - `index` must be strictly less than {length}.\n */\n function at(AddressSet storage set, uint256 index) internal view returns (address) {\n return address(uint160(uint256(_at(set._inner, index))));\n }\n\n // UintSet\n\n struct UintSet {\n Set _inner;\n }\n\n /**\n * @dev Add a value to a set. O(1).\n *\n * Returns true if the value was added to the set, that is if it was not\n * already present.\n */\n function add(UintSet storage set, uint256 value) internal returns (bool) {\n return _add(set._inner, bytes32(value));\n }\n\n /**\n * @dev Removes a value from a set. O(1).\n *\n * Returns true if the value was removed from the set, that is if it was\n * present.\n */\n function remove(UintSet storage set, uint256 value) internal returns (bool) {\n return _remove(set._inner, bytes32(value));\n }\n\n /**\n * @dev Returns true if the value is in the set. O(1).\n */\n function contains(UintSet storage set, uint256 value) internal view returns (bool) {\n return _contains(set._inner, bytes32(value));\n }\n\n /**\n * @dev Returns the number of values on the set. O(1).\n */\n function length(UintSet storage set) internal view returns (uint256) {\n return _length(set._inner);\n }\n\n /**\n * @dev Returns the value stored at position `index` in the set. O(1).\n *\n * Note that there are no guarantees on the ordering of values inside the\n * array, and it may change when more values are added or removed.\n *\n * Requirements:\n *\n * - `index` must be strictly less than {length}.\n */\n function at(UintSet storage set, uint256 index) internal view returns (uint256) {\n return uint256(_at(set._inner, index));\n }\n}\n\n/**\n * @dev Elliptic Curve Digital Signature Algorithm (ECDSA) operations.\n *\n * These functions can be used to verify that a message was signed by the holder\n * of the private keys of a given address.\n */\nlibrary ECDSA {\n /**\n * @dev Returns the address that signed a hashed message (`hash`) with\n * `signature`. This address can then be used for verification purposes.\n *\n * The `ecrecover` EVM opcode allows for malleable (non-unique) signatures:\n * this function rejects them by requiring the `s` value to be in the lower\n * half order, and the `v` value to be either 27 or 28.\n *\n * IMPORTANT: `hash` _must_ be the result of a hash operation for the\n * verification to be secure: it is possible to craft signatures that\n * recover to arbitrary addresses for non-hashed data. A safe way to ensure\n * this is by receiving a hash of the original message (which may otherwise\n * be too long), and then calling {toEthSignedMessageHash} on it.\n */\n function recover(bytes32 hash, bytes memory signature) internal pure returns (address) {\n // Check the signature length\n if (signature.length != 65) {\n revert(\"ECDSA: invalid signature length\");\n }\n\n // Divide the signature in r, s and v variables\n bytes32 r;\n bytes32 s;\n uint8 v;\n\n // ecrecover takes the signature parameters, and the only way to get them\n // currently is to use assembly.\n // solhint-disable-next-line no-inline-assembly\n assembly {\n r := mload(add(signature, 0x20))\n s := mload(add(signature, 0x40))\n v := byte(0, mload(add(signature, 0x60)))\n }\n\n return recover(hash, v, r, s);\n }\n\n /**\n * @dev Overload of {ECDSA-recover-bytes32-bytes-} that receives the `v`,\n * `r` and `s` signature fields separately.\n */\n function recover(bytes32 hash, uint8 v, bytes32 r, bytes32 s) internal pure returns (address) {\n // EIP-2 still allows signature malleability for ecrecover(). Remove this possibility and make the signature\n // unique. Appendix F in the Ethereum Yellow paper (https://ethereum.github.io/yellowpaper/paper.pdf), defines\n // the valid range for s in (281): 0 \u003c s \u003c secp256k1n ÷ 2 + 1, and for v in (282): v ∈ {27, 28}. Most\n // signatures from current libraries generate a unique signature with an s-value in the lower half order.\n //\n // If your library generates malleable signatures, such as s-values in the upper range, calculate a new s-value\n // with 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141 - s1 and flip v from 27 to 28 or\n // vice versa. If your library also generates signatures with 0/1 for v instead 27/28, add 27 to v to accept\n // these malleable signatures as well.\n require(uint256(s) \u003c= 0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0, \"ECDSA: invalid signature 's' value\");\n require(v == 27 || v == 28, \"ECDSA: invalid signature 'v' value\");\n\n // If the signature is valid (and not malleable), return the signer address\n address signer = ecrecover(hash, v, r, s);\n require(signer != address(0), \"ECDSA: invalid signature\");\n\n return signer;\n }\n\n /**\n * @dev Returns an Ethereum Signed Message, created from a `hash`. This\n * replicates the behavior of the\n * https://github.com/ethereum/wiki/wiki/JSON-RPC#eth_sign[`eth_sign`]\n * JSON-RPC method.\n *\n * See {recover}.\n */\n function toEthSignedMessageHash(bytes32 hash) internal pure returns (bytes32) {\n // 32 is the length in bytes of hash,\n // enforced by the type signature above\n return keccak256(abi.encodePacked(\"\\x19Ethereum Signed Message:\\n32\", hash));\n }\n}\n\ncontract Attestable is Ownable2Step {\n // ============ Events ============\n /**\n * @notice Emitted when an attester is enabled\n * @param attester newly enabled attester\n */\n event AttesterEnabled(address indexed attester);\n\n /**\n * @notice Emitted when an attester is disabled\n * @param attester newly disabled attester\n */\n event AttesterDisabled(address indexed attester);\n\n /**\n * @notice Emitted when threshold number of attestations (m in m/n multisig) is updated\n * @param oldSignatureThreshold old signature threshold\n * @param newSignatureThreshold new signature threshold\n */\n event SignatureThresholdUpdated(\n uint256 oldSignatureThreshold,\n uint256 newSignatureThreshold\n );\n\n /**\n * @dev Emitted when attester manager address is updated\n * @param previousAttesterManager representing the address of the previous attester manager\n * @param newAttesterManager representing the address of the new attester manager\n */\n event AttesterManagerUpdated(\n address indexed previousAttesterManager,\n address indexed newAttesterManager\n );\n\n // ============ Libraries ============\n using EnumerableSet for EnumerableSet.AddressSet;\n\n // ============ State Variables ============\n // number of signatures from distinct attesters required for a message to be received (m in m/n multisig)\n uint256 public signatureThreshold;\n\n // 65-byte ECDSA signature: v (32) + r (32) + s (1)\n uint256 internal constant signatureLength = 65;\n\n // enabled attesters (message signers)\n // (length of enabledAttesters is n in m/n multisig of message signers)\n EnumerableSet.AddressSet private enabledAttesters;\n\n // Attester Manager of the contract\n address private _attesterManager;\n\n // ============ Modifiers ============\n /**\n * @dev Throws if called by any account other than the attester manager.\n */\n modifier onlyAttesterManager() {\n require(msg.sender == _attesterManager, \"Caller not attester manager\");\n _;\n }\n\n // ============ Constructor ============\n /**\n * @dev The constructor sets the original attester manager of the contract to the sender account.\n * @param attester attester to initialize\n */\n constructor(address attester) {\n _setAttesterManager(msg.sender);\n // Initially 1 signature is required. Threshold can be increased by attesterManager.\n signatureThreshold = 1;\n enableAttester(attester);\n }\n\n // ============ Public/External Functions ============\n /**\n * @notice Enables an attester\n * @dev Only callable by attesterManager. New attester must be nonzero, and currently disabled.\n * @param newAttester attester to enable\n */\n function enableAttester(address newAttester) public onlyAttesterManager {\n require(newAttester != address(0), \"New attester must be nonzero\");\n require(enabledAttesters.add(newAttester), \"Attester already enabled\");\n emit AttesterEnabled(newAttester);\n }\n\n /**\n * @notice returns true if given `attester` is enabled, else false\n * @param attester attester to check enabled status of\n * @return true if given `attester` is enabled, else false\n */\n function isEnabledAttester(address attester) public view returns (bool) {\n return enabledAttesters.contains(attester);\n }\n\n /**\n * @notice returns the number of enabled attesters\n * @return number of enabled attesters\n */\n function getNumEnabledAttesters() public view returns (uint256) {\n return enabledAttesters.length();\n }\n\n /**\n * @dev Allows the current attester manager to transfer control of the contract to a newAttesterManager.\n * @param newAttesterManager The address to update attester manager to.\n */\n function updateAttesterManager(address newAttesterManager)\n external\n onlyOwner\n {\n require(\n newAttesterManager != address(0),\n \"Invalid attester manager address\"\n );\n address _oldAttesterManager = _attesterManager;\n _setAttesterManager(newAttesterManager);\n emit AttesterManagerUpdated(_oldAttesterManager, newAttesterManager);\n }\n\n /**\n * @notice Disables an attester\n * @dev Only callable by attesterManager. Disabling the attester is not allowed if there is only one attester\n * enabled, or if it would cause the number of enabled attesters to become less than signatureThreshold.\n * (Attester must be currently enabled.)\n * @param attester attester to disable\n */\n function disableAttester(address attester) external onlyAttesterManager {\n // Disallow disabling attester if there is only 1 active attester\n uint256 _numEnabledAttesters = getNumEnabledAttesters();\n\n require(_numEnabledAttesters \u003e 1, \"Too few enabled attesters\");\n\n // Disallow disabling an attester if it would cause the n in m/n multisig to fall below m (threshold # of signers).\n require(\n _numEnabledAttesters \u003e signatureThreshold,\n \"Signature threshold is too low\"\n );\n\n require(enabledAttesters.remove(attester), \"Attester already disabled\");\n emit AttesterDisabled(attester);\n }\n\n /**\n * @notice Sets the threshold of signatures required to attest to a message.\n * (This is the m in m/n multisig.)\n * @dev new signature threshold must be nonzero, and must not exceed number\n * of enabled attesters.\n * @param newSignatureThreshold new signature threshold\n */\n function setSignatureThreshold(uint256 newSignatureThreshold)\n external\n onlyAttesterManager\n {\n require(newSignatureThreshold != 0, \"Invalid signature threshold\");\n\n // New signature threshold cannot exceed the number of enabled attesters\n require(\n newSignatureThreshold \u003c= enabledAttesters.length(),\n \"New signature threshold too high\"\n );\n\n require(\n newSignatureThreshold != signatureThreshold,\n \"Signature threshold already set\"\n );\n\n uint256 _oldSignatureThreshold = signatureThreshold;\n signatureThreshold = newSignatureThreshold;\n emit SignatureThresholdUpdated(\n _oldSignatureThreshold,\n signatureThreshold\n );\n }\n\n /**\n * @dev Returns the address of the attester manager\n * @return address of the attester manager\n */\n function attesterManager() external view returns (address) {\n return _attesterManager;\n }\n\n /**\n * @notice gets enabled attester at given `index`\n * @param index index of attester to check\n * @return enabled attester at given `index`\n */\n function getEnabledAttester(uint256 index) external view returns (address) {\n return enabledAttesters.at(index);\n }\n\n // ============ Internal Utils ============\n /**\n * @dev Sets a new attester manager address\n * @param _newAttesterManager attester manager address to set\n */\n function _setAttesterManager(address _newAttesterManager) internal {\n _attesterManager = _newAttesterManager;\n }\n\n /**\n * @notice reverts if the attestation, which is comprised of one or more concatenated 65-byte signatures, is invalid.\n * @dev Rules for valid attestation:\n * 1. length of `_attestation` == 65 (signature length) * signatureThreshold\n * 2. addresses recovered from attestation must be in increasing order.\n * For example, if signature A is signed by address 0x1..., and signature B\n * is signed by address 0x2..., attestation must be passed as AB.\n * 3. no duplicate signers\n * 4. all signers must be enabled attesters\n *\n * Based on Christian Lundkvist's Simple Multisig\n * (https://github.com/christianlundkvist/simple-multisig/tree/560c463c8651e0a4da331bd8f245ccd2a48ab63d)\n * @param _message message to verify attestation of\n * @param _attestation attestation of `_message`\n */\n function _verifyAttestationSignatures(\n bytes calldata _message,\n bytes calldata _attestation\n ) internal view {\n require(\n _attestation.length == signatureLength * signatureThreshold,\n \"Invalid attestation length\"\n );\n\n // (Attesters cannot be address(0))\n address _latestAttesterAddress = address(0);\n // Address recovered from signatures must be in increasing order, to prevent duplicates\n\n bytes32 _digest = keccak256(_message);\n\n for (uint256 i; i \u003c signatureThreshold; ++i) {\n bytes memory _signature = _attestation[i * signatureLength:i *\n signatureLength +\n signatureLength];\n\n address _recoveredAttester = _recoverAttesterSignature(\n _digest,\n _signature\n );\n\n // Signatures must be in increasing order of address, and may not duplicate signatures from same address\n require(\n _recoveredAttester \u003e _latestAttesterAddress,\n \"Invalid signature order or dupe\"\n );\n require(\n isEnabledAttester(_recoveredAttester),\n \"Invalid signature: not attester\"\n );\n _latestAttesterAddress = _recoveredAttester;\n }\n }\n\n /**\n * @notice Checks that signature was signed by attester\n * @param _digest message hash\n * @param _signature message signature\n * @return address of recovered signer\n **/\n function _recoverAttesterSignature(bytes32 _digest, bytes memory _signature)\n internal\n pure\n returns (address)\n {\n return (ECDSA.recover(_digest, _signature));\n }\n}\n\n/**\n * @title MessageTransmitter\n * @notice Contract responsible for sending and receiving messages across chains.\n */\ncontract MessageTransmitter is\n IMessageTransmitter,\n Pausable,\n Rescuable,\n Attestable\n{\n // ============ Events ============\n /**\n * @notice Emitted when a new message is dispatched\n * @param message Raw bytes of message\n */\n event MessageSent(bytes message);\n\n /**\n * @notice Emitted when a new message is received\n * @param caller Caller (msg.sender) on destination domain\n * @param sourceDomain The source domain this message originated from\n * @param nonce The nonce unique to this message\n * @param sender The sender of this message\n * @param messageBody message body bytes\n */\n event MessageReceived(\n address indexed caller,\n uint32 sourceDomain,\n uint64 indexed nonce,\n bytes32 sender,\n bytes messageBody\n );\n\n /**\n * @notice Emitted when max message body size is updated\n * @param newMaxMessageBodySize new maximum message body size, in bytes\n */\n event MaxMessageBodySizeUpdated(uint256 newMaxMessageBodySize);\n\n // ============ Libraries ============\n using TypedMemView for bytes;\n using TypedMemView for bytes29;\n using Message for bytes29;\n\n // ============ State Variables ============\n // Domain of chain on which the contract is deployed\n uint32 public immutable localDomain;\n\n // Message Format version\n uint32 public immutable version;\n\n // Maximum size of message body, in bytes.\n // This value is set by owner.\n uint256 public maxMessageBodySize;\n\n // Next available nonce from this source domain\n uint64 public nextAvailableNonce;\n\n // Maps a bytes32 hash of (sourceDomain, nonce) -\u003e uint256 (0 if unused, 1 if used)\n mapping(bytes32 =\u003e uint256) public usedNonces;\n\n // ============ Constructor ============\n constructor(\n uint32 _localDomain,\n address _attester,\n uint32 _maxMessageBodySize,\n uint32 _version\n ) Attestable(_attester) {\n localDomain = _localDomain;\n maxMessageBodySize = _maxMessageBodySize;\n version = _version;\n }\n\n // ============ External Functions ============\n /**\n * @notice Send the message to the destination domain and recipient\n * @dev Increment nonce, format the message, and emit `MessageSent` event with message information.\n * @param destinationDomain Domain of destination chain\n * @param recipient Address of message recipient on destination chain as bytes32\n * @param messageBody Raw bytes content of message\n * @return nonce reserved by message\n */\n function sendMessage(\n uint32 destinationDomain,\n bytes32 recipient,\n bytes calldata messageBody\n ) external override whenNotPaused returns (uint64) {\n bytes32 _emptyDestinationCaller = bytes32(0);\n uint64 _nonce = _reserveAndIncrementNonce();\n bytes32 _messageSender = Message.addressToBytes32(msg.sender);\n\n _sendMessage(\n destinationDomain,\n recipient,\n _emptyDestinationCaller,\n _messageSender,\n _nonce,\n messageBody\n );\n\n return _nonce;\n }\n\n /**\n * @notice Replace a message with a new message body and/or destination caller.\n * @dev The `originalAttestation` must be a valid attestation of `originalMessage`.\n * Reverts if msg.sender does not match sender of original message, or if the source domain of the original message\n * does not match this MessageTransmitter's local domain.\n * @param originalMessage original message to replace\n * @param originalAttestation attestation of `originalMessage`\n * @param newMessageBody new message body of replaced message\n * @param newDestinationCaller the new destination caller, which may be the\n * same as the original destination caller, a new destination caller, or an empty\n * destination caller (bytes32(0), indicating that any destination caller is valid.)\n */\n function replaceMessage(\n bytes calldata originalMessage,\n bytes calldata originalAttestation,\n bytes calldata newMessageBody,\n bytes32 newDestinationCaller\n ) external override whenNotPaused {\n // Validate each signature in the attestation\n _verifyAttestationSignatures(originalMessage, originalAttestation);\n\n bytes29 _originalMsg = originalMessage.ref(0);\n\n // Validate message format\n _originalMsg._validateMessageFormat();\n\n // Validate message sender\n bytes32 _sender = _originalMsg._sender();\n require(\n msg.sender == Message.bytes32ToAddress(_sender),\n \"Sender not permitted to use nonce\"\n );\n\n // Validate source domain\n uint32 _sourceDomain = _originalMsg._sourceDomain();\n require(\n _sourceDomain == localDomain,\n \"Message not originally sent from this domain\"\n );\n\n uint32 _destinationDomain = _originalMsg._destinationDomain();\n bytes32 _recipient = _originalMsg._recipient();\n uint64 _nonce = _originalMsg._nonce();\n\n _sendMessage(\n _destinationDomain,\n _recipient,\n newDestinationCaller,\n _sender,\n _nonce,\n newMessageBody\n );\n }\n\n /**\n * @notice Send the message to the destination domain and recipient, for a specified `destinationCaller` on the\n * destination domain.\n * @dev Increment nonce, format the message, and emit `MessageSent` event with message information.\n * WARNING: if the `destinationCaller` does not represent a valid address, then it will not be possible\n * to broadcast the message on the destination domain. This is an advanced feature, and the standard\n * sendMessage() should be preferred for use cases where a specific destination caller is not required.\n * @param destinationDomain Domain of destination chain\n * @param recipient Address of message recipient on destination domain as bytes32\n * @param destinationCaller caller on the destination domain, as bytes32\n * @param messageBody Raw bytes content of message\n * @return nonce reserved by message\n */\n function sendMessageWithCaller(\n uint32 destinationDomain,\n bytes32 recipient,\n bytes32 destinationCaller,\n bytes calldata messageBody\n ) external override whenNotPaused returns (uint64) {\n require(\n destinationCaller != bytes32(0),\n \"Destination caller must be nonzero\"\n );\n\n uint64 _nonce = _reserveAndIncrementNonce();\n bytes32 _messageSender = Message.addressToBytes32(msg.sender);\n\n _sendMessage(\n destinationDomain,\n recipient,\n destinationCaller,\n _messageSender,\n _nonce,\n messageBody\n );\n\n return _nonce;\n }\n\n /**\n * @notice Receive a message. Messages with a given nonce\n * can only be broadcast once for a (sourceDomain, destinationDomain)\n * pair. The message body of a valid message is passed to the\n * specified recipient for further processing.\n *\n * @dev Attestation format:\n * A valid attestation is the concatenated 65-byte signature(s) of exactly\n * `thresholdSignature` signatures, in increasing order of attester address.\n * ***If the attester addresses recovered from signatures are not in\n * increasing order, signature verification will fail.***\n * If incorrect number of signatures or duplicate signatures are supplied,\n * signature verification will fail.\n *\n * Message format:\n * Field Bytes Type Index\n * version 4 uint32 0\n * sourceDomain 4 uint32 4\n * destinationDomain 4 uint32 8\n * nonce 8 uint64 12\n * sender 32 bytes32 20\n * recipient 32 bytes32 52\n * messageBody dynamic bytes 84\n * @param message Message bytes\n * @param attestation Concatenated 65-byte signature(s) of `message`, in increasing order\n * of the attester address recovered from signatures.\n * @return success bool, true if successful\n */\n function receiveMessage(bytes calldata message, bytes calldata attestation)\n external\n override\n whenNotPaused\n returns (bool success)\n {\n // Validate each signature in the attestation\n _verifyAttestationSignatures(message, attestation);\n\n bytes29 _msg = message.ref(0);\n\n // Validate message format\n _msg._validateMessageFormat();\n\n // Validate domain\n require(\n _msg._destinationDomain() == localDomain,\n \"Invalid destination domain\"\n );\n\n // Validate destination caller\n if (_msg._destinationCaller() != bytes32(0)) {\n require(\n _msg._destinationCaller() ==\n Message.addressToBytes32(msg.sender),\n \"Invalid caller for message\"\n );\n }\n\n // Validate version\n require(_msg._version() == version, \"Invalid message version\");\n\n // Validate nonce is available\n uint32 _sourceDomain = _msg._sourceDomain();\n uint64 _nonce = _msg._nonce();\n bytes32 _sourceAndNonce = _hashSourceAndNonce(_sourceDomain, _nonce);\n require(usedNonces[_sourceAndNonce] == 0, \"Nonce already used\");\n // Mark nonce used\n usedNonces[_sourceAndNonce] = 1;\n\n // Handle receive message\n bytes32 _sender = _msg._sender();\n bytes memory _messageBody = _msg._messageBody().clone();\n require(\n IMessageHandler(Message.bytes32ToAddress(_msg._recipient()))\n .handleReceiveMessage(_sourceDomain, _sender, _messageBody),\n \"handleReceiveMessage() failed\"\n );\n\n // Emit MessageReceived event\n emit MessageReceived(\n msg.sender,\n _sourceDomain,\n _nonce,\n _sender,\n _messageBody\n );\n return true;\n }\n\n /**\n * @notice Sets the max message body size\n * @dev This value should not be reduced without good reason,\n * to avoid impacting users who rely on large messages.\n * @param newMaxMessageBodySize new max message body size, in bytes\n */\n function setMaxMessageBodySize(uint256 newMaxMessageBodySize)\n external\n onlyOwner\n {\n maxMessageBodySize = newMaxMessageBodySize;\n emit MaxMessageBodySizeUpdated(maxMessageBodySize);\n }\n\n // ============ Internal Utils ============\n /**\n * @notice Send the message to the destination domain and recipient. If `_destinationCaller` is not equal to bytes32(0),\n * the message can only be received on the destination chain when called by `_destinationCaller`.\n * @dev Format the message and emit `MessageSent` event with message information.\n * @param _destinationDomain Domain of destination chain\n * @param _recipient Address of message recipient on destination domain as bytes32\n * @param _destinationCaller caller on the destination domain, as bytes32\n * @param _sender message sender, as bytes32\n * @param _nonce nonce reserved for message\n * @param _messageBody Raw bytes content of message\n */\n function _sendMessage(\n uint32 _destinationDomain,\n bytes32 _recipient,\n bytes32 _destinationCaller,\n bytes32 _sender,\n uint64 _nonce,\n bytes calldata _messageBody\n ) internal {\n // Validate message body length\n require(\n _messageBody.length \u003c= maxMessageBodySize,\n \"Message body exceeds max size\"\n );\n\n require(_recipient != bytes32(0), \"Recipient must be nonzero\");\n\n // serialize message\n bytes memory _message = Message._formatMessage(\n version,\n localDomain,\n _destinationDomain,\n _nonce,\n _sender,\n _recipient,\n _destinationCaller,\n _messageBody\n );\n\n // Emit MessageSent event\n emit MessageSent(_message);\n }\n\n /**\n * @notice hashes `_source` and `_nonce`.\n * @param _source Domain of chain where the transfer originated\n * @param _nonce The unique identifier for the message from source to\n destination\n * @return hash of source and nonce\n */\n function _hashSourceAndNonce(uint32 _source, uint64 _nonce)\n internal\n pure\n returns (bytes32)\n {\n return keccak256(abi.encodePacked(_source, _nonce));\n }\n\n /**\n * Reserve and increment next available nonce\n * @return nonce reserved\n */\n function _reserveAndIncrementNonce() internal returns (uint64) {\n uint64 _nonceReserved = nextAvailableNonce;\n nextAvailableNonce = nextAvailableNonce + 1;\n return _nonceReserved;\n }\n}\n","language":"Solidity","languageVersion":"0.7.6","compilerVersion":"0.7.6","compilerOptions":"--combined-json bin,bin-runtime,srcmap,srcmap-runtime,abi,userdoc,devdoc,metadata,hashes --optimize --optimize-runs 10000 --allow-paths ., ./, ../","srcMap":"","srcMapRuntime":"","abiDefinition":[{"anonymous":false,"inputs":[{"indexed":true,"internalType":"address","name":"previousOwner","type":"address"},{"indexed":true,"internalType":"address","name":"newOwner","type":"address"}],"name":"OwnershipTransferred","type":"event"},{"inputs":[],"name":"owner","outputs":[{"internalType":"address","name":"","type":"address"}],"stateMutability":"view","type":"function"},{"inputs":[{"internalType":"address","name":"newOwner","type":"address"}],"name":"transferOwnership","outputs":[],"stateMutability":"nonpayable","type":"function"}],"userDoc":{"kind":"user","methods":{},"version":1},"developerDoc":{"details":"forked from https://github.com/OpenZeppelin/openzeppelin-contracts/blob/7c5f6bc2c8743d83443fa46395d75f2f3f99054a/contracts/access/Ownable.sol Modifications: 1. Update Solidity version from 0.8.0 to 0.7.6 (11/9/2022). (v8 was used as base because it includes internal _transferOwnership method.) 2. Remove renounceOwnership function Description Contract module which provides a basic access control mechanism, where there is an account (an owner) that can be granted exclusive access to specific functions. By default, the owner account will be the one that deploys the contract. This can later be changed with {transferOwnership}. This module is used through inheritance. It will make available the modifier `onlyOwner`, which can be applied to your functions to restrict their use to the owner.","kind":"dev","methods":{"constructor":{"details":"Initializes the contract setting the deployer as the initial owner."},"owner()":{"details":"Returns the address of the current owner."},"transferOwnership(address)":{"details":"Transfers ownership of the contract to a new account (`newOwner`). Can only be called by the current owner."}},"version":1},"metadata":"{\"compiler\":{\"version\":\"0.7.6+commit.7338295f\"},\"language\":\"Solidity\",\"output\":{\"abi\":[{\"anonymous\":false,\"inputs\":[{\"indexed\":true,\"internalType\":\"address\",\"name\":\"previousOwner\",\"type\":\"address\"},{\"indexed\":true,\"internalType\":\"address\",\"name\":\"newOwner\",\"type\":\"address\"}],\"name\":\"OwnershipTransferred\",\"type\":\"event\"},{\"inputs\":[],\"name\":\"owner\",\"outputs\":[{\"internalType\":\"address\",\"name\":\"\",\"type\":\"address\"}],\"stateMutability\":\"view\",\"type\":\"function\"},{\"inputs\":[{\"internalType\":\"address\",\"name\":\"newOwner\",\"type\":\"address\"}],\"name\":\"transferOwnership\",\"outputs\":[],\"stateMutability\":\"nonpayable\",\"type\":\"function\"}],\"devdoc\":{\"details\":\"forked from https://github.com/OpenZeppelin/openzeppelin-contracts/blob/7c5f6bc2c8743d83443fa46395d75f2f3f99054a/contracts/access/Ownable.sol Modifications: 1. Update Solidity version from 0.8.0 to 0.7.6 (11/9/2022). (v8 was used as base because it includes internal _transferOwnership method.) 2. Remove renounceOwnership function Description Contract module which provides a basic access control mechanism, where there is an account (an owner) that can be granted exclusive access to specific functions. By default, the owner account will be the one that deploys the contract. This can later be changed with {transferOwnership}. This module is used through inheritance. It will make available the modifier `onlyOwner`, which can be applied to your functions to restrict their use to the owner.\",\"kind\":\"dev\",\"methods\":{\"constructor\":{\"details\":\"Initializes the contract setting the deployer as the initial owner.\"},\"owner()\":{\"details\":\"Returns the address of the current owner.\"},\"transferOwnership(address)\":{\"details\":\"Transfers ownership of the contract to a new account (`newOwner`). Can only be called by the current owner.\"}},\"version\":1},\"userdoc\":{\"kind\":\"user\",\"methods\":{},\"version\":1}},\"settings\":{\"compilationTarget\":{\"/solidity/MessageTransmitter.sol\":\"Ownable\"},\"evmVersion\":\"istanbul\",\"libraries\":{},\"metadata\":{\"bytecodeHash\":\"ipfs\"},\"optimizer\":{\"enabled\":true,\"runs\":10000},\"remappings\":[]},\"sources\":{\"/solidity/MessageTransmitter.sol\":{\"keccak256\":\"0x66482a7675b7a8f1b856597c0bcce83a042b7f528008def6999bc6ac352490c3\",\"urls\":[\"bzz-raw://1ac50e39d1d55ebb3768c40e3a059e0061a4b3604e6d696b344536449bf54493\",\"dweb:/ipfs/QmVs58APPUCVq74xCsVLCMdfB18yJTqFzgXNL5qEJu7GY6\"]}},\"version\":1}"},"hashes":{"owner()":"8da5cb5b","transferOwnership(address)":"f2fde38b"}},"/solidity/MessageTransmitter.sol:Ownable2Step":{"code":"0x","runtime-code":"0x","info":{"source":"/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npragma solidity 0.7.6;\n\n/*\nThe MIT License (MIT)\n\nCopyright (c) 2016 Smart Contract Solutions, Inc.\n\nPermission is hereby granted, free of charge, to any person obtaining\na copy of this software and associated documentation files (the\n\"Software\"), to deal in the Software without restriction, including\nwithout limitation the rights to use, copy, modify, merge, publish,\ndistribute, sublicense, and/or sell copies of the Software, and to\npermit persons to whom the Software is furnished to do so, subject to\nthe following conditions:\n\nThe above copyright notice and this permission notice shall be included\nin all copies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS\nOR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF\nMERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.\nIN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY\nCLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,\nTORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE\nSOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n*/\n\nlibrary TypedMemView {\n using SafeMath for uint256;\n\n // Why does this exist?\n // the solidity `bytes memory` type has a few weaknesses.\n // 1. You can't index ranges effectively\n // 2. You can't slice without copying\n // 3. The underlying data may represent any type\n // 4. Solidity never deallocates memory, and memory costs grow\n // superlinearly\n\n // By using a memory view instead of a `bytes memory` we get the following\n // advantages:\n // 1. Slices are done on the stack, by manipulating the pointer\n // 2. We can index arbitrary ranges and quickly convert them to stack types\n // 3. We can insert type info into the pointer, and typecheck at runtime\n\n // This makes `TypedMemView` a useful tool for efficient zero-copy\n // algorithms.\n\n // Why bytes29?\n // We want to avoid confusion between views, digests, and other common\n // types so we chose a large and uncommonly used odd number of bytes\n //\n // Note that while bytes are left-aligned in a word, integers and addresses\n // are right-aligned. This means when working in assembly we have to\n // account for the 3 unused bytes on the righthand side\n //\n // First 5 bytes are a type flag.\n // - ff_ffff_fffe is reserved for unknown type.\n // - ff_ffff_ffff is reserved for invalid types/errors.\n // next 12 are memory address\n // next 12 are len\n // bottom 3 bytes are empty\n\n // Assumptions:\n // - non-modification of memory.\n // - No Solidity updates\n // - - wrt free mem point\n // - - wrt bytes representation in memory\n // - - wrt memory addressing in general\n\n // Usage:\n // - create type constants\n // - use `assertType` for runtime type assertions\n // - - unfortunately we can't do this at compile time yet :(\n // - recommended: implement modifiers that perform type checking\n // - - e.g.\n // - - `uint40 constant MY_TYPE = 3;`\n // - - ` modifer onlyMyType(bytes29 myView) { myView.assertType(MY_TYPE); }`\n // - instantiate a typed view from a bytearray using `ref`\n // - use `index` to inspect the contents of the view\n // - use `slice` to create smaller views into the same memory\n // - - `slice` can increase the offset\n // - - `slice can decrease the length`\n // - - must specify the output type of `slice`\n // - - `slice` will return a null view if you try to overrun\n // - - make sure to explicitly check for this with `notNull` or `assertType`\n // - use `equal` for typed comparisons.\n\n // The null view\n bytes29 public constant NULL = hex\"ffffffffffffffffffffffffffffffffffffffffffffffffffffffffff\";\n uint256 constant LOW_12_MASK = 0xffffffffffffffffffffffff;\n uint8 constant TWELVE_BYTES = 96;\n\n /**\n * @notice Returns the encoded hex character that represents the lower 4 bits of the argument.\n * @param _b The byte\n * @return char - The encoded hex character\n */\n function nibbleHex(uint8 _b) internal pure returns (uint8 char) {\n // This can probably be done more efficiently, but it's only in error\n // paths, so we don't really care :)\n uint8 _nibble = _b | 0xf0; // set top 4, keep bottom 4\n if (_nibble == 0xf0) {return 0x30;} // 0\n if (_nibble == 0xf1) {return 0x31;} // 1\n if (_nibble == 0xf2) {return 0x32;} // 2\n if (_nibble == 0xf3) {return 0x33;} // 3\n if (_nibble == 0xf4) {return 0x34;} // 4\n if (_nibble == 0xf5) {return 0x35;} // 5\n if (_nibble == 0xf6) {return 0x36;} // 6\n if (_nibble == 0xf7) {return 0x37;} // 7\n if (_nibble == 0xf8) {return 0x38;} // 8\n if (_nibble == 0xf9) {return 0x39;} // 9\n if (_nibble == 0xfa) {return 0x61;} // a\n if (_nibble == 0xfb) {return 0x62;} // b\n if (_nibble == 0xfc) {return 0x63;} // c\n if (_nibble == 0xfd) {return 0x64;} // d\n if (_nibble == 0xfe) {return 0x65;} // e\n if (_nibble == 0xff) {return 0x66;} // f\n }\n\n /**\n * @notice Returns a uint16 containing the hex-encoded byte.\n * @param _b The byte\n * @return encoded - The hex-encoded byte\n */\n function byteHex(uint8 _b) internal pure returns (uint16 encoded) {\n encoded |= nibbleHex(_b \u003e\u003e 4); // top 4 bits\n encoded \u003c\u003c= 8;\n encoded |= nibbleHex(_b); // lower 4 bits\n }\n\n /**\n * @notice Encodes the uint256 to hex. `first` contains the encoded top 16 bytes.\n * `second` contains the encoded lower 16 bytes.\n *\n * @param _b The 32 bytes as uint256\n * @return first - The top 16 bytes\n * @return second - The bottom 16 bytes\n */\n function encodeHex(uint256 _b) internal pure returns (uint256 first, uint256 second) {\n for (uint8 i = 31; i \u003e 15; i -= 1) {\n uint8 _byte = uint8(_b \u003e\u003e (i * 8));\n first |= byteHex(_byte);\n if (i != 16) {\n first \u003c\u003c= 16;\n }\n }\n\n // abusing underflow here =_=\n for (uint8 i = 15; i \u003c 255 ; i -= 1) {\n uint8 _byte = uint8(_b \u003e\u003e (i * 8));\n second |= byteHex(_byte);\n if (i != 0) {\n second \u003c\u003c= 16;\n }\n }\n }\n\n /**\n * @notice Changes the endianness of a uint256.\n * @dev https://graphics.stanford.edu/~seander/bithacks.html#ReverseParallel\n * @param _b The unsigned integer to reverse\n * @return v - The reversed value\n */\n function reverseUint256(uint256 _b) internal pure returns (uint256 v) {\n v = _b;\n\n // swap bytes\n v = ((v \u003e\u003e 8) \u0026 0x00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF) |\n ((v \u0026 0x00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF) \u003c\u003c 8);\n // swap 2-byte long pairs\n v = ((v \u003e\u003e 16) \u0026 0x0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF) |\n ((v \u0026 0x0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF) \u003c\u003c 16);\n // swap 4-byte long pairs\n v = ((v \u003e\u003e 32) \u0026 0x00000000FFFFFFFF00000000FFFFFFFF00000000FFFFFFFF00000000FFFFFFFF) |\n ((v \u0026 0x00000000FFFFFFFF00000000FFFFFFFF00000000FFFFFFFF00000000FFFFFFFF) \u003c\u003c 32);\n // swap 8-byte long pairs\n v = ((v \u003e\u003e 64) \u0026 0x0000000000000000FFFFFFFFFFFFFFFF0000000000000000FFFFFFFFFFFFFFFF) |\n ((v \u0026 0x0000000000000000FFFFFFFFFFFFFFFF0000000000000000FFFFFFFFFFFFFFFF) \u003c\u003c 64);\n // swap 16-byte long pairs\n v = (v \u003e\u003e 128) | (v \u003c\u003c 128);\n }\n\n /**\n * @notice Create a mask with the highest `_len` bits set.\n * @param _len The length\n * @return mask - The mask\n */\n function leftMask(uint8 _len) private pure returns (uint256 mask) {\n // ugly. redo without assembly?\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n mask := sar(\n sub(_len, 1),\n 0x8000000000000000000000000000000000000000000000000000000000000000\n )\n }\n }\n\n /**\n * @notice Return the null view.\n * @return bytes29 - The null view\n */\n function nullView() internal pure returns (bytes29) {\n return NULL;\n }\n\n /**\n * @notice Check if the view is null.\n * @return bool - True if the view is null\n */\n function isNull(bytes29 memView) internal pure returns (bool) {\n return memView == NULL;\n }\n\n /**\n * @notice Check if the view is not null.\n * @return bool - True if the view is not null\n */\n function notNull(bytes29 memView) internal pure returns (bool) {\n return !isNull(memView);\n }\n\n /**\n * @notice Check if the view is of a valid type and points to a valid location\n * in memory.\n * @dev We perform this check by examining solidity's unallocated memory\n * pointer and ensuring that the view's upper bound is less than that.\n * @param memView The view\n * @return ret - True if the view is valid\n */\n function isValid(bytes29 memView) internal pure returns (bool ret) {\n if (typeOf(memView) == 0xffffffffff) {return false;}\n uint256 _end = end(memView);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n ret := not(gt(_end, mload(0x40)))\n }\n }\n\n /**\n * @notice Require that a typed memory view be valid.\n * @dev Returns the view for easy chaining.\n * @param memView The view\n * @return bytes29 - The validated view\n */\n function assertValid(bytes29 memView) internal pure returns (bytes29) {\n require(isValid(memView), \"Validity assertion failed\");\n return memView;\n }\n\n /**\n * @notice Return true if the memview is of the expected type. Otherwise false.\n * @param memView The view\n * @param _expected The expected type\n * @return bool - True if the memview is of the expected type\n */\n function isType(bytes29 memView, uint40 _expected) internal pure returns (bool) {\n return typeOf(memView) == _expected;\n }\n\n /**\n * @notice Require that a typed memory view has a specific type.\n * @dev Returns the view for easy chaining.\n * @param memView The view\n * @param _expected The expected type\n * @return bytes29 - The view with validated type\n */\n function assertType(bytes29 memView, uint40 _expected) internal pure returns (bytes29) {\n if (!isType(memView, _expected)) {\n (, uint256 g) = encodeHex(uint256(typeOf(memView)));\n (, uint256 e) = encodeHex(uint256(_expected));\n string memory err = string(\n abi.encodePacked(\n \"Type assertion failed. Got 0x\",\n uint80(g),\n \". Expected 0x\",\n uint80(e)\n )\n );\n revert(err);\n }\n return memView;\n }\n\n /**\n * @notice Return an identical view with a different type.\n * @param memView The view\n * @param _newType The new type\n * @return newView - The new view with the specified type\n */\n function castTo(bytes29 memView, uint40 _newType) internal pure returns (bytes29 newView) {\n // then | in the new type\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n // shift off the top 5 bytes\n newView := or(newView, shr(40, shl(40, memView)))\n newView := or(newView, shl(216, _newType))\n }\n }\n\n /**\n * @notice Unsafe raw pointer construction. This should generally not be called\n * directly. Prefer `ref` wherever possible.\n * @dev Unsafe raw pointer construction. This should generally not be called\n * directly. Prefer `ref` wherever possible.\n * @param _type The type\n * @param _loc The memory address\n * @param _len The length\n * @return newView - The new view with the specified type, location and length\n */\n function unsafeBuildUnchecked(uint256 _type, uint256 _loc, uint256 _len) private pure returns (bytes29 newView) {\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n newView := shl(96, or(newView, _type)) // insert type\n newView := shl(96, or(newView, _loc)) // insert loc\n newView := shl(24, or(newView, _len)) // empty bottom 3 bytes\n }\n }\n\n /**\n * @notice Instantiate a new memory view. This should generally not be called\n * directly. Prefer `ref` wherever possible.\n * @dev Instantiate a new memory view. This should generally not be called\n * directly. Prefer `ref` wherever possible.\n * @param _type The type\n * @param _loc The memory address\n * @param _len The length\n * @return newView - The new view with the specified type, location and length\n */\n function build(uint256 _type, uint256 _loc, uint256 _len) internal pure returns (bytes29 newView) {\n uint256 _end = _loc.add(_len);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n if gt(_end, mload(0x40)) {\n _end := 0\n }\n }\n if (_end == 0) {\n return NULL;\n }\n newView = unsafeBuildUnchecked(_type, _loc, _len);\n }\n\n /**\n * @notice Instantiate a memory view from a byte array.\n * @dev Note that due to Solidity memory representation, it is not possible to\n * implement a deref, as the `bytes` type stores its len in memory.\n * @param arr The byte array\n * @param newType The type\n * @return bytes29 - The memory view\n */\n function ref(bytes memory arr, uint40 newType) internal pure returns (bytes29) {\n uint256 _len = arr.length;\n\n uint256 _loc;\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n _loc := add(arr, 0x20) // our view is of the data, not the struct\n }\n\n return build(newType, _loc, _len);\n }\n\n /**\n * @notice Return the associated type information.\n * @param memView The memory view\n * @return _type - The type associated with the view\n */\n function typeOf(bytes29 memView) internal pure returns (uint40 _type) {\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n // 216 == 256 - 40\n _type := shr(216, memView) // shift out lower 24 bytes\n }\n }\n\n /**\n * @notice Optimized type comparison. Checks that the 5-byte type flag is equal.\n * @param left The first view\n * @param right The second view\n * @return bool - True if the 5-byte type flag is equal\n */\n function sameType(bytes29 left, bytes29 right) internal pure returns (bool) {\n return (left ^ right) \u003e\u003e (2 * TWELVE_BYTES) == 0;\n }\n\n /**\n * @notice Return the memory address of the underlying bytes.\n * @param memView The view\n * @return _loc - The memory address\n */\n function loc(bytes29 memView) internal pure returns (uint96 _loc) {\n uint256 _mask = LOW_12_MASK; // assembly can't use globals\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n // 120 bits = 12 bytes (the encoded loc) + 3 bytes (empty low space)\n _loc := and(shr(120, memView), _mask)\n }\n }\n\n /**\n * @notice The number of memory words this memory view occupies, rounded up.\n * @param memView The view\n * @return uint256 - The number of memory words\n */\n function words(bytes29 memView) internal pure returns (uint256) {\n return uint256(len(memView)).add(32) / 32;\n }\n\n /**\n * @notice The in-memory footprint of a fresh copy of the view.\n * @param memView The view\n * @return uint256 - The in-memory footprint of a fresh copy of the view.\n */\n function footprint(bytes29 memView) internal pure returns (uint256) {\n return words(memView) * 32;\n }\n\n /**\n * @notice The number of bytes of the view.\n * @param memView The view\n * @return _len - The length of the view\n */\n function len(bytes29 memView) internal pure returns (uint96 _len) {\n uint256 _mask = LOW_12_MASK; // assembly can't use globals\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n _len := and(shr(24, memView), _mask)\n }\n }\n\n /**\n * @notice Returns the endpoint of `memView`.\n * @param memView The view\n * @return uint256 - The endpoint of `memView`\n */\n function end(bytes29 memView) internal pure returns (uint256) {\n return loc(memView) + len(memView);\n }\n\n /**\n * @notice Safe slicing without memory modification.\n * @param memView The view\n * @param _index The start index\n * @param _len The length\n * @param newType The new type\n * @return bytes29 - The new view\n */\n function slice(bytes29 memView, uint256 _index, uint256 _len, uint40 newType) internal pure returns (bytes29) {\n uint256 _loc = loc(memView);\n\n // Ensure it doesn't overrun the view\n if (_loc.add(_index).add(_len) \u003e end(memView)) {\n return NULL;\n }\n\n _loc = _loc.add(_index);\n return build(newType, _loc, _len);\n }\n\n /**\n * @notice Shortcut to `slice`. Gets a view representing the first `_len` bytes.\n * @param memView The view\n * @param _len The length\n * @param newType The new type\n * @return bytes29 - The new view\n */\n function prefix(bytes29 memView, uint256 _len, uint40 newType) internal pure returns (bytes29) {\n return slice(memView, 0, _len, newType);\n }\n\n /**\n * @notice Shortcut to `slice`. Gets a view representing the last `_len` byte.\n * @param memView The view\n * @param _len The length\n * @param newType The new type\n * @return bytes29 - The new view\n */\n function postfix(bytes29 memView, uint256 _len, uint40 newType) internal pure returns (bytes29) {\n return slice(memView, uint256(len(memView)).sub(_len), _len, newType);\n }\n\n /**\n * @notice Construct an error message for an indexing overrun.\n * @param _loc The memory address\n * @param _len The length\n * @param _index The index\n * @param _slice The slice where the overrun occurred\n * @return err - The err\n */\n function indexErrOverrun(\n uint256 _loc,\n uint256 _len,\n uint256 _index,\n uint256 _slice\n ) internal pure returns (string memory err) {\n (, uint256 a) = encodeHex(_loc);\n (, uint256 b) = encodeHex(_len);\n (, uint256 c) = encodeHex(_index);\n (, uint256 d) = encodeHex(_slice);\n err = string(\n abi.encodePacked(\n \"TypedMemView/index - Overran the view. Slice is at 0x\",\n uint48(a),\n \" with length 0x\",\n uint48(b),\n \". Attempted to index at offset 0x\",\n uint48(c),\n \" with length 0x\",\n uint48(d),\n \".\"\n )\n );\n }\n\n /**\n * @notice Load up to 32 bytes from the view onto the stack.\n * @dev Returns a bytes32 with only the `_bytes` highest bytes set.\n * This can be immediately cast to a smaller fixed-length byte array.\n * To automatically cast to an integer, use `indexUint`.\n * @param memView The view\n * @param _index The index\n * @param _bytes The bytes\n * @return result - The 32 byte result\n */\n function index(bytes29 memView, uint256 _index, uint8 _bytes) internal pure returns (bytes32 result) {\n if (_bytes == 0) {return bytes32(0);}\n if (_index.add(_bytes) \u003e len(memView)) {\n revert(indexErrOverrun(loc(memView), len(memView), _index, uint256(_bytes)));\n }\n require(_bytes \u003c= 32, \"TypedMemView/index - Attempted to index more than 32 bytes\");\n\n uint8 bitLength = _bytes * 8;\n uint256 _loc = loc(memView);\n uint256 _mask = leftMask(bitLength);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n result := and(mload(add(_loc, _index)), _mask)\n }\n }\n\n /**\n * @notice Parse an unsigned integer from the view at `_index`.\n * @dev Requires that the view have \u003e= `_bytes` bytes following that index.\n * @param memView The view\n * @param _index The index\n * @param _bytes The bytes\n * @return result - The unsigned integer\n */\n function indexUint(bytes29 memView, uint256 _index, uint8 _bytes) internal pure returns (uint256 result) {\n return uint256(index(memView, _index, _bytes)) \u003e\u003e ((32 - _bytes) * 8);\n }\n\n /**\n * @notice Parse an unsigned integer from LE bytes.\n * @param memView The view\n * @param _index The index\n * @param _bytes The bytes\n * @return result - The unsigned integer\n */\n function indexLEUint(bytes29 memView, uint256 _index, uint8 _bytes) internal pure returns (uint256 result) {\n return reverseUint256(uint256(index(memView, _index, _bytes)));\n }\n\n /**\n * @notice Parse an address from the view at `_index`. Requires that the view have \u003e= 20 bytes\n * following that index.\n * @param memView The view\n * @param _index The index\n * @return address - The address\n */\n function indexAddress(bytes29 memView, uint256 _index) internal pure returns (address) {\n return address(uint160(indexUint(memView, _index, 20)));\n }\n\n /**\n * @notice Return the keccak256 hash of the underlying memory\n * @param memView The view\n * @return digest - The keccak256 hash of the underlying memory\n */\n function keccak(bytes29 memView) internal pure returns (bytes32 digest) {\n uint256 _loc = loc(memView);\n uint256 _len = len(memView);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n digest := keccak256(_loc, _len)\n }\n }\n\n /**\n * @notice Return the sha2 digest of the underlying memory.\n * @dev We explicitly deallocate memory afterwards.\n * @param memView The view\n * @return digest - The sha2 hash of the underlying memory\n */\n function sha2(bytes29 memView) internal view returns (bytes32 digest) {\n uint256 _loc = loc(memView);\n uint256 _len = len(memView);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n let ptr := mload(0x40)\n pop(staticcall(gas(), 2, _loc, _len, ptr, 0x20)) // sha2 #1\n digest := mload(ptr)\n }\n }\n\n /**\n * @notice Implements bitcoin's hash160 (rmd160(sha2()))\n * @param memView The pre-image\n * @return digest - the Digest\n */\n function hash160(bytes29 memView) internal view returns (bytes20 digest) {\n uint256 _loc = loc(memView);\n uint256 _len = len(memView);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n let ptr := mload(0x40)\n pop(staticcall(gas(), 2, _loc, _len, ptr, 0x20)) // sha2\n pop(staticcall(gas(), 3, ptr, 0x20, ptr, 0x20)) // rmd160\n digest := mload(add(ptr, 0xc)) // return value is 0-prefixed.\n }\n }\n\n /**\n * @notice Implements bitcoin's hash256 (double sha2)\n * @param memView A view of the preimage\n * @return digest - the Digest\n */\n function hash256(bytes29 memView) internal view returns (bytes32 digest) {\n uint256 _loc = loc(memView);\n uint256 _len = len(memView);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n let ptr := mload(0x40)\n pop(staticcall(gas(), 2, _loc, _len, ptr, 0x20)) // sha2 #1\n pop(staticcall(gas(), 2, ptr, 0x20, ptr, 0x20)) // sha2 #2\n digest := mload(ptr)\n }\n }\n\n /**\n * @notice Return true if the underlying memory is equal. Else false.\n * @param left The first view\n * @param right The second view\n * @return bool - True if the underlying memory is equal\n */\n function untypedEqual(bytes29 left, bytes29 right) internal pure returns (bool) {\n return (loc(left) == loc(right) \u0026\u0026 len(left) == len(right)) || keccak(left) == keccak(right);\n }\n\n /**\n * @notice Return false if the underlying memory is equal. Else true.\n * @param left The first view\n * @param right The second view\n * @return bool - False if the underlying memory is equal\n */\n function untypedNotEqual(bytes29 left, bytes29 right) internal pure returns (bool) {\n return !untypedEqual(left, right);\n }\n\n /**\n * @notice Compares type equality.\n * @dev Shortcuts if the pointers are identical, otherwise compares type and digest.\n * @param left The first view\n * @param right The second view\n * @return bool - True if the types are the same\n */\n function equal(bytes29 left, bytes29 right) internal pure returns (bool) {\n return left == right || (typeOf(left) == typeOf(right) \u0026\u0026 keccak(left) == keccak(right));\n }\n\n /**\n * @notice Compares type inequality.\n * @dev Shortcuts if the pointers are identical, otherwise compares type and digest.\n * @param left The first view\n * @param right The second view\n * @return bool - True if the types are not the same\n */\n function notEqual(bytes29 left, bytes29 right) internal pure returns (bool) {\n return !equal(left, right);\n }\n\n /**\n * @notice Copy the view to a location, return an unsafe memory reference\n * @dev Super Dangerous direct memory access.\n *\n * This reference can be overwritten if anything else modifies memory (!!!).\n * As such it MUST be consumed IMMEDIATELY.\n * This function is private to prevent unsafe usage by callers.\n * @param memView The view\n * @param _newLoc The new location\n * @return written - the unsafe memory reference\n */\n function unsafeCopyTo(bytes29 memView, uint256 _newLoc) private view returns (bytes29 written) {\n require(notNull(memView), \"TypedMemView/copyTo - Null pointer deref\");\n require(isValid(memView), \"TypedMemView/copyTo - Invalid pointer deref\");\n uint256 _len = len(memView);\n uint256 _oldLoc = loc(memView);\n\n uint256 ptr;\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n ptr := mload(0x40)\n // revert if we're writing in occupied memory\n if gt(ptr, _newLoc) {\n revert(0x60, 0x20) // empty revert message\n }\n\n // use the identity precompile to copy\n // guaranteed not to fail, so pop the success\n pop(staticcall(gas(), 4, _oldLoc, _len, _newLoc, _len))\n }\n\n written = unsafeBuildUnchecked(typeOf(memView), _newLoc, _len);\n }\n\n /**\n * @notice Copies the referenced memory to a new loc in memory, returning a `bytes` pointing to\n * the new memory\n * @dev Shortcuts if the pointers are identical, otherwise compares type and digest.\n * @param memView The view\n * @return ret - The view pointing to the new memory\n */\n function clone(bytes29 memView) internal view returns (bytes memory ret) {\n uint256 ptr;\n uint256 _len = len(memView);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n ptr := mload(0x40) // load unused memory pointer\n ret := ptr\n }\n unsafeCopyTo(memView, ptr + 0x20);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n mstore(0x40, add(add(ptr, _len), 0x20)) // write new unused pointer\n mstore(ptr, _len) // write len of new array (in bytes)\n }\n }\n\n /**\n * @notice Join the views in memory, return an unsafe reference to the memory.\n * @dev Super Dangerous direct memory access.\n *\n * This reference can be overwritten if anything else modifies memory (!!!).\n * As such it MUST be consumed IMMEDIATELY.\n * This function is private to prevent unsafe usage by callers.\n * @param memViews The views\n * @return unsafeView - The conjoined view pointing to the new memory\n */\n function unsafeJoin(bytes29[] memory memViews, uint256 _location) private view returns (bytes29 unsafeView) {\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n let ptr := mload(0x40)\n // revert if we're writing in occupied memory\n if gt(ptr, _location) {\n revert(0x60, 0x20) // empty revert message\n }\n }\n\n uint256 _offset = 0;\n for (uint256 i = 0; i \u003c memViews.length; i ++) {\n bytes29 memView = memViews[i];\n unsafeCopyTo(memView, _location + _offset);\n _offset += len(memView);\n }\n unsafeView = unsafeBuildUnchecked(0, _location, _offset);\n }\n\n /**\n * @notice Produce the keccak256 digest of the concatenated contents of multiple views.\n * @param memViews The views\n * @return bytes32 - The keccak256 digest\n */\n function joinKeccak(bytes29[] memory memViews) internal view returns (bytes32) {\n uint256 ptr;\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n ptr := mload(0x40) // load unused memory pointer\n }\n return keccak(unsafeJoin(memViews, ptr));\n }\n\n /**\n * @notice Produce the sha256 digest of the concatenated contents of multiple views.\n * @param memViews The views\n * @return bytes32 - The sha256 digest\n */\n function joinSha2(bytes29[] memory memViews) internal view returns (bytes32) {\n uint256 ptr;\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n ptr := mload(0x40) // load unused memory pointer\n }\n return sha2(unsafeJoin(memViews, ptr));\n }\n\n /**\n * @notice copies all views, joins them into a new bytearray.\n * @param memViews The views\n * @return ret - The new byte array\n */\n function join(bytes29[] memory memViews) internal view returns (bytes memory ret) {\n uint256 ptr;\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n ptr := mload(0x40) // load unused memory pointer\n }\n\n bytes29 _newView = unsafeJoin(memViews, ptr + 0x20);\n uint256 _written = len(_newView);\n uint256 _footprint = footprint(_newView);\n\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n // store the legnth\n mstore(ptr, _written)\n // new pointer is old + 0x20 + the footprint of the body\n mstore(0x40, add(add(ptr, _footprint), 0x20))\n ret := ptr\n }\n }\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * @title IRelayer\n * @notice Sends messages from source domain to destination domain\n */\ninterface IRelayer {\n /**\n * @notice Sends an outgoing message from the source domain.\n * @dev Increment nonce, format the message, and emit `MessageSent` event with message information.\n * @param destinationDomain Domain of destination chain\n * @param recipient Address of message recipient on destination domain as bytes32\n * @param messageBody Raw bytes content of message\n * @return nonce reserved by message\n */\n function sendMessage(\n uint32 destinationDomain,\n bytes32 recipient,\n bytes calldata messageBody\n ) external returns (uint64);\n\n /**\n * @notice Sends an outgoing message from the source domain, with a specified caller on the\n * destination domain.\n * @dev Increment nonce, format the message, and emit `MessageSent` event with message information.\n * WARNING: if the `destinationCaller` does not represent a valid address as bytes32, then it will not be possible\n * to broadcast the message on the destination domain. This is an advanced feature, and the standard\n * sendMessage() should be preferred for use cases where a specific destination caller is not required.\n * @param destinationDomain Domain of destination chain\n * @param recipient Address of message recipient on destination domain as bytes32\n * @param destinationCaller caller on the destination domain, as bytes32\n * @param messageBody Raw bytes content of message\n * @return nonce reserved by message\n */\n function sendMessageWithCaller(\n uint32 destinationDomain,\n bytes32 recipient,\n bytes32 destinationCaller,\n bytes calldata messageBody\n ) external returns (uint64);\n\n /**\n * @notice Replace a message with a new message body and/or destination caller.\n * @dev The `originalAttestation` must be a valid attestation of `originalMessage`.\n * @param originalMessage original message to replace\n * @param originalAttestation attestation of `originalMessage`\n * @param newMessageBody new message body of replaced message\n * @param newDestinationCaller the new destination caller\n */\n function replaceMessage(\n bytes calldata originalMessage,\n bytes calldata originalAttestation,\n bytes calldata newMessageBody,\n bytes32 newDestinationCaller\n ) external;\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * @title IReceiver\n * @notice Receives messages on destination chain and forwards them to IMessageDestinationHandler\n */\ninterface IReceiver {\n /**\n * @notice Receives an incoming message, validating the header and passing\n * the body to application-specific handler.\n * @param message The message raw bytes\n * @param signature The message signature\n * @return success bool, true if successful\n */\n function receiveMessage(bytes calldata message, bytes calldata signature)\n external\n returns (bool success);\n}\n\n/**\n * @title IMessageTransmitter\n * @notice Interface for message transmitters, which both relay and receive messages.\n */\ninterface IMessageTransmitter is IRelayer, IReceiver {\n\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * @title IMessageHandler\n * @notice Handles messages on destination domain forwarded from\n * an IReceiver\n */\ninterface IMessageHandler {\n /**\n * @notice handles an incoming message from a Receiver\n * @param sourceDomain the source domain of the message\n * @param sender the sender of the message\n * @param messageBody The message raw bytes\n * @return success bool, true if successful\n */\n function handleReceiveMessage(\n uint32 sourceDomain,\n bytes32 sender,\n bytes calldata messageBody\n ) external returns (bool);\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * @title Message Library\n * @notice Library for formatted messages used by Relayer and Receiver.\n *\n * @dev The message body is dynamically-sized to support custom message body\n * formats. Other fields must be fixed-size to avoid hash collisions.\n * Each other input value has an explicit type to guarantee fixed-size.\n * Padding: uintNN fields are left-padded, and bytesNN fields are right-padded.\n *\n * Field Bytes Type Index\n * version 4 uint32 0\n * sourceDomain 4 uint32 4\n * destinationDomain 4 uint32 8\n * nonce 8 uint64 12\n * sender 32 bytes32 20\n * recipient 32 bytes32 52\n * destinationCaller 32 bytes32 84\n * messageBody dynamic bytes 116\n *\n **/\nlibrary Message {\n using TypedMemView for bytes;\n using TypedMemView for bytes29;\n\n // Indices of each field in message\n uint8 private constant VERSION_INDEX = 0;\n uint8 private constant SOURCE_DOMAIN_INDEX = 4;\n uint8 private constant DESTINATION_DOMAIN_INDEX = 8;\n uint8 private constant NONCE_INDEX = 12;\n uint8 private constant SENDER_INDEX = 20;\n uint8 private constant RECIPIENT_INDEX = 52;\n uint8 private constant DESTINATION_CALLER_INDEX = 84;\n uint8 private constant MESSAGE_BODY_INDEX = 116;\n\n /**\n * @notice Returns formatted (packed) message with provided fields\n * @param _msgVersion the version of the message format\n * @param _msgSourceDomain Domain of home chain\n * @param _msgDestinationDomain Domain of destination chain\n * @param _msgNonce Destination-specific nonce\n * @param _msgSender Address of sender on source chain as bytes32\n * @param _msgRecipient Address of recipient on destination chain as bytes32\n * @param _msgDestinationCaller Address of caller on destination chain as bytes32\n * @param _msgRawBody Raw bytes of message body\n * @return Formatted message\n **/\n function _formatMessage(\n uint32 _msgVersion,\n uint32 _msgSourceDomain,\n uint32 _msgDestinationDomain,\n uint64 _msgNonce,\n bytes32 _msgSender,\n bytes32 _msgRecipient,\n bytes32 _msgDestinationCaller,\n bytes memory _msgRawBody\n ) internal pure returns (bytes memory) {\n return\n abi.encodePacked(\n _msgVersion,\n _msgSourceDomain,\n _msgDestinationDomain,\n _msgNonce,\n _msgSender,\n _msgRecipient,\n _msgDestinationCaller,\n _msgRawBody\n );\n }\n\n // @notice Returns _message's version field\n function _version(bytes29 _message) internal pure returns (uint32) {\n return uint32(_message.indexUint(VERSION_INDEX, 4));\n }\n\n // @notice Returns _message's sourceDomain field\n function _sourceDomain(bytes29 _message) internal pure returns (uint32) {\n return uint32(_message.indexUint(SOURCE_DOMAIN_INDEX, 4));\n }\n\n // @notice Returns _message's destinationDomain field\n function _destinationDomain(bytes29 _message)\n internal\n pure\n returns (uint32)\n {\n return uint32(_message.indexUint(DESTINATION_DOMAIN_INDEX, 4));\n }\n\n // @notice Returns _message's nonce field\n function _nonce(bytes29 _message) internal pure returns (uint64) {\n return uint64(_message.indexUint(NONCE_INDEX, 8));\n }\n\n // @notice Returns _message's sender field\n function _sender(bytes29 _message) internal pure returns (bytes32) {\n return _message.index(SENDER_INDEX, 32);\n }\n\n // @notice Returns _message's recipient field\n function _recipient(bytes29 _message) internal pure returns (bytes32) {\n return _message.index(RECIPIENT_INDEX, 32);\n }\n\n // @notice Returns _message's destinationCaller field\n function _destinationCaller(bytes29 _message)\n internal\n pure\n returns (bytes32)\n {\n return _message.index(DESTINATION_CALLER_INDEX, 32);\n }\n\n // @notice Returns _message's messageBody field\n function _messageBody(bytes29 _message) internal pure returns (bytes29) {\n return\n _message.slice(\n MESSAGE_BODY_INDEX,\n _message.len() - MESSAGE_BODY_INDEX,\n 0\n );\n }\n\n /**\n * @notice converts address to bytes32 (alignment preserving cast.)\n * @param addr the address to convert to bytes32\n */\n function addressToBytes32(address addr) external pure returns (bytes32) {\n return bytes32(uint256(uint160(addr)));\n }\n\n /**\n * @notice converts bytes32 to address (alignment preserving cast.)\n * @dev Warning: it is possible to have different input values _buf map to the same address.\n * For use cases where this is not acceptable, validate that the first 12 bytes of _buf are zero-padding.\n * @param _buf the bytes32 to convert to address\n */\n function bytes32ToAddress(bytes32 _buf) public pure returns (address) {\n return address(uint160(uint256(_buf)));\n }\n\n /**\n * @notice Reverts if message is malformed or incorrect length\n * @param _message The message as bytes29\n */\n function _validateMessageFormat(bytes29 _message) internal pure {\n require(_message.isValid(), \"Malformed message\");\n require(\n _message.len() \u003e= MESSAGE_BODY_INDEX,\n \"Invalid message: too short\"\n );\n }\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/*\n * @dev Provides information about the current execution context, including the\n * sender of the transaction and its data. While these are generally available\n * via msg.sender and msg.data, they should not be accessed in such a direct\n * manner, since when dealing with GSN meta-transactions the account sending and\n * paying for execution may not be the actual sender (as far as an application\n * is concerned).\n *\n * This contract is only required for intermediate, library-like contracts.\n */\nabstract contract Context {\n function _msgSender() internal view virtual returns (address payable) {\n return msg.sender;\n }\n\n function _msgData() internal view virtual returns (bytes memory) {\n this; // silence state mutability warning without generating bytecode - see https://github.com/ethereum/solidity/issues/2691\n return msg.data;\n }\n}\n\n/**\n * @dev forked from https://github.com/OpenZeppelin/openzeppelin-contracts/blob/7c5f6bc2c8743d83443fa46395d75f2f3f99054a/contracts/access/Ownable.sol\n * Modifications:\n * 1. Update Solidity version from 0.8.0 to 0.7.6 (11/9/2022). (v8 was used\n * as base because it includes internal _transferOwnership method.)\n * 2. Remove renounceOwnership function\n *\n * Description\n * Contract module which provides a basic access control mechanism, where\n * there is an account (an owner) that can be granted exclusive access to\n * specific functions.\n *\n * By default, the owner account will be the one that deploys the contract. This\n * can later be changed with {transferOwnership}.\n *\n * This module is used through inheritance. It will make available the modifier\n * `onlyOwner`, which can be applied to your functions to restrict their use to\n * the owner.\n */\nabstract contract Ownable is Context {\n address private _owner;\n\n event OwnershipTransferred(\n address indexed previousOwner,\n address indexed newOwner\n );\n\n /**\n * @dev Initializes the contract setting the deployer as the initial owner.\n */\n constructor() {\n _transferOwnership(_msgSender());\n }\n\n /**\n * @dev Throws if called by any account other than the owner.\n */\n modifier onlyOwner() {\n _checkOwner();\n _;\n }\n\n /**\n * @dev Returns the address of the current owner.\n */\n function owner() public view virtual returns (address) {\n return _owner;\n }\n\n /**\n * @dev Throws if the sender is not the owner.\n */\n function _checkOwner() internal view virtual {\n require(owner() == _msgSender(), \"Ownable: caller is not the owner\");\n }\n\n /**\n * @dev Transfers ownership of the contract to a new account (`newOwner`).\n * Can only be called by the current owner.\n */\n function transferOwnership(address newOwner) public virtual onlyOwner {\n require(\n newOwner != address(0),\n \"Ownable: new owner is the zero address\"\n );\n _transferOwnership(newOwner);\n }\n\n /**\n * @dev Transfers ownership of the contract to a new account (`newOwner`).\n * Internal function without access restriction.\n */\n function _transferOwnership(address newOwner) internal virtual {\n address oldOwner = _owner;\n _owner = newOwner;\n emit OwnershipTransferred(oldOwner, newOwner);\n }\n}\n\n/**\n * @dev forked from https://github.com/OpenZeppelin/openzeppelin-contracts/blob/7c5f6bc2c8743d83443fa46395d75f2f3f99054a/contracts/access/Ownable2Step.sol\n * Modifications:\n * 1. Update Solidity version from 0.8.0 to 0.7.6. Version 0.8.0 was used\n * as base because this contract was added to OZ repo after version 0.8.0.\n *\n * Contract module which provides access control mechanism, where\n * there is an account (an owner) that can be granted exclusive access to\n * specific functions.\n *\n * By default, the owner account will be the one that deploys the contract. This\n * can later be changed with {transferOwnership} and {acceptOwnership}.\n *\n * This module is used through inheritance. It will make available all functions\n * from parent (Ownable).\n */\nabstract contract Ownable2Step is Ownable {\n address private _pendingOwner;\n\n event OwnershipTransferStarted(\n address indexed previousOwner,\n address indexed newOwner\n );\n\n /**\n * @dev Returns the address of the pending owner.\n */\n function pendingOwner() public view virtual returns (address) {\n return _pendingOwner;\n }\n\n /**\n * @dev Starts the ownership transfer of the contract to a new account. Replaces the pending transfer if there is one.\n * Can only be called by the current owner.\n */\n function transferOwnership(address newOwner)\n public\n virtual\n override\n onlyOwner\n {\n _pendingOwner = newOwner;\n emit OwnershipTransferStarted(owner(), newOwner);\n }\n\n /**\n * @dev Transfers ownership of the contract to a new account (`newOwner`) and deletes any pending owner.\n * Internal function without access restriction.\n */\n function _transferOwnership(address newOwner) internal virtual override {\n delete _pendingOwner;\n super._transferOwnership(newOwner);\n }\n\n /**\n * @dev The new owner accepts the ownership transfer.\n */\n function acceptOwnership() external {\n address sender = _msgSender();\n require(\n pendingOwner() == sender,\n \"Ownable2Step: caller is not the new owner\"\n );\n _transferOwnership(sender);\n }\n}\n\n/**\n * @notice Base contract which allows children to implement an emergency stop\n * mechanism\n * @dev Forked from https://github.com/centrehq/centre-tokens/blob/0d3cab14ebd133a83fc834dbd48d0468bdf0b391/contracts/v1/Pausable.sol\n * Modifications:\n * 1. Update Solidity version from 0.6.12 to 0.7.6 (8/23/2022)\n * 2. Change pauser visibility to private, declare external getter (11/19/22)\n */\ncontract Pausable is Ownable2Step {\n event Pause();\n event Unpause();\n event PauserChanged(address indexed newAddress);\n\n address private _pauser;\n bool public paused = false;\n\n /**\n * @dev Modifier to make a function callable only when the contract is not paused.\n */\n modifier whenNotPaused() {\n require(!paused, \"Pausable: paused\");\n _;\n }\n\n /**\n * @dev throws if called by any account other than the pauser\n */\n modifier onlyPauser() {\n require(msg.sender == _pauser, \"Pausable: caller is not the pauser\");\n _;\n }\n\n /**\n * @notice Returns current pauser\n * @return Pauser's address\n */\n function pauser() external view returns (address) {\n return _pauser;\n }\n\n /**\n * @dev called by the owner to pause, triggers stopped state\n */\n function pause() external onlyPauser {\n paused = true;\n emit Pause();\n }\n\n /**\n * @dev called by the owner to unpause, returns to normal state\n */\n function unpause() external onlyPauser {\n paused = false;\n emit Unpause();\n }\n\n /**\n * @dev update the pauser role\n */\n function updatePauser(address _newPauser) external onlyOwner {\n require(\n _newPauser != address(0),\n \"Pausable: new pauser is the zero address\"\n );\n _pauser = _newPauser;\n emit PauserChanged(_pauser);\n }\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * @dev Interface of the ERC20 standard as defined in the EIP.\n */\ninterface IERC20 {\n /**\n * @dev Returns the amount of tokens in existence.\n */\n function totalSupply() external view returns (uint256);\n\n /**\n * @dev Returns the amount of tokens owned by `account`.\n */\n function balanceOf(address account) external view returns (uint256);\n\n /**\n * @dev Moves `amount` tokens from the caller's account to `recipient`.\n *\n * Returns a boolean value indicating whether the operation succeeded.\n *\n * Emits a {Transfer} event.\n */\n function transfer(address recipient, uint256 amount) external returns (bool);\n\n /**\n * @dev Returns the remaining number of tokens that `spender` will be\n * allowed to spend on behalf of `owner` through {transferFrom}. This is\n * zero by default.\n *\n * This value changes when {approve} or {transferFrom} are called.\n */\n function allowance(address owner, address spender) external view returns (uint256);\n\n /**\n * @dev Sets `amount` as the allowance of `spender` over the caller's tokens.\n *\n * Returns a boolean value indicating whether the operation succeeded.\n *\n * IMPORTANT: Beware that changing an allowance with this method brings the risk\n * that someone may use both the old and the new allowance by unfortunate\n * transaction ordering. One possible solution to mitigate this race\n * condition is to first reduce the spender's allowance to 0 and set the\n * desired value afterwards:\n * https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729\n *\n * Emits an {Approval} event.\n */\n function approve(address spender, uint256 amount) external returns (bool);\n\n /**\n * @dev Moves `amount` tokens from `sender` to `recipient` using the\n * allowance mechanism. `amount` is then deducted from the caller's\n * allowance.\n *\n * Returns a boolean value indicating whether the operation succeeded.\n *\n * Emits a {Transfer} event.\n */\n function transferFrom(address sender, address recipient, uint256 amount) external returns (bool);\n\n /**\n * @dev Emitted when `value` tokens are moved from one account (`from`) to\n * another (`to`).\n *\n * Note that `value` may be zero.\n */\n event Transfer(address indexed from, address indexed to, uint256 value);\n\n /**\n * @dev Emitted when the allowance of a `spender` for an `owner` is set by\n * a call to {approve}. `value` is the new allowance.\n */\n event Approval(address indexed owner, address indexed spender, uint256 value);\n}\n\n/**\n * @dev Wrappers over Solidity's arithmetic operations with added overflow\n * checks.\n *\n * Arithmetic operations in Solidity wrap on overflow. This can easily result\n * in bugs, because programmers usually assume that an overflow raises an\n * error, which is the standard behavior in high level programming languages.\n * `SafeMath` restores this intuition by reverting the transaction when an\n * operation overflows.\n *\n * Using this library instead of the unchecked operations eliminates an entire\n * class of bugs, so it's recommended to use it always.\n */\nlibrary SafeMath {\n /**\n * @dev Returns the addition of two unsigned integers, with an overflow flag.\n *\n * _Available since v3.4._\n */\n function tryAdd(uint256 a, uint256 b) internal pure returns (bool, uint256) {\n uint256 c = a + b;\n if (c \u003c a) return (false, 0);\n return (true, c);\n }\n\n /**\n * @dev Returns the substraction of two unsigned integers, with an overflow flag.\n *\n * _Available since v3.4._\n */\n function trySub(uint256 a, uint256 b) internal pure returns (bool, uint256) {\n if (b \u003e a) return (false, 0);\n return (true, a - b);\n }\n\n /**\n * @dev Returns the multiplication of two unsigned integers, with an overflow flag.\n *\n * _Available since v3.4._\n */\n function tryMul(uint256 a, uint256 b) internal pure returns (bool, uint256) {\n // Gas optimization: this is cheaper than requiring 'a' not being zero, but the\n // benefit is lost if 'b' is also tested.\n // See: https://github.com/OpenZeppelin/openzeppelin-contracts/pull/522\n if (a == 0) return (true, 0);\n uint256 c = a * b;\n if (c / a != b) return (false, 0);\n return (true, c);\n }\n\n /**\n * @dev Returns the division of two unsigned integers, with a division by zero flag.\n *\n * _Available since v3.4._\n */\n function tryDiv(uint256 a, uint256 b) internal pure returns (bool, uint256) {\n if (b == 0) return (false, 0);\n return (true, a / b);\n }\n\n /**\n * @dev Returns the remainder of dividing two unsigned integers, with a division by zero flag.\n *\n * _Available since v3.4._\n */\n function tryMod(uint256 a, uint256 b) internal pure returns (bool, uint256) {\n if (b == 0) return (false, 0);\n return (true, a % b);\n }\n\n /**\n * @dev Returns the addition of two unsigned integers, reverting on\n * overflow.\n *\n * Counterpart to Solidity's `+` operator.\n *\n * Requirements:\n *\n * - Addition cannot overflow.\n */\n function add(uint256 a, uint256 b) internal pure returns (uint256) {\n uint256 c = a + b;\n require(c \u003e= a, \"SafeMath: addition overflow\");\n return c;\n }\n\n /**\n * @dev Returns the subtraction of two unsigned integers, reverting on\n * overflow (when the result is negative).\n *\n * Counterpart to Solidity's `-` operator.\n *\n * Requirements:\n *\n * - Subtraction cannot overflow.\n */\n function sub(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b \u003c= a, \"SafeMath: subtraction overflow\");\n return a - b;\n }\n\n /**\n * @dev Returns the multiplication of two unsigned integers, reverting on\n * overflow.\n *\n * Counterpart to Solidity's `*` operator.\n *\n * Requirements:\n *\n * - Multiplication cannot overflow.\n */\n function mul(uint256 a, uint256 b) internal pure returns (uint256) {\n if (a == 0) return 0;\n uint256 c = a * b;\n require(c / a == b, \"SafeMath: multiplication overflow\");\n return c;\n }\n\n /**\n * @dev Returns the integer division of two unsigned integers, reverting on\n * division by zero. The result is rounded towards zero.\n *\n * Counterpart to Solidity's `/` operator. Note: this function uses a\n * `revert` opcode (which leaves remaining gas untouched) while Solidity\n * uses an invalid opcode to revert (consuming all remaining gas).\n *\n * Requirements:\n *\n * - The divisor cannot be zero.\n */\n function div(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b \u003e 0, \"SafeMath: division by zero\");\n return a / b;\n }\n\n /**\n * @dev Returns the remainder of dividing two unsigned integers. (unsigned integer modulo),\n * reverting when dividing by zero.\n *\n * Counterpart to Solidity's `%` operator. This function uses a `revert`\n * opcode (which leaves remaining gas untouched) while Solidity uses an\n * invalid opcode to revert (consuming all remaining gas).\n *\n * Requirements:\n *\n * - The divisor cannot be zero.\n */\n function mod(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b \u003e 0, \"SafeMath: modulo by zero\");\n return a % b;\n }\n\n /**\n * @dev Returns the subtraction of two unsigned integers, reverting with custom message on\n * overflow (when the result is negative).\n *\n * CAUTION: This function is deprecated because it requires allocating memory for the error\n * message unnecessarily. For custom revert reasons use {trySub}.\n *\n * Counterpart to Solidity's `-` operator.\n *\n * Requirements:\n *\n * - Subtraction cannot overflow.\n */\n function sub(uint256 a, uint256 b, string memory errorMessage) internal pure returns (uint256) {\n require(b \u003c= a, errorMessage);\n return a - b;\n }\n\n /**\n * @dev Returns the integer division of two unsigned integers, reverting with custom message on\n * division by zero. The result is rounded towards zero.\n *\n * CAUTION: This function is deprecated because it requires allocating memory for the error\n * message unnecessarily. For custom revert reasons use {tryDiv}.\n *\n * Counterpart to Solidity's `/` operator. Note: this function uses a\n * `revert` opcode (which leaves remaining gas untouched) while Solidity\n * uses an invalid opcode to revert (consuming all remaining gas).\n *\n * Requirements:\n *\n * - The divisor cannot be zero.\n */\n function div(uint256 a, uint256 b, string memory errorMessage) internal pure returns (uint256) {\n require(b \u003e 0, errorMessage);\n return a / b;\n }\n\n /**\n * @dev Returns the remainder of dividing two unsigned integers. (unsigned integer modulo),\n * reverting with custom message when dividing by zero.\n *\n * CAUTION: This function is deprecated because it requires allocating memory for the error\n * message unnecessarily. For custom revert reasons use {tryMod}.\n *\n * Counterpart to Solidity's `%` operator. This function uses a `revert`\n * opcode (which leaves remaining gas untouched) while Solidity uses an\n * invalid opcode to revert (consuming all remaining gas).\n *\n * Requirements:\n *\n * - The divisor cannot be zero.\n */\n function mod(uint256 a, uint256 b, string memory errorMessage) internal pure returns (uint256) {\n require(b \u003e 0, errorMessage);\n return a % b;\n }\n}\n\n/**\n * @dev Collection of functions related to the address type\n */\nlibrary Address {\n /**\n * @dev Returns true if `account` is a contract.\n *\n * [IMPORTANT]\n * ====\n * It is unsafe to assume that an address for which this function returns\n * false is an externally-owned account (EOA) and not a contract.\n *\n * Among others, `isContract` will return false for the following\n * types of addresses:\n *\n * - an externally-owned account\n * - a contract in construction\n * - an address where a contract will be created\n * - an address where a contract lived, but was destroyed\n * ====\n */\n function isContract(address account) internal view returns (bool) {\n // This method relies on extcodesize, which returns 0 for contracts in\n // construction, since the code is only stored at the end of the\n // constructor execution.\n\n uint256 size;\n // solhint-disable-next-line no-inline-assembly\n assembly { size := extcodesize(account) }\n return size \u003e 0;\n }\n\n /**\n * @dev Replacement for Solidity's `transfer`: sends `amount` wei to\n * `recipient`, forwarding all available gas and reverting on errors.\n *\n * https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost\n * of certain opcodes, possibly making contracts go over the 2300 gas limit\n * imposed by `transfer`, making them unable to receive funds via\n * `transfer`. {sendValue} removes this limitation.\n *\n * https://diligence.consensys.net/posts/2019/09/stop-using-soliditys-transfer-now/[Learn more].\n *\n * IMPORTANT: because control is transferred to `recipient`, care must be\n * taken to not create reentrancy vulnerabilities. Consider using\n * {ReentrancyGuard} or the\n * https://solidity.readthedocs.io/en/v0.5.11/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern].\n */\n function sendValue(address payable recipient, uint256 amount) internal {\n require(address(this).balance \u003e= amount, \"Address: insufficient balance\");\n\n // solhint-disable-next-line avoid-low-level-calls, avoid-call-value\n (bool success, ) = recipient.call{ value: amount }(\"\");\n require(success, \"Address: unable to send value, recipient may have reverted\");\n }\n\n /**\n * @dev Performs a Solidity function call using a low level `call`. A\n * plain`call` is an unsafe replacement for a function call: use this\n * function instead.\n *\n * If `target` reverts with a revert reason, it is bubbled up by this\n * function (like regular Solidity function calls).\n *\n * Returns the raw returned data. To convert to the expected return value,\n * use https://solidity.readthedocs.io/en/latest/units-and-global-variables.html?highlight=abi.decode#abi-encoding-and-decoding-functions[`abi.decode`].\n *\n * Requirements:\n *\n * - `target` must be a contract.\n * - calling `target` with `data` must not revert.\n *\n * _Available since v3.1._\n */\n function functionCall(address target, bytes memory data) internal returns (bytes memory) {\n return functionCall(target, data, \"Address: low-level call failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], but with\n * `errorMessage` as a fallback revert reason when `target` reverts.\n *\n * _Available since v3.1._\n */\n function functionCall(address target, bytes memory data, string memory errorMessage) internal returns (bytes memory) {\n return functionCallWithValue(target, data, 0, errorMessage);\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\n * but also transferring `value` wei to `target`.\n *\n * Requirements:\n *\n * - the calling contract must have an ETH balance of at least `value`.\n * - the called Solidity function must be `payable`.\n *\n * _Available since v3.1._\n */\n function functionCallWithValue(address target, bytes memory data, uint256 value) internal returns (bytes memory) {\n return functionCallWithValue(target, data, value, \"Address: low-level call with value failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCallWithValue-address-bytes-uint256-}[`functionCallWithValue`], but\n * with `errorMessage` as a fallback revert reason when `target` reverts.\n *\n * _Available since v3.1._\n */\n function functionCallWithValue(address target, bytes memory data, uint256 value, string memory errorMessage) internal returns (bytes memory) {\n require(address(this).balance \u003e= value, \"Address: insufficient balance for call\");\n require(isContract(target), \"Address: call to non-contract\");\n\n // solhint-disable-next-line avoid-low-level-calls\n (bool success, bytes memory returndata) = target.call{ value: value }(data);\n return _verifyCallResult(success, returndata, errorMessage);\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\n * but performing a static call.\n *\n * _Available since v3.3._\n */\n function functionStaticCall(address target, bytes memory data) internal view returns (bytes memory) {\n return functionStaticCall(target, data, \"Address: low-level static call failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],\n * but performing a static call.\n *\n * _Available since v3.3._\n */\n function functionStaticCall(address target, bytes memory data, string memory errorMessage) internal view returns (bytes memory) {\n require(isContract(target), \"Address: static call to non-contract\");\n\n // solhint-disable-next-line avoid-low-level-calls\n (bool success, bytes memory returndata) = target.staticcall(data);\n return _verifyCallResult(success, returndata, errorMessage);\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\n * but performing a delegate call.\n *\n * _Available since v3.4._\n */\n function functionDelegateCall(address target, bytes memory data) internal returns (bytes memory) {\n return functionDelegateCall(target, data, \"Address: low-level delegate call failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],\n * but performing a delegate call.\n *\n * _Available since v3.4._\n */\n function functionDelegateCall(address target, bytes memory data, string memory errorMessage) internal returns (bytes memory) {\n require(isContract(target), \"Address: delegate call to non-contract\");\n\n // solhint-disable-next-line avoid-low-level-calls\n (bool success, bytes memory returndata) = target.delegatecall(data);\n return _verifyCallResult(success, returndata, errorMessage);\n }\n\n function _verifyCallResult(bool success, bytes memory returndata, string memory errorMessage) private pure returns(bytes memory) {\n if (success) {\n return returndata;\n } else {\n // Look for revert reason and bubble it up if present\n if (returndata.length \u003e 0) {\n // The easiest way to bubble the revert reason is using memory via assembly\n\n // solhint-disable-next-line no-inline-assembly\n assembly {\n let returndata_size := mload(returndata)\n revert(add(32, returndata), returndata_size)\n }\n } else {\n revert(errorMessage);\n }\n }\n }\n}\n\n/**\n * @title SafeERC20\n * @dev Wrappers around ERC20 operations that throw on failure (when the token\n * contract returns false). Tokens that return no value (and instead revert or\n * throw on failure) are also supported, non-reverting calls are assumed to be\n * successful.\n * To use this library you can add a `using SafeERC20 for IERC20;` statement to your contract,\n * which allows you to call the safe operations as `token.safeTransfer(...)`, etc.\n */\nlibrary SafeERC20 {\n using SafeMath for uint256;\n using Address for address;\n\n function safeTransfer(IERC20 token, address to, uint256 value) internal {\n _callOptionalReturn(token, abi.encodeWithSelector(token.transfer.selector, to, value));\n }\n\n function safeTransferFrom(IERC20 token, address from, address to, uint256 value) internal {\n _callOptionalReturn(token, abi.encodeWithSelector(token.transferFrom.selector, from, to, value));\n }\n\n /**\n * @dev Deprecated. This function has issues similar to the ones found in\n * {IERC20-approve}, and its usage is discouraged.\n *\n * Whenever possible, use {safeIncreaseAllowance} and\n * {safeDecreaseAllowance} instead.\n */\n function safeApprove(IERC20 token, address spender, uint256 value) internal {\n // safeApprove should only be called when setting an initial allowance,\n // or when resetting it to zero. To increase and decrease it, use\n // 'safeIncreaseAllowance' and 'safeDecreaseAllowance'\n // solhint-disable-next-line max-line-length\n require((value == 0) || (token.allowance(address(this), spender) == 0),\n \"SafeERC20: approve from non-zero to non-zero allowance\"\n );\n _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, value));\n }\n\n function safeIncreaseAllowance(IERC20 token, address spender, uint256 value) internal {\n uint256 newAllowance = token.allowance(address(this), spender).add(value);\n _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, newAllowance));\n }\n\n function safeDecreaseAllowance(IERC20 token, address spender, uint256 value) internal {\n uint256 newAllowance = token.allowance(address(this), spender).sub(value, \"SafeERC20: decreased allowance below zero\");\n _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, newAllowance));\n }\n\n /**\n * @dev Imitates a Solidity high-level call (i.e. a regular function call to a contract), relaxing the requirement\n * on the return value: the return value is optional (but if data is returned, it must not be false).\n * @param token The token targeted by the call.\n * @param data The call data (encoded using abi.encode or one of its variants).\n */\n function _callOptionalReturn(IERC20 token, bytes memory data) private {\n // We need to perform a low level call here, to bypass Solidity's return data size checking mechanism, since\n // we're implementing it ourselves. We use {Address.functionCall} to perform this call, which verifies that\n // the target address contains contract code and also asserts for success in the low-level call.\n\n bytes memory returndata = address(token).functionCall(data, \"SafeERC20: low-level call failed\");\n if (returndata.length \u003e 0) { // Return data is optional\n // solhint-disable-next-line max-line-length\n require(abi.decode(returndata, (bool)), \"SafeERC20: ERC20 operation did not succeed\");\n }\n }\n}\n\n/**\n * @notice Base contract which allows children to rescue ERC20 locked in their contract.\n * @dev Forked from https://github.com/centrehq/centre-tokens/blob/0d3cab14ebd133a83fc834dbd48d0468bdf0b391/contracts/v1.1/Rescuable.sol\n * Modifications:\n * 1. Update Solidity version from 0.6.12 to 0.7.6 (8/23/2022)\n */\ncontract Rescuable is Ownable2Step {\n using SafeERC20 for IERC20;\n\n address private _rescuer;\n\n event RescuerChanged(address indexed newRescuer);\n\n /**\n * @notice Returns current rescuer\n * @return Rescuer's address\n */\n function rescuer() external view returns (address) {\n return _rescuer;\n }\n\n /**\n * @notice Revert if called by any account other than the rescuer.\n */\n modifier onlyRescuer() {\n require(msg.sender == _rescuer, \"Rescuable: caller is not the rescuer\");\n _;\n }\n\n /**\n * @notice Rescue ERC20 tokens locked up in this contract.\n * @param tokenContract ERC20 token contract address\n * @param to Recipient address\n * @param amount Amount to withdraw\n */\n function rescueERC20(\n IERC20 tokenContract,\n address to,\n uint256 amount\n ) external onlyRescuer {\n tokenContract.safeTransfer(to, amount);\n }\n\n /**\n * @notice Assign the rescuer role to a given address.\n * @param newRescuer New rescuer's address\n */\n function updateRescuer(address newRescuer) external onlyOwner {\n require(\n newRescuer != address(0),\n \"Rescuable: new rescuer is the zero address\"\n );\n _rescuer = newRescuer;\n emit RescuerChanged(newRescuer);\n }\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * @dev Library for managing\n * https://en.wikipedia.org/wiki/Set_(abstract_data_type)[sets] of primitive\n * types.\n *\n * Sets have the following properties:\n *\n * - Elements are added, removed, and checked for existence in constant time\n * (O(1)).\n * - Elements are enumerated in O(n). No guarantees are made on the ordering.\n *\n * ```\n * contract Example {\n * // Add the library methods\n * using EnumerableSet for EnumerableSet.AddressSet;\n *\n * // Declare a set state variable\n * EnumerableSet.AddressSet private mySet;\n * }\n * ```\n *\n * As of v3.3.0, sets of type `bytes32` (`Bytes32Set`), `address` (`AddressSet`)\n * and `uint256` (`UintSet`) are supported.\n */\nlibrary EnumerableSet {\n // To implement this library for multiple types with as little code\n // repetition as possible, we write it in terms of a generic Set type with\n // bytes32 values.\n // The Set implementation uses private functions, and user-facing\n // implementations (such as AddressSet) are just wrappers around the\n // underlying Set.\n // This means that we can only create new EnumerableSets for types that fit\n // in bytes32.\n\n struct Set {\n // Storage of set values\n bytes32[] _values;\n\n // Position of the value in the `values` array, plus 1 because index 0\n // means a value is not in the set.\n mapping (bytes32 =\u003e uint256) _indexes;\n }\n\n /**\n * @dev Add a value to a set. O(1).\n *\n * Returns true if the value was added to the set, that is if it was not\n * already present.\n */\n function _add(Set storage set, bytes32 value) private returns (bool) {\n if (!_contains(set, value)) {\n set._values.push(value);\n // The value is stored at length-1, but we add 1 to all indexes\n // and use 0 as a sentinel value\n set._indexes[value] = set._values.length;\n return true;\n } else {\n return false;\n }\n }\n\n /**\n * @dev Removes a value from a set. O(1).\n *\n * Returns true if the value was removed from the set, that is if it was\n * present.\n */\n function _remove(Set storage set, bytes32 value) private returns (bool) {\n // We read and store the value's index to prevent multiple reads from the same storage slot\n uint256 valueIndex = set._indexes[value];\n\n if (valueIndex != 0) { // Equivalent to contains(set, value)\n // To delete an element from the _values array in O(1), we swap the element to delete with the last one in\n // the array, and then remove the last element (sometimes called as 'swap and pop').\n // This modifies the order of the array, as noted in {at}.\n\n uint256 toDeleteIndex = valueIndex - 1;\n uint256 lastIndex = set._values.length - 1;\n\n // When the value to delete is the last one, the swap operation is unnecessary. However, since this occurs\n // so rarely, we still do the swap anyway to avoid the gas cost of adding an 'if' statement.\n\n bytes32 lastvalue = set._values[lastIndex];\n\n // Move the last value to the index where the value to delete is\n set._values[toDeleteIndex] = lastvalue;\n // Update the index for the moved value\n set._indexes[lastvalue] = toDeleteIndex + 1; // All indexes are 1-based\n\n // Delete the slot where the moved value was stored\n set._values.pop();\n\n // Delete the index for the deleted slot\n delete set._indexes[value];\n\n return true;\n } else {\n return false;\n }\n }\n\n /**\n * @dev Returns true if the value is in the set. O(1).\n */\n function _contains(Set storage set, bytes32 value) private view returns (bool) {\n return set._indexes[value] != 0;\n }\n\n /**\n * @dev Returns the number of values on the set. O(1).\n */\n function _length(Set storage set) private view returns (uint256) {\n return set._values.length;\n }\n\n /**\n * @dev Returns the value stored at position `index` in the set. O(1).\n *\n * Note that there are no guarantees on the ordering of values inside the\n * array, and it may change when more values are added or removed.\n *\n * Requirements:\n *\n * - `index` must be strictly less than {length}.\n */\n function _at(Set storage set, uint256 index) private view returns (bytes32) {\n require(set._values.length \u003e index, \"EnumerableSet: index out of bounds\");\n return set._values[index];\n }\n\n // Bytes32Set\n\n struct Bytes32Set {\n Set _inner;\n }\n\n /**\n * @dev Add a value to a set. O(1).\n *\n * Returns true if the value was added to the set, that is if it was not\n * already present.\n */\n function add(Bytes32Set storage set, bytes32 value) internal returns (bool) {\n return _add(set._inner, value);\n }\n\n /**\n * @dev Removes a value from a set. O(1).\n *\n * Returns true if the value was removed from the set, that is if it was\n * present.\n */\n function remove(Bytes32Set storage set, bytes32 value) internal returns (bool) {\n return _remove(set._inner, value);\n }\n\n /**\n * @dev Returns true if the value is in the set. O(1).\n */\n function contains(Bytes32Set storage set, bytes32 value) internal view returns (bool) {\n return _contains(set._inner, value);\n }\n\n /**\n * @dev Returns the number of values in the set. O(1).\n */\n function length(Bytes32Set storage set) internal view returns (uint256) {\n return _length(set._inner);\n }\n\n /**\n * @dev Returns the value stored at position `index` in the set. O(1).\n *\n * Note that there are no guarantees on the ordering of values inside the\n * array, and it may change when more values are added or removed.\n *\n * Requirements:\n *\n * - `index` must be strictly less than {length}.\n */\n function at(Bytes32Set storage set, uint256 index) internal view returns (bytes32) {\n return _at(set._inner, index);\n }\n\n // AddressSet\n\n struct AddressSet {\n Set _inner;\n }\n\n /**\n * @dev Add a value to a set. O(1).\n *\n * Returns true if the value was added to the set, that is if it was not\n * already present.\n */\n function add(AddressSet storage set, address value) internal returns (bool) {\n return _add(set._inner, bytes32(uint256(uint160(value))));\n }\n\n /**\n * @dev Removes a value from a set. O(1).\n *\n * Returns true if the value was removed from the set, that is if it was\n * present.\n */\n function remove(AddressSet storage set, address value) internal returns (bool) {\n return _remove(set._inner, bytes32(uint256(uint160(value))));\n }\n\n /**\n * @dev Returns true if the value is in the set. O(1).\n */\n function contains(AddressSet storage set, address value) internal view returns (bool) {\n return _contains(set._inner, bytes32(uint256(uint160(value))));\n }\n\n /**\n * @dev Returns the number of values in the set. O(1).\n */\n function length(AddressSet storage set) internal view returns (uint256) {\n return _length(set._inner);\n }\n\n /**\n * @dev Returns the value stored at position `index` in the set. O(1).\n *\n * Note that there are no guarantees on the ordering of values inside the\n * array, and it may change when more values are added or removed.\n *\n * Requirements:\n *\n * - `index` must be strictly less than {length}.\n */\n function at(AddressSet storage set, uint256 index) internal view returns (address) {\n return address(uint160(uint256(_at(set._inner, index))));\n }\n\n // UintSet\n\n struct UintSet {\n Set _inner;\n }\n\n /**\n * @dev Add a value to a set. O(1).\n *\n * Returns true if the value was added to the set, that is if it was not\n * already present.\n */\n function add(UintSet storage set, uint256 value) internal returns (bool) {\n return _add(set._inner, bytes32(value));\n }\n\n /**\n * @dev Removes a value from a set. O(1).\n *\n * Returns true if the value was removed from the set, that is if it was\n * present.\n */\n function remove(UintSet storage set, uint256 value) internal returns (bool) {\n return _remove(set._inner, bytes32(value));\n }\n\n /**\n * @dev Returns true if the value is in the set. O(1).\n */\n function contains(UintSet storage set, uint256 value) internal view returns (bool) {\n return _contains(set._inner, bytes32(value));\n }\n\n /**\n * @dev Returns the number of values on the set. O(1).\n */\n function length(UintSet storage set) internal view returns (uint256) {\n return _length(set._inner);\n }\n\n /**\n * @dev Returns the value stored at position `index` in the set. O(1).\n *\n * Note that there are no guarantees on the ordering of values inside the\n * array, and it may change when more values are added or removed.\n *\n * Requirements:\n *\n * - `index` must be strictly less than {length}.\n */\n function at(UintSet storage set, uint256 index) internal view returns (uint256) {\n return uint256(_at(set._inner, index));\n }\n}\n\n/**\n * @dev Elliptic Curve Digital Signature Algorithm (ECDSA) operations.\n *\n * These functions can be used to verify that a message was signed by the holder\n * of the private keys of a given address.\n */\nlibrary ECDSA {\n /**\n * @dev Returns the address that signed a hashed message (`hash`) with\n * `signature`. This address can then be used for verification purposes.\n *\n * The `ecrecover` EVM opcode allows for malleable (non-unique) signatures:\n * this function rejects them by requiring the `s` value to be in the lower\n * half order, and the `v` value to be either 27 or 28.\n *\n * IMPORTANT: `hash` _must_ be the result of a hash operation for the\n * verification to be secure: it is possible to craft signatures that\n * recover to arbitrary addresses for non-hashed data. A safe way to ensure\n * this is by receiving a hash of the original message (which may otherwise\n * be too long), and then calling {toEthSignedMessageHash} on it.\n */\n function recover(bytes32 hash, bytes memory signature) internal pure returns (address) {\n // Check the signature length\n if (signature.length != 65) {\n revert(\"ECDSA: invalid signature length\");\n }\n\n // Divide the signature in r, s and v variables\n bytes32 r;\n bytes32 s;\n uint8 v;\n\n // ecrecover takes the signature parameters, and the only way to get them\n // currently is to use assembly.\n // solhint-disable-next-line no-inline-assembly\n assembly {\n r := mload(add(signature, 0x20))\n s := mload(add(signature, 0x40))\n v := byte(0, mload(add(signature, 0x60)))\n }\n\n return recover(hash, v, r, s);\n }\n\n /**\n * @dev Overload of {ECDSA-recover-bytes32-bytes-} that receives the `v`,\n * `r` and `s` signature fields separately.\n */\n function recover(bytes32 hash, uint8 v, bytes32 r, bytes32 s) internal pure returns (address) {\n // EIP-2 still allows signature malleability for ecrecover(). Remove this possibility and make the signature\n // unique. Appendix F in the Ethereum Yellow paper (https://ethereum.github.io/yellowpaper/paper.pdf), defines\n // the valid range for s in (281): 0 \u003c s \u003c secp256k1n ÷ 2 + 1, and for v in (282): v ∈ {27, 28}. Most\n // signatures from current libraries generate a unique signature with an s-value in the lower half order.\n //\n // If your library generates malleable signatures, such as s-values in the upper range, calculate a new s-value\n // with 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141 - s1 and flip v from 27 to 28 or\n // vice versa. If your library also generates signatures with 0/1 for v instead 27/28, add 27 to v to accept\n // these malleable signatures as well.\n require(uint256(s) \u003c= 0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0, \"ECDSA: invalid signature 's' value\");\n require(v == 27 || v == 28, \"ECDSA: invalid signature 'v' value\");\n\n // If the signature is valid (and not malleable), return the signer address\n address signer = ecrecover(hash, v, r, s);\n require(signer != address(0), \"ECDSA: invalid signature\");\n\n return signer;\n }\n\n /**\n * @dev Returns an Ethereum Signed Message, created from a `hash`. This\n * replicates the behavior of the\n * https://github.com/ethereum/wiki/wiki/JSON-RPC#eth_sign[`eth_sign`]\n * JSON-RPC method.\n *\n * See {recover}.\n */\n function toEthSignedMessageHash(bytes32 hash) internal pure returns (bytes32) {\n // 32 is the length in bytes of hash,\n // enforced by the type signature above\n return keccak256(abi.encodePacked(\"\\x19Ethereum Signed Message:\\n32\", hash));\n }\n}\n\ncontract Attestable is Ownable2Step {\n // ============ Events ============\n /**\n * @notice Emitted when an attester is enabled\n * @param attester newly enabled attester\n */\n event AttesterEnabled(address indexed attester);\n\n /**\n * @notice Emitted when an attester is disabled\n * @param attester newly disabled attester\n */\n event AttesterDisabled(address indexed attester);\n\n /**\n * @notice Emitted when threshold number of attestations (m in m/n multisig) is updated\n * @param oldSignatureThreshold old signature threshold\n * @param newSignatureThreshold new signature threshold\n */\n event SignatureThresholdUpdated(\n uint256 oldSignatureThreshold,\n uint256 newSignatureThreshold\n );\n\n /**\n * @dev Emitted when attester manager address is updated\n * @param previousAttesterManager representing the address of the previous attester manager\n * @param newAttesterManager representing the address of the new attester manager\n */\n event AttesterManagerUpdated(\n address indexed previousAttesterManager,\n address indexed newAttesterManager\n );\n\n // ============ Libraries ============\n using EnumerableSet for EnumerableSet.AddressSet;\n\n // ============ State Variables ============\n // number of signatures from distinct attesters required for a message to be received (m in m/n multisig)\n uint256 public signatureThreshold;\n\n // 65-byte ECDSA signature: v (32) + r (32) + s (1)\n uint256 internal constant signatureLength = 65;\n\n // enabled attesters (message signers)\n // (length of enabledAttesters is n in m/n multisig of message signers)\n EnumerableSet.AddressSet private enabledAttesters;\n\n // Attester Manager of the contract\n address private _attesterManager;\n\n // ============ Modifiers ============\n /**\n * @dev Throws if called by any account other than the attester manager.\n */\n modifier onlyAttesterManager() {\n require(msg.sender == _attesterManager, \"Caller not attester manager\");\n _;\n }\n\n // ============ Constructor ============\n /**\n * @dev The constructor sets the original attester manager of the contract to the sender account.\n * @param attester attester to initialize\n */\n constructor(address attester) {\n _setAttesterManager(msg.sender);\n // Initially 1 signature is required. Threshold can be increased by attesterManager.\n signatureThreshold = 1;\n enableAttester(attester);\n }\n\n // ============ Public/External Functions ============\n /**\n * @notice Enables an attester\n * @dev Only callable by attesterManager. New attester must be nonzero, and currently disabled.\n * @param newAttester attester to enable\n */\n function enableAttester(address newAttester) public onlyAttesterManager {\n require(newAttester != address(0), \"New attester must be nonzero\");\n require(enabledAttesters.add(newAttester), \"Attester already enabled\");\n emit AttesterEnabled(newAttester);\n }\n\n /**\n * @notice returns true if given `attester` is enabled, else false\n * @param attester attester to check enabled status of\n * @return true if given `attester` is enabled, else false\n */\n function isEnabledAttester(address attester) public view returns (bool) {\n return enabledAttesters.contains(attester);\n }\n\n /**\n * @notice returns the number of enabled attesters\n * @return number of enabled attesters\n */\n function getNumEnabledAttesters() public view returns (uint256) {\n return enabledAttesters.length();\n }\n\n /**\n * @dev Allows the current attester manager to transfer control of the contract to a newAttesterManager.\n * @param newAttesterManager The address to update attester manager to.\n */\n function updateAttesterManager(address newAttesterManager)\n external\n onlyOwner\n {\n require(\n newAttesterManager != address(0),\n \"Invalid attester manager address\"\n );\n address _oldAttesterManager = _attesterManager;\n _setAttesterManager(newAttesterManager);\n emit AttesterManagerUpdated(_oldAttesterManager, newAttesterManager);\n }\n\n /**\n * @notice Disables an attester\n * @dev Only callable by attesterManager. Disabling the attester is not allowed if there is only one attester\n * enabled, or if it would cause the number of enabled attesters to become less than signatureThreshold.\n * (Attester must be currently enabled.)\n * @param attester attester to disable\n */\n function disableAttester(address attester) external onlyAttesterManager {\n // Disallow disabling attester if there is only 1 active attester\n uint256 _numEnabledAttesters = getNumEnabledAttesters();\n\n require(_numEnabledAttesters \u003e 1, \"Too few enabled attesters\");\n\n // Disallow disabling an attester if it would cause the n in m/n multisig to fall below m (threshold # of signers).\n require(\n _numEnabledAttesters \u003e signatureThreshold,\n \"Signature threshold is too low\"\n );\n\n require(enabledAttesters.remove(attester), \"Attester already disabled\");\n emit AttesterDisabled(attester);\n }\n\n /**\n * @notice Sets the threshold of signatures required to attest to a message.\n * (This is the m in m/n multisig.)\n * @dev new signature threshold must be nonzero, and must not exceed number\n * of enabled attesters.\n * @param newSignatureThreshold new signature threshold\n */\n function setSignatureThreshold(uint256 newSignatureThreshold)\n external\n onlyAttesterManager\n {\n require(newSignatureThreshold != 0, \"Invalid signature threshold\");\n\n // New signature threshold cannot exceed the number of enabled attesters\n require(\n newSignatureThreshold \u003c= enabledAttesters.length(),\n \"New signature threshold too high\"\n );\n\n require(\n newSignatureThreshold != signatureThreshold,\n \"Signature threshold already set\"\n );\n\n uint256 _oldSignatureThreshold = signatureThreshold;\n signatureThreshold = newSignatureThreshold;\n emit SignatureThresholdUpdated(\n _oldSignatureThreshold,\n signatureThreshold\n );\n }\n\n /**\n * @dev Returns the address of the attester manager\n * @return address of the attester manager\n */\n function attesterManager() external view returns (address) {\n return _attesterManager;\n }\n\n /**\n * @notice gets enabled attester at given `index`\n * @param index index of attester to check\n * @return enabled attester at given `index`\n */\n function getEnabledAttester(uint256 index) external view returns (address) {\n return enabledAttesters.at(index);\n }\n\n // ============ Internal Utils ============\n /**\n * @dev Sets a new attester manager address\n * @param _newAttesterManager attester manager address to set\n */\n function _setAttesterManager(address _newAttesterManager) internal {\n _attesterManager = _newAttesterManager;\n }\n\n /**\n * @notice reverts if the attestation, which is comprised of one or more concatenated 65-byte signatures, is invalid.\n * @dev Rules for valid attestation:\n * 1. length of `_attestation` == 65 (signature length) * signatureThreshold\n * 2. addresses recovered from attestation must be in increasing order.\n * For example, if signature A is signed by address 0x1..., and signature B\n * is signed by address 0x2..., attestation must be passed as AB.\n * 3. no duplicate signers\n * 4. all signers must be enabled attesters\n *\n * Based on Christian Lundkvist's Simple Multisig\n * (https://github.com/christianlundkvist/simple-multisig/tree/560c463c8651e0a4da331bd8f245ccd2a48ab63d)\n * @param _message message to verify attestation of\n * @param _attestation attestation of `_message`\n */\n function _verifyAttestationSignatures(\n bytes calldata _message,\n bytes calldata _attestation\n ) internal view {\n require(\n _attestation.length == signatureLength * signatureThreshold,\n \"Invalid attestation length\"\n );\n\n // (Attesters cannot be address(0))\n address _latestAttesterAddress = address(0);\n // Address recovered from signatures must be in increasing order, to prevent duplicates\n\n bytes32 _digest = keccak256(_message);\n\n for (uint256 i; i \u003c signatureThreshold; ++i) {\n bytes memory _signature = _attestation[i * signatureLength:i *\n signatureLength +\n signatureLength];\n\n address _recoveredAttester = _recoverAttesterSignature(\n _digest,\n _signature\n );\n\n // Signatures must be in increasing order of address, and may not duplicate signatures from same address\n require(\n _recoveredAttester \u003e _latestAttesterAddress,\n \"Invalid signature order or dupe\"\n );\n require(\n isEnabledAttester(_recoveredAttester),\n \"Invalid signature: not attester\"\n );\n _latestAttesterAddress = _recoveredAttester;\n }\n }\n\n /**\n * @notice Checks that signature was signed by attester\n * @param _digest message hash\n * @param _signature message signature\n * @return address of recovered signer\n **/\n function _recoverAttesterSignature(bytes32 _digest, bytes memory _signature)\n internal\n pure\n returns (address)\n {\n return (ECDSA.recover(_digest, _signature));\n }\n}\n\n/**\n * @title MessageTransmitter\n * @notice Contract responsible for sending and receiving messages across chains.\n */\ncontract MessageTransmitter is\n IMessageTransmitter,\n Pausable,\n Rescuable,\n Attestable\n{\n // ============ Events ============\n /**\n * @notice Emitted when a new message is dispatched\n * @param message Raw bytes of message\n */\n event MessageSent(bytes message);\n\n /**\n * @notice Emitted when a new message is received\n * @param caller Caller (msg.sender) on destination domain\n * @param sourceDomain The source domain this message originated from\n * @param nonce The nonce unique to this message\n * @param sender The sender of this message\n * @param messageBody message body bytes\n */\n event MessageReceived(\n address indexed caller,\n uint32 sourceDomain,\n uint64 indexed nonce,\n bytes32 sender,\n bytes messageBody\n );\n\n /**\n * @notice Emitted when max message body size is updated\n * @param newMaxMessageBodySize new maximum message body size, in bytes\n */\n event MaxMessageBodySizeUpdated(uint256 newMaxMessageBodySize);\n\n // ============ Libraries ============\n using TypedMemView for bytes;\n using TypedMemView for bytes29;\n using Message for bytes29;\n\n // ============ State Variables ============\n // Domain of chain on which the contract is deployed\n uint32 public immutable localDomain;\n\n // Message Format version\n uint32 public immutable version;\n\n // Maximum size of message body, in bytes.\n // This value is set by owner.\n uint256 public maxMessageBodySize;\n\n // Next available nonce from this source domain\n uint64 public nextAvailableNonce;\n\n // Maps a bytes32 hash of (sourceDomain, nonce) -\u003e uint256 (0 if unused, 1 if used)\n mapping(bytes32 =\u003e uint256) public usedNonces;\n\n // ============ Constructor ============\n constructor(\n uint32 _localDomain,\n address _attester,\n uint32 _maxMessageBodySize,\n uint32 _version\n ) Attestable(_attester) {\n localDomain = _localDomain;\n maxMessageBodySize = _maxMessageBodySize;\n version = _version;\n }\n\n // ============ External Functions ============\n /**\n * @notice Send the message to the destination domain and recipient\n * @dev Increment nonce, format the message, and emit `MessageSent` event with message information.\n * @param destinationDomain Domain of destination chain\n * @param recipient Address of message recipient on destination chain as bytes32\n * @param messageBody Raw bytes content of message\n * @return nonce reserved by message\n */\n function sendMessage(\n uint32 destinationDomain,\n bytes32 recipient,\n bytes calldata messageBody\n ) external override whenNotPaused returns (uint64) {\n bytes32 _emptyDestinationCaller = bytes32(0);\n uint64 _nonce = _reserveAndIncrementNonce();\n bytes32 _messageSender = Message.addressToBytes32(msg.sender);\n\n _sendMessage(\n destinationDomain,\n recipient,\n _emptyDestinationCaller,\n _messageSender,\n _nonce,\n messageBody\n );\n\n return _nonce;\n }\n\n /**\n * @notice Replace a message with a new message body and/or destination caller.\n * @dev The `originalAttestation` must be a valid attestation of `originalMessage`.\n * Reverts if msg.sender does not match sender of original message, or if the source domain of the original message\n * does not match this MessageTransmitter's local domain.\n * @param originalMessage original message to replace\n * @param originalAttestation attestation of `originalMessage`\n * @param newMessageBody new message body of replaced message\n * @param newDestinationCaller the new destination caller, which may be the\n * same as the original destination caller, a new destination caller, or an empty\n * destination caller (bytes32(0), indicating that any destination caller is valid.)\n */\n function replaceMessage(\n bytes calldata originalMessage,\n bytes calldata originalAttestation,\n bytes calldata newMessageBody,\n bytes32 newDestinationCaller\n ) external override whenNotPaused {\n // Validate each signature in the attestation\n _verifyAttestationSignatures(originalMessage, originalAttestation);\n\n bytes29 _originalMsg = originalMessage.ref(0);\n\n // Validate message format\n _originalMsg._validateMessageFormat();\n\n // Validate message sender\n bytes32 _sender = _originalMsg._sender();\n require(\n msg.sender == Message.bytes32ToAddress(_sender),\n \"Sender not permitted to use nonce\"\n );\n\n // Validate source domain\n uint32 _sourceDomain = _originalMsg._sourceDomain();\n require(\n _sourceDomain == localDomain,\n \"Message not originally sent from this domain\"\n );\n\n uint32 _destinationDomain = _originalMsg._destinationDomain();\n bytes32 _recipient = _originalMsg._recipient();\n uint64 _nonce = _originalMsg._nonce();\n\n _sendMessage(\n _destinationDomain,\n _recipient,\n newDestinationCaller,\n _sender,\n _nonce,\n newMessageBody\n );\n }\n\n /**\n * @notice Send the message to the destination domain and recipient, for a specified `destinationCaller` on the\n * destination domain.\n * @dev Increment nonce, format the message, and emit `MessageSent` event with message information.\n * WARNING: if the `destinationCaller` does not represent a valid address, then it will not be possible\n * to broadcast the message on the destination domain. This is an advanced feature, and the standard\n * sendMessage() should be preferred for use cases where a specific destination caller is not required.\n * @param destinationDomain Domain of destination chain\n * @param recipient Address of message recipient on destination domain as bytes32\n * @param destinationCaller caller on the destination domain, as bytes32\n * @param messageBody Raw bytes content of message\n * @return nonce reserved by message\n */\n function sendMessageWithCaller(\n uint32 destinationDomain,\n bytes32 recipient,\n bytes32 destinationCaller,\n bytes calldata messageBody\n ) external override whenNotPaused returns (uint64) {\n require(\n destinationCaller != bytes32(0),\n \"Destination caller must be nonzero\"\n );\n\n uint64 _nonce = _reserveAndIncrementNonce();\n bytes32 _messageSender = Message.addressToBytes32(msg.sender);\n\n _sendMessage(\n destinationDomain,\n recipient,\n destinationCaller,\n _messageSender,\n _nonce,\n messageBody\n );\n\n return _nonce;\n }\n\n /**\n * @notice Receive a message. Messages with a given nonce\n * can only be broadcast once for a (sourceDomain, destinationDomain)\n * pair. The message body of a valid message is passed to the\n * specified recipient for further processing.\n *\n * @dev Attestation format:\n * A valid attestation is the concatenated 65-byte signature(s) of exactly\n * `thresholdSignature` signatures, in increasing order of attester address.\n * ***If the attester addresses recovered from signatures are not in\n * increasing order, signature verification will fail.***\n * If incorrect number of signatures or duplicate signatures are supplied,\n * signature verification will fail.\n *\n * Message format:\n * Field Bytes Type Index\n * version 4 uint32 0\n * sourceDomain 4 uint32 4\n * destinationDomain 4 uint32 8\n * nonce 8 uint64 12\n * sender 32 bytes32 20\n * recipient 32 bytes32 52\n * messageBody dynamic bytes 84\n * @param message Message bytes\n * @param attestation Concatenated 65-byte signature(s) of `message`, in increasing order\n * of the attester address recovered from signatures.\n * @return success bool, true if successful\n */\n function receiveMessage(bytes calldata message, bytes calldata attestation)\n external\n override\n whenNotPaused\n returns (bool success)\n {\n // Validate each signature in the attestation\n _verifyAttestationSignatures(message, attestation);\n\n bytes29 _msg = message.ref(0);\n\n // Validate message format\n _msg._validateMessageFormat();\n\n // Validate domain\n require(\n _msg._destinationDomain() == localDomain,\n \"Invalid destination domain\"\n );\n\n // Validate destination caller\n if (_msg._destinationCaller() != bytes32(0)) {\n require(\n _msg._destinationCaller() ==\n Message.addressToBytes32(msg.sender),\n \"Invalid caller for message\"\n );\n }\n\n // Validate version\n require(_msg._version() == version, \"Invalid message version\");\n\n // Validate nonce is available\n uint32 _sourceDomain = _msg._sourceDomain();\n uint64 _nonce = _msg._nonce();\n bytes32 _sourceAndNonce = _hashSourceAndNonce(_sourceDomain, _nonce);\n require(usedNonces[_sourceAndNonce] == 0, \"Nonce already used\");\n // Mark nonce used\n usedNonces[_sourceAndNonce] = 1;\n\n // Handle receive message\n bytes32 _sender = _msg._sender();\n bytes memory _messageBody = _msg._messageBody().clone();\n require(\n IMessageHandler(Message.bytes32ToAddress(_msg._recipient()))\n .handleReceiveMessage(_sourceDomain, _sender, _messageBody),\n \"handleReceiveMessage() failed\"\n );\n\n // Emit MessageReceived event\n emit MessageReceived(\n msg.sender,\n _sourceDomain,\n _nonce,\n _sender,\n _messageBody\n );\n return true;\n }\n\n /**\n * @notice Sets the max message body size\n * @dev This value should not be reduced without good reason,\n * to avoid impacting users who rely on large messages.\n * @param newMaxMessageBodySize new max message body size, in bytes\n */\n function setMaxMessageBodySize(uint256 newMaxMessageBodySize)\n external\n onlyOwner\n {\n maxMessageBodySize = newMaxMessageBodySize;\n emit MaxMessageBodySizeUpdated(maxMessageBodySize);\n }\n\n // ============ Internal Utils ============\n /**\n * @notice Send the message to the destination domain and recipient. If `_destinationCaller` is not equal to bytes32(0),\n * the message can only be received on the destination chain when called by `_destinationCaller`.\n * @dev Format the message and emit `MessageSent` event with message information.\n * @param _destinationDomain Domain of destination chain\n * @param _recipient Address of message recipient on destination domain as bytes32\n * @param _destinationCaller caller on the destination domain, as bytes32\n * @param _sender message sender, as bytes32\n * @param _nonce nonce reserved for message\n * @param _messageBody Raw bytes content of message\n */\n function _sendMessage(\n uint32 _destinationDomain,\n bytes32 _recipient,\n bytes32 _destinationCaller,\n bytes32 _sender,\n uint64 _nonce,\n bytes calldata _messageBody\n ) internal {\n // Validate message body length\n require(\n _messageBody.length \u003c= maxMessageBodySize,\n \"Message body exceeds max size\"\n );\n\n require(_recipient != bytes32(0), \"Recipient must be nonzero\");\n\n // serialize message\n bytes memory _message = Message._formatMessage(\n version,\n localDomain,\n _destinationDomain,\n _nonce,\n _sender,\n _recipient,\n _destinationCaller,\n _messageBody\n );\n\n // Emit MessageSent event\n emit MessageSent(_message);\n }\n\n /**\n * @notice hashes `_source` and `_nonce`.\n * @param _source Domain of chain where the transfer originated\n * @param _nonce The unique identifier for the message from source to\n destination\n * @return hash of source and nonce\n */\n function _hashSourceAndNonce(uint32 _source, uint64 _nonce)\n internal\n pure\n returns (bytes32)\n {\n return keccak256(abi.encodePacked(_source, _nonce));\n }\n\n /**\n * Reserve and increment next available nonce\n * @return nonce reserved\n */\n function _reserveAndIncrementNonce() internal returns (uint64) {\n uint64 _nonceReserved = nextAvailableNonce;\n nextAvailableNonce = nextAvailableNonce + 1;\n return _nonceReserved;\n }\n}\n","language":"Solidity","languageVersion":"0.7.6","compilerVersion":"0.7.6","compilerOptions":"--combined-json bin,bin-runtime,srcmap,srcmap-runtime,abi,userdoc,devdoc,metadata,hashes --optimize --optimize-runs 10000 --allow-paths ., ./, ../","srcMap":"","srcMapRuntime":"","abiDefinition":[{"anonymous":false,"inputs":[{"indexed":true,"internalType":"address","name":"previousOwner","type":"address"},{"indexed":true,"internalType":"address","name":"newOwner","type":"address"}],"name":"OwnershipTransferStarted","type":"event"},{"anonymous":false,"inputs":[{"indexed":true,"internalType":"address","name":"previousOwner","type":"address"},{"indexed":true,"internalType":"address","name":"newOwner","type":"address"}],"name":"OwnershipTransferred","type":"event"},{"inputs":[],"name":"acceptOwnership","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[],"name":"owner","outputs":[{"internalType":"address","name":"","type":"address"}],"stateMutability":"view","type":"function"},{"inputs":[],"name":"pendingOwner","outputs":[{"internalType":"address","name":"","type":"address"}],"stateMutability":"view","type":"function"},{"inputs":[{"internalType":"address","name":"newOwner","type":"address"}],"name":"transferOwnership","outputs":[],"stateMutability":"nonpayable","type":"function"}],"userDoc":{"kind":"user","methods":{},"version":1},"developerDoc":{"details":"forked from https://github.com/OpenZeppelin/openzeppelin-contracts/blob/7c5f6bc2c8743d83443fa46395d75f2f3f99054a/contracts/access/Ownable2Step.sol Modifications: 1. Update Solidity version from 0.8.0 to 0.7.6. Version 0.8.0 was used as base because this contract was added to OZ repo after version 0.8.0. Contract module which provides access control mechanism, where there is an account (an owner) that can be granted exclusive access to specific functions. By default, the owner account will be the one that deploys the contract. This can later be changed with {transferOwnership} and {acceptOwnership}. This module is used through inheritance. It will make available all functions from parent (Ownable).","kind":"dev","methods":{"acceptOwnership()":{"details":"The new owner accepts the ownership transfer."},"owner()":{"details":"Returns the address of the current owner."},"pendingOwner()":{"details":"Returns the address of the pending owner."},"transferOwnership(address)":{"details":"Starts the ownership transfer of the contract to a new account. Replaces the pending transfer if there is one. Can only be called by the current owner."}},"version":1},"metadata":"{\"compiler\":{\"version\":\"0.7.6+commit.7338295f\"},\"language\":\"Solidity\",\"output\":{\"abi\":[{\"anonymous\":false,\"inputs\":[{\"indexed\":true,\"internalType\":\"address\",\"name\":\"previousOwner\",\"type\":\"address\"},{\"indexed\":true,\"internalType\":\"address\",\"name\":\"newOwner\",\"type\":\"address\"}],\"name\":\"OwnershipTransferStarted\",\"type\":\"event\"},{\"anonymous\":false,\"inputs\":[{\"indexed\":true,\"internalType\":\"address\",\"name\":\"previousOwner\",\"type\":\"address\"},{\"indexed\":true,\"internalType\":\"address\",\"name\":\"newOwner\",\"type\":\"address\"}],\"name\":\"OwnershipTransferred\",\"type\":\"event\"},{\"inputs\":[],\"name\":\"acceptOwnership\",\"outputs\":[],\"stateMutability\":\"nonpayable\",\"type\":\"function\"},{\"inputs\":[],\"name\":\"owner\",\"outputs\":[{\"internalType\":\"address\",\"name\":\"\",\"type\":\"address\"}],\"stateMutability\":\"view\",\"type\":\"function\"},{\"inputs\":[],\"name\":\"pendingOwner\",\"outputs\":[{\"internalType\":\"address\",\"name\":\"\",\"type\":\"address\"}],\"stateMutability\":\"view\",\"type\":\"function\"},{\"inputs\":[{\"internalType\":\"address\",\"name\":\"newOwner\",\"type\":\"address\"}],\"name\":\"transferOwnership\",\"outputs\":[],\"stateMutability\":\"nonpayable\",\"type\":\"function\"}],\"devdoc\":{\"details\":\"forked from https://github.com/OpenZeppelin/openzeppelin-contracts/blob/7c5f6bc2c8743d83443fa46395d75f2f3f99054a/contracts/access/Ownable2Step.sol Modifications: 1. Update Solidity version from 0.8.0 to 0.7.6. Version 0.8.0 was used as base because this contract was added to OZ repo after version 0.8.0. Contract module which provides access control mechanism, where there is an account (an owner) that can be granted exclusive access to specific functions. By default, the owner account will be the one that deploys the contract. This can later be changed with {transferOwnership} and {acceptOwnership}. This module is used through inheritance. It will make available all functions from parent (Ownable).\",\"kind\":\"dev\",\"methods\":{\"acceptOwnership()\":{\"details\":\"The new owner accepts the ownership transfer.\"},\"owner()\":{\"details\":\"Returns the address of the current owner.\"},\"pendingOwner()\":{\"details\":\"Returns the address of the pending owner.\"},\"transferOwnership(address)\":{\"details\":\"Starts the ownership transfer of the contract to a new account. Replaces the pending transfer if there is one. Can only be called by the current owner.\"}},\"version\":1},\"userdoc\":{\"kind\":\"user\",\"methods\":{},\"version\":1}},\"settings\":{\"compilationTarget\":{\"/solidity/MessageTransmitter.sol\":\"Ownable2Step\"},\"evmVersion\":\"istanbul\",\"libraries\":{},\"metadata\":{\"bytecodeHash\":\"ipfs\"},\"optimizer\":{\"enabled\":true,\"runs\":10000},\"remappings\":[]},\"sources\":{\"/solidity/MessageTransmitter.sol\":{\"keccak256\":\"0x66482a7675b7a8f1b856597c0bcce83a042b7f528008def6999bc6ac352490c3\",\"urls\":[\"bzz-raw://1ac50e39d1d55ebb3768c40e3a059e0061a4b3604e6d696b344536449bf54493\",\"dweb:/ipfs/QmVs58APPUCVq74xCsVLCMdfB18yJTqFzgXNL5qEJu7GY6\"]}},\"version\":1}"},"hashes":{"acceptOwnership()":"79ba5097","owner()":"8da5cb5b","pendingOwner()":"e30c3978","transferOwnership(address)":"f2fde38b"}},"/solidity/MessageTransmitter.sol:Pausable":{"code":"0x60806040526002805460ff60a01b1916905534801561001d57600080fd5b5061002e610029610033565b610037565b6100ae565b3390565b600180546001600160a01b031916905561005b8161005e602090811b6105bb17901c565b50565b600080546001600160a01b038381166001600160a01b0319831681178455604051919092169283917f8be0079c531659141344cd1fd0a4f28419497f9722a3daafe3b4186f6b6457e09190a35050565b6107b8806100bd6000396000f3fe608060405234801561001057600080fd5b50600436106100a35760003560e01c80638456cb59116100765780639fd0506d1161005b5780639fd0506d14610142578063e30c39781461014a578063f2fde38b14610152576100a3565b80638456cb59146101095780638da5cb5b14610111576100a3565b80633f4ba83a146100a8578063554bab3c146100b25780635c975abb146100e557806379ba509714610101575b600080fd5b6100b0610185565b005b6100b0600480360360208110156100c857600080fd5b503573ffffffffffffffffffffffffffffffffffffffff16610248565b6100ed610331565b604080519115158252519081900360200190f35b6100b0610352565b6100b06103f5565b6101196104cf565b6040805173ffffffffffffffffffffffffffffffffffffffff9092168252519081900360200190f35b6101196104eb565b610119610507565b6100b06004803603602081101561016857600080fd5b503573ffffffffffffffffffffffffffffffffffffffff16610523565b60025473ffffffffffffffffffffffffffffffffffffffff1633146101f5576040517f08c379a00000000000000000000000000000000000000000000000000000000081526004018080602001828103825260228152602001806107616022913960400191505060405180910390fd5b600280547fffffffffffffffffffffff00ffffffffffffffffffffffffffffffffffffffff1690556040517f7805862f689e2f13df9f062ff482ad3ad112aca9e0847911ed832e158c525b3390600090a1565b610250610630565b73ffffffffffffffffffffffffffffffffffffffff81166102bc576040517f08c379a00000000000000000000000000000000000000000000000000000000081526004018080602001828103825260288152602001806107106028913960400191505060405180910390fd5b600280547fffffffffffffffffffffffff00000000000000000000000000000000000000001673ffffffffffffffffffffffffffffffffffffffff83811691909117918290556040519116907fb80482a293ca2e013eda8683c9bd7fc8347cfdaeea5ede58cba46df502c2a60490600090a250565b60025474010000000000000000000000000000000000000000900460ff1681565b600061035c6106da565b90508073ffffffffffffffffffffffffffffffffffffffff1661037d610507565b73ffffffffffffffffffffffffffffffffffffffff16146103e9576040517f08c379a00000000000000000000000000000000000000000000000000000000081526004018080602001828103825260298152602001806107386029913960400191505060405180910390fd5b6103f2816106de565b50565b60025473ffffffffffffffffffffffffffffffffffffffff163314610465576040517f08c379a00000000000000000000000000000000000000000000000000000000081526004018080602001828103825260228152602001806107616022913960400191505060405180910390fd5b600280547fffffffffffffffffffffff00ffffffffffffffffffffffffffffffffffffffff16740100000000000000000000000000000000000000001790556040517f6985a02210a168e66602d3235cb6db0e70f92b3ba4d376a33c0f3d9434bff62590600090a1565b60005473ffffffffffffffffffffffffffffffffffffffff1690565b60025473ffffffffffffffffffffffffffffffffffffffff1690565b60015473ffffffffffffffffffffffffffffffffffffffff1690565b61052b610630565b600180547fffffffffffffffffffffffff00000000000000000000000000000000000000001673ffffffffffffffffffffffffffffffffffffffff83169081179091556105766104cf565b73ffffffffffffffffffffffffffffffffffffffff167f38d16b8cac22d99fc7c124b9cd0de2d3fa1faef420bfe791d8c362d765e2270060405160405180910390a350565b6000805473ffffffffffffffffffffffffffffffffffffffff8381167fffffffffffffffffffffffff0000000000000000000000000000000000000000831681178455604051919092169283917f8be0079c531659141344cd1fd0a4f28419497f9722a3daafe3b4186f6b6457e09190a35050565b6106386106da565b73ffffffffffffffffffffffffffffffffffffffff166106566104cf565b73ffffffffffffffffffffffffffffffffffffffff16146106d857604080517f08c379a000000000000000000000000000000000000000000000000000000000815260206004820181905260248201527f4f776e61626c653a2063616c6c6572206973206e6f7420746865206f776e6572604482015290519081900360640190fd5b565b3390565b600180547fffffffffffffffffffffffff00000000000000000000000000000000000000001690556103f2816105bb56fe5061757361626c653a206e65772070617573657220697320746865207a65726f20616464726573734f776e61626c6532537465703a2063616c6c6572206973206e6f7420746865206e6577206f776e65725061757361626c653a2063616c6c6572206973206e6f742074686520706175736572a264697066735822122032a3fbfc8c028f60210e0b9ce54aac646ede4563efc487a16a16868056543a2e64736f6c63430007060033","runtime-code":"0x608060405234801561001057600080fd5b50600436106100a35760003560e01c80638456cb59116100765780639fd0506d1161005b5780639fd0506d14610142578063e30c39781461014a578063f2fde38b14610152576100a3565b80638456cb59146101095780638da5cb5b14610111576100a3565b80633f4ba83a146100a8578063554bab3c146100b25780635c975abb146100e557806379ba509714610101575b600080fd5b6100b0610185565b005b6100b0600480360360208110156100c857600080fd5b503573ffffffffffffffffffffffffffffffffffffffff16610248565b6100ed610331565b604080519115158252519081900360200190f35b6100b0610352565b6100b06103f5565b6101196104cf565b6040805173ffffffffffffffffffffffffffffffffffffffff9092168252519081900360200190f35b6101196104eb565b610119610507565b6100b06004803603602081101561016857600080fd5b503573ffffffffffffffffffffffffffffffffffffffff16610523565b60025473ffffffffffffffffffffffffffffffffffffffff1633146101f5576040517f08c379a00000000000000000000000000000000000000000000000000000000081526004018080602001828103825260228152602001806107616022913960400191505060405180910390fd5b600280547fffffffffffffffffffffff00ffffffffffffffffffffffffffffffffffffffff1690556040517f7805862f689e2f13df9f062ff482ad3ad112aca9e0847911ed832e158c525b3390600090a1565b610250610630565b73ffffffffffffffffffffffffffffffffffffffff81166102bc576040517f08c379a00000000000000000000000000000000000000000000000000000000081526004018080602001828103825260288152602001806107106028913960400191505060405180910390fd5b600280547fffffffffffffffffffffffff00000000000000000000000000000000000000001673ffffffffffffffffffffffffffffffffffffffff83811691909117918290556040519116907fb80482a293ca2e013eda8683c9bd7fc8347cfdaeea5ede58cba46df502c2a60490600090a250565b60025474010000000000000000000000000000000000000000900460ff1681565b600061035c6106da565b90508073ffffffffffffffffffffffffffffffffffffffff1661037d610507565b73ffffffffffffffffffffffffffffffffffffffff16146103e9576040517f08c379a00000000000000000000000000000000000000000000000000000000081526004018080602001828103825260298152602001806107386029913960400191505060405180910390fd5b6103f2816106de565b50565b60025473ffffffffffffffffffffffffffffffffffffffff163314610465576040517f08c379a00000000000000000000000000000000000000000000000000000000081526004018080602001828103825260228152602001806107616022913960400191505060405180910390fd5b600280547fffffffffffffffffffffff00ffffffffffffffffffffffffffffffffffffffff16740100000000000000000000000000000000000000001790556040517f6985a02210a168e66602d3235cb6db0e70f92b3ba4d376a33c0f3d9434bff62590600090a1565b60005473ffffffffffffffffffffffffffffffffffffffff1690565b60025473ffffffffffffffffffffffffffffffffffffffff1690565b60015473ffffffffffffffffffffffffffffffffffffffff1690565b61052b610630565b600180547fffffffffffffffffffffffff00000000000000000000000000000000000000001673ffffffffffffffffffffffffffffffffffffffff83169081179091556105766104cf565b73ffffffffffffffffffffffffffffffffffffffff167f38d16b8cac22d99fc7c124b9cd0de2d3fa1faef420bfe791d8c362d765e2270060405160405180910390a350565b6000805473ffffffffffffffffffffffffffffffffffffffff8381167fffffffffffffffffffffffff0000000000000000000000000000000000000000831681178455604051919092169283917f8be0079c531659141344cd1fd0a4f28419497f9722a3daafe3b4186f6b6457e09190a35050565b6106386106da565b73ffffffffffffffffffffffffffffffffffffffff166106566104cf565b73ffffffffffffffffffffffffffffffffffffffff16146106d857604080517f08c379a000000000000000000000000000000000000000000000000000000000815260206004820181905260248201527f4f776e61626c653a2063616c6c6572206973206e6f7420746865206f776e6572604482015290519081900360640190fd5b565b3390565b600180547fffffffffffffffffffffffff00000000000000000000000000000000000000001690556103f2816105bb56fe5061757361626c653a206e65772070617573657220697320746865207a65726f20616464726573734f776e61626c6532537465703a2063616c6c6572206973206e6f7420746865206e6577206f776e65725061757361626c653a2063616c6c6572206973206e6f742074686520706175736572a264697066735822122032a3fbfc8c028f60210e0b9ce54aac646ede4563efc487a16a16868056543a2e64736f6c63430007060033","info":{"source":"/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npragma solidity 0.7.6;\n\n/*\nThe MIT License (MIT)\n\nCopyright (c) 2016 Smart Contract Solutions, Inc.\n\nPermission is hereby granted, free of charge, to any person obtaining\na copy of this software and associated documentation files (the\n\"Software\"), to deal in the Software without restriction, including\nwithout limitation the rights to use, copy, modify, merge, publish,\ndistribute, sublicense, and/or sell copies of the Software, and to\npermit persons to whom the Software is furnished to do so, subject to\nthe following conditions:\n\nThe above copyright notice and this permission notice shall be included\nin all copies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS\nOR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF\nMERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.\nIN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY\nCLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,\nTORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE\nSOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n*/\n\nlibrary TypedMemView {\n using SafeMath for uint256;\n\n // Why does this exist?\n // the solidity `bytes memory` type has a few weaknesses.\n // 1. You can't index ranges effectively\n // 2. You can't slice without copying\n // 3. The underlying data may represent any type\n // 4. Solidity never deallocates memory, and memory costs grow\n // superlinearly\n\n // By using a memory view instead of a `bytes memory` we get the following\n // advantages:\n // 1. Slices are done on the stack, by manipulating the pointer\n // 2. We can index arbitrary ranges and quickly convert them to stack types\n // 3. We can insert type info into the pointer, and typecheck at runtime\n\n // This makes `TypedMemView` a useful tool for efficient zero-copy\n // algorithms.\n\n // Why bytes29?\n // We want to avoid confusion between views, digests, and other common\n // types so we chose a large and uncommonly used odd number of bytes\n //\n // Note that while bytes are left-aligned in a word, integers and addresses\n // are right-aligned. This means when working in assembly we have to\n // account for the 3 unused bytes on the righthand side\n //\n // First 5 bytes are a type flag.\n // - ff_ffff_fffe is reserved for unknown type.\n // - ff_ffff_ffff is reserved for invalid types/errors.\n // next 12 are memory address\n // next 12 are len\n // bottom 3 bytes are empty\n\n // Assumptions:\n // - non-modification of memory.\n // - No Solidity updates\n // - - wrt free mem point\n // - - wrt bytes representation in memory\n // - - wrt memory addressing in general\n\n // Usage:\n // - create type constants\n // - use `assertType` for runtime type assertions\n // - - unfortunately we can't do this at compile time yet :(\n // - recommended: implement modifiers that perform type checking\n // - - e.g.\n // - - `uint40 constant MY_TYPE = 3;`\n // - - ` modifer onlyMyType(bytes29 myView) { myView.assertType(MY_TYPE); }`\n // - instantiate a typed view from a bytearray using `ref`\n // - use `index` to inspect the contents of the view\n // - use `slice` to create smaller views into the same memory\n // - - `slice` can increase the offset\n // - - `slice can decrease the length`\n // - - must specify the output type of `slice`\n // - - `slice` will return a null view if you try to overrun\n // - - make sure to explicitly check for this with `notNull` or `assertType`\n // - use `equal` for typed comparisons.\n\n // The null view\n bytes29 public constant NULL = hex\"ffffffffffffffffffffffffffffffffffffffffffffffffffffffffff\";\n uint256 constant LOW_12_MASK = 0xffffffffffffffffffffffff;\n uint8 constant TWELVE_BYTES = 96;\n\n /**\n * @notice Returns the encoded hex character that represents the lower 4 bits of the argument.\n * @param _b The byte\n * @return char - The encoded hex character\n */\n function nibbleHex(uint8 _b) internal pure returns (uint8 char) {\n // This can probably be done more efficiently, but it's only in error\n // paths, so we don't really care :)\n uint8 _nibble = _b | 0xf0; // set top 4, keep bottom 4\n if (_nibble == 0xf0) {return 0x30;} // 0\n if (_nibble == 0xf1) {return 0x31;} // 1\n if (_nibble == 0xf2) {return 0x32;} // 2\n if (_nibble == 0xf3) {return 0x33;} // 3\n if (_nibble == 0xf4) {return 0x34;} // 4\n if (_nibble == 0xf5) {return 0x35;} // 5\n if (_nibble == 0xf6) {return 0x36;} // 6\n if (_nibble == 0xf7) {return 0x37;} // 7\n if (_nibble == 0xf8) {return 0x38;} // 8\n if (_nibble == 0xf9) {return 0x39;} // 9\n if (_nibble == 0xfa) {return 0x61;} // a\n if (_nibble == 0xfb) {return 0x62;} // b\n if (_nibble == 0xfc) {return 0x63;} // c\n if (_nibble == 0xfd) {return 0x64;} // d\n if (_nibble == 0xfe) {return 0x65;} // e\n if (_nibble == 0xff) {return 0x66;} // f\n }\n\n /**\n * @notice Returns a uint16 containing the hex-encoded byte.\n * @param _b The byte\n * @return encoded - The hex-encoded byte\n */\n function byteHex(uint8 _b) internal pure returns (uint16 encoded) {\n encoded |= nibbleHex(_b \u003e\u003e 4); // top 4 bits\n encoded \u003c\u003c= 8;\n encoded |= nibbleHex(_b); // lower 4 bits\n }\n\n /**\n * @notice Encodes the uint256 to hex. `first` contains the encoded top 16 bytes.\n * `second` contains the encoded lower 16 bytes.\n *\n * @param _b The 32 bytes as uint256\n * @return first - The top 16 bytes\n * @return second - The bottom 16 bytes\n */\n function encodeHex(uint256 _b) internal pure returns (uint256 first, uint256 second) {\n for (uint8 i = 31; i \u003e 15; i -= 1) {\n uint8 _byte = uint8(_b \u003e\u003e (i * 8));\n first |= byteHex(_byte);\n if (i != 16) {\n first \u003c\u003c= 16;\n }\n }\n\n // abusing underflow here =_=\n for (uint8 i = 15; i \u003c 255 ; i -= 1) {\n uint8 _byte = uint8(_b \u003e\u003e (i * 8));\n second |= byteHex(_byte);\n if (i != 0) {\n second \u003c\u003c= 16;\n }\n }\n }\n\n /**\n * @notice Changes the endianness of a uint256.\n * @dev https://graphics.stanford.edu/~seander/bithacks.html#ReverseParallel\n * @param _b The unsigned integer to reverse\n * @return v - The reversed value\n */\n function reverseUint256(uint256 _b) internal pure returns (uint256 v) {\n v = _b;\n\n // swap bytes\n v = ((v \u003e\u003e 8) \u0026 0x00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF) |\n ((v \u0026 0x00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF) \u003c\u003c 8);\n // swap 2-byte long pairs\n v = ((v \u003e\u003e 16) \u0026 0x0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF) |\n ((v \u0026 0x0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF) \u003c\u003c 16);\n // swap 4-byte long pairs\n v = ((v \u003e\u003e 32) \u0026 0x00000000FFFFFFFF00000000FFFFFFFF00000000FFFFFFFF00000000FFFFFFFF) |\n ((v \u0026 0x00000000FFFFFFFF00000000FFFFFFFF00000000FFFFFFFF00000000FFFFFFFF) \u003c\u003c 32);\n // swap 8-byte long pairs\n v = ((v \u003e\u003e 64) \u0026 0x0000000000000000FFFFFFFFFFFFFFFF0000000000000000FFFFFFFFFFFFFFFF) |\n ((v \u0026 0x0000000000000000FFFFFFFFFFFFFFFF0000000000000000FFFFFFFFFFFFFFFF) \u003c\u003c 64);\n // swap 16-byte long pairs\n v = (v \u003e\u003e 128) | (v \u003c\u003c 128);\n }\n\n /**\n * @notice Create a mask with the highest `_len` bits set.\n * @param _len The length\n * @return mask - The mask\n */\n function leftMask(uint8 _len) private pure returns (uint256 mask) {\n // ugly. redo without assembly?\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n mask := sar(\n sub(_len, 1),\n 0x8000000000000000000000000000000000000000000000000000000000000000\n )\n }\n }\n\n /**\n * @notice Return the null view.\n * @return bytes29 - The null view\n */\n function nullView() internal pure returns (bytes29) {\n return NULL;\n }\n\n /**\n * @notice Check if the view is null.\n * @return bool - True if the view is null\n */\n function isNull(bytes29 memView) internal pure returns (bool) {\n return memView == NULL;\n }\n\n /**\n * @notice Check if the view is not null.\n * @return bool - True if the view is not null\n */\n function notNull(bytes29 memView) internal pure returns (bool) {\n return !isNull(memView);\n }\n\n /**\n * @notice Check if the view is of a valid type and points to a valid location\n * in memory.\n * @dev We perform this check by examining solidity's unallocated memory\n * pointer and ensuring that the view's upper bound is less than that.\n * @param memView The view\n * @return ret - True if the view is valid\n */\n function isValid(bytes29 memView) internal pure returns (bool ret) {\n if (typeOf(memView) == 0xffffffffff) {return false;}\n uint256 _end = end(memView);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n ret := not(gt(_end, mload(0x40)))\n }\n }\n\n /**\n * @notice Require that a typed memory view be valid.\n * @dev Returns the view for easy chaining.\n * @param memView The view\n * @return bytes29 - The validated view\n */\n function assertValid(bytes29 memView) internal pure returns (bytes29) {\n require(isValid(memView), \"Validity assertion failed\");\n return memView;\n }\n\n /**\n * @notice Return true if the memview is of the expected type. Otherwise false.\n * @param memView The view\n * @param _expected The expected type\n * @return bool - True if the memview is of the expected type\n */\n function isType(bytes29 memView, uint40 _expected) internal pure returns (bool) {\n return typeOf(memView) == _expected;\n }\n\n /**\n * @notice Require that a typed memory view has a specific type.\n * @dev Returns the view for easy chaining.\n * @param memView The view\n * @param _expected The expected type\n * @return bytes29 - The view with validated type\n */\n function assertType(bytes29 memView, uint40 _expected) internal pure returns (bytes29) {\n if (!isType(memView, _expected)) {\n (, uint256 g) = encodeHex(uint256(typeOf(memView)));\n (, uint256 e) = encodeHex(uint256(_expected));\n string memory err = string(\n abi.encodePacked(\n \"Type assertion failed. Got 0x\",\n uint80(g),\n \". Expected 0x\",\n uint80(e)\n )\n );\n revert(err);\n }\n return memView;\n }\n\n /**\n * @notice Return an identical view with a different type.\n * @param memView The view\n * @param _newType The new type\n * @return newView - The new view with the specified type\n */\n function castTo(bytes29 memView, uint40 _newType) internal pure returns (bytes29 newView) {\n // then | in the new type\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n // shift off the top 5 bytes\n newView := or(newView, shr(40, shl(40, memView)))\n newView := or(newView, shl(216, _newType))\n }\n }\n\n /**\n * @notice Unsafe raw pointer construction. This should generally not be called\n * directly. Prefer `ref` wherever possible.\n * @dev Unsafe raw pointer construction. This should generally not be called\n * directly. Prefer `ref` wherever possible.\n * @param _type The type\n * @param _loc The memory address\n * @param _len The length\n * @return newView - The new view with the specified type, location and length\n */\n function unsafeBuildUnchecked(uint256 _type, uint256 _loc, uint256 _len) private pure returns (bytes29 newView) {\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n newView := shl(96, or(newView, _type)) // insert type\n newView := shl(96, or(newView, _loc)) // insert loc\n newView := shl(24, or(newView, _len)) // empty bottom 3 bytes\n }\n }\n\n /**\n * @notice Instantiate a new memory view. This should generally not be called\n * directly. Prefer `ref` wherever possible.\n * @dev Instantiate a new memory view. This should generally not be called\n * directly. Prefer `ref` wherever possible.\n * @param _type The type\n * @param _loc The memory address\n * @param _len The length\n * @return newView - The new view with the specified type, location and length\n */\n function build(uint256 _type, uint256 _loc, uint256 _len) internal pure returns (bytes29 newView) {\n uint256 _end = _loc.add(_len);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n if gt(_end, mload(0x40)) {\n _end := 0\n }\n }\n if (_end == 0) {\n return NULL;\n }\n newView = unsafeBuildUnchecked(_type, _loc, _len);\n }\n\n /**\n * @notice Instantiate a memory view from a byte array.\n * @dev Note that due to Solidity memory representation, it is not possible to\n * implement a deref, as the `bytes` type stores its len in memory.\n * @param arr The byte array\n * @param newType The type\n * @return bytes29 - The memory view\n */\n function ref(bytes memory arr, uint40 newType) internal pure returns (bytes29) {\n uint256 _len = arr.length;\n\n uint256 _loc;\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n _loc := add(arr, 0x20) // our view is of the data, not the struct\n }\n\n return build(newType, _loc, _len);\n }\n\n /**\n * @notice Return the associated type information.\n * @param memView The memory view\n * @return _type - The type associated with the view\n */\n function typeOf(bytes29 memView) internal pure returns (uint40 _type) {\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n // 216 == 256 - 40\n _type := shr(216, memView) // shift out lower 24 bytes\n }\n }\n\n /**\n * @notice Optimized type comparison. Checks that the 5-byte type flag is equal.\n * @param left The first view\n * @param right The second view\n * @return bool - True if the 5-byte type flag is equal\n */\n function sameType(bytes29 left, bytes29 right) internal pure returns (bool) {\n return (left ^ right) \u003e\u003e (2 * TWELVE_BYTES) == 0;\n }\n\n /**\n * @notice Return the memory address of the underlying bytes.\n * @param memView The view\n * @return _loc - The memory address\n */\n function loc(bytes29 memView) internal pure returns (uint96 _loc) {\n uint256 _mask = LOW_12_MASK; // assembly can't use globals\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n // 120 bits = 12 bytes (the encoded loc) + 3 bytes (empty low space)\n _loc := and(shr(120, memView), _mask)\n }\n }\n\n /**\n * @notice The number of memory words this memory view occupies, rounded up.\n * @param memView The view\n * @return uint256 - The number of memory words\n */\n function words(bytes29 memView) internal pure returns (uint256) {\n return uint256(len(memView)).add(32) / 32;\n }\n\n /**\n * @notice The in-memory footprint of a fresh copy of the view.\n * @param memView The view\n * @return uint256 - The in-memory footprint of a fresh copy of the view.\n */\n function footprint(bytes29 memView) internal pure returns (uint256) {\n return words(memView) * 32;\n }\n\n /**\n * @notice The number of bytes of the view.\n * @param memView The view\n * @return _len - The length of the view\n */\n function len(bytes29 memView) internal pure returns (uint96 _len) {\n uint256 _mask = LOW_12_MASK; // assembly can't use globals\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n _len := and(shr(24, memView), _mask)\n }\n }\n\n /**\n * @notice Returns the endpoint of `memView`.\n * @param memView The view\n * @return uint256 - The endpoint of `memView`\n */\n function end(bytes29 memView) internal pure returns (uint256) {\n return loc(memView) + len(memView);\n }\n\n /**\n * @notice Safe slicing without memory modification.\n * @param memView The view\n * @param _index The start index\n * @param _len The length\n * @param newType The new type\n * @return bytes29 - The new view\n */\n function slice(bytes29 memView, uint256 _index, uint256 _len, uint40 newType) internal pure returns (bytes29) {\n uint256 _loc = loc(memView);\n\n // Ensure it doesn't overrun the view\n if (_loc.add(_index).add(_len) \u003e end(memView)) {\n return NULL;\n }\n\n _loc = _loc.add(_index);\n return build(newType, _loc, _len);\n }\n\n /**\n * @notice Shortcut to `slice`. Gets a view representing the first `_len` bytes.\n * @param memView The view\n * @param _len The length\n * @param newType The new type\n * @return bytes29 - The new view\n */\n function prefix(bytes29 memView, uint256 _len, uint40 newType) internal pure returns (bytes29) {\n return slice(memView, 0, _len, newType);\n }\n\n /**\n * @notice Shortcut to `slice`. Gets a view representing the last `_len` byte.\n * @param memView The view\n * @param _len The length\n * @param newType The new type\n * @return bytes29 - The new view\n */\n function postfix(bytes29 memView, uint256 _len, uint40 newType) internal pure returns (bytes29) {\n return slice(memView, uint256(len(memView)).sub(_len), _len, newType);\n }\n\n /**\n * @notice Construct an error message for an indexing overrun.\n * @param _loc The memory address\n * @param _len The length\n * @param _index The index\n * @param _slice The slice where the overrun occurred\n * @return err - The err\n */\n function indexErrOverrun(\n uint256 _loc,\n uint256 _len,\n uint256 _index,\n uint256 _slice\n ) internal pure returns (string memory err) {\n (, uint256 a) = encodeHex(_loc);\n (, uint256 b) = encodeHex(_len);\n (, uint256 c) = encodeHex(_index);\n (, uint256 d) = encodeHex(_slice);\n err = string(\n abi.encodePacked(\n \"TypedMemView/index - Overran the view. Slice is at 0x\",\n uint48(a),\n \" with length 0x\",\n uint48(b),\n \". Attempted to index at offset 0x\",\n uint48(c),\n \" with length 0x\",\n uint48(d),\n \".\"\n )\n );\n }\n\n /**\n * @notice Load up to 32 bytes from the view onto the stack.\n * @dev Returns a bytes32 with only the `_bytes` highest bytes set.\n * This can be immediately cast to a smaller fixed-length byte array.\n * To automatically cast to an integer, use `indexUint`.\n * @param memView The view\n * @param _index The index\n * @param _bytes The bytes\n * @return result - The 32 byte result\n */\n function index(bytes29 memView, uint256 _index, uint8 _bytes) internal pure returns (bytes32 result) {\n if (_bytes == 0) {return bytes32(0);}\n if (_index.add(_bytes) \u003e len(memView)) {\n revert(indexErrOverrun(loc(memView), len(memView), _index, uint256(_bytes)));\n }\n require(_bytes \u003c= 32, \"TypedMemView/index - Attempted to index more than 32 bytes\");\n\n uint8 bitLength = _bytes * 8;\n uint256 _loc = loc(memView);\n uint256 _mask = leftMask(bitLength);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n result := and(mload(add(_loc, _index)), _mask)\n }\n }\n\n /**\n * @notice Parse an unsigned integer from the view at `_index`.\n * @dev Requires that the view have \u003e= `_bytes` bytes following that index.\n * @param memView The view\n * @param _index The index\n * @param _bytes The bytes\n * @return result - The unsigned integer\n */\n function indexUint(bytes29 memView, uint256 _index, uint8 _bytes) internal pure returns (uint256 result) {\n return uint256(index(memView, _index, _bytes)) \u003e\u003e ((32 - _bytes) * 8);\n }\n\n /**\n * @notice Parse an unsigned integer from LE bytes.\n * @param memView The view\n * @param _index The index\n * @param _bytes The bytes\n * @return result - The unsigned integer\n */\n function indexLEUint(bytes29 memView, uint256 _index, uint8 _bytes) internal pure returns (uint256 result) {\n return reverseUint256(uint256(index(memView, _index, _bytes)));\n }\n\n /**\n * @notice Parse an address from the view at `_index`. Requires that the view have \u003e= 20 bytes\n * following that index.\n * @param memView The view\n * @param _index The index\n * @return address - The address\n */\n function indexAddress(bytes29 memView, uint256 _index) internal pure returns (address) {\n return address(uint160(indexUint(memView, _index, 20)));\n }\n\n /**\n * @notice Return the keccak256 hash of the underlying memory\n * @param memView The view\n * @return digest - The keccak256 hash of the underlying memory\n */\n function keccak(bytes29 memView) internal pure returns (bytes32 digest) {\n uint256 _loc = loc(memView);\n uint256 _len = len(memView);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n digest := keccak256(_loc, _len)\n }\n }\n\n /**\n * @notice Return the sha2 digest of the underlying memory.\n * @dev We explicitly deallocate memory afterwards.\n * @param memView The view\n * @return digest - The sha2 hash of the underlying memory\n */\n function sha2(bytes29 memView) internal view returns (bytes32 digest) {\n uint256 _loc = loc(memView);\n uint256 _len = len(memView);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n let ptr := mload(0x40)\n pop(staticcall(gas(), 2, _loc, _len, ptr, 0x20)) // sha2 #1\n digest := mload(ptr)\n }\n }\n\n /**\n * @notice Implements bitcoin's hash160 (rmd160(sha2()))\n * @param memView The pre-image\n * @return digest - the Digest\n */\n function hash160(bytes29 memView) internal view returns (bytes20 digest) {\n uint256 _loc = loc(memView);\n uint256 _len = len(memView);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n let ptr := mload(0x40)\n pop(staticcall(gas(), 2, _loc, _len, ptr, 0x20)) // sha2\n pop(staticcall(gas(), 3, ptr, 0x20, ptr, 0x20)) // rmd160\n digest := mload(add(ptr, 0xc)) // return value is 0-prefixed.\n }\n }\n\n /**\n * @notice Implements bitcoin's hash256 (double sha2)\n * @param memView A view of the preimage\n * @return digest - the Digest\n */\n function hash256(bytes29 memView) internal view returns (bytes32 digest) {\n uint256 _loc = loc(memView);\n uint256 _len = len(memView);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n let ptr := mload(0x40)\n pop(staticcall(gas(), 2, _loc, _len, ptr, 0x20)) // sha2 #1\n pop(staticcall(gas(), 2, ptr, 0x20, ptr, 0x20)) // sha2 #2\n digest := mload(ptr)\n }\n }\n\n /**\n * @notice Return true if the underlying memory is equal. Else false.\n * @param left The first view\n * @param right The second view\n * @return bool - True if the underlying memory is equal\n */\n function untypedEqual(bytes29 left, bytes29 right) internal pure returns (bool) {\n return (loc(left) == loc(right) \u0026\u0026 len(left) == len(right)) || keccak(left) == keccak(right);\n }\n\n /**\n * @notice Return false if the underlying memory is equal. Else true.\n * @param left The first view\n * @param right The second view\n * @return bool - False if the underlying memory is equal\n */\n function untypedNotEqual(bytes29 left, bytes29 right) internal pure returns (bool) {\n return !untypedEqual(left, right);\n }\n\n /**\n * @notice Compares type equality.\n * @dev Shortcuts if the pointers are identical, otherwise compares type and digest.\n * @param left The first view\n * @param right The second view\n * @return bool - True if the types are the same\n */\n function equal(bytes29 left, bytes29 right) internal pure returns (bool) {\n return left == right || (typeOf(left) == typeOf(right) \u0026\u0026 keccak(left) == keccak(right));\n }\n\n /**\n * @notice Compares type inequality.\n * @dev Shortcuts if the pointers are identical, otherwise compares type and digest.\n * @param left The first view\n * @param right The second view\n * @return bool - True if the types are not the same\n */\n function notEqual(bytes29 left, bytes29 right) internal pure returns (bool) {\n return !equal(left, right);\n }\n\n /**\n * @notice Copy the view to a location, return an unsafe memory reference\n * @dev Super Dangerous direct memory access.\n *\n * This reference can be overwritten if anything else modifies memory (!!!).\n * As such it MUST be consumed IMMEDIATELY.\n * This function is private to prevent unsafe usage by callers.\n * @param memView The view\n * @param _newLoc The new location\n * @return written - the unsafe memory reference\n */\n function unsafeCopyTo(bytes29 memView, uint256 _newLoc) private view returns (bytes29 written) {\n require(notNull(memView), \"TypedMemView/copyTo - Null pointer deref\");\n require(isValid(memView), \"TypedMemView/copyTo - Invalid pointer deref\");\n uint256 _len = len(memView);\n uint256 _oldLoc = loc(memView);\n\n uint256 ptr;\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n ptr := mload(0x40)\n // revert if we're writing in occupied memory\n if gt(ptr, _newLoc) {\n revert(0x60, 0x20) // empty revert message\n }\n\n // use the identity precompile to copy\n // guaranteed not to fail, so pop the success\n pop(staticcall(gas(), 4, _oldLoc, _len, _newLoc, _len))\n }\n\n written = unsafeBuildUnchecked(typeOf(memView), _newLoc, _len);\n }\n\n /**\n * @notice Copies the referenced memory to a new loc in memory, returning a `bytes` pointing to\n * the new memory\n * @dev Shortcuts if the pointers are identical, otherwise compares type and digest.\n * @param memView The view\n * @return ret - The view pointing to the new memory\n */\n function clone(bytes29 memView) internal view returns (bytes memory ret) {\n uint256 ptr;\n uint256 _len = len(memView);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n ptr := mload(0x40) // load unused memory pointer\n ret := ptr\n }\n unsafeCopyTo(memView, ptr + 0x20);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n mstore(0x40, add(add(ptr, _len), 0x20)) // write new unused pointer\n mstore(ptr, _len) // write len of new array (in bytes)\n }\n }\n\n /**\n * @notice Join the views in memory, return an unsafe reference to the memory.\n * @dev Super Dangerous direct memory access.\n *\n * This reference can be overwritten if anything else modifies memory (!!!).\n * As such it MUST be consumed IMMEDIATELY.\n * This function is private to prevent unsafe usage by callers.\n * @param memViews The views\n * @return unsafeView - The conjoined view pointing to the new memory\n */\n function unsafeJoin(bytes29[] memory memViews, uint256 _location) private view returns (bytes29 unsafeView) {\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n let ptr := mload(0x40)\n // revert if we're writing in occupied memory\n if gt(ptr, _location) {\n revert(0x60, 0x20) // empty revert message\n }\n }\n\n uint256 _offset = 0;\n for (uint256 i = 0; i \u003c memViews.length; i ++) {\n bytes29 memView = memViews[i];\n unsafeCopyTo(memView, _location + _offset);\n _offset += len(memView);\n }\n unsafeView = unsafeBuildUnchecked(0, _location, _offset);\n }\n\n /**\n * @notice Produce the keccak256 digest of the concatenated contents of multiple views.\n * @param memViews The views\n * @return bytes32 - The keccak256 digest\n */\n function joinKeccak(bytes29[] memory memViews) internal view returns (bytes32) {\n uint256 ptr;\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n ptr := mload(0x40) // load unused memory pointer\n }\n return keccak(unsafeJoin(memViews, ptr));\n }\n\n /**\n * @notice Produce the sha256 digest of the concatenated contents of multiple views.\n * @param memViews The views\n * @return bytes32 - The sha256 digest\n */\n function joinSha2(bytes29[] memory memViews) internal view returns (bytes32) {\n uint256 ptr;\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n ptr := mload(0x40) // load unused memory pointer\n }\n return sha2(unsafeJoin(memViews, ptr));\n }\n\n /**\n * @notice copies all views, joins them into a new bytearray.\n * @param memViews The views\n * @return ret - The new byte array\n */\n function join(bytes29[] memory memViews) internal view returns (bytes memory ret) {\n uint256 ptr;\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n ptr := mload(0x40) // load unused memory pointer\n }\n\n bytes29 _newView = unsafeJoin(memViews, ptr + 0x20);\n uint256 _written = len(_newView);\n uint256 _footprint = footprint(_newView);\n\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n // store the legnth\n mstore(ptr, _written)\n // new pointer is old + 0x20 + the footprint of the body\n mstore(0x40, add(add(ptr, _footprint), 0x20))\n ret := ptr\n }\n }\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * @title IRelayer\n * @notice Sends messages from source domain to destination domain\n */\ninterface IRelayer {\n /**\n * @notice Sends an outgoing message from the source domain.\n * @dev Increment nonce, format the message, and emit `MessageSent` event with message information.\n * @param destinationDomain Domain of destination chain\n * @param recipient Address of message recipient on destination domain as bytes32\n * @param messageBody Raw bytes content of message\n * @return nonce reserved by message\n */\n function sendMessage(\n uint32 destinationDomain,\n bytes32 recipient,\n bytes calldata messageBody\n ) external returns (uint64);\n\n /**\n * @notice Sends an outgoing message from the source domain, with a specified caller on the\n * destination domain.\n * @dev Increment nonce, format the message, and emit `MessageSent` event with message information.\n * WARNING: if the `destinationCaller` does not represent a valid address as bytes32, then it will not be possible\n * to broadcast the message on the destination domain. This is an advanced feature, and the standard\n * sendMessage() should be preferred for use cases where a specific destination caller is not required.\n * @param destinationDomain Domain of destination chain\n * @param recipient Address of message recipient on destination domain as bytes32\n * @param destinationCaller caller on the destination domain, as bytes32\n * @param messageBody Raw bytes content of message\n * @return nonce reserved by message\n */\n function sendMessageWithCaller(\n uint32 destinationDomain,\n bytes32 recipient,\n bytes32 destinationCaller,\n bytes calldata messageBody\n ) external returns (uint64);\n\n /**\n * @notice Replace a message with a new message body and/or destination caller.\n * @dev The `originalAttestation` must be a valid attestation of `originalMessage`.\n * @param originalMessage original message to replace\n * @param originalAttestation attestation of `originalMessage`\n * @param newMessageBody new message body of replaced message\n * @param newDestinationCaller the new destination caller\n */\n function replaceMessage(\n bytes calldata originalMessage,\n bytes calldata originalAttestation,\n bytes calldata newMessageBody,\n bytes32 newDestinationCaller\n ) external;\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * @title IReceiver\n * @notice Receives messages on destination chain and forwards them to IMessageDestinationHandler\n */\ninterface IReceiver {\n /**\n * @notice Receives an incoming message, validating the header and passing\n * the body to application-specific handler.\n * @param message The message raw bytes\n * @param signature The message signature\n * @return success bool, true if successful\n */\n function receiveMessage(bytes calldata message, bytes calldata signature)\n external\n returns (bool success);\n}\n\n/**\n * @title IMessageTransmitter\n * @notice Interface for message transmitters, which both relay and receive messages.\n */\ninterface IMessageTransmitter is IRelayer, IReceiver {\n\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * @title IMessageHandler\n * @notice Handles messages on destination domain forwarded from\n * an IReceiver\n */\ninterface IMessageHandler {\n /**\n * @notice handles an incoming message from a Receiver\n * @param sourceDomain the source domain of the message\n * @param sender the sender of the message\n * @param messageBody The message raw bytes\n * @return success bool, true if successful\n */\n function handleReceiveMessage(\n uint32 sourceDomain,\n bytes32 sender,\n bytes calldata messageBody\n ) external returns (bool);\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * @title Message Library\n * @notice Library for formatted messages used by Relayer and Receiver.\n *\n * @dev The message body is dynamically-sized to support custom message body\n * formats. Other fields must be fixed-size to avoid hash collisions.\n * Each other input value has an explicit type to guarantee fixed-size.\n * Padding: uintNN fields are left-padded, and bytesNN fields are right-padded.\n *\n * Field Bytes Type Index\n * version 4 uint32 0\n * sourceDomain 4 uint32 4\n * destinationDomain 4 uint32 8\n * nonce 8 uint64 12\n * sender 32 bytes32 20\n * recipient 32 bytes32 52\n * destinationCaller 32 bytes32 84\n * messageBody dynamic bytes 116\n *\n **/\nlibrary Message {\n using TypedMemView for bytes;\n using TypedMemView for bytes29;\n\n // Indices of each field in message\n uint8 private constant VERSION_INDEX = 0;\n uint8 private constant SOURCE_DOMAIN_INDEX = 4;\n uint8 private constant DESTINATION_DOMAIN_INDEX = 8;\n uint8 private constant NONCE_INDEX = 12;\n uint8 private constant SENDER_INDEX = 20;\n uint8 private constant RECIPIENT_INDEX = 52;\n uint8 private constant DESTINATION_CALLER_INDEX = 84;\n uint8 private constant MESSAGE_BODY_INDEX = 116;\n\n /**\n * @notice Returns formatted (packed) message with provided fields\n * @param _msgVersion the version of the message format\n * @param _msgSourceDomain Domain of home chain\n * @param _msgDestinationDomain Domain of destination chain\n * @param _msgNonce Destination-specific nonce\n * @param _msgSender Address of sender on source chain as bytes32\n * @param _msgRecipient Address of recipient on destination chain as bytes32\n * @param _msgDestinationCaller Address of caller on destination chain as bytes32\n * @param _msgRawBody Raw bytes of message body\n * @return Formatted message\n **/\n function _formatMessage(\n uint32 _msgVersion,\n uint32 _msgSourceDomain,\n uint32 _msgDestinationDomain,\n uint64 _msgNonce,\n bytes32 _msgSender,\n bytes32 _msgRecipient,\n bytes32 _msgDestinationCaller,\n bytes memory _msgRawBody\n ) internal pure returns (bytes memory) {\n return\n abi.encodePacked(\n _msgVersion,\n _msgSourceDomain,\n _msgDestinationDomain,\n _msgNonce,\n _msgSender,\n _msgRecipient,\n _msgDestinationCaller,\n _msgRawBody\n );\n }\n\n // @notice Returns _message's version field\n function _version(bytes29 _message) internal pure returns (uint32) {\n return uint32(_message.indexUint(VERSION_INDEX, 4));\n }\n\n // @notice Returns _message's sourceDomain field\n function _sourceDomain(bytes29 _message) internal pure returns (uint32) {\n return uint32(_message.indexUint(SOURCE_DOMAIN_INDEX, 4));\n }\n\n // @notice Returns _message's destinationDomain field\n function _destinationDomain(bytes29 _message)\n internal\n pure\n returns (uint32)\n {\n return uint32(_message.indexUint(DESTINATION_DOMAIN_INDEX, 4));\n }\n\n // @notice Returns _message's nonce field\n function _nonce(bytes29 _message) internal pure returns (uint64) {\n return uint64(_message.indexUint(NONCE_INDEX, 8));\n }\n\n // @notice Returns _message's sender field\n function _sender(bytes29 _message) internal pure returns (bytes32) {\n return _message.index(SENDER_INDEX, 32);\n }\n\n // @notice Returns _message's recipient field\n function _recipient(bytes29 _message) internal pure returns (bytes32) {\n return _message.index(RECIPIENT_INDEX, 32);\n }\n\n // @notice Returns _message's destinationCaller field\n function _destinationCaller(bytes29 _message)\n internal\n pure\n returns (bytes32)\n {\n return _message.index(DESTINATION_CALLER_INDEX, 32);\n }\n\n // @notice Returns _message's messageBody field\n function _messageBody(bytes29 _message) internal pure returns (bytes29) {\n return\n _message.slice(\n MESSAGE_BODY_INDEX,\n _message.len() - MESSAGE_BODY_INDEX,\n 0\n );\n }\n\n /**\n * @notice converts address to bytes32 (alignment preserving cast.)\n * @param addr the address to convert to bytes32\n */\n function addressToBytes32(address addr) external pure returns (bytes32) {\n return bytes32(uint256(uint160(addr)));\n }\n\n /**\n * @notice converts bytes32 to address (alignment preserving cast.)\n * @dev Warning: it is possible to have different input values _buf map to the same address.\n * For use cases where this is not acceptable, validate that the first 12 bytes of _buf are zero-padding.\n * @param _buf the bytes32 to convert to address\n */\n function bytes32ToAddress(bytes32 _buf) public pure returns (address) {\n return address(uint160(uint256(_buf)));\n }\n\n /**\n * @notice Reverts if message is malformed or incorrect length\n * @param _message The message as bytes29\n */\n function _validateMessageFormat(bytes29 _message) internal pure {\n require(_message.isValid(), \"Malformed message\");\n require(\n _message.len() \u003e= MESSAGE_BODY_INDEX,\n \"Invalid message: too short\"\n );\n }\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/*\n * @dev Provides information about the current execution context, including the\n * sender of the transaction and its data. While these are generally available\n * via msg.sender and msg.data, they should not be accessed in such a direct\n * manner, since when dealing with GSN meta-transactions the account sending and\n * paying for execution may not be the actual sender (as far as an application\n * is concerned).\n *\n * This contract is only required for intermediate, library-like contracts.\n */\nabstract contract Context {\n function _msgSender() internal view virtual returns (address payable) {\n return msg.sender;\n }\n\n function _msgData() internal view virtual returns (bytes memory) {\n this; // silence state mutability warning without generating bytecode - see https://github.com/ethereum/solidity/issues/2691\n return msg.data;\n }\n}\n\n/**\n * @dev forked from https://github.com/OpenZeppelin/openzeppelin-contracts/blob/7c5f6bc2c8743d83443fa46395d75f2f3f99054a/contracts/access/Ownable.sol\n * Modifications:\n * 1. Update Solidity version from 0.8.0 to 0.7.6 (11/9/2022). (v8 was used\n * as base because it includes internal _transferOwnership method.)\n * 2. Remove renounceOwnership function\n *\n * Description\n * Contract module which provides a basic access control mechanism, where\n * there is an account (an owner) that can be granted exclusive access to\n * specific functions.\n *\n * By default, the owner account will be the one that deploys the contract. This\n * can later be changed with {transferOwnership}.\n *\n * This module is used through inheritance. It will make available the modifier\n * `onlyOwner`, which can be applied to your functions to restrict their use to\n * the owner.\n */\nabstract contract Ownable is Context {\n address private _owner;\n\n event OwnershipTransferred(\n address indexed previousOwner,\n address indexed newOwner\n );\n\n /**\n * @dev Initializes the contract setting the deployer as the initial owner.\n */\n constructor() {\n _transferOwnership(_msgSender());\n }\n\n /**\n * @dev Throws if called by any account other than the owner.\n */\n modifier onlyOwner() {\n _checkOwner();\n _;\n }\n\n /**\n * @dev Returns the address of the current owner.\n */\n function owner() public view virtual returns (address) {\n return _owner;\n }\n\n /**\n * @dev Throws if the sender is not the owner.\n */\n function _checkOwner() internal view virtual {\n require(owner() == _msgSender(), \"Ownable: caller is not the owner\");\n }\n\n /**\n * @dev Transfers ownership of the contract to a new account (`newOwner`).\n * Can only be called by the current owner.\n */\n function transferOwnership(address newOwner) public virtual onlyOwner {\n require(\n newOwner != address(0),\n \"Ownable: new owner is the zero address\"\n );\n _transferOwnership(newOwner);\n }\n\n /**\n * @dev Transfers ownership of the contract to a new account (`newOwner`).\n * Internal function without access restriction.\n */\n function _transferOwnership(address newOwner) internal virtual {\n address oldOwner = _owner;\n _owner = newOwner;\n emit OwnershipTransferred(oldOwner, newOwner);\n }\n}\n\n/**\n * @dev forked from https://github.com/OpenZeppelin/openzeppelin-contracts/blob/7c5f6bc2c8743d83443fa46395d75f2f3f99054a/contracts/access/Ownable2Step.sol\n * Modifications:\n * 1. Update Solidity version from 0.8.0 to 0.7.6. Version 0.8.0 was used\n * as base because this contract was added to OZ repo after version 0.8.0.\n *\n * Contract module which provides access control mechanism, where\n * there is an account (an owner) that can be granted exclusive access to\n * specific functions.\n *\n * By default, the owner account will be the one that deploys the contract. This\n * can later be changed with {transferOwnership} and {acceptOwnership}.\n *\n * This module is used through inheritance. It will make available all functions\n * from parent (Ownable).\n */\nabstract contract Ownable2Step is Ownable {\n address private _pendingOwner;\n\n event OwnershipTransferStarted(\n address indexed previousOwner,\n address indexed newOwner\n );\n\n /**\n * @dev Returns the address of the pending owner.\n */\n function pendingOwner() public view virtual returns (address) {\n return _pendingOwner;\n }\n\n /**\n * @dev Starts the ownership transfer of the contract to a new account. Replaces the pending transfer if there is one.\n * Can only be called by the current owner.\n */\n function transferOwnership(address newOwner)\n public\n virtual\n override\n onlyOwner\n {\n _pendingOwner = newOwner;\n emit OwnershipTransferStarted(owner(), newOwner);\n }\n\n /**\n * @dev Transfers ownership of the contract to a new account (`newOwner`) and deletes any pending owner.\n * Internal function without access restriction.\n */\n function _transferOwnership(address newOwner) internal virtual override {\n delete _pendingOwner;\n super._transferOwnership(newOwner);\n }\n\n /**\n * @dev The new owner accepts the ownership transfer.\n */\n function acceptOwnership() external {\n address sender = _msgSender();\n require(\n pendingOwner() == sender,\n \"Ownable2Step: caller is not the new owner\"\n );\n _transferOwnership(sender);\n }\n}\n\n/**\n * @notice Base contract which allows children to implement an emergency stop\n * mechanism\n * @dev Forked from https://github.com/centrehq/centre-tokens/blob/0d3cab14ebd133a83fc834dbd48d0468bdf0b391/contracts/v1/Pausable.sol\n * Modifications:\n * 1. Update Solidity version from 0.6.12 to 0.7.6 (8/23/2022)\n * 2. Change pauser visibility to private, declare external getter (11/19/22)\n */\ncontract Pausable is Ownable2Step {\n event Pause();\n event Unpause();\n event PauserChanged(address indexed newAddress);\n\n address private _pauser;\n bool public paused = false;\n\n /**\n * @dev Modifier to make a function callable only when the contract is not paused.\n */\n modifier whenNotPaused() {\n require(!paused, \"Pausable: paused\");\n _;\n }\n\n /**\n * @dev throws if called by any account other than the pauser\n */\n modifier onlyPauser() {\n require(msg.sender == _pauser, \"Pausable: caller is not the pauser\");\n _;\n }\n\n /**\n * @notice Returns current pauser\n * @return Pauser's address\n */\n function pauser() external view returns (address) {\n return _pauser;\n }\n\n /**\n * @dev called by the owner to pause, triggers stopped state\n */\n function pause() external onlyPauser {\n paused = true;\n emit Pause();\n }\n\n /**\n * @dev called by the owner to unpause, returns to normal state\n */\n function unpause() external onlyPauser {\n paused = false;\n emit Unpause();\n }\n\n /**\n * @dev update the pauser role\n */\n function updatePauser(address _newPauser) external onlyOwner {\n require(\n _newPauser != address(0),\n \"Pausable: new pauser is the zero address\"\n );\n _pauser = _newPauser;\n emit PauserChanged(_pauser);\n }\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * @dev Interface of the ERC20 standard as defined in the EIP.\n */\ninterface IERC20 {\n /**\n * @dev Returns the amount of tokens in existence.\n */\n function totalSupply() external view returns (uint256);\n\n /**\n * @dev Returns the amount of tokens owned by `account`.\n */\n function balanceOf(address account) external view returns (uint256);\n\n /**\n * @dev Moves `amount` tokens from the caller's account to `recipient`.\n *\n * Returns a boolean value indicating whether the operation succeeded.\n *\n * Emits a {Transfer} event.\n */\n function transfer(address recipient, uint256 amount) external returns (bool);\n\n /**\n * @dev Returns the remaining number of tokens that `spender` will be\n * allowed to spend on behalf of `owner` through {transferFrom}. This is\n * zero by default.\n *\n * This value changes when {approve} or {transferFrom} are called.\n */\n function allowance(address owner, address spender) external view returns (uint256);\n\n /**\n * @dev Sets `amount` as the allowance of `spender` over the caller's tokens.\n *\n * Returns a boolean value indicating whether the operation succeeded.\n *\n * IMPORTANT: Beware that changing an allowance with this method brings the risk\n * that someone may use both the old and the new allowance by unfortunate\n * transaction ordering. One possible solution to mitigate this race\n * condition is to first reduce the spender's allowance to 0 and set the\n * desired value afterwards:\n * https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729\n *\n * Emits an {Approval} event.\n */\n function approve(address spender, uint256 amount) external returns (bool);\n\n /**\n * @dev Moves `amount` tokens from `sender` to `recipient` using the\n * allowance mechanism. `amount` is then deducted from the caller's\n * allowance.\n *\n * Returns a boolean value indicating whether the operation succeeded.\n *\n * Emits a {Transfer} event.\n */\n function transferFrom(address sender, address recipient, uint256 amount) external returns (bool);\n\n /**\n * @dev Emitted when `value` tokens are moved from one account (`from`) to\n * another (`to`).\n *\n * Note that `value` may be zero.\n */\n event Transfer(address indexed from, address indexed to, uint256 value);\n\n /**\n * @dev Emitted when the allowance of a `spender` for an `owner` is set by\n * a call to {approve}. `value` is the new allowance.\n */\n event Approval(address indexed owner, address indexed spender, uint256 value);\n}\n\n/**\n * @dev Wrappers over Solidity's arithmetic operations with added overflow\n * checks.\n *\n * Arithmetic operations in Solidity wrap on overflow. This can easily result\n * in bugs, because programmers usually assume that an overflow raises an\n * error, which is the standard behavior in high level programming languages.\n * `SafeMath` restores this intuition by reverting the transaction when an\n * operation overflows.\n *\n * Using this library instead of the unchecked operations eliminates an entire\n * class of bugs, so it's recommended to use it always.\n */\nlibrary SafeMath {\n /**\n * @dev Returns the addition of two unsigned integers, with an overflow flag.\n *\n * _Available since v3.4._\n */\n function tryAdd(uint256 a, uint256 b) internal pure returns (bool, uint256) {\n uint256 c = a + b;\n if (c \u003c a) return (false, 0);\n return (true, c);\n }\n\n /**\n * @dev Returns the substraction of two unsigned integers, with an overflow flag.\n *\n * _Available since v3.4._\n */\n function trySub(uint256 a, uint256 b) internal pure returns (bool, uint256) {\n if (b \u003e a) return (false, 0);\n return (true, a - b);\n }\n\n /**\n * @dev Returns the multiplication of two unsigned integers, with an overflow flag.\n *\n * _Available since v3.4._\n */\n function tryMul(uint256 a, uint256 b) internal pure returns (bool, uint256) {\n // Gas optimization: this is cheaper than requiring 'a' not being zero, but the\n // benefit is lost if 'b' is also tested.\n // See: https://github.com/OpenZeppelin/openzeppelin-contracts/pull/522\n if (a == 0) return (true, 0);\n uint256 c = a * b;\n if (c / a != b) return (false, 0);\n return (true, c);\n }\n\n /**\n * @dev Returns the division of two unsigned integers, with a division by zero flag.\n *\n * _Available since v3.4._\n */\n function tryDiv(uint256 a, uint256 b) internal pure returns (bool, uint256) {\n if (b == 0) return (false, 0);\n return (true, a / b);\n }\n\n /**\n * @dev Returns the remainder of dividing two unsigned integers, with a division by zero flag.\n *\n * _Available since v3.4._\n */\n function tryMod(uint256 a, uint256 b) internal pure returns (bool, uint256) {\n if (b == 0) return (false, 0);\n return (true, a % b);\n }\n\n /**\n * @dev Returns the addition of two unsigned integers, reverting on\n * overflow.\n *\n * Counterpart to Solidity's `+` operator.\n *\n * Requirements:\n *\n * - Addition cannot overflow.\n */\n function add(uint256 a, uint256 b) internal pure returns (uint256) {\n uint256 c = a + b;\n require(c \u003e= a, \"SafeMath: addition overflow\");\n return c;\n }\n\n /**\n * @dev Returns the subtraction of two unsigned integers, reverting on\n * overflow (when the result is negative).\n *\n * Counterpart to Solidity's `-` operator.\n *\n * Requirements:\n *\n * - Subtraction cannot overflow.\n */\n function sub(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b \u003c= a, \"SafeMath: subtraction overflow\");\n return a - b;\n }\n\n /**\n * @dev Returns the multiplication of two unsigned integers, reverting on\n * overflow.\n *\n * Counterpart to Solidity's `*` operator.\n *\n * Requirements:\n *\n * - Multiplication cannot overflow.\n */\n function mul(uint256 a, uint256 b) internal pure returns (uint256) {\n if (a == 0) return 0;\n uint256 c = a * b;\n require(c / a == b, \"SafeMath: multiplication overflow\");\n return c;\n }\n\n /**\n * @dev Returns the integer division of two unsigned integers, reverting on\n * division by zero. The result is rounded towards zero.\n *\n * Counterpart to Solidity's `/` operator. Note: this function uses a\n * `revert` opcode (which leaves remaining gas untouched) while Solidity\n * uses an invalid opcode to revert (consuming all remaining gas).\n *\n * Requirements:\n *\n * - The divisor cannot be zero.\n */\n function div(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b \u003e 0, \"SafeMath: division by zero\");\n return a / b;\n }\n\n /**\n * @dev Returns the remainder of dividing two unsigned integers. (unsigned integer modulo),\n * reverting when dividing by zero.\n *\n * Counterpart to Solidity's `%` operator. This function uses a `revert`\n * opcode (which leaves remaining gas untouched) while Solidity uses an\n * invalid opcode to revert (consuming all remaining gas).\n *\n * Requirements:\n *\n * - The divisor cannot be zero.\n */\n function mod(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b \u003e 0, \"SafeMath: modulo by zero\");\n return a % b;\n }\n\n /**\n * @dev Returns the subtraction of two unsigned integers, reverting with custom message on\n * overflow (when the result is negative).\n *\n * CAUTION: This function is deprecated because it requires allocating memory for the error\n * message unnecessarily. For custom revert reasons use {trySub}.\n *\n * Counterpart to Solidity's `-` operator.\n *\n * Requirements:\n *\n * - Subtraction cannot overflow.\n */\n function sub(uint256 a, uint256 b, string memory errorMessage) internal pure returns (uint256) {\n require(b \u003c= a, errorMessage);\n return a - b;\n }\n\n /**\n * @dev Returns the integer division of two unsigned integers, reverting with custom message on\n * division by zero. The result is rounded towards zero.\n *\n * CAUTION: This function is deprecated because it requires allocating memory for the error\n * message unnecessarily. For custom revert reasons use {tryDiv}.\n *\n * Counterpart to Solidity's `/` operator. Note: this function uses a\n * `revert` opcode (which leaves remaining gas untouched) while Solidity\n * uses an invalid opcode to revert (consuming all remaining gas).\n *\n * Requirements:\n *\n * - The divisor cannot be zero.\n */\n function div(uint256 a, uint256 b, string memory errorMessage) internal pure returns (uint256) {\n require(b \u003e 0, errorMessage);\n return a / b;\n }\n\n /**\n * @dev Returns the remainder of dividing two unsigned integers. (unsigned integer modulo),\n * reverting with custom message when dividing by zero.\n *\n * CAUTION: This function is deprecated because it requires allocating memory for the error\n * message unnecessarily. For custom revert reasons use {tryMod}.\n *\n * Counterpart to Solidity's `%` operator. This function uses a `revert`\n * opcode (which leaves remaining gas untouched) while Solidity uses an\n * invalid opcode to revert (consuming all remaining gas).\n *\n * Requirements:\n *\n * - The divisor cannot be zero.\n */\n function mod(uint256 a, uint256 b, string memory errorMessage) internal pure returns (uint256) {\n require(b \u003e 0, errorMessage);\n return a % b;\n }\n}\n\n/**\n * @dev Collection of functions related to the address type\n */\nlibrary Address {\n /**\n * @dev Returns true if `account` is a contract.\n *\n * [IMPORTANT]\n * ====\n * It is unsafe to assume that an address for which this function returns\n * false is an externally-owned account (EOA) and not a contract.\n *\n * Among others, `isContract` will return false for the following\n * types of addresses:\n *\n * - an externally-owned account\n * - a contract in construction\n * - an address where a contract will be created\n * - an address where a contract lived, but was destroyed\n * ====\n */\n function isContract(address account) internal view returns (bool) {\n // This method relies on extcodesize, which returns 0 for contracts in\n // construction, since the code is only stored at the end of the\n // constructor execution.\n\n uint256 size;\n // solhint-disable-next-line no-inline-assembly\n assembly { size := extcodesize(account) }\n return size \u003e 0;\n }\n\n /**\n * @dev Replacement for Solidity's `transfer`: sends `amount` wei to\n * `recipient`, forwarding all available gas and reverting on errors.\n *\n * https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost\n * of certain opcodes, possibly making contracts go over the 2300 gas limit\n * imposed by `transfer`, making them unable to receive funds via\n * `transfer`. {sendValue} removes this limitation.\n *\n * https://diligence.consensys.net/posts/2019/09/stop-using-soliditys-transfer-now/[Learn more].\n *\n * IMPORTANT: because control is transferred to `recipient`, care must be\n * taken to not create reentrancy vulnerabilities. Consider using\n * {ReentrancyGuard} or the\n * https://solidity.readthedocs.io/en/v0.5.11/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern].\n */\n function sendValue(address payable recipient, uint256 amount) internal {\n require(address(this).balance \u003e= amount, \"Address: insufficient balance\");\n\n // solhint-disable-next-line avoid-low-level-calls, avoid-call-value\n (bool success, ) = recipient.call{ value: amount }(\"\");\n require(success, \"Address: unable to send value, recipient may have reverted\");\n }\n\n /**\n * @dev Performs a Solidity function call using a low level `call`. A\n * plain`call` is an unsafe replacement for a function call: use this\n * function instead.\n *\n * If `target` reverts with a revert reason, it is bubbled up by this\n * function (like regular Solidity function calls).\n *\n * Returns the raw returned data. To convert to the expected return value,\n * use https://solidity.readthedocs.io/en/latest/units-and-global-variables.html?highlight=abi.decode#abi-encoding-and-decoding-functions[`abi.decode`].\n *\n * Requirements:\n *\n * - `target` must be a contract.\n * - calling `target` with `data` must not revert.\n *\n * _Available since v3.1._\n */\n function functionCall(address target, bytes memory data) internal returns (bytes memory) {\n return functionCall(target, data, \"Address: low-level call failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], but with\n * `errorMessage` as a fallback revert reason when `target` reverts.\n *\n * _Available since v3.1._\n */\n function functionCall(address target, bytes memory data, string memory errorMessage) internal returns (bytes memory) {\n return functionCallWithValue(target, data, 0, errorMessage);\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\n * but also transferring `value` wei to `target`.\n *\n * Requirements:\n *\n * - the calling contract must have an ETH balance of at least `value`.\n * - the called Solidity function must be `payable`.\n *\n * _Available since v3.1._\n */\n function functionCallWithValue(address target, bytes memory data, uint256 value) internal returns (bytes memory) {\n return functionCallWithValue(target, data, value, \"Address: low-level call with value failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCallWithValue-address-bytes-uint256-}[`functionCallWithValue`], but\n * with `errorMessage` as a fallback revert reason when `target` reverts.\n *\n * _Available since v3.1._\n */\n function functionCallWithValue(address target, bytes memory data, uint256 value, string memory errorMessage) internal returns (bytes memory) {\n require(address(this).balance \u003e= value, \"Address: insufficient balance for call\");\n require(isContract(target), \"Address: call to non-contract\");\n\n // solhint-disable-next-line avoid-low-level-calls\n (bool success, bytes memory returndata) = target.call{ value: value }(data);\n return _verifyCallResult(success, returndata, errorMessage);\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\n * but performing a static call.\n *\n * _Available since v3.3._\n */\n function functionStaticCall(address target, bytes memory data) internal view returns (bytes memory) {\n return functionStaticCall(target, data, \"Address: low-level static call failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],\n * but performing a static call.\n *\n * _Available since v3.3._\n */\n function functionStaticCall(address target, bytes memory data, string memory errorMessage) internal view returns (bytes memory) {\n require(isContract(target), \"Address: static call to non-contract\");\n\n // solhint-disable-next-line avoid-low-level-calls\n (bool success, bytes memory returndata) = target.staticcall(data);\n return _verifyCallResult(success, returndata, errorMessage);\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\n * but performing a delegate call.\n *\n * _Available since v3.4._\n */\n function functionDelegateCall(address target, bytes memory data) internal returns (bytes memory) {\n return functionDelegateCall(target, data, \"Address: low-level delegate call failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],\n * but performing a delegate call.\n *\n * _Available since v3.4._\n */\n function functionDelegateCall(address target, bytes memory data, string memory errorMessage) internal returns (bytes memory) {\n require(isContract(target), \"Address: delegate call to non-contract\");\n\n // solhint-disable-next-line avoid-low-level-calls\n (bool success, bytes memory returndata) = target.delegatecall(data);\n return _verifyCallResult(success, returndata, errorMessage);\n }\n\n function _verifyCallResult(bool success, bytes memory returndata, string memory errorMessage) private pure returns(bytes memory) {\n if (success) {\n return returndata;\n } else {\n // Look for revert reason and bubble it up if present\n if (returndata.length \u003e 0) {\n // The easiest way to bubble the revert reason is using memory via assembly\n\n // solhint-disable-next-line no-inline-assembly\n assembly {\n let returndata_size := mload(returndata)\n revert(add(32, returndata), returndata_size)\n }\n } else {\n revert(errorMessage);\n }\n }\n }\n}\n\n/**\n * @title SafeERC20\n * @dev Wrappers around ERC20 operations that throw on failure (when the token\n * contract returns false). Tokens that return no value (and instead revert or\n * throw on failure) are also supported, non-reverting calls are assumed to be\n * successful.\n * To use this library you can add a `using SafeERC20 for IERC20;` statement to your contract,\n * which allows you to call the safe operations as `token.safeTransfer(...)`, etc.\n */\nlibrary SafeERC20 {\n using SafeMath for uint256;\n using Address for address;\n\n function safeTransfer(IERC20 token, address to, uint256 value) internal {\n _callOptionalReturn(token, abi.encodeWithSelector(token.transfer.selector, to, value));\n }\n\n function safeTransferFrom(IERC20 token, address from, address to, uint256 value) internal {\n _callOptionalReturn(token, abi.encodeWithSelector(token.transferFrom.selector, from, to, value));\n }\n\n /**\n * @dev Deprecated. This function has issues similar to the ones found in\n * {IERC20-approve}, and its usage is discouraged.\n *\n * Whenever possible, use {safeIncreaseAllowance} and\n * {safeDecreaseAllowance} instead.\n */\n function safeApprove(IERC20 token, address spender, uint256 value) internal {\n // safeApprove should only be called when setting an initial allowance,\n // or when resetting it to zero. To increase and decrease it, use\n // 'safeIncreaseAllowance' and 'safeDecreaseAllowance'\n // solhint-disable-next-line max-line-length\n require((value == 0) || (token.allowance(address(this), spender) == 0),\n \"SafeERC20: approve from non-zero to non-zero allowance\"\n );\n _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, value));\n }\n\n function safeIncreaseAllowance(IERC20 token, address spender, uint256 value) internal {\n uint256 newAllowance = token.allowance(address(this), spender).add(value);\n _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, newAllowance));\n }\n\n function safeDecreaseAllowance(IERC20 token, address spender, uint256 value) internal {\n uint256 newAllowance = token.allowance(address(this), spender).sub(value, \"SafeERC20: decreased allowance below zero\");\n _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, newAllowance));\n }\n\n /**\n * @dev Imitates a Solidity high-level call (i.e. a regular function call to a contract), relaxing the requirement\n * on the return value: the return value is optional (but if data is returned, it must not be false).\n * @param token The token targeted by the call.\n * @param data The call data (encoded using abi.encode or one of its variants).\n */\n function _callOptionalReturn(IERC20 token, bytes memory data) private {\n // We need to perform a low level call here, to bypass Solidity's return data size checking mechanism, since\n // we're implementing it ourselves. We use {Address.functionCall} to perform this call, which verifies that\n // the target address contains contract code and also asserts for success in the low-level call.\n\n bytes memory returndata = address(token).functionCall(data, \"SafeERC20: low-level call failed\");\n if (returndata.length \u003e 0) { // Return data is optional\n // solhint-disable-next-line max-line-length\n require(abi.decode(returndata, (bool)), \"SafeERC20: ERC20 operation did not succeed\");\n }\n }\n}\n\n/**\n * @notice Base contract which allows children to rescue ERC20 locked in their contract.\n * @dev Forked from https://github.com/centrehq/centre-tokens/blob/0d3cab14ebd133a83fc834dbd48d0468bdf0b391/contracts/v1.1/Rescuable.sol\n * Modifications:\n * 1. Update Solidity version from 0.6.12 to 0.7.6 (8/23/2022)\n */\ncontract Rescuable is Ownable2Step {\n using SafeERC20 for IERC20;\n\n address private _rescuer;\n\n event RescuerChanged(address indexed newRescuer);\n\n /**\n * @notice Returns current rescuer\n * @return Rescuer's address\n */\n function rescuer() external view returns (address) {\n return _rescuer;\n }\n\n /**\n * @notice Revert if called by any account other than the rescuer.\n */\n modifier onlyRescuer() {\n require(msg.sender == _rescuer, \"Rescuable: caller is not the rescuer\");\n _;\n }\n\n /**\n * @notice Rescue ERC20 tokens locked up in this contract.\n * @param tokenContract ERC20 token contract address\n * @param to Recipient address\n * @param amount Amount to withdraw\n */\n function rescueERC20(\n IERC20 tokenContract,\n address to,\n uint256 amount\n ) external onlyRescuer {\n tokenContract.safeTransfer(to, amount);\n }\n\n /**\n * @notice Assign the rescuer role to a given address.\n * @param newRescuer New rescuer's address\n */\n function updateRescuer(address newRescuer) external onlyOwner {\n require(\n newRescuer != address(0),\n \"Rescuable: new rescuer is the zero address\"\n );\n _rescuer = newRescuer;\n emit RescuerChanged(newRescuer);\n }\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * @dev Library for managing\n * https://en.wikipedia.org/wiki/Set_(abstract_data_type)[sets] of primitive\n * types.\n *\n * Sets have the following properties:\n *\n * - Elements are added, removed, and checked for existence in constant time\n * (O(1)).\n * - Elements are enumerated in O(n). No guarantees are made on the ordering.\n *\n * ```\n * contract Example {\n * // Add the library methods\n * using EnumerableSet for EnumerableSet.AddressSet;\n *\n * // Declare a set state variable\n * EnumerableSet.AddressSet private mySet;\n * }\n * ```\n *\n * As of v3.3.0, sets of type `bytes32` (`Bytes32Set`), `address` (`AddressSet`)\n * and `uint256` (`UintSet`) are supported.\n */\nlibrary EnumerableSet {\n // To implement this library for multiple types with as little code\n // repetition as possible, we write it in terms of a generic Set type with\n // bytes32 values.\n // The Set implementation uses private functions, and user-facing\n // implementations (such as AddressSet) are just wrappers around the\n // underlying Set.\n // This means that we can only create new EnumerableSets for types that fit\n // in bytes32.\n\n struct Set {\n // Storage of set values\n bytes32[] _values;\n\n // Position of the value in the `values` array, plus 1 because index 0\n // means a value is not in the set.\n mapping (bytes32 =\u003e uint256) _indexes;\n }\n\n /**\n * @dev Add a value to a set. O(1).\n *\n * Returns true if the value was added to the set, that is if it was not\n * already present.\n */\n function _add(Set storage set, bytes32 value) private returns (bool) {\n if (!_contains(set, value)) {\n set._values.push(value);\n // The value is stored at length-1, but we add 1 to all indexes\n // and use 0 as a sentinel value\n set._indexes[value] = set._values.length;\n return true;\n } else {\n return false;\n }\n }\n\n /**\n * @dev Removes a value from a set. O(1).\n *\n * Returns true if the value was removed from the set, that is if it was\n * present.\n */\n function _remove(Set storage set, bytes32 value) private returns (bool) {\n // We read and store the value's index to prevent multiple reads from the same storage slot\n uint256 valueIndex = set._indexes[value];\n\n if (valueIndex != 0) { // Equivalent to contains(set, value)\n // To delete an element from the _values array in O(1), we swap the element to delete with the last one in\n // the array, and then remove the last element (sometimes called as 'swap and pop').\n // This modifies the order of the array, as noted in {at}.\n\n uint256 toDeleteIndex = valueIndex - 1;\n uint256 lastIndex = set._values.length - 1;\n\n // When the value to delete is the last one, the swap operation is unnecessary. However, since this occurs\n // so rarely, we still do the swap anyway to avoid the gas cost of adding an 'if' statement.\n\n bytes32 lastvalue = set._values[lastIndex];\n\n // Move the last value to the index where the value to delete is\n set._values[toDeleteIndex] = lastvalue;\n // Update the index for the moved value\n set._indexes[lastvalue] = toDeleteIndex + 1; // All indexes are 1-based\n\n // Delete the slot where the moved value was stored\n set._values.pop();\n\n // Delete the index for the deleted slot\n delete set._indexes[value];\n\n return true;\n } else {\n return false;\n }\n }\n\n /**\n * @dev Returns true if the value is in the set. O(1).\n */\n function _contains(Set storage set, bytes32 value) private view returns (bool) {\n return set._indexes[value] != 0;\n }\n\n /**\n * @dev Returns the number of values on the set. O(1).\n */\n function _length(Set storage set) private view returns (uint256) {\n return set._values.length;\n }\n\n /**\n * @dev Returns the value stored at position `index` in the set. O(1).\n *\n * Note that there are no guarantees on the ordering of values inside the\n * array, and it may change when more values are added or removed.\n *\n * Requirements:\n *\n * - `index` must be strictly less than {length}.\n */\n function _at(Set storage set, uint256 index) private view returns (bytes32) {\n require(set._values.length \u003e index, \"EnumerableSet: index out of bounds\");\n return set._values[index];\n }\n\n // Bytes32Set\n\n struct Bytes32Set {\n Set _inner;\n }\n\n /**\n * @dev Add a value to a set. O(1).\n *\n * Returns true if the value was added to the set, that is if it was not\n * already present.\n */\n function add(Bytes32Set storage set, bytes32 value) internal returns (bool) {\n return _add(set._inner, value);\n }\n\n /**\n * @dev Removes a value from a set. O(1).\n *\n * Returns true if the value was removed from the set, that is if it was\n * present.\n */\n function remove(Bytes32Set storage set, bytes32 value) internal returns (bool) {\n return _remove(set._inner, value);\n }\n\n /**\n * @dev Returns true if the value is in the set. O(1).\n */\n function contains(Bytes32Set storage set, bytes32 value) internal view returns (bool) {\n return _contains(set._inner, value);\n }\n\n /**\n * @dev Returns the number of values in the set. O(1).\n */\n function length(Bytes32Set storage set) internal view returns (uint256) {\n return _length(set._inner);\n }\n\n /**\n * @dev Returns the value stored at position `index` in the set. O(1).\n *\n * Note that there are no guarantees on the ordering of values inside the\n * array, and it may change when more values are added or removed.\n *\n * Requirements:\n *\n * - `index` must be strictly less than {length}.\n */\n function at(Bytes32Set storage set, uint256 index) internal view returns (bytes32) {\n return _at(set._inner, index);\n }\n\n // AddressSet\n\n struct AddressSet {\n Set _inner;\n }\n\n /**\n * @dev Add a value to a set. O(1).\n *\n * Returns true if the value was added to the set, that is if it was not\n * already present.\n */\n function add(AddressSet storage set, address value) internal returns (bool) {\n return _add(set._inner, bytes32(uint256(uint160(value))));\n }\n\n /**\n * @dev Removes a value from a set. O(1).\n *\n * Returns true if the value was removed from the set, that is if it was\n * present.\n */\n function remove(AddressSet storage set, address value) internal returns (bool) {\n return _remove(set._inner, bytes32(uint256(uint160(value))));\n }\n\n /**\n * @dev Returns true if the value is in the set. O(1).\n */\n function contains(AddressSet storage set, address value) internal view returns (bool) {\n return _contains(set._inner, bytes32(uint256(uint160(value))));\n }\n\n /**\n * @dev Returns the number of values in the set. O(1).\n */\n function length(AddressSet storage set) internal view returns (uint256) {\n return _length(set._inner);\n }\n\n /**\n * @dev Returns the value stored at position `index` in the set. O(1).\n *\n * Note that there are no guarantees on the ordering of values inside the\n * array, and it may change when more values are added or removed.\n *\n * Requirements:\n *\n * - `index` must be strictly less than {length}.\n */\n function at(AddressSet storage set, uint256 index) internal view returns (address) {\n return address(uint160(uint256(_at(set._inner, index))));\n }\n\n // UintSet\n\n struct UintSet {\n Set _inner;\n }\n\n /**\n * @dev Add a value to a set. O(1).\n *\n * Returns true if the value was added to the set, that is if it was not\n * already present.\n */\n function add(UintSet storage set, uint256 value) internal returns (bool) {\n return _add(set._inner, bytes32(value));\n }\n\n /**\n * @dev Removes a value from a set. O(1).\n *\n * Returns true if the value was removed from the set, that is if it was\n * present.\n */\n function remove(UintSet storage set, uint256 value) internal returns (bool) {\n return _remove(set._inner, bytes32(value));\n }\n\n /**\n * @dev Returns true if the value is in the set. O(1).\n */\n function contains(UintSet storage set, uint256 value) internal view returns (bool) {\n return _contains(set._inner, bytes32(value));\n }\n\n /**\n * @dev Returns the number of values on the set. O(1).\n */\n function length(UintSet storage set) internal view returns (uint256) {\n return _length(set._inner);\n }\n\n /**\n * @dev Returns the value stored at position `index` in the set. O(1).\n *\n * Note that there are no guarantees on the ordering of values inside the\n * array, and it may change when more values are added or removed.\n *\n * Requirements:\n *\n * - `index` must be strictly less than {length}.\n */\n function at(UintSet storage set, uint256 index) internal view returns (uint256) {\n return uint256(_at(set._inner, index));\n }\n}\n\n/**\n * @dev Elliptic Curve Digital Signature Algorithm (ECDSA) operations.\n *\n * These functions can be used to verify that a message was signed by the holder\n * of the private keys of a given address.\n */\nlibrary ECDSA {\n /**\n * @dev Returns the address that signed a hashed message (`hash`) with\n * `signature`. This address can then be used for verification purposes.\n *\n * The `ecrecover` EVM opcode allows for malleable (non-unique) signatures:\n * this function rejects them by requiring the `s` value to be in the lower\n * half order, and the `v` value to be either 27 or 28.\n *\n * IMPORTANT: `hash` _must_ be the result of a hash operation for the\n * verification to be secure: it is possible to craft signatures that\n * recover to arbitrary addresses for non-hashed data. A safe way to ensure\n * this is by receiving a hash of the original message (which may otherwise\n * be too long), and then calling {toEthSignedMessageHash} on it.\n */\n function recover(bytes32 hash, bytes memory signature) internal pure returns (address) {\n // Check the signature length\n if (signature.length != 65) {\n revert(\"ECDSA: invalid signature length\");\n }\n\n // Divide the signature in r, s and v variables\n bytes32 r;\n bytes32 s;\n uint8 v;\n\n // ecrecover takes the signature parameters, and the only way to get them\n // currently is to use assembly.\n // solhint-disable-next-line no-inline-assembly\n assembly {\n r := mload(add(signature, 0x20))\n s := mload(add(signature, 0x40))\n v := byte(0, mload(add(signature, 0x60)))\n }\n\n return recover(hash, v, r, s);\n }\n\n /**\n * @dev Overload of {ECDSA-recover-bytes32-bytes-} that receives the `v`,\n * `r` and `s` signature fields separately.\n */\n function recover(bytes32 hash, uint8 v, bytes32 r, bytes32 s) internal pure returns (address) {\n // EIP-2 still allows signature malleability for ecrecover(). Remove this possibility and make the signature\n // unique. Appendix F in the Ethereum Yellow paper (https://ethereum.github.io/yellowpaper/paper.pdf), defines\n // the valid range for s in (281): 0 \u003c s \u003c secp256k1n ÷ 2 + 1, and for v in (282): v ∈ {27, 28}. Most\n // signatures from current libraries generate a unique signature with an s-value in the lower half order.\n //\n // If your library generates malleable signatures, such as s-values in the upper range, calculate a new s-value\n // with 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141 - s1 and flip v from 27 to 28 or\n // vice versa. If your library also generates signatures with 0/1 for v instead 27/28, add 27 to v to accept\n // these malleable signatures as well.\n require(uint256(s) \u003c= 0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0, \"ECDSA: invalid signature 's' value\");\n require(v == 27 || v == 28, \"ECDSA: invalid signature 'v' value\");\n\n // If the signature is valid (and not malleable), return the signer address\n address signer = ecrecover(hash, v, r, s);\n require(signer != address(0), \"ECDSA: invalid signature\");\n\n return signer;\n }\n\n /**\n * @dev Returns an Ethereum Signed Message, created from a `hash`. This\n * replicates the behavior of the\n * https://github.com/ethereum/wiki/wiki/JSON-RPC#eth_sign[`eth_sign`]\n * JSON-RPC method.\n *\n * See {recover}.\n */\n function toEthSignedMessageHash(bytes32 hash) internal pure returns (bytes32) {\n // 32 is the length in bytes of hash,\n // enforced by the type signature above\n return keccak256(abi.encodePacked(\"\\x19Ethereum Signed Message:\\n32\", hash));\n }\n}\n\ncontract Attestable is Ownable2Step {\n // ============ Events ============\n /**\n * @notice Emitted when an attester is enabled\n * @param attester newly enabled attester\n */\n event AttesterEnabled(address indexed attester);\n\n /**\n * @notice Emitted when an attester is disabled\n * @param attester newly disabled attester\n */\n event AttesterDisabled(address indexed attester);\n\n /**\n * @notice Emitted when threshold number of attestations (m in m/n multisig) is updated\n * @param oldSignatureThreshold old signature threshold\n * @param newSignatureThreshold new signature threshold\n */\n event SignatureThresholdUpdated(\n uint256 oldSignatureThreshold,\n uint256 newSignatureThreshold\n );\n\n /**\n * @dev Emitted when attester manager address is updated\n * @param previousAttesterManager representing the address of the previous attester manager\n * @param newAttesterManager representing the address of the new attester manager\n */\n event AttesterManagerUpdated(\n address indexed previousAttesterManager,\n address indexed newAttesterManager\n );\n\n // ============ Libraries ============\n using EnumerableSet for EnumerableSet.AddressSet;\n\n // ============ State Variables ============\n // number of signatures from distinct attesters required for a message to be received (m in m/n multisig)\n uint256 public signatureThreshold;\n\n // 65-byte ECDSA signature: v (32) + r (32) + s (1)\n uint256 internal constant signatureLength = 65;\n\n // enabled attesters (message signers)\n // (length of enabledAttesters is n in m/n multisig of message signers)\n EnumerableSet.AddressSet private enabledAttesters;\n\n // Attester Manager of the contract\n address private _attesterManager;\n\n // ============ Modifiers ============\n /**\n * @dev Throws if called by any account other than the attester manager.\n */\n modifier onlyAttesterManager() {\n require(msg.sender == _attesterManager, \"Caller not attester manager\");\n _;\n }\n\n // ============ Constructor ============\n /**\n * @dev The constructor sets the original attester manager of the contract to the sender account.\n * @param attester attester to initialize\n */\n constructor(address attester) {\n _setAttesterManager(msg.sender);\n // Initially 1 signature is required. Threshold can be increased by attesterManager.\n signatureThreshold = 1;\n enableAttester(attester);\n }\n\n // ============ Public/External Functions ============\n /**\n * @notice Enables an attester\n * @dev Only callable by attesterManager. New attester must be nonzero, and currently disabled.\n * @param newAttester attester to enable\n */\n function enableAttester(address newAttester) public onlyAttesterManager {\n require(newAttester != address(0), \"New attester must be nonzero\");\n require(enabledAttesters.add(newAttester), \"Attester already enabled\");\n emit AttesterEnabled(newAttester);\n }\n\n /**\n * @notice returns true if given `attester` is enabled, else false\n * @param attester attester to check enabled status of\n * @return true if given `attester` is enabled, else false\n */\n function isEnabledAttester(address attester) public view returns (bool) {\n return enabledAttesters.contains(attester);\n }\n\n /**\n * @notice returns the number of enabled attesters\n * @return number of enabled attesters\n */\n function getNumEnabledAttesters() public view returns (uint256) {\n return enabledAttesters.length();\n }\n\n /**\n * @dev Allows the current attester manager to transfer control of the contract to a newAttesterManager.\n * @param newAttesterManager The address to update attester manager to.\n */\n function updateAttesterManager(address newAttesterManager)\n external\n onlyOwner\n {\n require(\n newAttesterManager != address(0),\n \"Invalid attester manager address\"\n );\n address _oldAttesterManager = _attesterManager;\n _setAttesterManager(newAttesterManager);\n emit AttesterManagerUpdated(_oldAttesterManager, newAttesterManager);\n }\n\n /**\n * @notice Disables an attester\n * @dev Only callable by attesterManager. Disabling the attester is not allowed if there is only one attester\n * enabled, or if it would cause the number of enabled attesters to become less than signatureThreshold.\n * (Attester must be currently enabled.)\n * @param attester attester to disable\n */\n function disableAttester(address attester) external onlyAttesterManager {\n // Disallow disabling attester if there is only 1 active attester\n uint256 _numEnabledAttesters = getNumEnabledAttesters();\n\n require(_numEnabledAttesters \u003e 1, \"Too few enabled attesters\");\n\n // Disallow disabling an attester if it would cause the n in m/n multisig to fall below m (threshold # of signers).\n require(\n _numEnabledAttesters \u003e signatureThreshold,\n \"Signature threshold is too low\"\n );\n\n require(enabledAttesters.remove(attester), \"Attester already disabled\");\n emit AttesterDisabled(attester);\n }\n\n /**\n * @notice Sets the threshold of signatures required to attest to a message.\n * (This is the m in m/n multisig.)\n * @dev new signature threshold must be nonzero, and must not exceed number\n * of enabled attesters.\n * @param newSignatureThreshold new signature threshold\n */\n function setSignatureThreshold(uint256 newSignatureThreshold)\n external\n onlyAttesterManager\n {\n require(newSignatureThreshold != 0, \"Invalid signature threshold\");\n\n // New signature threshold cannot exceed the number of enabled attesters\n require(\n newSignatureThreshold \u003c= enabledAttesters.length(),\n \"New signature threshold too high\"\n );\n\n require(\n newSignatureThreshold != signatureThreshold,\n \"Signature threshold already set\"\n );\n\n uint256 _oldSignatureThreshold = signatureThreshold;\n signatureThreshold = newSignatureThreshold;\n emit SignatureThresholdUpdated(\n _oldSignatureThreshold,\n signatureThreshold\n );\n }\n\n /**\n * @dev Returns the address of the attester manager\n * @return address of the attester manager\n */\n function attesterManager() external view returns (address) {\n return _attesterManager;\n }\n\n /**\n * @notice gets enabled attester at given `index`\n * @param index index of attester to check\n * @return enabled attester at given `index`\n */\n function getEnabledAttester(uint256 index) external view returns (address) {\n return enabledAttesters.at(index);\n }\n\n // ============ Internal Utils ============\n /**\n * @dev Sets a new attester manager address\n * @param _newAttesterManager attester manager address to set\n */\n function _setAttesterManager(address _newAttesterManager) internal {\n _attesterManager = _newAttesterManager;\n }\n\n /**\n * @notice reverts if the attestation, which is comprised of one or more concatenated 65-byte signatures, is invalid.\n * @dev Rules for valid attestation:\n * 1. length of `_attestation` == 65 (signature length) * signatureThreshold\n * 2. addresses recovered from attestation must be in increasing order.\n * For example, if signature A is signed by address 0x1..., and signature B\n * is signed by address 0x2..., attestation must be passed as AB.\n * 3. no duplicate signers\n * 4. all signers must be enabled attesters\n *\n * Based on Christian Lundkvist's Simple Multisig\n * (https://github.com/christianlundkvist/simple-multisig/tree/560c463c8651e0a4da331bd8f245ccd2a48ab63d)\n * @param _message message to verify attestation of\n * @param _attestation attestation of `_message`\n */\n function _verifyAttestationSignatures(\n bytes calldata _message,\n bytes calldata _attestation\n ) internal view {\n require(\n _attestation.length == signatureLength * signatureThreshold,\n \"Invalid attestation length\"\n );\n\n // (Attesters cannot be address(0))\n address _latestAttesterAddress = address(0);\n // Address recovered from signatures must be in increasing order, to prevent duplicates\n\n bytes32 _digest = keccak256(_message);\n\n for (uint256 i; i \u003c signatureThreshold; ++i) {\n bytes memory _signature = _attestation[i * signatureLength:i *\n signatureLength +\n signatureLength];\n\n address _recoveredAttester = _recoverAttesterSignature(\n _digest,\n _signature\n );\n\n // Signatures must be in increasing order of address, and may not duplicate signatures from same address\n require(\n _recoveredAttester \u003e _latestAttesterAddress,\n \"Invalid signature order or dupe\"\n );\n require(\n isEnabledAttester(_recoveredAttester),\n \"Invalid signature: not attester\"\n );\n _latestAttesterAddress = _recoveredAttester;\n }\n }\n\n /**\n * @notice Checks that signature was signed by attester\n * @param _digest message hash\n * @param _signature message signature\n * @return address of recovered signer\n **/\n function _recoverAttesterSignature(bytes32 _digest, bytes memory _signature)\n internal\n pure\n returns (address)\n {\n return (ECDSA.recover(_digest, _signature));\n }\n}\n\n/**\n * @title MessageTransmitter\n * @notice Contract responsible for sending and receiving messages across chains.\n */\ncontract MessageTransmitter is\n IMessageTransmitter,\n Pausable,\n Rescuable,\n Attestable\n{\n // ============ Events ============\n /**\n * @notice Emitted when a new message is dispatched\n * @param message Raw bytes of message\n */\n event MessageSent(bytes message);\n\n /**\n * @notice Emitted when a new message is received\n * @param caller Caller (msg.sender) on destination domain\n * @param sourceDomain The source domain this message originated from\n * @param nonce The nonce unique to this message\n * @param sender The sender of this message\n * @param messageBody message body bytes\n */\n event MessageReceived(\n address indexed caller,\n uint32 sourceDomain,\n uint64 indexed nonce,\n bytes32 sender,\n bytes messageBody\n );\n\n /**\n * @notice Emitted when max message body size is updated\n * @param newMaxMessageBodySize new maximum message body size, in bytes\n */\n event MaxMessageBodySizeUpdated(uint256 newMaxMessageBodySize);\n\n // ============ Libraries ============\n using TypedMemView for bytes;\n using TypedMemView for bytes29;\n using Message for bytes29;\n\n // ============ State Variables ============\n // Domain of chain on which the contract is deployed\n uint32 public immutable localDomain;\n\n // Message Format version\n uint32 public immutable version;\n\n // Maximum size of message body, in bytes.\n // This value is set by owner.\n uint256 public maxMessageBodySize;\n\n // Next available nonce from this source domain\n uint64 public nextAvailableNonce;\n\n // Maps a bytes32 hash of (sourceDomain, nonce) -\u003e uint256 (0 if unused, 1 if used)\n mapping(bytes32 =\u003e uint256) public usedNonces;\n\n // ============ Constructor ============\n constructor(\n uint32 _localDomain,\n address _attester,\n uint32 _maxMessageBodySize,\n uint32 _version\n ) Attestable(_attester) {\n localDomain = _localDomain;\n maxMessageBodySize = _maxMessageBodySize;\n version = _version;\n }\n\n // ============ External Functions ============\n /**\n * @notice Send the message to the destination domain and recipient\n * @dev Increment nonce, format the message, and emit `MessageSent` event with message information.\n * @param destinationDomain Domain of destination chain\n * @param recipient Address of message recipient on destination chain as bytes32\n * @param messageBody Raw bytes content of message\n * @return nonce reserved by message\n */\n function sendMessage(\n uint32 destinationDomain,\n bytes32 recipient,\n bytes calldata messageBody\n ) external override whenNotPaused returns (uint64) {\n bytes32 _emptyDestinationCaller = bytes32(0);\n uint64 _nonce = _reserveAndIncrementNonce();\n bytes32 _messageSender = Message.addressToBytes32(msg.sender);\n\n _sendMessage(\n destinationDomain,\n recipient,\n _emptyDestinationCaller,\n _messageSender,\n _nonce,\n messageBody\n );\n\n return _nonce;\n }\n\n /**\n * @notice Replace a message with a new message body and/or destination caller.\n * @dev The `originalAttestation` must be a valid attestation of `originalMessage`.\n * Reverts if msg.sender does not match sender of original message, or if the source domain of the original message\n * does not match this MessageTransmitter's local domain.\n * @param originalMessage original message to replace\n * @param originalAttestation attestation of `originalMessage`\n * @param newMessageBody new message body of replaced message\n * @param newDestinationCaller the new destination caller, which may be the\n * same as the original destination caller, a new destination caller, or an empty\n * destination caller (bytes32(0), indicating that any destination caller is valid.)\n */\n function replaceMessage(\n bytes calldata originalMessage,\n bytes calldata originalAttestation,\n bytes calldata newMessageBody,\n bytes32 newDestinationCaller\n ) external override whenNotPaused {\n // Validate each signature in the attestation\n _verifyAttestationSignatures(originalMessage, originalAttestation);\n\n bytes29 _originalMsg = originalMessage.ref(0);\n\n // Validate message format\n _originalMsg._validateMessageFormat();\n\n // Validate message sender\n bytes32 _sender = _originalMsg._sender();\n require(\n msg.sender == Message.bytes32ToAddress(_sender),\n \"Sender not permitted to use nonce\"\n );\n\n // Validate source domain\n uint32 _sourceDomain = _originalMsg._sourceDomain();\n require(\n _sourceDomain == localDomain,\n \"Message not originally sent from this domain\"\n );\n\n uint32 _destinationDomain = _originalMsg._destinationDomain();\n bytes32 _recipient = _originalMsg._recipient();\n uint64 _nonce = _originalMsg._nonce();\n\n _sendMessage(\n _destinationDomain,\n _recipient,\n newDestinationCaller,\n _sender,\n _nonce,\n newMessageBody\n );\n }\n\n /**\n * @notice Send the message to the destination domain and recipient, for a specified `destinationCaller` on the\n * destination domain.\n * @dev Increment nonce, format the message, and emit `MessageSent` event with message information.\n * WARNING: if the `destinationCaller` does not represent a valid address, then it will not be possible\n * to broadcast the message on the destination domain. This is an advanced feature, and the standard\n * sendMessage() should be preferred for use cases where a specific destination caller is not required.\n * @param destinationDomain Domain of destination chain\n * @param recipient Address of message recipient on destination domain as bytes32\n * @param destinationCaller caller on the destination domain, as bytes32\n * @param messageBody Raw bytes content of message\n * @return nonce reserved by message\n */\n function sendMessageWithCaller(\n uint32 destinationDomain,\n bytes32 recipient,\n bytes32 destinationCaller,\n bytes calldata messageBody\n ) external override whenNotPaused returns (uint64) {\n require(\n destinationCaller != bytes32(0),\n \"Destination caller must be nonzero\"\n );\n\n uint64 _nonce = _reserveAndIncrementNonce();\n bytes32 _messageSender = Message.addressToBytes32(msg.sender);\n\n _sendMessage(\n destinationDomain,\n recipient,\n destinationCaller,\n _messageSender,\n _nonce,\n messageBody\n );\n\n return _nonce;\n }\n\n /**\n * @notice Receive a message. Messages with a given nonce\n * can only be broadcast once for a (sourceDomain, destinationDomain)\n * pair. The message body of a valid message is passed to the\n * specified recipient for further processing.\n *\n * @dev Attestation format:\n * A valid attestation is the concatenated 65-byte signature(s) of exactly\n * `thresholdSignature` signatures, in increasing order of attester address.\n * ***If the attester addresses recovered from signatures are not in\n * increasing order, signature verification will fail.***\n * If incorrect number of signatures or duplicate signatures are supplied,\n * signature verification will fail.\n *\n * Message format:\n * Field Bytes Type Index\n * version 4 uint32 0\n * sourceDomain 4 uint32 4\n * destinationDomain 4 uint32 8\n * nonce 8 uint64 12\n * sender 32 bytes32 20\n * recipient 32 bytes32 52\n * messageBody dynamic bytes 84\n * @param message Message bytes\n * @param attestation Concatenated 65-byte signature(s) of `message`, in increasing order\n * of the attester address recovered from signatures.\n * @return success bool, true if successful\n */\n function receiveMessage(bytes calldata message, bytes calldata attestation)\n external\n override\n whenNotPaused\n returns (bool success)\n {\n // Validate each signature in the attestation\n _verifyAttestationSignatures(message, attestation);\n\n bytes29 _msg = message.ref(0);\n\n // Validate message format\n _msg._validateMessageFormat();\n\n // Validate domain\n require(\n _msg._destinationDomain() == localDomain,\n \"Invalid destination domain\"\n );\n\n // Validate destination caller\n if (_msg._destinationCaller() != bytes32(0)) {\n require(\n _msg._destinationCaller() ==\n Message.addressToBytes32(msg.sender),\n \"Invalid caller for message\"\n );\n }\n\n // Validate version\n require(_msg._version() == version, \"Invalid message version\");\n\n // Validate nonce is available\n uint32 _sourceDomain = _msg._sourceDomain();\n uint64 _nonce = _msg._nonce();\n bytes32 _sourceAndNonce = _hashSourceAndNonce(_sourceDomain, _nonce);\n require(usedNonces[_sourceAndNonce] == 0, \"Nonce already used\");\n // Mark nonce used\n usedNonces[_sourceAndNonce] = 1;\n\n // Handle receive message\n bytes32 _sender = _msg._sender();\n bytes memory _messageBody = _msg._messageBody().clone();\n require(\n IMessageHandler(Message.bytes32ToAddress(_msg._recipient()))\n .handleReceiveMessage(_sourceDomain, _sender, _messageBody),\n \"handleReceiveMessage() failed\"\n );\n\n // Emit MessageReceived event\n emit MessageReceived(\n msg.sender,\n _sourceDomain,\n _nonce,\n _sender,\n _messageBody\n );\n return true;\n }\n\n /**\n * @notice Sets the max message body size\n * @dev This value should not be reduced without good reason,\n * to avoid impacting users who rely on large messages.\n * @param newMaxMessageBodySize new max message body size, in bytes\n */\n function setMaxMessageBodySize(uint256 newMaxMessageBodySize)\n external\n onlyOwner\n {\n maxMessageBodySize = newMaxMessageBodySize;\n emit MaxMessageBodySizeUpdated(maxMessageBodySize);\n }\n\n // ============ Internal Utils ============\n /**\n * @notice Send the message to the destination domain and recipient. If `_destinationCaller` is not equal to bytes32(0),\n * the message can only be received on the destination chain when called by `_destinationCaller`.\n * @dev Format the message and emit `MessageSent` event with message information.\n * @param _destinationDomain Domain of destination chain\n * @param _recipient Address of message recipient on destination domain as bytes32\n * @param _destinationCaller caller on the destination domain, as bytes32\n * @param _sender message sender, as bytes32\n * @param _nonce nonce reserved for message\n * @param _messageBody Raw bytes content of message\n */\n function _sendMessage(\n uint32 _destinationDomain,\n bytes32 _recipient,\n bytes32 _destinationCaller,\n bytes32 _sender,\n uint64 _nonce,\n bytes calldata _messageBody\n ) internal {\n // Validate message body length\n require(\n _messageBody.length \u003c= maxMessageBodySize,\n \"Message body exceeds max size\"\n );\n\n require(_recipient != bytes32(0), \"Recipient must be nonzero\");\n\n // serialize message\n bytes memory _message = Message._formatMessage(\n version,\n localDomain,\n _destinationDomain,\n _nonce,\n _sender,\n _recipient,\n _destinationCaller,\n _messageBody\n );\n\n // Emit MessageSent event\n emit MessageSent(_message);\n }\n\n /**\n * @notice hashes `_source` and `_nonce`.\n * @param _source Domain of chain where the transfer originated\n * @param _nonce The unique identifier for the message from source to\n destination\n * @return hash of source and nonce\n */\n function _hashSourceAndNonce(uint32 _source, uint64 _nonce)\n internal\n pure\n returns (bytes32)\n {\n return keccak256(abi.encodePacked(_source, _nonce));\n }\n\n /**\n * Reserve and increment next available nonce\n * @return nonce reserved\n */\n function _reserveAndIncrementNonce() internal returns (uint64) {\n uint64 _nonceReserved = nextAvailableNonce;\n nextAvailableNonce = nextAvailableNonce + 1;\n return _nonceReserved;\n }\n}\n","language":"Solidity","languageVersion":"0.7.6","compilerVersion":"0.7.6","compilerOptions":"--combined-json bin,bin-runtime,srcmap,srcmap-runtime,abi,userdoc,devdoc,metadata,hashes --optimize --optimize-runs 10000 --allow-paths ., ./, ../","srcMap":"53351:1442:0:-:0;;;53514:26;;;-1:-1:-1;;;;53514:26:0;;;53351:1442;;;;;;;;;-1:-1:-1;49481:32:0;49500:12;:10;:12::i;:::-;49481:18;:32::i;:::-;53351:1442;;47973:104;48060:10;47973:104;:::o;52482:153::-;52571:13;52564:20;;-1:-1:-1;;;;;;52564:20:0;;;52594:34;52619:8;52594:24;;;;;;;:34;;:::i;:::-;52482:153;:::o;50569:187::-;50642:16;50661:6;;-1:-1:-1;;;;;50677:17:0;;;-1:-1:-1;;;;;;50677:17:0;;;;;;50709:40;;50661:6;;;;;;;50709:40;;50642:16;50709:40;50569:187;;:::o;53351:1442::-;;;;;;;","srcMapRuntime":"53351:1442:0:-:0;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;54384:94;;;:::i;:::-;;54535:256;;;;;;;;;;;;;;;;-1:-1:-1;54535:256:0;;;;:::i;53514:26::-;;;:::i;:::-;;;;;;;;;;;;;;;;;;52715:240;;;:::i;54205:89::-;;;:::i;49746:85::-;;;:::i;:::-;;;;;;;;;;;;;;;;;;;54037:81;;;:::i;51792:99::-;;;:::i;52084:214::-;;;;;;;;;;;;;;;;-1:-1:-1;52084:214:0;;;;:::i;54384:94::-;53881:7;;;;53867:10;:21;53859:68;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;54433:6:::1;:14:::0;;;::::1;::::0;;54462:9:::1;::::0;::::1;::::0;54442:5:::1;::::0;54462:9:::1;54384:94::o:0;54535:256::-;49639:13;:11;:13::i;:::-;54627:24:::1;::::0;::::1;54606:111;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;54727:7;:20:::0;;;::::1;;::::0;;::::1;::::0;;;::::1;::::0;;;;54762:22:::1;::::0;54776:7;::::1;::::0;54762:22:::1;::::0;-1:-1:-1;;54762:22:0::1;54535:256:::0;:::o;53514:26::-;;;;;;;;;:::o;52715:240::-;52761:14;52778:12;:10;:12::i;:::-;52761:29;;52839:6;52821:24;;:14;:12;:14::i;:::-;:24;;;52800:112;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;52922:26;52941:6;52922:18;:26::i;:::-;52715:240;:::o;54205:89::-;53881:7;;;;53867:10;:21;53859:68;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;54252:6:::1;:13:::0;;;::::1;::::0;::::1;::::0;;54280:7:::1;::::0;::::1;::::0;54252:13;;54280:7:::1;54205:89::o:0;49746:85::-;49792:7;49818:6;;;49746:85;:::o;54037:81::-;54104:7;;;;54037:81;:::o;51792:99::-;51871:13;;;;51792:99;:::o;52084:214::-;49639:13;:11;:13::i;:::-;52209::::1;:24:::0;;;::::1;;::::0;::::1;::::0;;::::1;::::0;;;52273:7:::1;:5;:7::i;:::-;52248:43;;;;;;;;;;;;52084:214:::0;:::o;50569:187::-;50642:16;50661:6;;;50677:17;;;;;;;;;;50709:40;;50661:6;;;;;;;50709:40;;50642:16;50709:40;50569:187;;:::o;49904:130::-;49978:12;:10;:12::i;:::-;49967:23;;:7;:5;:7::i;:::-;:23;;;49959:68;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;49904:130::o;47973:104::-;48060:10;47973:104;:::o;52482:153::-;52571:13;52564:20;;;;;;52594:34;52619:8;52594:24;:34::i","abiDefinition":[{"anonymous":false,"inputs":[{"indexed":true,"internalType":"address","name":"previousOwner","type":"address"},{"indexed":true,"internalType":"address","name":"newOwner","type":"address"}],"name":"OwnershipTransferStarted","type":"event"},{"anonymous":false,"inputs":[{"indexed":true,"internalType":"address","name":"previousOwner","type":"address"},{"indexed":true,"internalType":"address","name":"newOwner","type":"address"}],"name":"OwnershipTransferred","type":"event"},{"anonymous":false,"inputs":[],"name":"Pause","type":"event"},{"anonymous":false,"inputs":[{"indexed":true,"internalType":"address","name":"newAddress","type":"address"}],"name":"PauserChanged","type":"event"},{"anonymous":false,"inputs":[],"name":"Unpause","type":"event"},{"inputs":[],"name":"acceptOwnership","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[],"name":"owner","outputs":[{"internalType":"address","name":"","type":"address"}],"stateMutability":"view","type":"function"},{"inputs":[],"name":"pause","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[],"name":"paused","outputs":[{"internalType":"bool","name":"","type":"bool"}],"stateMutability":"view","type":"function"},{"inputs":[],"name":"pauser","outputs":[{"internalType":"address","name":"","type":"address"}],"stateMutability":"view","type":"function"},{"inputs":[],"name":"pendingOwner","outputs":[{"internalType":"address","name":"","type":"address"}],"stateMutability":"view","type":"function"},{"inputs":[{"internalType":"address","name":"newOwner","type":"address"}],"name":"transferOwnership","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[],"name":"unpause","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[{"internalType":"address","name":"_newPauser","type":"address"}],"name":"updatePauser","outputs":[],"stateMutability":"nonpayable","type":"function"}],"userDoc":{"kind":"user","methods":{"pauser()":{"notice":"Returns current pauser"}},"notice":"Base contract which allows children to implement an emergency stop mechanism","version":1},"developerDoc":{"details":"Forked from https://github.com/centrehq/centre-tokens/blob/0d3cab14ebd133a83fc834dbd48d0468bdf0b391/contracts/v1/Pausable.sol Modifications: 1. Update Solidity version from 0.6.12 to 0.7.6 (8/23/2022) 2. Change pauser visibility to private, declare external getter (11/19/22)","kind":"dev","methods":{"acceptOwnership()":{"details":"The new owner accepts the ownership transfer."},"owner()":{"details":"Returns the address of the current owner."},"pause()":{"details":"called by the owner to pause, triggers stopped state"},"pauser()":{"returns":{"_0":"Pauser's address"}},"pendingOwner()":{"details":"Returns the address of the pending owner."},"transferOwnership(address)":{"details":"Starts the ownership transfer of the contract to a new account. Replaces the pending transfer if there is one. Can only be called by the current owner."},"unpause()":{"details":"called by the owner to unpause, returns to normal state"},"updatePauser(address)":{"details":"update the pauser role"}},"version":1},"metadata":"{\"compiler\":{\"version\":\"0.7.6+commit.7338295f\"},\"language\":\"Solidity\",\"output\":{\"abi\":[{\"anonymous\":false,\"inputs\":[{\"indexed\":true,\"internalType\":\"address\",\"name\":\"previousOwner\",\"type\":\"address\"},{\"indexed\":true,\"internalType\":\"address\",\"name\":\"newOwner\",\"type\":\"address\"}],\"name\":\"OwnershipTransferStarted\",\"type\":\"event\"},{\"anonymous\":false,\"inputs\":[{\"indexed\":true,\"internalType\":\"address\",\"name\":\"previousOwner\",\"type\":\"address\"},{\"indexed\":true,\"internalType\":\"address\",\"name\":\"newOwner\",\"type\":\"address\"}],\"name\":\"OwnershipTransferred\",\"type\":\"event\"},{\"anonymous\":false,\"inputs\":[],\"name\":\"Pause\",\"type\":\"event\"},{\"anonymous\":false,\"inputs\":[{\"indexed\":true,\"internalType\":\"address\",\"name\":\"newAddress\",\"type\":\"address\"}],\"name\":\"PauserChanged\",\"type\":\"event\"},{\"anonymous\":false,\"inputs\":[],\"name\":\"Unpause\",\"type\":\"event\"},{\"inputs\":[],\"name\":\"acceptOwnership\",\"outputs\":[],\"stateMutability\":\"nonpayable\",\"type\":\"function\"},{\"inputs\":[],\"name\":\"owner\",\"outputs\":[{\"internalType\":\"address\",\"name\":\"\",\"type\":\"address\"}],\"stateMutability\":\"view\",\"type\":\"function\"},{\"inputs\":[],\"name\":\"pause\",\"outputs\":[],\"stateMutability\":\"nonpayable\",\"type\":\"function\"},{\"inputs\":[],\"name\":\"paused\",\"outputs\":[{\"internalType\":\"bool\",\"name\":\"\",\"type\":\"bool\"}],\"stateMutability\":\"view\",\"type\":\"function\"},{\"inputs\":[],\"name\":\"pauser\",\"outputs\":[{\"internalType\":\"address\",\"name\":\"\",\"type\":\"address\"}],\"stateMutability\":\"view\",\"type\":\"function\"},{\"inputs\":[],\"name\":\"pendingOwner\",\"outputs\":[{\"internalType\":\"address\",\"name\":\"\",\"type\":\"address\"}],\"stateMutability\":\"view\",\"type\":\"function\"},{\"inputs\":[{\"internalType\":\"address\",\"name\":\"newOwner\",\"type\":\"address\"}],\"name\":\"transferOwnership\",\"outputs\":[],\"stateMutability\":\"nonpayable\",\"type\":\"function\"},{\"inputs\":[],\"name\":\"unpause\",\"outputs\":[],\"stateMutability\":\"nonpayable\",\"type\":\"function\"},{\"inputs\":[{\"internalType\":\"address\",\"name\":\"_newPauser\",\"type\":\"address\"}],\"name\":\"updatePauser\",\"outputs\":[],\"stateMutability\":\"nonpayable\",\"type\":\"function\"}],\"devdoc\":{\"details\":\"Forked from https://github.com/centrehq/centre-tokens/blob/0d3cab14ebd133a83fc834dbd48d0468bdf0b391/contracts/v1/Pausable.sol Modifications: 1. Update Solidity version from 0.6.12 to 0.7.6 (8/23/2022) 2. Change pauser visibility to private, declare external getter (11/19/22)\",\"kind\":\"dev\",\"methods\":{\"acceptOwnership()\":{\"details\":\"The new owner accepts the ownership transfer.\"},\"owner()\":{\"details\":\"Returns the address of the current owner.\"},\"pause()\":{\"details\":\"called by the owner to pause, triggers stopped state\"},\"pauser()\":{\"returns\":{\"_0\":\"Pauser's address\"}},\"pendingOwner()\":{\"details\":\"Returns the address of the pending owner.\"},\"transferOwnership(address)\":{\"details\":\"Starts the ownership transfer of the contract to a new account. Replaces the pending transfer if there is one. Can only be called by the current owner.\"},\"unpause()\":{\"details\":\"called by the owner to unpause, returns to normal state\"},\"updatePauser(address)\":{\"details\":\"update the pauser role\"}},\"version\":1},\"userdoc\":{\"kind\":\"user\",\"methods\":{\"pauser()\":{\"notice\":\"Returns current pauser\"}},\"notice\":\"Base contract which allows children to implement an emergency stop mechanism\",\"version\":1}},\"settings\":{\"compilationTarget\":{\"/solidity/MessageTransmitter.sol\":\"Pausable\"},\"evmVersion\":\"istanbul\",\"libraries\":{},\"metadata\":{\"bytecodeHash\":\"ipfs\"},\"optimizer\":{\"enabled\":true,\"runs\":10000},\"remappings\":[]},\"sources\":{\"/solidity/MessageTransmitter.sol\":{\"keccak256\":\"0x66482a7675b7a8f1b856597c0bcce83a042b7f528008def6999bc6ac352490c3\",\"urls\":[\"bzz-raw://1ac50e39d1d55ebb3768c40e3a059e0061a4b3604e6d696b344536449bf54493\",\"dweb:/ipfs/QmVs58APPUCVq74xCsVLCMdfB18yJTqFzgXNL5qEJu7GY6\"]}},\"version\":1}"},"hashes":{"acceptOwnership()":"79ba5097","owner()":"8da5cb5b","pause()":"8456cb59","paused()":"5c975abb","pauser()":"9fd0506d","pendingOwner()":"e30c3978","transferOwnership(address)":"f2fde38b","unpause()":"3f4ba83a","updatePauser(address)":"554bab3c"}},"/solidity/MessageTransmitter.sol:Rescuable":{"code":"0x608060405234801561001057600080fd5b5061002161001c610026565b61002a565b6100a1565b3390565b600180546001600160a01b031916905561004e81610051602090811b61047e17901c565b50565b600080546001600160a01b038381166001600160a01b0319831681178455604051919092169283917f8be0079c531659141344cd1fd0a4f28419497f9722a3daafe3b4186f6b6457e09190a35050565b610ac6806100b06000396000f3fe608060405234801561001057600080fd5b506004361061007d5760003560e01c80638da5cb5b1161005b5780638da5cb5b146100f0578063b2118a8d146100f8578063e30c39781461013b578063f2fde38b146101435761007d565b80632ab600451461008257806338a63183146100b757806379ba5097146100e8575b600080fd5b6100b56004803603602081101561009857600080fd5b503573ffffffffffffffffffffffffffffffffffffffff16610176565b005b6100bf610259565b6040805173ffffffffffffffffffffffffffffffffffffffff9092168252519081900360200190f35b6100b5610275565b6100bf610318565b6100b56004803603606081101561010e57600080fd5b5073ffffffffffffffffffffffffffffffffffffffff813581169160208101359091169060400135610334565b6100bf6103ca565b6100b56004803603602081101561015957600080fd5b503573ffffffffffffffffffffffffffffffffffffffff166103e6565b61017e6104f3565b73ffffffffffffffffffffffffffffffffffffffff81166101ea576040517f08c379a000000000000000000000000000000000000000000000000000000000815260040180806020018281038252602a8152602001806109f3602a913960400191505060405180910390fd5b600280547fffffffffffffffffffffffff00000000000000000000000000000000000000001673ffffffffffffffffffffffffffffffffffffffff83169081179091556040517fe475e580d85111348e40d8ca33cfdd74c30fe1655c2d8537a13abc10065ffa5a90600090a250565b60025473ffffffffffffffffffffffffffffffffffffffff1690565b600061027f61059d565b90508073ffffffffffffffffffffffffffffffffffffffff166102a06103ca565b73ffffffffffffffffffffffffffffffffffffffff161461030c576040517f08c379a00000000000000000000000000000000000000000000000000000000081526004018080602001828103825260298152602001806109ca6029913960400191505060405180910390fd5b610315816105a1565b50565b60005473ffffffffffffffffffffffffffffffffffffffff1690565b60025473ffffffffffffffffffffffffffffffffffffffff1633146103a4576040517f08c379a0000000000000000000000000000000000000000000000000000000008152600401808060200182810382526024815260200180610a436024913960400191505060405180910390fd5b6103c573ffffffffffffffffffffffffffffffffffffffff841683836105d2565b505050565b60015473ffffffffffffffffffffffffffffffffffffffff1690565b6103ee6104f3565b600180547fffffffffffffffffffffffff00000000000000000000000000000000000000001673ffffffffffffffffffffffffffffffffffffffff8316908117909155610439610318565b73ffffffffffffffffffffffffffffffffffffffff167f38d16b8cac22d99fc7c124b9cd0de2d3fa1faef420bfe791d8c362d765e2270060405160405180910390a350565b6000805473ffffffffffffffffffffffffffffffffffffffff8381167fffffffffffffffffffffffff0000000000000000000000000000000000000000831681178455604051919092169283917f8be0079c531659141344cd1fd0a4f28419497f9722a3daafe3b4186f6b6457e09190a35050565b6104fb61059d565b73ffffffffffffffffffffffffffffffffffffffff16610519610318565b73ffffffffffffffffffffffffffffffffffffffff161461059b57604080517f08c379a000000000000000000000000000000000000000000000000000000000815260206004820181905260248201527f4f776e61626c653a2063616c6c6572206973206e6f7420746865206f776e6572604482015290519081900360640190fd5b565b3390565b600180547fffffffffffffffffffffffff00000000000000000000000000000000000000001690556103158161047e565b6040805173ffffffffffffffffffffffffffffffffffffffff8416602482015260448082018490528251808303909101815260649091019091526020810180517bffffffffffffffffffffffffffffffffffffffffffffffffffffffff167fa9059cbb000000000000000000000000000000000000000000000000000000001790526103c590849060006106bc826040518060400160405280602081526020017f5361666545524332303a206c6f772d6c6576656c2063616c6c206661696c65648152508573ffffffffffffffffffffffffffffffffffffffff166107329092919063ffffffff16565b8051909150156103c5578080602001905160208110156106db57600080fd5b50516103c5576040517f08c379a000000000000000000000000000000000000000000000000000000000815260040180806020018281038252602a815260200180610a67602a913960400191505060405180910390fd5b6060610741848460008561074b565b90505b9392505050565b6060824710156107a6576040517f08c379a0000000000000000000000000000000000000000000000000000000008152600401808060200182810382526026815260200180610a1d6026913960400191505060405180910390fd5b6107af85610905565b61081a57604080517f08c379a000000000000000000000000000000000000000000000000000000000815260206004820152601d60248201527f416464726573733a2063616c6c20746f206e6f6e2d636f6e7472616374000000604482015290519081900360640190fd5b6000808673ffffffffffffffffffffffffffffffffffffffff1685876040518082805190602001908083835b6020831061088357805182527fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe09092019160209182019101610846565b6001836020036101000a03801982511681845116808217855250505050505090500191505060006040518083038185875af1925050503d80600081146108e5576040519150601f19603f3d011682016040523d82523d6000602084013e6108ea565b606091505b50915091506108fa82828661090b565b979650505050505050565b3b151590565b6060831561091a575081610744565b82511561092a5782518084602001fd5b816040517f08c379a00000000000000000000000000000000000000000000000000000000081526004018080602001828103825283818151815260200191508051906020019080838360005b8381101561098e578181015183820152602001610976565b50505050905090810190601f1680156109bb5780820380516001836020036101000a031916815260200191505b509250505060405180910390fdfe4f776e61626c6532537465703a2063616c6c6572206973206e6f7420746865206e6577206f776e6572526573637561626c653a206e6577207265736375657220697320746865207a65726f2061646472657373416464726573733a20696e73756666696369656e742062616c616e636520666f722063616c6c526573637561626c653a2063616c6c6572206973206e6f742074686520726573637565725361666545524332303a204552433230206f7065726174696f6e20646964206e6f742073756363656564a2646970667358221220e941ed2d04087529217b5000e5a7eea32ea0b22465a1f390fea977c3bb6c7b9d64736f6c63430007060033","runtime-code":"0x608060405234801561001057600080fd5b506004361061007d5760003560e01c80638da5cb5b1161005b5780638da5cb5b146100f0578063b2118a8d146100f8578063e30c39781461013b578063f2fde38b146101435761007d565b80632ab600451461008257806338a63183146100b757806379ba5097146100e8575b600080fd5b6100b56004803603602081101561009857600080fd5b503573ffffffffffffffffffffffffffffffffffffffff16610176565b005b6100bf610259565b6040805173ffffffffffffffffffffffffffffffffffffffff9092168252519081900360200190f35b6100b5610275565b6100bf610318565b6100b56004803603606081101561010e57600080fd5b5073ffffffffffffffffffffffffffffffffffffffff813581169160208101359091169060400135610334565b6100bf6103ca565b6100b56004803603602081101561015957600080fd5b503573ffffffffffffffffffffffffffffffffffffffff166103e6565b61017e6104f3565b73ffffffffffffffffffffffffffffffffffffffff81166101ea576040517f08c379a000000000000000000000000000000000000000000000000000000000815260040180806020018281038252602a8152602001806109f3602a913960400191505060405180910390fd5b600280547fffffffffffffffffffffffff00000000000000000000000000000000000000001673ffffffffffffffffffffffffffffffffffffffff83169081179091556040517fe475e580d85111348e40d8ca33cfdd74c30fe1655c2d8537a13abc10065ffa5a90600090a250565b60025473ffffffffffffffffffffffffffffffffffffffff1690565b600061027f61059d565b90508073ffffffffffffffffffffffffffffffffffffffff166102a06103ca565b73ffffffffffffffffffffffffffffffffffffffff161461030c576040517f08c379a00000000000000000000000000000000000000000000000000000000081526004018080602001828103825260298152602001806109ca6029913960400191505060405180910390fd5b610315816105a1565b50565b60005473ffffffffffffffffffffffffffffffffffffffff1690565b60025473ffffffffffffffffffffffffffffffffffffffff1633146103a4576040517f08c379a0000000000000000000000000000000000000000000000000000000008152600401808060200182810382526024815260200180610a436024913960400191505060405180910390fd5b6103c573ffffffffffffffffffffffffffffffffffffffff841683836105d2565b505050565b60015473ffffffffffffffffffffffffffffffffffffffff1690565b6103ee6104f3565b600180547fffffffffffffffffffffffff00000000000000000000000000000000000000001673ffffffffffffffffffffffffffffffffffffffff8316908117909155610439610318565b73ffffffffffffffffffffffffffffffffffffffff167f38d16b8cac22d99fc7c124b9cd0de2d3fa1faef420bfe791d8c362d765e2270060405160405180910390a350565b6000805473ffffffffffffffffffffffffffffffffffffffff8381167fffffffffffffffffffffffff0000000000000000000000000000000000000000831681178455604051919092169283917f8be0079c531659141344cd1fd0a4f28419497f9722a3daafe3b4186f6b6457e09190a35050565b6104fb61059d565b73ffffffffffffffffffffffffffffffffffffffff16610519610318565b73ffffffffffffffffffffffffffffffffffffffff161461059b57604080517f08c379a000000000000000000000000000000000000000000000000000000000815260206004820181905260248201527f4f776e61626c653a2063616c6c6572206973206e6f7420746865206f776e6572604482015290519081900360640190fd5b565b3390565b600180547fffffffffffffffffffffffff00000000000000000000000000000000000000001690556103158161047e565b6040805173ffffffffffffffffffffffffffffffffffffffff8416602482015260448082018490528251808303909101815260649091019091526020810180517bffffffffffffffffffffffffffffffffffffffffffffffffffffffff167fa9059cbb000000000000000000000000000000000000000000000000000000001790526103c590849060006106bc826040518060400160405280602081526020017f5361666545524332303a206c6f772d6c6576656c2063616c6c206661696c65648152508573ffffffffffffffffffffffffffffffffffffffff166107329092919063ffffffff16565b8051909150156103c5578080602001905160208110156106db57600080fd5b50516103c5576040517f08c379a000000000000000000000000000000000000000000000000000000000815260040180806020018281038252602a815260200180610a67602a913960400191505060405180910390fd5b6060610741848460008561074b565b90505b9392505050565b6060824710156107a6576040517f08c379a0000000000000000000000000000000000000000000000000000000008152600401808060200182810382526026815260200180610a1d6026913960400191505060405180910390fd5b6107af85610905565b61081a57604080517f08c379a000000000000000000000000000000000000000000000000000000000815260206004820152601d60248201527f416464726573733a2063616c6c20746f206e6f6e2d636f6e7472616374000000604482015290519081900360640190fd5b6000808673ffffffffffffffffffffffffffffffffffffffff1685876040518082805190602001908083835b6020831061088357805182527fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe09092019160209182019101610846565b6001836020036101000a03801982511681845116808217855250505050505090500191505060006040518083038185875af1925050503d80600081146108e5576040519150601f19603f3d011682016040523d82523d6000602084013e6108ea565b606091505b50915091506108fa82828661090b565b979650505050505050565b3b151590565b6060831561091a575081610744565b82511561092a5782518084602001fd5b816040517f08c379a00000000000000000000000000000000000000000000000000000000081526004018080602001828103825283818151815260200191508051906020019080838360005b8381101561098e578181015183820152602001610976565b50505050905090810190601f1680156109bb5780820380516001836020036101000a031916815260200191505b509250505060405180910390fdfe4f776e61626c6532537465703a2063616c6c6572206973206e6f7420746865206e6577206f776e6572526573637561626c653a206e6577207265736375657220697320746865207a65726f2061646472657373416464726573733a20696e73756666696369656e742062616c616e636520666f722063616c6c526573637561626c653a2063616c6c6572206973206e6f742074686520726573637565725361666545524332303a204552433230206f7065726174696f6e20646964206e6f742073756363656564a2646970667358221220e941ed2d04087529217b5000e5a7eea32ea0b22465a1f390fea977c3bb6c7b9d64736f6c63430007060033","info":{"source":"/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npragma solidity 0.7.6;\n\n/*\nThe MIT License (MIT)\n\nCopyright (c) 2016 Smart Contract Solutions, Inc.\n\nPermission is hereby granted, free of charge, to any person obtaining\na copy of this software and associated documentation files (the\n\"Software\"), to deal in the Software without restriction, including\nwithout limitation the rights to use, copy, modify, merge, publish,\ndistribute, sublicense, and/or sell copies of the Software, and to\npermit persons to whom the Software is furnished to do so, subject to\nthe following conditions:\n\nThe above copyright notice and this permission notice shall be included\nin all copies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS\nOR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF\nMERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.\nIN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY\nCLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,\nTORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE\nSOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n*/\n\nlibrary TypedMemView {\n using SafeMath for uint256;\n\n // Why does this exist?\n // the solidity `bytes memory` type has a few weaknesses.\n // 1. You can't index ranges effectively\n // 2. You can't slice without copying\n // 3. The underlying data may represent any type\n // 4. Solidity never deallocates memory, and memory costs grow\n // superlinearly\n\n // By using a memory view instead of a `bytes memory` we get the following\n // advantages:\n // 1. Slices are done on the stack, by manipulating the pointer\n // 2. We can index arbitrary ranges and quickly convert them to stack types\n // 3. We can insert type info into the pointer, and typecheck at runtime\n\n // This makes `TypedMemView` a useful tool for efficient zero-copy\n // algorithms.\n\n // Why bytes29?\n // We want to avoid confusion between views, digests, and other common\n // types so we chose a large and uncommonly used odd number of bytes\n //\n // Note that while bytes are left-aligned in a word, integers and addresses\n // are right-aligned. This means when working in assembly we have to\n // account for the 3 unused bytes on the righthand side\n //\n // First 5 bytes are a type flag.\n // - ff_ffff_fffe is reserved for unknown type.\n // - ff_ffff_ffff is reserved for invalid types/errors.\n // next 12 are memory address\n // next 12 are len\n // bottom 3 bytes are empty\n\n // Assumptions:\n // - non-modification of memory.\n // - No Solidity updates\n // - - wrt free mem point\n // - - wrt bytes representation in memory\n // - - wrt memory addressing in general\n\n // Usage:\n // - create type constants\n // - use `assertType` for runtime type assertions\n // - - unfortunately we can't do this at compile time yet :(\n // - recommended: implement modifiers that perform type checking\n // - - e.g.\n // - - `uint40 constant MY_TYPE = 3;`\n // - - ` modifer onlyMyType(bytes29 myView) { myView.assertType(MY_TYPE); }`\n // - instantiate a typed view from a bytearray using `ref`\n // - use `index` to inspect the contents of the view\n // - use `slice` to create smaller views into the same memory\n // - - `slice` can increase the offset\n // - - `slice can decrease the length`\n // - - must specify the output type of `slice`\n // - - `slice` will return a null view if you try to overrun\n // - - make sure to explicitly check for this with `notNull` or `assertType`\n // - use `equal` for typed comparisons.\n\n // The null view\n bytes29 public constant NULL = hex\"ffffffffffffffffffffffffffffffffffffffffffffffffffffffffff\";\n uint256 constant LOW_12_MASK = 0xffffffffffffffffffffffff;\n uint8 constant TWELVE_BYTES = 96;\n\n /**\n * @notice Returns the encoded hex character that represents the lower 4 bits of the argument.\n * @param _b The byte\n * @return char - The encoded hex character\n */\n function nibbleHex(uint8 _b) internal pure returns (uint8 char) {\n // This can probably be done more efficiently, but it's only in error\n // paths, so we don't really care :)\n uint8 _nibble = _b | 0xf0; // set top 4, keep bottom 4\n if (_nibble == 0xf0) {return 0x30;} // 0\n if (_nibble == 0xf1) {return 0x31;} // 1\n if (_nibble == 0xf2) {return 0x32;} // 2\n if (_nibble == 0xf3) {return 0x33;} // 3\n if (_nibble == 0xf4) {return 0x34;} // 4\n if (_nibble == 0xf5) {return 0x35;} // 5\n if (_nibble == 0xf6) {return 0x36;} // 6\n if (_nibble == 0xf7) {return 0x37;} // 7\n if (_nibble == 0xf8) {return 0x38;} // 8\n if (_nibble == 0xf9) {return 0x39;} // 9\n if (_nibble == 0xfa) {return 0x61;} // a\n if (_nibble == 0xfb) {return 0x62;} // b\n if (_nibble == 0xfc) {return 0x63;} // c\n if (_nibble == 0xfd) {return 0x64;} // d\n if (_nibble == 0xfe) {return 0x65;} // e\n if (_nibble == 0xff) {return 0x66;} // f\n }\n\n /**\n * @notice Returns a uint16 containing the hex-encoded byte.\n * @param _b The byte\n * @return encoded - The hex-encoded byte\n */\n function byteHex(uint8 _b) internal pure returns (uint16 encoded) {\n encoded |= nibbleHex(_b \u003e\u003e 4); // top 4 bits\n encoded \u003c\u003c= 8;\n encoded |= nibbleHex(_b); // lower 4 bits\n }\n\n /**\n * @notice Encodes the uint256 to hex. `first` contains the encoded top 16 bytes.\n * `second` contains the encoded lower 16 bytes.\n *\n * @param _b The 32 bytes as uint256\n * @return first - The top 16 bytes\n * @return second - The bottom 16 bytes\n */\n function encodeHex(uint256 _b) internal pure returns (uint256 first, uint256 second) {\n for (uint8 i = 31; i \u003e 15; i -= 1) {\n uint8 _byte = uint8(_b \u003e\u003e (i * 8));\n first |= byteHex(_byte);\n if (i != 16) {\n first \u003c\u003c= 16;\n }\n }\n\n // abusing underflow here =_=\n for (uint8 i = 15; i \u003c 255 ; i -= 1) {\n uint8 _byte = uint8(_b \u003e\u003e (i * 8));\n second |= byteHex(_byte);\n if (i != 0) {\n second \u003c\u003c= 16;\n }\n }\n }\n\n /**\n * @notice Changes the endianness of a uint256.\n * @dev https://graphics.stanford.edu/~seander/bithacks.html#ReverseParallel\n * @param _b The unsigned integer to reverse\n * @return v - The reversed value\n */\n function reverseUint256(uint256 _b) internal pure returns (uint256 v) {\n v = _b;\n\n // swap bytes\n v = ((v \u003e\u003e 8) \u0026 0x00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF) |\n ((v \u0026 0x00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF) \u003c\u003c 8);\n // swap 2-byte long pairs\n v = ((v \u003e\u003e 16) \u0026 0x0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF) |\n ((v \u0026 0x0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF) \u003c\u003c 16);\n // swap 4-byte long pairs\n v = ((v \u003e\u003e 32) \u0026 0x00000000FFFFFFFF00000000FFFFFFFF00000000FFFFFFFF00000000FFFFFFFF) |\n ((v \u0026 0x00000000FFFFFFFF00000000FFFFFFFF00000000FFFFFFFF00000000FFFFFFFF) \u003c\u003c 32);\n // swap 8-byte long pairs\n v = ((v \u003e\u003e 64) \u0026 0x0000000000000000FFFFFFFFFFFFFFFF0000000000000000FFFFFFFFFFFFFFFF) |\n ((v \u0026 0x0000000000000000FFFFFFFFFFFFFFFF0000000000000000FFFFFFFFFFFFFFFF) \u003c\u003c 64);\n // swap 16-byte long pairs\n v = (v \u003e\u003e 128) | (v \u003c\u003c 128);\n }\n\n /**\n * @notice Create a mask with the highest `_len` bits set.\n * @param _len The length\n * @return mask - The mask\n */\n function leftMask(uint8 _len) private pure returns (uint256 mask) {\n // ugly. redo without assembly?\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n mask := sar(\n sub(_len, 1),\n 0x8000000000000000000000000000000000000000000000000000000000000000\n )\n }\n }\n\n /**\n * @notice Return the null view.\n * @return bytes29 - The null view\n */\n function nullView() internal pure returns (bytes29) {\n return NULL;\n }\n\n /**\n * @notice Check if the view is null.\n * @return bool - True if the view is null\n */\n function isNull(bytes29 memView) internal pure returns (bool) {\n return memView == NULL;\n }\n\n /**\n * @notice Check if the view is not null.\n * @return bool - True if the view is not null\n */\n function notNull(bytes29 memView) internal pure returns (bool) {\n return !isNull(memView);\n }\n\n /**\n * @notice Check if the view is of a valid type and points to a valid location\n * in memory.\n * @dev We perform this check by examining solidity's unallocated memory\n * pointer and ensuring that the view's upper bound is less than that.\n * @param memView The view\n * @return ret - True if the view is valid\n */\n function isValid(bytes29 memView) internal pure returns (bool ret) {\n if (typeOf(memView) == 0xffffffffff) {return false;}\n uint256 _end = end(memView);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n ret := not(gt(_end, mload(0x40)))\n }\n }\n\n /**\n * @notice Require that a typed memory view be valid.\n * @dev Returns the view for easy chaining.\n * @param memView The view\n * @return bytes29 - The validated view\n */\n function assertValid(bytes29 memView) internal pure returns (bytes29) {\n require(isValid(memView), \"Validity assertion failed\");\n return memView;\n }\n\n /**\n * @notice Return true if the memview is of the expected type. Otherwise false.\n * @param memView The view\n * @param _expected The expected type\n * @return bool - True if the memview is of the expected type\n */\n function isType(bytes29 memView, uint40 _expected) internal pure returns (bool) {\n return typeOf(memView) == _expected;\n }\n\n /**\n * @notice Require that a typed memory view has a specific type.\n * @dev Returns the view for easy chaining.\n * @param memView The view\n * @param _expected The expected type\n * @return bytes29 - The view with validated type\n */\n function assertType(bytes29 memView, uint40 _expected) internal pure returns (bytes29) {\n if (!isType(memView, _expected)) {\n (, uint256 g) = encodeHex(uint256(typeOf(memView)));\n (, uint256 e) = encodeHex(uint256(_expected));\n string memory err = string(\n abi.encodePacked(\n \"Type assertion failed. Got 0x\",\n uint80(g),\n \". Expected 0x\",\n uint80(e)\n )\n );\n revert(err);\n }\n return memView;\n }\n\n /**\n * @notice Return an identical view with a different type.\n * @param memView The view\n * @param _newType The new type\n * @return newView - The new view with the specified type\n */\n function castTo(bytes29 memView, uint40 _newType) internal pure returns (bytes29 newView) {\n // then | in the new type\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n // shift off the top 5 bytes\n newView := or(newView, shr(40, shl(40, memView)))\n newView := or(newView, shl(216, _newType))\n }\n }\n\n /**\n * @notice Unsafe raw pointer construction. This should generally not be called\n * directly. Prefer `ref` wherever possible.\n * @dev Unsafe raw pointer construction. This should generally not be called\n * directly. Prefer `ref` wherever possible.\n * @param _type The type\n * @param _loc The memory address\n * @param _len The length\n * @return newView - The new view with the specified type, location and length\n */\n function unsafeBuildUnchecked(uint256 _type, uint256 _loc, uint256 _len) private pure returns (bytes29 newView) {\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n newView := shl(96, or(newView, _type)) // insert type\n newView := shl(96, or(newView, _loc)) // insert loc\n newView := shl(24, or(newView, _len)) // empty bottom 3 bytes\n }\n }\n\n /**\n * @notice Instantiate a new memory view. This should generally not be called\n * directly. Prefer `ref` wherever possible.\n * @dev Instantiate a new memory view. This should generally not be called\n * directly. Prefer `ref` wherever possible.\n * @param _type The type\n * @param _loc The memory address\n * @param _len The length\n * @return newView - The new view with the specified type, location and length\n */\n function build(uint256 _type, uint256 _loc, uint256 _len) internal pure returns (bytes29 newView) {\n uint256 _end = _loc.add(_len);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n if gt(_end, mload(0x40)) {\n _end := 0\n }\n }\n if (_end == 0) {\n return NULL;\n }\n newView = unsafeBuildUnchecked(_type, _loc, _len);\n }\n\n /**\n * @notice Instantiate a memory view from a byte array.\n * @dev Note that due to Solidity memory representation, it is not possible to\n * implement a deref, as the `bytes` type stores its len in memory.\n * @param arr The byte array\n * @param newType The type\n * @return bytes29 - The memory view\n */\n function ref(bytes memory arr, uint40 newType) internal pure returns (bytes29) {\n uint256 _len = arr.length;\n\n uint256 _loc;\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n _loc := add(arr, 0x20) // our view is of the data, not the struct\n }\n\n return build(newType, _loc, _len);\n }\n\n /**\n * @notice Return the associated type information.\n * @param memView The memory view\n * @return _type - The type associated with the view\n */\n function typeOf(bytes29 memView) internal pure returns (uint40 _type) {\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n // 216 == 256 - 40\n _type := shr(216, memView) // shift out lower 24 bytes\n }\n }\n\n /**\n * @notice Optimized type comparison. Checks that the 5-byte type flag is equal.\n * @param left The first view\n * @param right The second view\n * @return bool - True if the 5-byte type flag is equal\n */\n function sameType(bytes29 left, bytes29 right) internal pure returns (bool) {\n return (left ^ right) \u003e\u003e (2 * TWELVE_BYTES) == 0;\n }\n\n /**\n * @notice Return the memory address of the underlying bytes.\n * @param memView The view\n * @return _loc - The memory address\n */\n function loc(bytes29 memView) internal pure returns (uint96 _loc) {\n uint256 _mask = LOW_12_MASK; // assembly can't use globals\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n // 120 bits = 12 bytes (the encoded loc) + 3 bytes (empty low space)\n _loc := and(shr(120, memView), _mask)\n }\n }\n\n /**\n * @notice The number of memory words this memory view occupies, rounded up.\n * @param memView The view\n * @return uint256 - The number of memory words\n */\n function words(bytes29 memView) internal pure returns (uint256) {\n return uint256(len(memView)).add(32) / 32;\n }\n\n /**\n * @notice The in-memory footprint of a fresh copy of the view.\n * @param memView The view\n * @return uint256 - The in-memory footprint of a fresh copy of the view.\n */\n function footprint(bytes29 memView) internal pure returns (uint256) {\n return words(memView) * 32;\n }\n\n /**\n * @notice The number of bytes of the view.\n * @param memView The view\n * @return _len - The length of the view\n */\n function len(bytes29 memView) internal pure returns (uint96 _len) {\n uint256 _mask = LOW_12_MASK; // assembly can't use globals\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n _len := and(shr(24, memView), _mask)\n }\n }\n\n /**\n * @notice Returns the endpoint of `memView`.\n * @param memView The view\n * @return uint256 - The endpoint of `memView`\n */\n function end(bytes29 memView) internal pure returns (uint256) {\n return loc(memView) + len(memView);\n }\n\n /**\n * @notice Safe slicing without memory modification.\n * @param memView The view\n * @param _index The start index\n * @param _len The length\n * @param newType The new type\n * @return bytes29 - The new view\n */\n function slice(bytes29 memView, uint256 _index, uint256 _len, uint40 newType) internal pure returns (bytes29) {\n uint256 _loc = loc(memView);\n\n // Ensure it doesn't overrun the view\n if (_loc.add(_index).add(_len) \u003e end(memView)) {\n return NULL;\n }\n\n _loc = _loc.add(_index);\n return build(newType, _loc, _len);\n }\n\n /**\n * @notice Shortcut to `slice`. Gets a view representing the first `_len` bytes.\n * @param memView The view\n * @param _len The length\n * @param newType The new type\n * @return bytes29 - The new view\n */\n function prefix(bytes29 memView, uint256 _len, uint40 newType) internal pure returns (bytes29) {\n return slice(memView, 0, _len, newType);\n }\n\n /**\n * @notice Shortcut to `slice`. Gets a view representing the last `_len` byte.\n * @param memView The view\n * @param _len The length\n * @param newType The new type\n * @return bytes29 - The new view\n */\n function postfix(bytes29 memView, uint256 _len, uint40 newType) internal pure returns (bytes29) {\n return slice(memView, uint256(len(memView)).sub(_len), _len, newType);\n }\n\n /**\n * @notice Construct an error message for an indexing overrun.\n * @param _loc The memory address\n * @param _len The length\n * @param _index The index\n * @param _slice The slice where the overrun occurred\n * @return err - The err\n */\n function indexErrOverrun(\n uint256 _loc,\n uint256 _len,\n uint256 _index,\n uint256 _slice\n ) internal pure returns (string memory err) {\n (, uint256 a) = encodeHex(_loc);\n (, uint256 b) = encodeHex(_len);\n (, uint256 c) = encodeHex(_index);\n (, uint256 d) = encodeHex(_slice);\n err = string(\n abi.encodePacked(\n \"TypedMemView/index - Overran the view. Slice is at 0x\",\n uint48(a),\n \" with length 0x\",\n uint48(b),\n \". Attempted to index at offset 0x\",\n uint48(c),\n \" with length 0x\",\n uint48(d),\n \".\"\n )\n );\n }\n\n /**\n * @notice Load up to 32 bytes from the view onto the stack.\n * @dev Returns a bytes32 with only the `_bytes` highest bytes set.\n * This can be immediately cast to a smaller fixed-length byte array.\n * To automatically cast to an integer, use `indexUint`.\n * @param memView The view\n * @param _index The index\n * @param _bytes The bytes\n * @return result - The 32 byte result\n */\n function index(bytes29 memView, uint256 _index, uint8 _bytes) internal pure returns (bytes32 result) {\n if (_bytes == 0) {return bytes32(0);}\n if (_index.add(_bytes) \u003e len(memView)) {\n revert(indexErrOverrun(loc(memView), len(memView), _index, uint256(_bytes)));\n }\n require(_bytes \u003c= 32, \"TypedMemView/index - Attempted to index more than 32 bytes\");\n\n uint8 bitLength = _bytes * 8;\n uint256 _loc = loc(memView);\n uint256 _mask = leftMask(bitLength);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n result := and(mload(add(_loc, _index)), _mask)\n }\n }\n\n /**\n * @notice Parse an unsigned integer from the view at `_index`.\n * @dev Requires that the view have \u003e= `_bytes` bytes following that index.\n * @param memView The view\n * @param _index The index\n * @param _bytes The bytes\n * @return result - The unsigned integer\n */\n function indexUint(bytes29 memView, uint256 _index, uint8 _bytes) internal pure returns (uint256 result) {\n return uint256(index(memView, _index, _bytes)) \u003e\u003e ((32 - _bytes) * 8);\n }\n\n /**\n * @notice Parse an unsigned integer from LE bytes.\n * @param memView The view\n * @param _index The index\n * @param _bytes The bytes\n * @return result - The unsigned integer\n */\n function indexLEUint(bytes29 memView, uint256 _index, uint8 _bytes) internal pure returns (uint256 result) {\n return reverseUint256(uint256(index(memView, _index, _bytes)));\n }\n\n /**\n * @notice Parse an address from the view at `_index`. Requires that the view have \u003e= 20 bytes\n * following that index.\n * @param memView The view\n * @param _index The index\n * @return address - The address\n */\n function indexAddress(bytes29 memView, uint256 _index) internal pure returns (address) {\n return address(uint160(indexUint(memView, _index, 20)));\n }\n\n /**\n * @notice Return the keccak256 hash of the underlying memory\n * @param memView The view\n * @return digest - The keccak256 hash of the underlying memory\n */\n function keccak(bytes29 memView) internal pure returns (bytes32 digest) {\n uint256 _loc = loc(memView);\n uint256 _len = len(memView);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n digest := keccak256(_loc, _len)\n }\n }\n\n /**\n * @notice Return the sha2 digest of the underlying memory.\n * @dev We explicitly deallocate memory afterwards.\n * @param memView The view\n * @return digest - The sha2 hash of the underlying memory\n */\n function sha2(bytes29 memView) internal view returns (bytes32 digest) {\n uint256 _loc = loc(memView);\n uint256 _len = len(memView);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n let ptr := mload(0x40)\n pop(staticcall(gas(), 2, _loc, _len, ptr, 0x20)) // sha2 #1\n digest := mload(ptr)\n }\n }\n\n /**\n * @notice Implements bitcoin's hash160 (rmd160(sha2()))\n * @param memView The pre-image\n * @return digest - the Digest\n */\n function hash160(bytes29 memView) internal view returns (bytes20 digest) {\n uint256 _loc = loc(memView);\n uint256 _len = len(memView);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n let ptr := mload(0x40)\n pop(staticcall(gas(), 2, _loc, _len, ptr, 0x20)) // sha2\n pop(staticcall(gas(), 3, ptr, 0x20, ptr, 0x20)) // rmd160\n digest := mload(add(ptr, 0xc)) // return value is 0-prefixed.\n }\n }\n\n /**\n * @notice Implements bitcoin's hash256 (double sha2)\n * @param memView A view of the preimage\n * @return digest - the Digest\n */\n function hash256(bytes29 memView) internal view returns (bytes32 digest) {\n uint256 _loc = loc(memView);\n uint256 _len = len(memView);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n let ptr := mload(0x40)\n pop(staticcall(gas(), 2, _loc, _len, ptr, 0x20)) // sha2 #1\n pop(staticcall(gas(), 2, ptr, 0x20, ptr, 0x20)) // sha2 #2\n digest := mload(ptr)\n }\n }\n\n /**\n * @notice Return true if the underlying memory is equal. Else false.\n * @param left The first view\n * @param right The second view\n * @return bool - True if the underlying memory is equal\n */\n function untypedEqual(bytes29 left, bytes29 right) internal pure returns (bool) {\n return (loc(left) == loc(right) \u0026\u0026 len(left) == len(right)) || keccak(left) == keccak(right);\n }\n\n /**\n * @notice Return false if the underlying memory is equal. Else true.\n * @param left The first view\n * @param right The second view\n * @return bool - False if the underlying memory is equal\n */\n function untypedNotEqual(bytes29 left, bytes29 right) internal pure returns (bool) {\n return !untypedEqual(left, right);\n }\n\n /**\n * @notice Compares type equality.\n * @dev Shortcuts if the pointers are identical, otherwise compares type and digest.\n * @param left The first view\n * @param right The second view\n * @return bool - True if the types are the same\n */\n function equal(bytes29 left, bytes29 right) internal pure returns (bool) {\n return left == right || (typeOf(left) == typeOf(right) \u0026\u0026 keccak(left) == keccak(right));\n }\n\n /**\n * @notice Compares type inequality.\n * @dev Shortcuts if the pointers are identical, otherwise compares type and digest.\n * @param left The first view\n * @param right The second view\n * @return bool - True if the types are not the same\n */\n function notEqual(bytes29 left, bytes29 right) internal pure returns (bool) {\n return !equal(left, right);\n }\n\n /**\n * @notice Copy the view to a location, return an unsafe memory reference\n * @dev Super Dangerous direct memory access.\n *\n * This reference can be overwritten if anything else modifies memory (!!!).\n * As such it MUST be consumed IMMEDIATELY.\n * This function is private to prevent unsafe usage by callers.\n * @param memView The view\n * @param _newLoc The new location\n * @return written - the unsafe memory reference\n */\n function unsafeCopyTo(bytes29 memView, uint256 _newLoc) private view returns (bytes29 written) {\n require(notNull(memView), \"TypedMemView/copyTo - Null pointer deref\");\n require(isValid(memView), \"TypedMemView/copyTo - Invalid pointer deref\");\n uint256 _len = len(memView);\n uint256 _oldLoc = loc(memView);\n\n uint256 ptr;\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n ptr := mload(0x40)\n // revert if we're writing in occupied memory\n if gt(ptr, _newLoc) {\n revert(0x60, 0x20) // empty revert message\n }\n\n // use the identity precompile to copy\n // guaranteed not to fail, so pop the success\n pop(staticcall(gas(), 4, _oldLoc, _len, _newLoc, _len))\n }\n\n written = unsafeBuildUnchecked(typeOf(memView), _newLoc, _len);\n }\n\n /**\n * @notice Copies the referenced memory to a new loc in memory, returning a `bytes` pointing to\n * the new memory\n * @dev Shortcuts if the pointers are identical, otherwise compares type and digest.\n * @param memView The view\n * @return ret - The view pointing to the new memory\n */\n function clone(bytes29 memView) internal view returns (bytes memory ret) {\n uint256 ptr;\n uint256 _len = len(memView);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n ptr := mload(0x40) // load unused memory pointer\n ret := ptr\n }\n unsafeCopyTo(memView, ptr + 0x20);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n mstore(0x40, add(add(ptr, _len), 0x20)) // write new unused pointer\n mstore(ptr, _len) // write len of new array (in bytes)\n }\n }\n\n /**\n * @notice Join the views in memory, return an unsafe reference to the memory.\n * @dev Super Dangerous direct memory access.\n *\n * This reference can be overwritten if anything else modifies memory (!!!).\n * As such it MUST be consumed IMMEDIATELY.\n * This function is private to prevent unsafe usage by callers.\n * @param memViews The views\n * @return unsafeView - The conjoined view pointing to the new memory\n */\n function unsafeJoin(bytes29[] memory memViews, uint256 _location) private view returns (bytes29 unsafeView) {\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n let ptr := mload(0x40)\n // revert if we're writing in occupied memory\n if gt(ptr, _location) {\n revert(0x60, 0x20) // empty revert message\n }\n }\n\n uint256 _offset = 0;\n for (uint256 i = 0; i \u003c memViews.length; i ++) {\n bytes29 memView = memViews[i];\n unsafeCopyTo(memView, _location + _offset);\n _offset += len(memView);\n }\n unsafeView = unsafeBuildUnchecked(0, _location, _offset);\n }\n\n /**\n * @notice Produce the keccak256 digest of the concatenated contents of multiple views.\n * @param memViews The views\n * @return bytes32 - The keccak256 digest\n */\n function joinKeccak(bytes29[] memory memViews) internal view returns (bytes32) {\n uint256 ptr;\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n ptr := mload(0x40) // load unused memory pointer\n }\n return keccak(unsafeJoin(memViews, ptr));\n }\n\n /**\n * @notice Produce the sha256 digest of the concatenated contents of multiple views.\n * @param memViews The views\n * @return bytes32 - The sha256 digest\n */\n function joinSha2(bytes29[] memory memViews) internal view returns (bytes32) {\n uint256 ptr;\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n ptr := mload(0x40) // load unused memory pointer\n }\n return sha2(unsafeJoin(memViews, ptr));\n }\n\n /**\n * @notice copies all views, joins them into a new bytearray.\n * @param memViews The views\n * @return ret - The new byte array\n */\n function join(bytes29[] memory memViews) internal view returns (bytes memory ret) {\n uint256 ptr;\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n ptr := mload(0x40) // load unused memory pointer\n }\n\n bytes29 _newView = unsafeJoin(memViews, ptr + 0x20);\n uint256 _written = len(_newView);\n uint256 _footprint = footprint(_newView);\n\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n // store the legnth\n mstore(ptr, _written)\n // new pointer is old + 0x20 + the footprint of the body\n mstore(0x40, add(add(ptr, _footprint), 0x20))\n ret := ptr\n }\n }\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * @title IRelayer\n * @notice Sends messages from source domain to destination domain\n */\ninterface IRelayer {\n /**\n * @notice Sends an outgoing message from the source domain.\n * @dev Increment nonce, format the message, and emit `MessageSent` event with message information.\n * @param destinationDomain Domain of destination chain\n * @param recipient Address of message recipient on destination domain as bytes32\n * @param messageBody Raw bytes content of message\n * @return nonce reserved by message\n */\n function sendMessage(\n uint32 destinationDomain,\n bytes32 recipient,\n bytes calldata messageBody\n ) external returns (uint64);\n\n /**\n * @notice Sends an outgoing message from the source domain, with a specified caller on the\n * destination domain.\n * @dev Increment nonce, format the message, and emit `MessageSent` event with message information.\n * WARNING: if the `destinationCaller` does not represent a valid address as bytes32, then it will not be possible\n * to broadcast the message on the destination domain. This is an advanced feature, and the standard\n * sendMessage() should be preferred for use cases where a specific destination caller is not required.\n * @param destinationDomain Domain of destination chain\n * @param recipient Address of message recipient on destination domain as bytes32\n * @param destinationCaller caller on the destination domain, as bytes32\n * @param messageBody Raw bytes content of message\n * @return nonce reserved by message\n */\n function sendMessageWithCaller(\n uint32 destinationDomain,\n bytes32 recipient,\n bytes32 destinationCaller,\n bytes calldata messageBody\n ) external returns (uint64);\n\n /**\n * @notice Replace a message with a new message body and/or destination caller.\n * @dev The `originalAttestation` must be a valid attestation of `originalMessage`.\n * @param originalMessage original message to replace\n * @param originalAttestation attestation of `originalMessage`\n * @param newMessageBody new message body of replaced message\n * @param newDestinationCaller the new destination caller\n */\n function replaceMessage(\n bytes calldata originalMessage,\n bytes calldata originalAttestation,\n bytes calldata newMessageBody,\n bytes32 newDestinationCaller\n ) external;\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * @title IReceiver\n * @notice Receives messages on destination chain and forwards them to IMessageDestinationHandler\n */\ninterface IReceiver {\n /**\n * @notice Receives an incoming message, validating the header and passing\n * the body to application-specific handler.\n * @param message The message raw bytes\n * @param signature The message signature\n * @return success bool, true if successful\n */\n function receiveMessage(bytes calldata message, bytes calldata signature)\n external\n returns (bool success);\n}\n\n/**\n * @title IMessageTransmitter\n * @notice Interface for message transmitters, which both relay and receive messages.\n */\ninterface IMessageTransmitter is IRelayer, IReceiver {\n\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * @title IMessageHandler\n * @notice Handles messages on destination domain forwarded from\n * an IReceiver\n */\ninterface IMessageHandler {\n /**\n * @notice handles an incoming message from a Receiver\n * @param sourceDomain the source domain of the message\n * @param sender the sender of the message\n * @param messageBody The message raw bytes\n * @return success bool, true if successful\n */\n function handleReceiveMessage(\n uint32 sourceDomain,\n bytes32 sender,\n bytes calldata messageBody\n ) external returns (bool);\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * @title Message Library\n * @notice Library for formatted messages used by Relayer and Receiver.\n *\n * @dev The message body is dynamically-sized to support custom message body\n * formats. Other fields must be fixed-size to avoid hash collisions.\n * Each other input value has an explicit type to guarantee fixed-size.\n * Padding: uintNN fields are left-padded, and bytesNN fields are right-padded.\n *\n * Field Bytes Type Index\n * version 4 uint32 0\n * sourceDomain 4 uint32 4\n * destinationDomain 4 uint32 8\n * nonce 8 uint64 12\n * sender 32 bytes32 20\n * recipient 32 bytes32 52\n * destinationCaller 32 bytes32 84\n * messageBody dynamic bytes 116\n *\n **/\nlibrary Message {\n using TypedMemView for bytes;\n using TypedMemView for bytes29;\n\n // Indices of each field in message\n uint8 private constant VERSION_INDEX = 0;\n uint8 private constant SOURCE_DOMAIN_INDEX = 4;\n uint8 private constant DESTINATION_DOMAIN_INDEX = 8;\n uint8 private constant NONCE_INDEX = 12;\n uint8 private constant SENDER_INDEX = 20;\n uint8 private constant RECIPIENT_INDEX = 52;\n uint8 private constant DESTINATION_CALLER_INDEX = 84;\n uint8 private constant MESSAGE_BODY_INDEX = 116;\n\n /**\n * @notice Returns formatted (packed) message with provided fields\n * @param _msgVersion the version of the message format\n * @param _msgSourceDomain Domain of home chain\n * @param _msgDestinationDomain Domain of destination chain\n * @param _msgNonce Destination-specific nonce\n * @param _msgSender Address of sender on source chain as bytes32\n * @param _msgRecipient Address of recipient on destination chain as bytes32\n * @param _msgDestinationCaller Address of caller on destination chain as bytes32\n * @param _msgRawBody Raw bytes of message body\n * @return Formatted message\n **/\n function _formatMessage(\n uint32 _msgVersion,\n uint32 _msgSourceDomain,\n uint32 _msgDestinationDomain,\n uint64 _msgNonce,\n bytes32 _msgSender,\n bytes32 _msgRecipient,\n bytes32 _msgDestinationCaller,\n bytes memory _msgRawBody\n ) internal pure returns (bytes memory) {\n return\n abi.encodePacked(\n _msgVersion,\n _msgSourceDomain,\n _msgDestinationDomain,\n _msgNonce,\n _msgSender,\n _msgRecipient,\n _msgDestinationCaller,\n _msgRawBody\n );\n }\n\n // @notice Returns _message's version field\n function _version(bytes29 _message) internal pure returns (uint32) {\n return uint32(_message.indexUint(VERSION_INDEX, 4));\n }\n\n // @notice Returns _message's sourceDomain field\n function _sourceDomain(bytes29 _message) internal pure returns (uint32) {\n return uint32(_message.indexUint(SOURCE_DOMAIN_INDEX, 4));\n }\n\n // @notice Returns _message's destinationDomain field\n function _destinationDomain(bytes29 _message)\n internal\n pure\n returns (uint32)\n {\n return uint32(_message.indexUint(DESTINATION_DOMAIN_INDEX, 4));\n }\n\n // @notice Returns _message's nonce field\n function _nonce(bytes29 _message) internal pure returns (uint64) {\n return uint64(_message.indexUint(NONCE_INDEX, 8));\n }\n\n // @notice Returns _message's sender field\n function _sender(bytes29 _message) internal pure returns (bytes32) {\n return _message.index(SENDER_INDEX, 32);\n }\n\n // @notice Returns _message's recipient field\n function _recipient(bytes29 _message) internal pure returns (bytes32) {\n return _message.index(RECIPIENT_INDEX, 32);\n }\n\n // @notice Returns _message's destinationCaller field\n function _destinationCaller(bytes29 _message)\n internal\n pure\n returns (bytes32)\n {\n return _message.index(DESTINATION_CALLER_INDEX, 32);\n }\n\n // @notice Returns _message's messageBody field\n function _messageBody(bytes29 _message) internal pure returns (bytes29) {\n return\n _message.slice(\n MESSAGE_BODY_INDEX,\n _message.len() - MESSAGE_BODY_INDEX,\n 0\n );\n }\n\n /**\n * @notice converts address to bytes32 (alignment preserving cast.)\n * @param addr the address to convert to bytes32\n */\n function addressToBytes32(address addr) external pure returns (bytes32) {\n return bytes32(uint256(uint160(addr)));\n }\n\n /**\n * @notice converts bytes32 to address (alignment preserving cast.)\n * @dev Warning: it is possible to have different input values _buf map to the same address.\n * For use cases where this is not acceptable, validate that the first 12 bytes of _buf are zero-padding.\n * @param _buf the bytes32 to convert to address\n */\n function bytes32ToAddress(bytes32 _buf) public pure returns (address) {\n return address(uint160(uint256(_buf)));\n }\n\n /**\n * @notice Reverts if message is malformed or incorrect length\n * @param _message The message as bytes29\n */\n function _validateMessageFormat(bytes29 _message) internal pure {\n require(_message.isValid(), \"Malformed message\");\n require(\n _message.len() \u003e= MESSAGE_BODY_INDEX,\n \"Invalid message: too short\"\n );\n }\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/*\n * @dev Provides information about the current execution context, including the\n * sender of the transaction and its data. While these are generally available\n * via msg.sender and msg.data, they should not be accessed in such a direct\n * manner, since when dealing with GSN meta-transactions the account sending and\n * paying for execution may not be the actual sender (as far as an application\n * is concerned).\n *\n * This contract is only required for intermediate, library-like contracts.\n */\nabstract contract Context {\n function _msgSender() internal view virtual returns (address payable) {\n return msg.sender;\n }\n\n function _msgData() internal view virtual returns (bytes memory) {\n this; // silence state mutability warning without generating bytecode - see https://github.com/ethereum/solidity/issues/2691\n return msg.data;\n }\n}\n\n/**\n * @dev forked from https://github.com/OpenZeppelin/openzeppelin-contracts/blob/7c5f6bc2c8743d83443fa46395d75f2f3f99054a/contracts/access/Ownable.sol\n * Modifications:\n * 1. Update Solidity version from 0.8.0 to 0.7.6 (11/9/2022). (v8 was used\n * as base because it includes internal _transferOwnership method.)\n * 2. Remove renounceOwnership function\n *\n * Description\n * Contract module which provides a basic access control mechanism, where\n * there is an account (an owner) that can be granted exclusive access to\n * specific functions.\n *\n * By default, the owner account will be the one that deploys the contract. This\n * can later be changed with {transferOwnership}.\n *\n * This module is used through inheritance. It will make available the modifier\n * `onlyOwner`, which can be applied to your functions to restrict their use to\n * the owner.\n */\nabstract contract Ownable is Context {\n address private _owner;\n\n event OwnershipTransferred(\n address indexed previousOwner,\n address indexed newOwner\n );\n\n /**\n * @dev Initializes the contract setting the deployer as the initial owner.\n */\n constructor() {\n _transferOwnership(_msgSender());\n }\n\n /**\n * @dev Throws if called by any account other than the owner.\n */\n modifier onlyOwner() {\n _checkOwner();\n _;\n }\n\n /**\n * @dev Returns the address of the current owner.\n */\n function owner() public view virtual returns (address) {\n return _owner;\n }\n\n /**\n * @dev Throws if the sender is not the owner.\n */\n function _checkOwner() internal view virtual {\n require(owner() == _msgSender(), \"Ownable: caller is not the owner\");\n }\n\n /**\n * @dev Transfers ownership of the contract to a new account (`newOwner`).\n * Can only be called by the current owner.\n */\n function transferOwnership(address newOwner) public virtual onlyOwner {\n require(\n newOwner != address(0),\n \"Ownable: new owner is the zero address\"\n );\n _transferOwnership(newOwner);\n }\n\n /**\n * @dev Transfers ownership of the contract to a new account (`newOwner`).\n * Internal function without access restriction.\n */\n function _transferOwnership(address newOwner) internal virtual {\n address oldOwner = _owner;\n _owner = newOwner;\n emit OwnershipTransferred(oldOwner, newOwner);\n }\n}\n\n/**\n * @dev forked from https://github.com/OpenZeppelin/openzeppelin-contracts/blob/7c5f6bc2c8743d83443fa46395d75f2f3f99054a/contracts/access/Ownable2Step.sol\n * Modifications:\n * 1. Update Solidity version from 0.8.0 to 0.7.6. Version 0.8.0 was used\n * as base because this contract was added to OZ repo after version 0.8.0.\n *\n * Contract module which provides access control mechanism, where\n * there is an account (an owner) that can be granted exclusive access to\n * specific functions.\n *\n * By default, the owner account will be the one that deploys the contract. This\n * can later be changed with {transferOwnership} and {acceptOwnership}.\n *\n * This module is used through inheritance. It will make available all functions\n * from parent (Ownable).\n */\nabstract contract Ownable2Step is Ownable {\n address private _pendingOwner;\n\n event OwnershipTransferStarted(\n address indexed previousOwner,\n address indexed newOwner\n );\n\n /**\n * @dev Returns the address of the pending owner.\n */\n function pendingOwner() public view virtual returns (address) {\n return _pendingOwner;\n }\n\n /**\n * @dev Starts the ownership transfer of the contract to a new account. Replaces the pending transfer if there is one.\n * Can only be called by the current owner.\n */\n function transferOwnership(address newOwner)\n public\n virtual\n override\n onlyOwner\n {\n _pendingOwner = newOwner;\n emit OwnershipTransferStarted(owner(), newOwner);\n }\n\n /**\n * @dev Transfers ownership of the contract to a new account (`newOwner`) and deletes any pending owner.\n * Internal function without access restriction.\n */\n function _transferOwnership(address newOwner) internal virtual override {\n delete _pendingOwner;\n super._transferOwnership(newOwner);\n }\n\n /**\n * @dev The new owner accepts the ownership transfer.\n */\n function acceptOwnership() external {\n address sender = _msgSender();\n require(\n pendingOwner() == sender,\n \"Ownable2Step: caller is not the new owner\"\n );\n _transferOwnership(sender);\n }\n}\n\n/**\n * @notice Base contract which allows children to implement an emergency stop\n * mechanism\n * @dev Forked from https://github.com/centrehq/centre-tokens/blob/0d3cab14ebd133a83fc834dbd48d0468bdf0b391/contracts/v1/Pausable.sol\n * Modifications:\n * 1. Update Solidity version from 0.6.12 to 0.7.6 (8/23/2022)\n * 2. Change pauser visibility to private, declare external getter (11/19/22)\n */\ncontract Pausable is Ownable2Step {\n event Pause();\n event Unpause();\n event PauserChanged(address indexed newAddress);\n\n address private _pauser;\n bool public paused = false;\n\n /**\n * @dev Modifier to make a function callable only when the contract is not paused.\n */\n modifier whenNotPaused() {\n require(!paused, \"Pausable: paused\");\n _;\n }\n\n /**\n * @dev throws if called by any account other than the pauser\n */\n modifier onlyPauser() {\n require(msg.sender == _pauser, \"Pausable: caller is not the pauser\");\n _;\n }\n\n /**\n * @notice Returns current pauser\n * @return Pauser's address\n */\n function pauser() external view returns (address) {\n return _pauser;\n }\n\n /**\n * @dev called by the owner to pause, triggers stopped state\n */\n function pause() external onlyPauser {\n paused = true;\n emit Pause();\n }\n\n /**\n * @dev called by the owner to unpause, returns to normal state\n */\n function unpause() external onlyPauser {\n paused = false;\n emit Unpause();\n }\n\n /**\n * @dev update the pauser role\n */\n function updatePauser(address _newPauser) external onlyOwner {\n require(\n _newPauser != address(0),\n \"Pausable: new pauser is the zero address\"\n );\n _pauser = _newPauser;\n emit PauserChanged(_pauser);\n }\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * @dev Interface of the ERC20 standard as defined in the EIP.\n */\ninterface IERC20 {\n /**\n * @dev Returns the amount of tokens in existence.\n */\n function totalSupply() external view returns (uint256);\n\n /**\n * @dev Returns the amount of tokens owned by `account`.\n */\n function balanceOf(address account) external view returns (uint256);\n\n /**\n * @dev Moves `amount` tokens from the caller's account to `recipient`.\n *\n * Returns a boolean value indicating whether the operation succeeded.\n *\n * Emits a {Transfer} event.\n */\n function transfer(address recipient, uint256 amount) external returns (bool);\n\n /**\n * @dev Returns the remaining number of tokens that `spender` will be\n * allowed to spend on behalf of `owner` through {transferFrom}. This is\n * zero by default.\n *\n * This value changes when {approve} or {transferFrom} are called.\n */\n function allowance(address owner, address spender) external view returns (uint256);\n\n /**\n * @dev Sets `amount` as the allowance of `spender` over the caller's tokens.\n *\n * Returns a boolean value indicating whether the operation succeeded.\n *\n * IMPORTANT: Beware that changing an allowance with this method brings the risk\n * that someone may use both the old and the new allowance by unfortunate\n * transaction ordering. One possible solution to mitigate this race\n * condition is to first reduce the spender's allowance to 0 and set the\n * desired value afterwards:\n * https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729\n *\n * Emits an {Approval} event.\n */\n function approve(address spender, uint256 amount) external returns (bool);\n\n /**\n * @dev Moves `amount` tokens from `sender` to `recipient` using the\n * allowance mechanism. `amount` is then deducted from the caller's\n * allowance.\n *\n * Returns a boolean value indicating whether the operation succeeded.\n *\n * Emits a {Transfer} event.\n */\n function transferFrom(address sender, address recipient, uint256 amount) external returns (bool);\n\n /**\n * @dev Emitted when `value` tokens are moved from one account (`from`) to\n * another (`to`).\n *\n * Note that `value` may be zero.\n */\n event Transfer(address indexed from, address indexed to, uint256 value);\n\n /**\n * @dev Emitted when the allowance of a `spender` for an `owner` is set by\n * a call to {approve}. `value` is the new allowance.\n */\n event Approval(address indexed owner, address indexed spender, uint256 value);\n}\n\n/**\n * @dev Wrappers over Solidity's arithmetic operations with added overflow\n * checks.\n *\n * Arithmetic operations in Solidity wrap on overflow. This can easily result\n * in bugs, because programmers usually assume that an overflow raises an\n * error, which is the standard behavior in high level programming languages.\n * `SafeMath` restores this intuition by reverting the transaction when an\n * operation overflows.\n *\n * Using this library instead of the unchecked operations eliminates an entire\n * class of bugs, so it's recommended to use it always.\n */\nlibrary SafeMath {\n /**\n * @dev Returns the addition of two unsigned integers, with an overflow flag.\n *\n * _Available since v3.4._\n */\n function tryAdd(uint256 a, uint256 b) internal pure returns (bool, uint256) {\n uint256 c = a + b;\n if (c \u003c a) return (false, 0);\n return (true, c);\n }\n\n /**\n * @dev Returns the substraction of two unsigned integers, with an overflow flag.\n *\n * _Available since v3.4._\n */\n function trySub(uint256 a, uint256 b) internal pure returns (bool, uint256) {\n if (b \u003e a) return (false, 0);\n return (true, a - b);\n }\n\n /**\n * @dev Returns the multiplication of two unsigned integers, with an overflow flag.\n *\n * _Available since v3.4._\n */\n function tryMul(uint256 a, uint256 b) internal pure returns (bool, uint256) {\n // Gas optimization: this is cheaper than requiring 'a' not being zero, but the\n // benefit is lost if 'b' is also tested.\n // See: https://github.com/OpenZeppelin/openzeppelin-contracts/pull/522\n if (a == 0) return (true, 0);\n uint256 c = a * b;\n if (c / a != b) return (false, 0);\n return (true, c);\n }\n\n /**\n * @dev Returns the division of two unsigned integers, with a division by zero flag.\n *\n * _Available since v3.4._\n */\n function tryDiv(uint256 a, uint256 b) internal pure returns (bool, uint256) {\n if (b == 0) return (false, 0);\n return (true, a / b);\n }\n\n /**\n * @dev Returns the remainder of dividing two unsigned integers, with a division by zero flag.\n *\n * _Available since v3.4._\n */\n function tryMod(uint256 a, uint256 b) internal pure returns (bool, uint256) {\n if (b == 0) return (false, 0);\n return (true, a % b);\n }\n\n /**\n * @dev Returns the addition of two unsigned integers, reverting on\n * overflow.\n *\n * Counterpart to Solidity's `+` operator.\n *\n * Requirements:\n *\n * - Addition cannot overflow.\n */\n function add(uint256 a, uint256 b) internal pure returns (uint256) {\n uint256 c = a + b;\n require(c \u003e= a, \"SafeMath: addition overflow\");\n return c;\n }\n\n /**\n * @dev Returns the subtraction of two unsigned integers, reverting on\n * overflow (when the result is negative).\n *\n * Counterpart to Solidity's `-` operator.\n *\n * Requirements:\n *\n * - Subtraction cannot overflow.\n */\n function sub(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b \u003c= a, \"SafeMath: subtraction overflow\");\n return a - b;\n }\n\n /**\n * @dev Returns the multiplication of two unsigned integers, reverting on\n * overflow.\n *\n * Counterpart to Solidity's `*` operator.\n *\n * Requirements:\n *\n * - Multiplication cannot overflow.\n */\n function mul(uint256 a, uint256 b) internal pure returns (uint256) {\n if (a == 0) return 0;\n uint256 c = a * b;\n require(c / a == b, \"SafeMath: multiplication overflow\");\n return c;\n }\n\n /**\n * @dev Returns the integer division of two unsigned integers, reverting on\n * division by zero. The result is rounded towards zero.\n *\n * Counterpart to Solidity's `/` operator. Note: this function uses a\n * `revert` opcode (which leaves remaining gas untouched) while Solidity\n * uses an invalid opcode to revert (consuming all remaining gas).\n *\n * Requirements:\n *\n * - The divisor cannot be zero.\n */\n function div(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b \u003e 0, \"SafeMath: division by zero\");\n return a / b;\n }\n\n /**\n * @dev Returns the remainder of dividing two unsigned integers. (unsigned integer modulo),\n * reverting when dividing by zero.\n *\n * Counterpart to Solidity's `%` operator. This function uses a `revert`\n * opcode (which leaves remaining gas untouched) while Solidity uses an\n * invalid opcode to revert (consuming all remaining gas).\n *\n * Requirements:\n *\n * - The divisor cannot be zero.\n */\n function mod(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b \u003e 0, \"SafeMath: modulo by zero\");\n return a % b;\n }\n\n /**\n * @dev Returns the subtraction of two unsigned integers, reverting with custom message on\n * overflow (when the result is negative).\n *\n * CAUTION: This function is deprecated because it requires allocating memory for the error\n * message unnecessarily. For custom revert reasons use {trySub}.\n *\n * Counterpart to Solidity's `-` operator.\n *\n * Requirements:\n *\n * - Subtraction cannot overflow.\n */\n function sub(uint256 a, uint256 b, string memory errorMessage) internal pure returns (uint256) {\n require(b \u003c= a, errorMessage);\n return a - b;\n }\n\n /**\n * @dev Returns the integer division of two unsigned integers, reverting with custom message on\n * division by zero. The result is rounded towards zero.\n *\n * CAUTION: This function is deprecated because it requires allocating memory for the error\n * message unnecessarily. For custom revert reasons use {tryDiv}.\n *\n * Counterpart to Solidity's `/` operator. Note: this function uses a\n * `revert` opcode (which leaves remaining gas untouched) while Solidity\n * uses an invalid opcode to revert (consuming all remaining gas).\n *\n * Requirements:\n *\n * - The divisor cannot be zero.\n */\n function div(uint256 a, uint256 b, string memory errorMessage) internal pure returns (uint256) {\n require(b \u003e 0, errorMessage);\n return a / b;\n }\n\n /**\n * @dev Returns the remainder of dividing two unsigned integers. (unsigned integer modulo),\n * reverting with custom message when dividing by zero.\n *\n * CAUTION: This function is deprecated because it requires allocating memory for the error\n * message unnecessarily. For custom revert reasons use {tryMod}.\n *\n * Counterpart to Solidity's `%` operator. This function uses a `revert`\n * opcode (which leaves remaining gas untouched) while Solidity uses an\n * invalid opcode to revert (consuming all remaining gas).\n *\n * Requirements:\n *\n * - The divisor cannot be zero.\n */\n function mod(uint256 a, uint256 b, string memory errorMessage) internal pure returns (uint256) {\n require(b \u003e 0, errorMessage);\n return a % b;\n }\n}\n\n/**\n * @dev Collection of functions related to the address type\n */\nlibrary Address {\n /**\n * @dev Returns true if `account` is a contract.\n *\n * [IMPORTANT]\n * ====\n * It is unsafe to assume that an address for which this function returns\n * false is an externally-owned account (EOA) and not a contract.\n *\n * Among others, `isContract` will return false for the following\n * types of addresses:\n *\n * - an externally-owned account\n * - a contract in construction\n * - an address where a contract will be created\n * - an address where a contract lived, but was destroyed\n * ====\n */\n function isContract(address account) internal view returns (bool) {\n // This method relies on extcodesize, which returns 0 for contracts in\n // construction, since the code is only stored at the end of the\n // constructor execution.\n\n uint256 size;\n // solhint-disable-next-line no-inline-assembly\n assembly { size := extcodesize(account) }\n return size \u003e 0;\n }\n\n /**\n * @dev Replacement for Solidity's `transfer`: sends `amount` wei to\n * `recipient`, forwarding all available gas and reverting on errors.\n *\n * https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost\n * of certain opcodes, possibly making contracts go over the 2300 gas limit\n * imposed by `transfer`, making them unable to receive funds via\n * `transfer`. {sendValue} removes this limitation.\n *\n * https://diligence.consensys.net/posts/2019/09/stop-using-soliditys-transfer-now/[Learn more].\n *\n * IMPORTANT: because control is transferred to `recipient`, care must be\n * taken to not create reentrancy vulnerabilities. Consider using\n * {ReentrancyGuard} or the\n * https://solidity.readthedocs.io/en/v0.5.11/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern].\n */\n function sendValue(address payable recipient, uint256 amount) internal {\n require(address(this).balance \u003e= amount, \"Address: insufficient balance\");\n\n // solhint-disable-next-line avoid-low-level-calls, avoid-call-value\n (bool success, ) = recipient.call{ value: amount }(\"\");\n require(success, \"Address: unable to send value, recipient may have reverted\");\n }\n\n /**\n * @dev Performs a Solidity function call using a low level `call`. A\n * plain`call` is an unsafe replacement for a function call: use this\n * function instead.\n *\n * If `target` reverts with a revert reason, it is bubbled up by this\n * function (like regular Solidity function calls).\n *\n * Returns the raw returned data. To convert to the expected return value,\n * use https://solidity.readthedocs.io/en/latest/units-and-global-variables.html?highlight=abi.decode#abi-encoding-and-decoding-functions[`abi.decode`].\n *\n * Requirements:\n *\n * - `target` must be a contract.\n * - calling `target` with `data` must not revert.\n *\n * _Available since v3.1._\n */\n function functionCall(address target, bytes memory data) internal returns (bytes memory) {\n return functionCall(target, data, \"Address: low-level call failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], but with\n * `errorMessage` as a fallback revert reason when `target` reverts.\n *\n * _Available since v3.1._\n */\n function functionCall(address target, bytes memory data, string memory errorMessage) internal returns (bytes memory) {\n return functionCallWithValue(target, data, 0, errorMessage);\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\n * but also transferring `value` wei to `target`.\n *\n * Requirements:\n *\n * - the calling contract must have an ETH balance of at least `value`.\n * - the called Solidity function must be `payable`.\n *\n * _Available since v3.1._\n */\n function functionCallWithValue(address target, bytes memory data, uint256 value) internal returns (bytes memory) {\n return functionCallWithValue(target, data, value, \"Address: low-level call with value failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCallWithValue-address-bytes-uint256-}[`functionCallWithValue`], but\n * with `errorMessage` as a fallback revert reason when `target` reverts.\n *\n * _Available since v3.1._\n */\n function functionCallWithValue(address target, bytes memory data, uint256 value, string memory errorMessage) internal returns (bytes memory) {\n require(address(this).balance \u003e= value, \"Address: insufficient balance for call\");\n require(isContract(target), \"Address: call to non-contract\");\n\n // solhint-disable-next-line avoid-low-level-calls\n (bool success, bytes memory returndata) = target.call{ value: value }(data);\n return _verifyCallResult(success, returndata, errorMessage);\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\n * but performing a static call.\n *\n * _Available since v3.3._\n */\n function functionStaticCall(address target, bytes memory data) internal view returns (bytes memory) {\n return functionStaticCall(target, data, \"Address: low-level static call failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],\n * but performing a static call.\n *\n * _Available since v3.3._\n */\n function functionStaticCall(address target, bytes memory data, string memory errorMessage) internal view returns (bytes memory) {\n require(isContract(target), \"Address: static call to non-contract\");\n\n // solhint-disable-next-line avoid-low-level-calls\n (bool success, bytes memory returndata) = target.staticcall(data);\n return _verifyCallResult(success, returndata, errorMessage);\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\n * but performing a delegate call.\n *\n * _Available since v3.4._\n */\n function functionDelegateCall(address target, bytes memory data) internal returns (bytes memory) {\n return functionDelegateCall(target, data, \"Address: low-level delegate call failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],\n * but performing a delegate call.\n *\n * _Available since v3.4._\n */\n function functionDelegateCall(address target, bytes memory data, string memory errorMessage) internal returns (bytes memory) {\n require(isContract(target), \"Address: delegate call to non-contract\");\n\n // solhint-disable-next-line avoid-low-level-calls\n (bool success, bytes memory returndata) = target.delegatecall(data);\n return _verifyCallResult(success, returndata, errorMessage);\n }\n\n function _verifyCallResult(bool success, bytes memory returndata, string memory errorMessage) private pure returns(bytes memory) {\n if (success) {\n return returndata;\n } else {\n // Look for revert reason and bubble it up if present\n if (returndata.length \u003e 0) {\n // The easiest way to bubble the revert reason is using memory via assembly\n\n // solhint-disable-next-line no-inline-assembly\n assembly {\n let returndata_size := mload(returndata)\n revert(add(32, returndata), returndata_size)\n }\n } else {\n revert(errorMessage);\n }\n }\n }\n}\n\n/**\n * @title SafeERC20\n * @dev Wrappers around ERC20 operations that throw on failure (when the token\n * contract returns false). Tokens that return no value (and instead revert or\n * throw on failure) are also supported, non-reverting calls are assumed to be\n * successful.\n * To use this library you can add a `using SafeERC20 for IERC20;` statement to your contract,\n * which allows you to call the safe operations as `token.safeTransfer(...)`, etc.\n */\nlibrary SafeERC20 {\n using SafeMath for uint256;\n using Address for address;\n\n function safeTransfer(IERC20 token, address to, uint256 value) internal {\n _callOptionalReturn(token, abi.encodeWithSelector(token.transfer.selector, to, value));\n }\n\n function safeTransferFrom(IERC20 token, address from, address to, uint256 value) internal {\n _callOptionalReturn(token, abi.encodeWithSelector(token.transferFrom.selector, from, to, value));\n }\n\n /**\n * @dev Deprecated. This function has issues similar to the ones found in\n * {IERC20-approve}, and its usage is discouraged.\n *\n * Whenever possible, use {safeIncreaseAllowance} and\n * {safeDecreaseAllowance} instead.\n */\n function safeApprove(IERC20 token, address spender, uint256 value) internal {\n // safeApprove should only be called when setting an initial allowance,\n // or when resetting it to zero. To increase and decrease it, use\n // 'safeIncreaseAllowance' and 'safeDecreaseAllowance'\n // solhint-disable-next-line max-line-length\n require((value == 0) || (token.allowance(address(this), spender) == 0),\n \"SafeERC20: approve from non-zero to non-zero allowance\"\n );\n _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, value));\n }\n\n function safeIncreaseAllowance(IERC20 token, address spender, uint256 value) internal {\n uint256 newAllowance = token.allowance(address(this), spender).add(value);\n _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, newAllowance));\n }\n\n function safeDecreaseAllowance(IERC20 token, address spender, uint256 value) internal {\n uint256 newAllowance = token.allowance(address(this), spender).sub(value, \"SafeERC20: decreased allowance below zero\");\n _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, newAllowance));\n }\n\n /**\n * @dev Imitates a Solidity high-level call (i.e. a regular function call to a contract), relaxing the requirement\n * on the return value: the return value is optional (but if data is returned, it must not be false).\n * @param token The token targeted by the call.\n * @param data The call data (encoded using abi.encode or one of its variants).\n */\n function _callOptionalReturn(IERC20 token, bytes memory data) private {\n // We need to perform a low level call here, to bypass Solidity's return data size checking mechanism, since\n // we're implementing it ourselves. We use {Address.functionCall} to perform this call, which verifies that\n // the target address contains contract code and also asserts for success in the low-level call.\n\n bytes memory returndata = address(token).functionCall(data, \"SafeERC20: low-level call failed\");\n if (returndata.length \u003e 0) { // Return data is optional\n // solhint-disable-next-line max-line-length\n require(abi.decode(returndata, (bool)), \"SafeERC20: ERC20 operation did not succeed\");\n }\n }\n}\n\n/**\n * @notice Base contract which allows children to rescue ERC20 locked in their contract.\n * @dev Forked from https://github.com/centrehq/centre-tokens/blob/0d3cab14ebd133a83fc834dbd48d0468bdf0b391/contracts/v1.1/Rescuable.sol\n * Modifications:\n * 1. Update Solidity version from 0.6.12 to 0.7.6 (8/23/2022)\n */\ncontract Rescuable is Ownable2Step {\n using SafeERC20 for IERC20;\n\n address private _rescuer;\n\n event RescuerChanged(address indexed newRescuer);\n\n /**\n * @notice Returns current rescuer\n * @return Rescuer's address\n */\n function rescuer() external view returns (address) {\n return _rescuer;\n }\n\n /**\n * @notice Revert if called by any account other than the rescuer.\n */\n modifier onlyRescuer() {\n require(msg.sender == _rescuer, \"Rescuable: caller is not the rescuer\");\n _;\n }\n\n /**\n * @notice Rescue ERC20 tokens locked up in this contract.\n * @param tokenContract ERC20 token contract address\n * @param to Recipient address\n * @param amount Amount to withdraw\n */\n function rescueERC20(\n IERC20 tokenContract,\n address to,\n uint256 amount\n ) external onlyRescuer {\n tokenContract.safeTransfer(to, amount);\n }\n\n /**\n * @notice Assign the rescuer role to a given address.\n * @param newRescuer New rescuer's address\n */\n function updateRescuer(address newRescuer) external onlyOwner {\n require(\n newRescuer != address(0),\n \"Rescuable: new rescuer is the zero address\"\n );\n _rescuer = newRescuer;\n emit RescuerChanged(newRescuer);\n }\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * @dev Library for managing\n * https://en.wikipedia.org/wiki/Set_(abstract_data_type)[sets] of primitive\n * types.\n *\n * Sets have the following properties:\n *\n * - Elements are added, removed, and checked for existence in constant time\n * (O(1)).\n * - Elements are enumerated in O(n). No guarantees are made on the ordering.\n *\n * ```\n * contract Example {\n * // Add the library methods\n * using EnumerableSet for EnumerableSet.AddressSet;\n *\n * // Declare a set state variable\n * EnumerableSet.AddressSet private mySet;\n * }\n * ```\n *\n * As of v3.3.0, sets of type `bytes32` (`Bytes32Set`), `address` (`AddressSet`)\n * and `uint256` (`UintSet`) are supported.\n */\nlibrary EnumerableSet {\n // To implement this library for multiple types with as little code\n // repetition as possible, we write it in terms of a generic Set type with\n // bytes32 values.\n // The Set implementation uses private functions, and user-facing\n // implementations (such as AddressSet) are just wrappers around the\n // underlying Set.\n // This means that we can only create new EnumerableSets for types that fit\n // in bytes32.\n\n struct Set {\n // Storage of set values\n bytes32[] _values;\n\n // Position of the value in the `values` array, plus 1 because index 0\n // means a value is not in the set.\n mapping (bytes32 =\u003e uint256) _indexes;\n }\n\n /**\n * @dev Add a value to a set. O(1).\n *\n * Returns true if the value was added to the set, that is if it was not\n * already present.\n */\n function _add(Set storage set, bytes32 value) private returns (bool) {\n if (!_contains(set, value)) {\n set._values.push(value);\n // The value is stored at length-1, but we add 1 to all indexes\n // and use 0 as a sentinel value\n set._indexes[value] = set._values.length;\n return true;\n } else {\n return false;\n }\n }\n\n /**\n * @dev Removes a value from a set. O(1).\n *\n * Returns true if the value was removed from the set, that is if it was\n * present.\n */\n function _remove(Set storage set, bytes32 value) private returns (bool) {\n // We read and store the value's index to prevent multiple reads from the same storage slot\n uint256 valueIndex = set._indexes[value];\n\n if (valueIndex != 0) { // Equivalent to contains(set, value)\n // To delete an element from the _values array in O(1), we swap the element to delete with the last one in\n // the array, and then remove the last element (sometimes called as 'swap and pop').\n // This modifies the order of the array, as noted in {at}.\n\n uint256 toDeleteIndex = valueIndex - 1;\n uint256 lastIndex = set._values.length - 1;\n\n // When the value to delete is the last one, the swap operation is unnecessary. However, since this occurs\n // so rarely, we still do the swap anyway to avoid the gas cost of adding an 'if' statement.\n\n bytes32 lastvalue = set._values[lastIndex];\n\n // Move the last value to the index where the value to delete is\n set._values[toDeleteIndex] = lastvalue;\n // Update the index for the moved value\n set._indexes[lastvalue] = toDeleteIndex + 1; // All indexes are 1-based\n\n // Delete the slot where the moved value was stored\n set._values.pop();\n\n // Delete the index for the deleted slot\n delete set._indexes[value];\n\n return true;\n } else {\n return false;\n }\n }\n\n /**\n * @dev Returns true if the value is in the set. O(1).\n */\n function _contains(Set storage set, bytes32 value) private view returns (bool) {\n return set._indexes[value] != 0;\n }\n\n /**\n * @dev Returns the number of values on the set. O(1).\n */\n function _length(Set storage set) private view returns (uint256) {\n return set._values.length;\n }\n\n /**\n * @dev Returns the value stored at position `index` in the set. O(1).\n *\n * Note that there are no guarantees on the ordering of values inside the\n * array, and it may change when more values are added or removed.\n *\n * Requirements:\n *\n * - `index` must be strictly less than {length}.\n */\n function _at(Set storage set, uint256 index) private view returns (bytes32) {\n require(set._values.length \u003e index, \"EnumerableSet: index out of bounds\");\n return set._values[index];\n }\n\n // Bytes32Set\n\n struct Bytes32Set {\n Set _inner;\n }\n\n /**\n * @dev Add a value to a set. O(1).\n *\n * Returns true if the value was added to the set, that is if it was not\n * already present.\n */\n function add(Bytes32Set storage set, bytes32 value) internal returns (bool) {\n return _add(set._inner, value);\n }\n\n /**\n * @dev Removes a value from a set. O(1).\n *\n * Returns true if the value was removed from the set, that is if it was\n * present.\n */\n function remove(Bytes32Set storage set, bytes32 value) internal returns (bool) {\n return _remove(set._inner, value);\n }\n\n /**\n * @dev Returns true if the value is in the set. O(1).\n */\n function contains(Bytes32Set storage set, bytes32 value) internal view returns (bool) {\n return _contains(set._inner, value);\n }\n\n /**\n * @dev Returns the number of values in the set. O(1).\n */\n function length(Bytes32Set storage set) internal view returns (uint256) {\n return _length(set._inner);\n }\n\n /**\n * @dev Returns the value stored at position `index` in the set. O(1).\n *\n * Note that there are no guarantees on the ordering of values inside the\n * array, and it may change when more values are added or removed.\n *\n * Requirements:\n *\n * - `index` must be strictly less than {length}.\n */\n function at(Bytes32Set storage set, uint256 index) internal view returns (bytes32) {\n return _at(set._inner, index);\n }\n\n // AddressSet\n\n struct AddressSet {\n Set _inner;\n }\n\n /**\n * @dev Add a value to a set. O(1).\n *\n * Returns true if the value was added to the set, that is if it was not\n * already present.\n */\n function add(AddressSet storage set, address value) internal returns (bool) {\n return _add(set._inner, bytes32(uint256(uint160(value))));\n }\n\n /**\n * @dev Removes a value from a set. O(1).\n *\n * Returns true if the value was removed from the set, that is if it was\n * present.\n */\n function remove(AddressSet storage set, address value) internal returns (bool) {\n return _remove(set._inner, bytes32(uint256(uint160(value))));\n }\n\n /**\n * @dev Returns true if the value is in the set. O(1).\n */\n function contains(AddressSet storage set, address value) internal view returns (bool) {\n return _contains(set._inner, bytes32(uint256(uint160(value))));\n }\n\n /**\n * @dev Returns the number of values in the set. O(1).\n */\n function length(AddressSet storage set) internal view returns (uint256) {\n return _length(set._inner);\n }\n\n /**\n * @dev Returns the value stored at position `index` in the set. O(1).\n *\n * Note that there are no guarantees on the ordering of values inside the\n * array, and it may change when more values are added or removed.\n *\n * Requirements:\n *\n * - `index` must be strictly less than {length}.\n */\n function at(AddressSet storage set, uint256 index) internal view returns (address) {\n return address(uint160(uint256(_at(set._inner, index))));\n }\n\n // UintSet\n\n struct UintSet {\n Set _inner;\n }\n\n /**\n * @dev Add a value to a set. O(1).\n *\n * Returns true if the value was added to the set, that is if it was not\n * already present.\n */\n function add(UintSet storage set, uint256 value) internal returns (bool) {\n return _add(set._inner, bytes32(value));\n }\n\n /**\n * @dev Removes a value from a set. O(1).\n *\n * Returns true if the value was removed from the set, that is if it was\n * present.\n */\n function remove(UintSet storage set, uint256 value) internal returns (bool) {\n return _remove(set._inner, bytes32(value));\n }\n\n /**\n * @dev Returns true if the value is in the set. O(1).\n */\n function contains(UintSet storage set, uint256 value) internal view returns (bool) {\n return _contains(set._inner, bytes32(value));\n }\n\n /**\n * @dev Returns the number of values on the set. O(1).\n */\n function length(UintSet storage set) internal view returns (uint256) {\n return _length(set._inner);\n }\n\n /**\n * @dev Returns the value stored at position `index` in the set. O(1).\n *\n * Note that there are no guarantees on the ordering of values inside the\n * array, and it may change when more values are added or removed.\n *\n * Requirements:\n *\n * - `index` must be strictly less than {length}.\n */\n function at(UintSet storage set, uint256 index) internal view returns (uint256) {\n return uint256(_at(set._inner, index));\n }\n}\n\n/**\n * @dev Elliptic Curve Digital Signature Algorithm (ECDSA) operations.\n *\n * These functions can be used to verify that a message was signed by the holder\n * of the private keys of a given address.\n */\nlibrary ECDSA {\n /**\n * @dev Returns the address that signed a hashed message (`hash`) with\n * `signature`. This address can then be used for verification purposes.\n *\n * The `ecrecover` EVM opcode allows for malleable (non-unique) signatures:\n * this function rejects them by requiring the `s` value to be in the lower\n * half order, and the `v` value to be either 27 or 28.\n *\n * IMPORTANT: `hash` _must_ be the result of a hash operation for the\n * verification to be secure: it is possible to craft signatures that\n * recover to arbitrary addresses for non-hashed data. A safe way to ensure\n * this is by receiving a hash of the original message (which may otherwise\n * be too long), and then calling {toEthSignedMessageHash} on it.\n */\n function recover(bytes32 hash, bytes memory signature) internal pure returns (address) {\n // Check the signature length\n if (signature.length != 65) {\n revert(\"ECDSA: invalid signature length\");\n }\n\n // Divide the signature in r, s and v variables\n bytes32 r;\n bytes32 s;\n uint8 v;\n\n // ecrecover takes the signature parameters, and the only way to get them\n // currently is to use assembly.\n // solhint-disable-next-line no-inline-assembly\n assembly {\n r := mload(add(signature, 0x20))\n s := mload(add(signature, 0x40))\n v := byte(0, mload(add(signature, 0x60)))\n }\n\n return recover(hash, v, r, s);\n }\n\n /**\n * @dev Overload of {ECDSA-recover-bytes32-bytes-} that receives the `v`,\n * `r` and `s` signature fields separately.\n */\n function recover(bytes32 hash, uint8 v, bytes32 r, bytes32 s) internal pure returns (address) {\n // EIP-2 still allows signature malleability for ecrecover(). Remove this possibility and make the signature\n // unique. Appendix F in the Ethereum Yellow paper (https://ethereum.github.io/yellowpaper/paper.pdf), defines\n // the valid range for s in (281): 0 \u003c s \u003c secp256k1n ÷ 2 + 1, and for v in (282): v ∈ {27, 28}. Most\n // signatures from current libraries generate a unique signature with an s-value in the lower half order.\n //\n // If your library generates malleable signatures, such as s-values in the upper range, calculate a new s-value\n // with 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141 - s1 and flip v from 27 to 28 or\n // vice versa. If your library also generates signatures with 0/1 for v instead 27/28, add 27 to v to accept\n // these malleable signatures as well.\n require(uint256(s) \u003c= 0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0, \"ECDSA: invalid signature 's' value\");\n require(v == 27 || v == 28, \"ECDSA: invalid signature 'v' value\");\n\n // If the signature is valid (and not malleable), return the signer address\n address signer = ecrecover(hash, v, r, s);\n require(signer != address(0), \"ECDSA: invalid signature\");\n\n return signer;\n }\n\n /**\n * @dev Returns an Ethereum Signed Message, created from a `hash`. This\n * replicates the behavior of the\n * https://github.com/ethereum/wiki/wiki/JSON-RPC#eth_sign[`eth_sign`]\n * JSON-RPC method.\n *\n * See {recover}.\n */\n function toEthSignedMessageHash(bytes32 hash) internal pure returns (bytes32) {\n // 32 is the length in bytes of hash,\n // enforced by the type signature above\n return keccak256(abi.encodePacked(\"\\x19Ethereum Signed Message:\\n32\", hash));\n }\n}\n\ncontract Attestable is Ownable2Step {\n // ============ Events ============\n /**\n * @notice Emitted when an attester is enabled\n * @param attester newly enabled attester\n */\n event AttesterEnabled(address indexed attester);\n\n /**\n * @notice Emitted when an attester is disabled\n * @param attester newly disabled attester\n */\n event AttesterDisabled(address indexed attester);\n\n /**\n * @notice Emitted when threshold number of attestations (m in m/n multisig) is updated\n * @param oldSignatureThreshold old signature threshold\n * @param newSignatureThreshold new signature threshold\n */\n event SignatureThresholdUpdated(\n uint256 oldSignatureThreshold,\n uint256 newSignatureThreshold\n );\n\n /**\n * @dev Emitted when attester manager address is updated\n * @param previousAttesterManager representing the address of the previous attester manager\n * @param newAttesterManager representing the address of the new attester manager\n */\n event AttesterManagerUpdated(\n address indexed previousAttesterManager,\n address indexed newAttesterManager\n );\n\n // ============ Libraries ============\n using EnumerableSet for EnumerableSet.AddressSet;\n\n // ============ State Variables ============\n // number of signatures from distinct attesters required for a message to be received (m in m/n multisig)\n uint256 public signatureThreshold;\n\n // 65-byte ECDSA signature: v (32) + r (32) + s (1)\n uint256 internal constant signatureLength = 65;\n\n // enabled attesters (message signers)\n // (length of enabledAttesters is n in m/n multisig of message signers)\n EnumerableSet.AddressSet private enabledAttesters;\n\n // Attester Manager of the contract\n address private _attesterManager;\n\n // ============ Modifiers ============\n /**\n * @dev Throws if called by any account other than the attester manager.\n */\n modifier onlyAttesterManager() {\n require(msg.sender == _attesterManager, \"Caller not attester manager\");\n _;\n }\n\n // ============ Constructor ============\n /**\n * @dev The constructor sets the original attester manager of the contract to the sender account.\n * @param attester attester to initialize\n */\n constructor(address attester) {\n _setAttesterManager(msg.sender);\n // Initially 1 signature is required. Threshold can be increased by attesterManager.\n signatureThreshold = 1;\n enableAttester(attester);\n }\n\n // ============ Public/External Functions ============\n /**\n * @notice Enables an attester\n * @dev Only callable by attesterManager. New attester must be nonzero, and currently disabled.\n * @param newAttester attester to enable\n */\n function enableAttester(address newAttester) public onlyAttesterManager {\n require(newAttester != address(0), \"New attester must be nonzero\");\n require(enabledAttesters.add(newAttester), \"Attester already enabled\");\n emit AttesterEnabled(newAttester);\n }\n\n /**\n * @notice returns true if given `attester` is enabled, else false\n * @param attester attester to check enabled status of\n * @return true if given `attester` is enabled, else false\n */\n function isEnabledAttester(address attester) public view returns (bool) {\n return enabledAttesters.contains(attester);\n }\n\n /**\n * @notice returns the number of enabled attesters\n * @return number of enabled attesters\n */\n function getNumEnabledAttesters() public view returns (uint256) {\n return enabledAttesters.length();\n }\n\n /**\n * @dev Allows the current attester manager to transfer control of the contract to a newAttesterManager.\n * @param newAttesterManager The address to update attester manager to.\n */\n function updateAttesterManager(address newAttesterManager)\n external\n onlyOwner\n {\n require(\n newAttesterManager != address(0),\n \"Invalid attester manager address\"\n );\n address _oldAttesterManager = _attesterManager;\n _setAttesterManager(newAttesterManager);\n emit AttesterManagerUpdated(_oldAttesterManager, newAttesterManager);\n }\n\n /**\n * @notice Disables an attester\n * @dev Only callable by attesterManager. Disabling the attester is not allowed if there is only one attester\n * enabled, or if it would cause the number of enabled attesters to become less than signatureThreshold.\n * (Attester must be currently enabled.)\n * @param attester attester to disable\n */\n function disableAttester(address attester) external onlyAttesterManager {\n // Disallow disabling attester if there is only 1 active attester\n uint256 _numEnabledAttesters = getNumEnabledAttesters();\n\n require(_numEnabledAttesters \u003e 1, \"Too few enabled attesters\");\n\n // Disallow disabling an attester if it would cause the n in m/n multisig to fall below m (threshold # of signers).\n require(\n _numEnabledAttesters \u003e signatureThreshold,\n \"Signature threshold is too low\"\n );\n\n require(enabledAttesters.remove(attester), \"Attester already disabled\");\n emit AttesterDisabled(attester);\n }\n\n /**\n * @notice Sets the threshold of signatures required to attest to a message.\n * (This is the m in m/n multisig.)\n * @dev new signature threshold must be nonzero, and must not exceed number\n * of enabled attesters.\n * @param newSignatureThreshold new signature threshold\n */\n function setSignatureThreshold(uint256 newSignatureThreshold)\n external\n onlyAttesterManager\n {\n require(newSignatureThreshold != 0, \"Invalid signature threshold\");\n\n // New signature threshold cannot exceed the number of enabled attesters\n require(\n newSignatureThreshold \u003c= enabledAttesters.length(),\n \"New signature threshold too high\"\n );\n\n require(\n newSignatureThreshold != signatureThreshold,\n \"Signature threshold already set\"\n );\n\n uint256 _oldSignatureThreshold = signatureThreshold;\n signatureThreshold = newSignatureThreshold;\n emit SignatureThresholdUpdated(\n _oldSignatureThreshold,\n signatureThreshold\n );\n }\n\n /**\n * @dev Returns the address of the attester manager\n * @return address of the attester manager\n */\n function attesterManager() external view returns (address) {\n return _attesterManager;\n }\n\n /**\n * @notice gets enabled attester at given `index`\n * @param index index of attester to check\n * @return enabled attester at given `index`\n */\n function getEnabledAttester(uint256 index) external view returns (address) {\n return enabledAttesters.at(index);\n }\n\n // ============ Internal Utils ============\n /**\n * @dev Sets a new attester manager address\n * @param _newAttesterManager attester manager address to set\n */\n function _setAttesterManager(address _newAttesterManager) internal {\n _attesterManager = _newAttesterManager;\n }\n\n /**\n * @notice reverts if the attestation, which is comprised of one or more concatenated 65-byte signatures, is invalid.\n * @dev Rules for valid attestation:\n * 1. length of `_attestation` == 65 (signature length) * signatureThreshold\n * 2. addresses recovered from attestation must be in increasing order.\n * For example, if signature A is signed by address 0x1..., and signature B\n * is signed by address 0x2..., attestation must be passed as AB.\n * 3. no duplicate signers\n * 4. all signers must be enabled attesters\n *\n * Based on Christian Lundkvist's Simple Multisig\n * (https://github.com/christianlundkvist/simple-multisig/tree/560c463c8651e0a4da331bd8f245ccd2a48ab63d)\n * @param _message message to verify attestation of\n * @param _attestation attestation of `_message`\n */\n function _verifyAttestationSignatures(\n bytes calldata _message,\n bytes calldata _attestation\n ) internal view {\n require(\n _attestation.length == signatureLength * signatureThreshold,\n \"Invalid attestation length\"\n );\n\n // (Attesters cannot be address(0))\n address _latestAttesterAddress = address(0);\n // Address recovered from signatures must be in increasing order, to prevent duplicates\n\n bytes32 _digest = keccak256(_message);\n\n for (uint256 i; i \u003c signatureThreshold; ++i) {\n bytes memory _signature = _attestation[i * signatureLength:i *\n signatureLength +\n signatureLength];\n\n address _recoveredAttester = _recoverAttesterSignature(\n _digest,\n _signature\n );\n\n // Signatures must be in increasing order of address, and may not duplicate signatures from same address\n require(\n _recoveredAttester \u003e _latestAttesterAddress,\n \"Invalid signature order or dupe\"\n );\n require(\n isEnabledAttester(_recoveredAttester),\n \"Invalid signature: not attester\"\n );\n _latestAttesterAddress = _recoveredAttester;\n }\n }\n\n /**\n * @notice Checks that signature was signed by attester\n * @param _digest message hash\n * @param _signature message signature\n * @return address of recovered signer\n **/\n function _recoverAttesterSignature(bytes32 _digest, bytes memory _signature)\n internal\n pure\n returns (address)\n {\n return (ECDSA.recover(_digest, _signature));\n }\n}\n\n/**\n * @title MessageTransmitter\n * @notice Contract responsible for sending and receiving messages across chains.\n */\ncontract MessageTransmitter is\n IMessageTransmitter,\n Pausable,\n Rescuable,\n Attestable\n{\n // ============ Events ============\n /**\n * @notice Emitted when a new message is dispatched\n * @param message Raw bytes of message\n */\n event MessageSent(bytes message);\n\n /**\n * @notice Emitted when a new message is received\n * @param caller Caller (msg.sender) on destination domain\n * @param sourceDomain The source domain this message originated from\n * @param nonce The nonce unique to this message\n * @param sender The sender of this message\n * @param messageBody message body bytes\n */\n event MessageReceived(\n address indexed caller,\n uint32 sourceDomain,\n uint64 indexed nonce,\n bytes32 sender,\n bytes messageBody\n );\n\n /**\n * @notice Emitted when max message body size is updated\n * @param newMaxMessageBodySize new maximum message body size, in bytes\n */\n event MaxMessageBodySizeUpdated(uint256 newMaxMessageBodySize);\n\n // ============ Libraries ============\n using TypedMemView for bytes;\n using TypedMemView for bytes29;\n using Message for bytes29;\n\n // ============ State Variables ============\n // Domain of chain on which the contract is deployed\n uint32 public immutable localDomain;\n\n // Message Format version\n uint32 public immutable version;\n\n // Maximum size of message body, in bytes.\n // This value is set by owner.\n uint256 public maxMessageBodySize;\n\n // Next available nonce from this source domain\n uint64 public nextAvailableNonce;\n\n // Maps a bytes32 hash of (sourceDomain, nonce) -\u003e uint256 (0 if unused, 1 if used)\n mapping(bytes32 =\u003e uint256) public usedNonces;\n\n // ============ Constructor ============\n constructor(\n uint32 _localDomain,\n address _attester,\n uint32 _maxMessageBodySize,\n uint32 _version\n ) Attestable(_attester) {\n localDomain = _localDomain;\n maxMessageBodySize = _maxMessageBodySize;\n version = _version;\n }\n\n // ============ External Functions ============\n /**\n * @notice Send the message to the destination domain and recipient\n * @dev Increment nonce, format the message, and emit `MessageSent` event with message information.\n * @param destinationDomain Domain of destination chain\n * @param recipient Address of message recipient on destination chain as bytes32\n * @param messageBody Raw bytes content of message\n * @return nonce reserved by message\n */\n function sendMessage(\n uint32 destinationDomain,\n bytes32 recipient,\n bytes calldata messageBody\n ) external override whenNotPaused returns (uint64) {\n bytes32 _emptyDestinationCaller = bytes32(0);\n uint64 _nonce = _reserveAndIncrementNonce();\n bytes32 _messageSender = Message.addressToBytes32(msg.sender);\n\n _sendMessage(\n destinationDomain,\n recipient,\n _emptyDestinationCaller,\n _messageSender,\n _nonce,\n messageBody\n );\n\n return _nonce;\n }\n\n /**\n * @notice Replace a message with a new message body and/or destination caller.\n * @dev The `originalAttestation` must be a valid attestation of `originalMessage`.\n * Reverts if msg.sender does not match sender of original message, or if the source domain of the original message\n * does not match this MessageTransmitter's local domain.\n * @param originalMessage original message to replace\n * @param originalAttestation attestation of `originalMessage`\n * @param newMessageBody new message body of replaced message\n * @param newDestinationCaller the new destination caller, which may be the\n * same as the original destination caller, a new destination caller, or an empty\n * destination caller (bytes32(0), indicating that any destination caller is valid.)\n */\n function replaceMessage(\n bytes calldata originalMessage,\n bytes calldata originalAttestation,\n bytes calldata newMessageBody,\n bytes32 newDestinationCaller\n ) external override whenNotPaused {\n // Validate each signature in the attestation\n _verifyAttestationSignatures(originalMessage, originalAttestation);\n\n bytes29 _originalMsg = originalMessage.ref(0);\n\n // Validate message format\n _originalMsg._validateMessageFormat();\n\n // Validate message sender\n bytes32 _sender = _originalMsg._sender();\n require(\n msg.sender == Message.bytes32ToAddress(_sender),\n \"Sender not permitted to use nonce\"\n );\n\n // Validate source domain\n uint32 _sourceDomain = _originalMsg._sourceDomain();\n require(\n _sourceDomain == localDomain,\n \"Message not originally sent from this domain\"\n );\n\n uint32 _destinationDomain = _originalMsg._destinationDomain();\n bytes32 _recipient = _originalMsg._recipient();\n uint64 _nonce = _originalMsg._nonce();\n\n _sendMessage(\n _destinationDomain,\n _recipient,\n newDestinationCaller,\n _sender,\n _nonce,\n newMessageBody\n );\n }\n\n /**\n * @notice Send the message to the destination domain and recipient, for a specified `destinationCaller` on the\n * destination domain.\n * @dev Increment nonce, format the message, and emit `MessageSent` event with message information.\n * WARNING: if the `destinationCaller` does not represent a valid address, then it will not be possible\n * to broadcast the message on the destination domain. This is an advanced feature, and the standard\n * sendMessage() should be preferred for use cases where a specific destination caller is not required.\n * @param destinationDomain Domain of destination chain\n * @param recipient Address of message recipient on destination domain as bytes32\n * @param destinationCaller caller on the destination domain, as bytes32\n * @param messageBody Raw bytes content of message\n * @return nonce reserved by message\n */\n function sendMessageWithCaller(\n uint32 destinationDomain,\n bytes32 recipient,\n bytes32 destinationCaller,\n bytes calldata messageBody\n ) external override whenNotPaused returns (uint64) {\n require(\n destinationCaller != bytes32(0),\n \"Destination caller must be nonzero\"\n );\n\n uint64 _nonce = _reserveAndIncrementNonce();\n bytes32 _messageSender = Message.addressToBytes32(msg.sender);\n\n _sendMessage(\n destinationDomain,\n recipient,\n destinationCaller,\n _messageSender,\n _nonce,\n messageBody\n );\n\n return _nonce;\n }\n\n /**\n * @notice Receive a message. Messages with a given nonce\n * can only be broadcast once for a (sourceDomain, destinationDomain)\n * pair. The message body of a valid message is passed to the\n * specified recipient for further processing.\n *\n * @dev Attestation format:\n * A valid attestation is the concatenated 65-byte signature(s) of exactly\n * `thresholdSignature` signatures, in increasing order of attester address.\n * ***If the attester addresses recovered from signatures are not in\n * increasing order, signature verification will fail.***\n * If incorrect number of signatures or duplicate signatures are supplied,\n * signature verification will fail.\n *\n * Message format:\n * Field Bytes Type Index\n * version 4 uint32 0\n * sourceDomain 4 uint32 4\n * destinationDomain 4 uint32 8\n * nonce 8 uint64 12\n * sender 32 bytes32 20\n * recipient 32 bytes32 52\n * messageBody dynamic bytes 84\n * @param message Message bytes\n * @param attestation Concatenated 65-byte signature(s) of `message`, in increasing order\n * of the attester address recovered from signatures.\n * @return success bool, true if successful\n */\n function receiveMessage(bytes calldata message, bytes calldata attestation)\n external\n override\n whenNotPaused\n returns (bool success)\n {\n // Validate each signature in the attestation\n _verifyAttestationSignatures(message, attestation);\n\n bytes29 _msg = message.ref(0);\n\n // Validate message format\n _msg._validateMessageFormat();\n\n // Validate domain\n require(\n _msg._destinationDomain() == localDomain,\n \"Invalid destination domain\"\n );\n\n // Validate destination caller\n if (_msg._destinationCaller() != bytes32(0)) {\n require(\n _msg._destinationCaller() ==\n Message.addressToBytes32(msg.sender),\n \"Invalid caller for message\"\n );\n }\n\n // Validate version\n require(_msg._version() == version, \"Invalid message version\");\n\n // Validate nonce is available\n uint32 _sourceDomain = _msg._sourceDomain();\n uint64 _nonce = _msg._nonce();\n bytes32 _sourceAndNonce = _hashSourceAndNonce(_sourceDomain, _nonce);\n require(usedNonces[_sourceAndNonce] == 0, \"Nonce already used\");\n // Mark nonce used\n usedNonces[_sourceAndNonce] = 1;\n\n // Handle receive message\n bytes32 _sender = _msg._sender();\n bytes memory _messageBody = _msg._messageBody().clone();\n require(\n IMessageHandler(Message.bytes32ToAddress(_msg._recipient()))\n .handleReceiveMessage(_sourceDomain, _sender, _messageBody),\n \"handleReceiveMessage() failed\"\n );\n\n // Emit MessageReceived event\n emit MessageReceived(\n msg.sender,\n _sourceDomain,\n _nonce,\n _sender,\n _messageBody\n );\n return true;\n }\n\n /**\n * @notice Sets the max message body size\n * @dev This value should not be reduced without good reason,\n * to avoid impacting users who rely on large messages.\n * @param newMaxMessageBodySize new max message body size, in bytes\n */\n function setMaxMessageBodySize(uint256 newMaxMessageBodySize)\n external\n onlyOwner\n {\n maxMessageBodySize = newMaxMessageBodySize;\n emit MaxMessageBodySizeUpdated(maxMessageBodySize);\n }\n\n // ============ Internal Utils ============\n /**\n * @notice Send the message to the destination domain and recipient. If `_destinationCaller` is not equal to bytes32(0),\n * the message can only be received on the destination chain when called by `_destinationCaller`.\n * @dev Format the message and emit `MessageSent` event with message information.\n * @param _destinationDomain Domain of destination chain\n * @param _recipient Address of message recipient on destination domain as bytes32\n * @param _destinationCaller caller on the destination domain, as bytes32\n * @param _sender message sender, as bytes32\n * @param _nonce nonce reserved for message\n * @param _messageBody Raw bytes content of message\n */\n function _sendMessage(\n uint32 _destinationDomain,\n bytes32 _recipient,\n bytes32 _destinationCaller,\n bytes32 _sender,\n uint64 _nonce,\n bytes calldata _messageBody\n ) internal {\n // Validate message body length\n require(\n _messageBody.length \u003c= maxMessageBodySize,\n \"Message body exceeds max size\"\n );\n\n require(_recipient != bytes32(0), \"Recipient must be nonzero\");\n\n // serialize message\n bytes memory _message = Message._formatMessage(\n version,\n localDomain,\n _destinationDomain,\n _nonce,\n _sender,\n _recipient,\n _destinationCaller,\n _messageBody\n );\n\n // Emit MessageSent event\n emit MessageSent(_message);\n }\n\n /**\n * @notice hashes `_source` and `_nonce`.\n * @param _source Domain of chain where the transfer originated\n * @param _nonce The unique identifier for the message from source to\n destination\n * @return hash of source and nonce\n */\n function _hashSourceAndNonce(uint32 _source, uint64 _nonce)\n internal\n pure\n returns (bytes32)\n {\n return keccak256(abi.encodePacked(_source, _nonce));\n }\n\n /**\n * Reserve and increment next available nonce\n * @return nonce reserved\n */\n function _reserveAndIncrementNonce() internal returns (uint64) {\n uint64 _nonceReserved = nextAvailableNonce;\n nextAvailableNonce = nextAvailableNonce + 1;\n return _nonceReserved;\n }\n}\n","language":"Solidity","languageVersion":"0.7.6","compilerVersion":"0.7.6","compilerOptions":"--combined-json bin,bin-runtime,srcmap,srcmap-runtime,abi,userdoc,devdoc,metadata,hashes --optimize --optimize-runs 10000 --allow-paths ., ./, ../","srcMap":"76847:1344:0:-:0;;;;;;;;;;;;-1:-1:-1;49481:32:0;49500:12;:10;:12::i;:::-;49481:18;:32::i;:::-;76847:1344;;47973:104;48060:10;47973:104;:::o;52482:153::-;52571:13;52564:20;;-1:-1:-1;;;;;;52564:20:0;;;52594:34;52619:8;52594:24;;;;;;;:34;;:::i;:::-;52482:153;:::o;50569:187::-;50642:16;50661:6;;-1:-1:-1;;;;;50677:17:0;;;-1:-1:-1;;;;;;50677:17:0;;;;;;50709:40;;50661:6;;;;;;;50709:40;;50642:16;50709:40;50569:187;;:::o;76847:1344::-;;;;;;;","srcMapRuntime":"76847:1344:0:-:0;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;77925:264;;;;;;;;;;;;;;;;-1:-1:-1;77925:264:0;;;;:::i;:::-;;77095:83;;;:::i;:::-;;;;;;;;;;;;;;;;;;;52715:240;;;:::i;49746:85::-;;;:::i;77620:177::-;;;;;;;;;;;;;;;;-1:-1:-1;77620:177:0;;;;;;;;;;;;;;;;;;:::i;51792:99::-;;;:::i;52084:214::-;;;;;;;;;;;;;;;;-1:-1:-1;52084:214:0;;;;:::i;77925:264::-;49639:13;:11;:13::i;:::-;78018:24:::1;::::0;::::1;77997:113;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;78120:8;:21:::0;;;::::1;;::::0;::::1;::::0;;::::1;::::0;;;78156:26:::1;::::0;::::1;::::0;-1:-1:-1;;78156:26:0::1;77925:264:::0;:::o;77095:83::-;77163:8;;;;77095:83;:::o;52715:240::-;52761:14;52778:12;:10;:12::i;:::-;52761:29;;52839:6;52821:24;;:14;:12;:14::i;:::-;:24;;;52800:112;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;52922:26;52941:6;52922:18;:26::i;:::-;52715:240;:::o;49746:85::-;49792:7;49818:6;;;49746:85;:::o;77620:177::-;77326:8;;;;77312:10;:22;77304:71;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;77752:38:::1;:26;::::0;::::1;77779:2:::0;77783:6;77752:26:::1;:38::i;:::-;77620:177:::0;;;:::o;51792:99::-;51871:13;;;;51792:99;:::o;52084:214::-;49639:13;:11;:13::i;:::-;52209::::1;:24:::0;;;::::1;;::::0;::::1;::::0;;::::1;::::0;;;52273:7:::1;:5;:7::i;:::-;52248:43;;;;;;;;;;;;52084:214:::0;:::o;50569:187::-;50642:16;50661:6;;;50677:17;;;;;;;;;;50709:40;;50661:6;;;;;;;50709:40;;50642:16;50709:40;50569:187;;:::o;49904:130::-;49978:12;:10;:12::i;:::-;49967:23;;:7;:5;:7::i;:::-;:23;;;49959:68;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;49904:130::o;47973:104::-;48060:10;47973:104;:::o;52482:153::-;52571:13;52564:20;;;;;;52594:34;52619:8;52594:24;:34::i;73514:175::-;73623:58;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;73646:23;73623:58;;;73596:86;;73616:5;;76196:23;76222:69;76250:4;76222:69;;;;;;;;;;;;;;;;;76230:5;76222:27;;;;:69;;;;;:::i;:::-;76305:17;;76196:95;;-1:-1:-1;76305:21:0;76301:221;;76445:10;76434:30;;;;;;;;;;;;;;;-1:-1:-1;76434:30:0;76426:85;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;68729:193;68832:12;68863:52;68885:6;68893:4;68899:1;68902:12;68863:21;:52::i;:::-;68856:59;;68729:193;;;;;;:::o;69756:523::-;69883:12;69940:5;69915:21;:30;;69907:81;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;70006:18;70017:6;70006:10;:18::i;:::-;69998:60;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;70129:12;70143:23;70170:6;:11;;70190:5;70198:4;70170:33;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;70128:75;;;;70220:52;70238:7;70247:10;70259:12;70220:17;:52::i;:::-;70213:59;69756:523;-1:-1:-1;;;;;;;69756:523:0:o;65874:413::-;66234:20;66272:8;;;65874:413::o;72239:725::-;72354:12;72382:7;72378:580;;;-1:-1:-1;72412:10:0;72405:17;;72378:580;72523:17;;:21;72519:429;;72781:10;72775:17;72841:15;72828:10;72824:2;72820:19;72813:44;72730:145;72920:12;72913:20;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;","abiDefinition":[{"anonymous":false,"inputs":[{"indexed":true,"internalType":"address","name":"previousOwner","type":"address"},{"indexed":true,"internalType":"address","name":"newOwner","type":"address"}],"name":"OwnershipTransferStarted","type":"event"},{"anonymous":false,"inputs":[{"indexed":true,"internalType":"address","name":"previousOwner","type":"address"},{"indexed":true,"internalType":"address","name":"newOwner","type":"address"}],"name":"OwnershipTransferred","type":"event"},{"anonymous":false,"inputs":[{"indexed":true,"internalType":"address","name":"newRescuer","type":"address"}],"name":"RescuerChanged","type":"event"},{"inputs":[],"name":"acceptOwnership","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[],"name":"owner","outputs":[{"internalType":"address","name":"","type":"address"}],"stateMutability":"view","type":"function"},{"inputs":[],"name":"pendingOwner","outputs":[{"internalType":"address","name":"","type":"address"}],"stateMutability":"view","type":"function"},{"inputs":[{"internalType":"contract IERC20","name":"tokenContract","type":"address"},{"internalType":"address","name":"to","type":"address"},{"internalType":"uint256","name":"amount","type":"uint256"}],"name":"rescueERC20","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[],"name":"rescuer","outputs":[{"internalType":"address","name":"","type":"address"}],"stateMutability":"view","type":"function"},{"inputs":[{"internalType":"address","name":"newOwner","type":"address"}],"name":"transferOwnership","outputs":[],"stateMutability":"nonpayable","type":"function"},{"inputs":[{"internalType":"address","name":"newRescuer","type":"address"}],"name":"updateRescuer","outputs":[],"stateMutability":"nonpayable","type":"function"}],"userDoc":{"kind":"user","methods":{"rescueERC20(address,address,uint256)":{"notice":"Rescue ERC20 tokens locked up in this contract."},"rescuer()":{"notice":"Returns current rescuer"},"updateRescuer(address)":{"notice":"Assign the rescuer role to a given address."}},"notice":"Base contract which allows children to rescue ERC20 locked in their contract.","version":1},"developerDoc":{"details":"Forked from https://github.com/centrehq/centre-tokens/blob/0d3cab14ebd133a83fc834dbd48d0468bdf0b391/contracts/v1.1/Rescuable.sol Modifications: 1. Update Solidity version from 0.6.12 to 0.7.6 (8/23/2022)","kind":"dev","methods":{"acceptOwnership()":{"details":"The new owner accepts the ownership transfer."},"owner()":{"details":"Returns the address of the current owner."},"pendingOwner()":{"details":"Returns the address of the pending owner."},"rescueERC20(address,address,uint256)":{"params":{"amount":"Amount to withdraw","to":"Recipient address","tokenContract":"ERC20 token contract address"}},"rescuer()":{"returns":{"_0":"Rescuer's address"}},"transferOwnership(address)":{"details":"Starts the ownership transfer of the contract to a new account. Replaces the pending transfer if there is one. Can only be called by the current owner."},"updateRescuer(address)":{"params":{"newRescuer":"New rescuer's address"}}},"version":1},"metadata":"{\"compiler\":{\"version\":\"0.7.6+commit.7338295f\"},\"language\":\"Solidity\",\"output\":{\"abi\":[{\"anonymous\":false,\"inputs\":[{\"indexed\":true,\"internalType\":\"address\",\"name\":\"previousOwner\",\"type\":\"address\"},{\"indexed\":true,\"internalType\":\"address\",\"name\":\"newOwner\",\"type\":\"address\"}],\"name\":\"OwnershipTransferStarted\",\"type\":\"event\"},{\"anonymous\":false,\"inputs\":[{\"indexed\":true,\"internalType\":\"address\",\"name\":\"previousOwner\",\"type\":\"address\"},{\"indexed\":true,\"internalType\":\"address\",\"name\":\"newOwner\",\"type\":\"address\"}],\"name\":\"OwnershipTransferred\",\"type\":\"event\"},{\"anonymous\":false,\"inputs\":[{\"indexed\":true,\"internalType\":\"address\",\"name\":\"newRescuer\",\"type\":\"address\"}],\"name\":\"RescuerChanged\",\"type\":\"event\"},{\"inputs\":[],\"name\":\"acceptOwnership\",\"outputs\":[],\"stateMutability\":\"nonpayable\",\"type\":\"function\"},{\"inputs\":[],\"name\":\"owner\",\"outputs\":[{\"internalType\":\"address\",\"name\":\"\",\"type\":\"address\"}],\"stateMutability\":\"view\",\"type\":\"function\"},{\"inputs\":[],\"name\":\"pendingOwner\",\"outputs\":[{\"internalType\":\"address\",\"name\":\"\",\"type\":\"address\"}],\"stateMutability\":\"view\",\"type\":\"function\"},{\"inputs\":[{\"internalType\":\"contract IERC20\",\"name\":\"tokenContract\",\"type\":\"address\"},{\"internalType\":\"address\",\"name\":\"to\",\"type\":\"address\"},{\"internalType\":\"uint256\",\"name\":\"amount\",\"type\":\"uint256\"}],\"name\":\"rescueERC20\",\"outputs\":[],\"stateMutability\":\"nonpayable\",\"type\":\"function\"},{\"inputs\":[],\"name\":\"rescuer\",\"outputs\":[{\"internalType\":\"address\",\"name\":\"\",\"type\":\"address\"}],\"stateMutability\":\"view\",\"type\":\"function\"},{\"inputs\":[{\"internalType\":\"address\",\"name\":\"newOwner\",\"type\":\"address\"}],\"name\":\"transferOwnership\",\"outputs\":[],\"stateMutability\":\"nonpayable\",\"type\":\"function\"},{\"inputs\":[{\"internalType\":\"address\",\"name\":\"newRescuer\",\"type\":\"address\"}],\"name\":\"updateRescuer\",\"outputs\":[],\"stateMutability\":\"nonpayable\",\"type\":\"function\"}],\"devdoc\":{\"details\":\"Forked from https://github.com/centrehq/centre-tokens/blob/0d3cab14ebd133a83fc834dbd48d0468bdf0b391/contracts/v1.1/Rescuable.sol Modifications: 1. Update Solidity version from 0.6.12 to 0.7.6 (8/23/2022)\",\"kind\":\"dev\",\"methods\":{\"acceptOwnership()\":{\"details\":\"The new owner accepts the ownership transfer.\"},\"owner()\":{\"details\":\"Returns the address of the current owner.\"},\"pendingOwner()\":{\"details\":\"Returns the address of the pending owner.\"},\"rescueERC20(address,address,uint256)\":{\"params\":{\"amount\":\"Amount to withdraw\",\"to\":\"Recipient address\",\"tokenContract\":\"ERC20 token contract address\"}},\"rescuer()\":{\"returns\":{\"_0\":\"Rescuer's address\"}},\"transferOwnership(address)\":{\"details\":\"Starts the ownership transfer of the contract to a new account. Replaces the pending transfer if there is one. Can only be called by the current owner.\"},\"updateRescuer(address)\":{\"params\":{\"newRescuer\":\"New rescuer's address\"}}},\"version\":1},\"userdoc\":{\"kind\":\"user\",\"methods\":{\"rescueERC20(address,address,uint256)\":{\"notice\":\"Rescue ERC20 tokens locked up in this contract.\"},\"rescuer()\":{\"notice\":\"Returns current rescuer\"},\"updateRescuer(address)\":{\"notice\":\"Assign the rescuer role to a given address.\"}},\"notice\":\"Base contract which allows children to rescue ERC20 locked in their contract.\",\"version\":1}},\"settings\":{\"compilationTarget\":{\"/solidity/MessageTransmitter.sol\":\"Rescuable\"},\"evmVersion\":\"istanbul\",\"libraries\":{},\"metadata\":{\"bytecodeHash\":\"ipfs\"},\"optimizer\":{\"enabled\":true,\"runs\":10000},\"remappings\":[]},\"sources\":{\"/solidity/MessageTransmitter.sol\":{\"keccak256\":\"0x66482a7675b7a8f1b856597c0bcce83a042b7f528008def6999bc6ac352490c3\",\"urls\":[\"bzz-raw://1ac50e39d1d55ebb3768c40e3a059e0061a4b3604e6d696b344536449bf54493\",\"dweb:/ipfs/QmVs58APPUCVq74xCsVLCMdfB18yJTqFzgXNL5qEJu7GY6\"]}},\"version\":1}"},"hashes":{"acceptOwnership()":"79ba5097","owner()":"8da5cb5b","pendingOwner()":"e30c3978","rescueERC20(address,address,uint256)":"b2118a8d","rescuer()":"38a63183","transferOwnership(address)":"f2fde38b","updateRescuer(address)":"2ab60045"}},"/solidity/MessageTransmitter.sol:SafeERC20":{"code":"0x60566023600b82828239805160001a607314601657fe5b30600052607381538281f3fe73000000000000000000000000000000000000000030146080604052600080fdfea264697066735822122049d650fa5b28cfa0c973a0a960917819b7d0e4fa81f4a4ec4cde43af45791f1d64736f6c63430007060033","runtime-code":"0x73000000000000000000000000000000000000000030146080604052600080fdfea264697066735822122049d650fa5b28cfa0c973a0a960917819b7d0e4fa81f4a4ec4cde43af45791f1d64736f6c63430007060033","info":{"source":"/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npragma solidity 0.7.6;\n\n/*\nThe MIT License (MIT)\n\nCopyright (c) 2016 Smart Contract Solutions, Inc.\n\nPermission is hereby granted, free of charge, to any person obtaining\na copy of this software and associated documentation files (the\n\"Software\"), to deal in the Software without restriction, including\nwithout limitation the rights to use, copy, modify, merge, publish,\ndistribute, sublicense, and/or sell copies of the Software, and to\npermit persons to whom the Software is furnished to do so, subject to\nthe following conditions:\n\nThe above copyright notice and this permission notice shall be included\nin all copies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS\nOR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF\nMERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.\nIN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY\nCLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,\nTORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE\nSOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n*/\n\nlibrary TypedMemView {\n using SafeMath for uint256;\n\n // Why does this exist?\n // the solidity `bytes memory` type has a few weaknesses.\n // 1. You can't index ranges effectively\n // 2. You can't slice without copying\n // 3. The underlying data may represent any type\n // 4. Solidity never deallocates memory, and memory costs grow\n // superlinearly\n\n // By using a memory view instead of a `bytes memory` we get the following\n // advantages:\n // 1. Slices are done on the stack, by manipulating the pointer\n // 2. We can index arbitrary ranges and quickly convert them to stack types\n // 3. We can insert type info into the pointer, and typecheck at runtime\n\n // This makes `TypedMemView` a useful tool for efficient zero-copy\n // algorithms.\n\n // Why bytes29?\n // We want to avoid confusion between views, digests, and other common\n // types so we chose a large and uncommonly used odd number of bytes\n //\n // Note that while bytes are left-aligned in a word, integers and addresses\n // are right-aligned. This means when working in assembly we have to\n // account for the 3 unused bytes on the righthand side\n //\n // First 5 bytes are a type flag.\n // - ff_ffff_fffe is reserved for unknown type.\n // - ff_ffff_ffff is reserved for invalid types/errors.\n // next 12 are memory address\n // next 12 are len\n // bottom 3 bytes are empty\n\n // Assumptions:\n // - non-modification of memory.\n // - No Solidity updates\n // - - wrt free mem point\n // - - wrt bytes representation in memory\n // - - wrt memory addressing in general\n\n // Usage:\n // - create type constants\n // - use `assertType` for runtime type assertions\n // - - unfortunately we can't do this at compile time yet :(\n // - recommended: implement modifiers that perform type checking\n // - - e.g.\n // - - `uint40 constant MY_TYPE = 3;`\n // - - ` modifer onlyMyType(bytes29 myView) { myView.assertType(MY_TYPE); }`\n // - instantiate a typed view from a bytearray using `ref`\n // - use `index` to inspect the contents of the view\n // - use `slice` to create smaller views into the same memory\n // - - `slice` can increase the offset\n // - - `slice can decrease the length`\n // - - must specify the output type of `slice`\n // - - `slice` will return a null view if you try to overrun\n // - - make sure to explicitly check for this with `notNull` or `assertType`\n // - use `equal` for typed comparisons.\n\n // The null view\n bytes29 public constant NULL = hex\"ffffffffffffffffffffffffffffffffffffffffffffffffffffffffff\";\n uint256 constant LOW_12_MASK = 0xffffffffffffffffffffffff;\n uint8 constant TWELVE_BYTES = 96;\n\n /**\n * @notice Returns the encoded hex character that represents the lower 4 bits of the argument.\n * @param _b The byte\n * @return char - The encoded hex character\n */\n function nibbleHex(uint8 _b) internal pure returns (uint8 char) {\n // This can probably be done more efficiently, but it's only in error\n // paths, so we don't really care :)\n uint8 _nibble = _b | 0xf0; // set top 4, keep bottom 4\n if (_nibble == 0xf0) {return 0x30;} // 0\n if (_nibble == 0xf1) {return 0x31;} // 1\n if (_nibble == 0xf2) {return 0x32;} // 2\n if (_nibble == 0xf3) {return 0x33;} // 3\n if (_nibble == 0xf4) {return 0x34;} // 4\n if (_nibble == 0xf5) {return 0x35;} // 5\n if (_nibble == 0xf6) {return 0x36;} // 6\n if (_nibble == 0xf7) {return 0x37;} // 7\n if (_nibble == 0xf8) {return 0x38;} // 8\n if (_nibble == 0xf9) {return 0x39;} // 9\n if (_nibble == 0xfa) {return 0x61;} // a\n if (_nibble == 0xfb) {return 0x62;} // b\n if (_nibble == 0xfc) {return 0x63;} // c\n if (_nibble == 0xfd) {return 0x64;} // d\n if (_nibble == 0xfe) {return 0x65;} // e\n if (_nibble == 0xff) {return 0x66;} // f\n }\n\n /**\n * @notice Returns a uint16 containing the hex-encoded byte.\n * @param _b The byte\n * @return encoded - The hex-encoded byte\n */\n function byteHex(uint8 _b) internal pure returns (uint16 encoded) {\n encoded |= nibbleHex(_b \u003e\u003e 4); // top 4 bits\n encoded \u003c\u003c= 8;\n encoded |= nibbleHex(_b); // lower 4 bits\n }\n\n /**\n * @notice Encodes the uint256 to hex. `first` contains the encoded top 16 bytes.\n * `second` contains the encoded lower 16 bytes.\n *\n * @param _b The 32 bytes as uint256\n * @return first - The top 16 bytes\n * @return second - The bottom 16 bytes\n */\n function encodeHex(uint256 _b) internal pure returns (uint256 first, uint256 second) {\n for (uint8 i = 31; i \u003e 15; i -= 1) {\n uint8 _byte = uint8(_b \u003e\u003e (i * 8));\n first |= byteHex(_byte);\n if (i != 16) {\n first \u003c\u003c= 16;\n }\n }\n\n // abusing underflow here =_=\n for (uint8 i = 15; i \u003c 255 ; i -= 1) {\n uint8 _byte = uint8(_b \u003e\u003e (i * 8));\n second |= byteHex(_byte);\n if (i != 0) {\n second \u003c\u003c= 16;\n }\n }\n }\n\n /**\n * @notice Changes the endianness of a uint256.\n * @dev https://graphics.stanford.edu/~seander/bithacks.html#ReverseParallel\n * @param _b The unsigned integer to reverse\n * @return v - The reversed value\n */\n function reverseUint256(uint256 _b) internal pure returns (uint256 v) {\n v = _b;\n\n // swap bytes\n v = ((v \u003e\u003e 8) \u0026 0x00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF) |\n ((v \u0026 0x00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF) \u003c\u003c 8);\n // swap 2-byte long pairs\n v = ((v \u003e\u003e 16) \u0026 0x0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF) |\n ((v \u0026 0x0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF) \u003c\u003c 16);\n // swap 4-byte long pairs\n v = ((v \u003e\u003e 32) \u0026 0x00000000FFFFFFFF00000000FFFFFFFF00000000FFFFFFFF00000000FFFFFFFF) |\n ((v \u0026 0x00000000FFFFFFFF00000000FFFFFFFF00000000FFFFFFFF00000000FFFFFFFF) \u003c\u003c 32);\n // swap 8-byte long pairs\n v = ((v \u003e\u003e 64) \u0026 0x0000000000000000FFFFFFFFFFFFFFFF0000000000000000FFFFFFFFFFFFFFFF) |\n ((v \u0026 0x0000000000000000FFFFFFFFFFFFFFFF0000000000000000FFFFFFFFFFFFFFFF) \u003c\u003c 64);\n // swap 16-byte long pairs\n v = (v \u003e\u003e 128) | (v \u003c\u003c 128);\n }\n\n /**\n * @notice Create a mask with the highest `_len` bits set.\n * @param _len The length\n * @return mask - The mask\n */\n function leftMask(uint8 _len) private pure returns (uint256 mask) {\n // ugly. redo without assembly?\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n mask := sar(\n sub(_len, 1),\n 0x8000000000000000000000000000000000000000000000000000000000000000\n )\n }\n }\n\n /**\n * @notice Return the null view.\n * @return bytes29 - The null view\n */\n function nullView() internal pure returns (bytes29) {\n return NULL;\n }\n\n /**\n * @notice Check if the view is null.\n * @return bool - True if the view is null\n */\n function isNull(bytes29 memView) internal pure returns (bool) {\n return memView == NULL;\n }\n\n /**\n * @notice Check if the view is not null.\n * @return bool - True if the view is not null\n */\n function notNull(bytes29 memView) internal pure returns (bool) {\n return !isNull(memView);\n }\n\n /**\n * @notice Check if the view is of a valid type and points to a valid location\n * in memory.\n * @dev We perform this check by examining solidity's unallocated memory\n * pointer and ensuring that the view's upper bound is less than that.\n * @param memView The view\n * @return ret - True if the view is valid\n */\n function isValid(bytes29 memView) internal pure returns (bool ret) {\n if (typeOf(memView) == 0xffffffffff) {return false;}\n uint256 _end = end(memView);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n ret := not(gt(_end, mload(0x40)))\n }\n }\n\n /**\n * @notice Require that a typed memory view be valid.\n * @dev Returns the view for easy chaining.\n * @param memView The view\n * @return bytes29 - The validated view\n */\n function assertValid(bytes29 memView) internal pure returns (bytes29) {\n require(isValid(memView), \"Validity assertion failed\");\n return memView;\n }\n\n /**\n * @notice Return true if the memview is of the expected type. Otherwise false.\n * @param memView The view\n * @param _expected The expected type\n * @return bool - True if the memview is of the expected type\n */\n function isType(bytes29 memView, uint40 _expected) internal pure returns (bool) {\n return typeOf(memView) == _expected;\n }\n\n /**\n * @notice Require that a typed memory view has a specific type.\n * @dev Returns the view for easy chaining.\n * @param memView The view\n * @param _expected The expected type\n * @return bytes29 - The view with validated type\n */\n function assertType(bytes29 memView, uint40 _expected) internal pure returns (bytes29) {\n if (!isType(memView, _expected)) {\n (, uint256 g) = encodeHex(uint256(typeOf(memView)));\n (, uint256 e) = encodeHex(uint256(_expected));\n string memory err = string(\n abi.encodePacked(\n \"Type assertion failed. Got 0x\",\n uint80(g),\n \". Expected 0x\",\n uint80(e)\n )\n );\n revert(err);\n }\n return memView;\n }\n\n /**\n * @notice Return an identical view with a different type.\n * @param memView The view\n * @param _newType The new type\n * @return newView - The new view with the specified type\n */\n function castTo(bytes29 memView, uint40 _newType) internal pure returns (bytes29 newView) {\n // then | in the new type\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n // shift off the top 5 bytes\n newView := or(newView, shr(40, shl(40, memView)))\n newView := or(newView, shl(216, _newType))\n }\n }\n\n /**\n * @notice Unsafe raw pointer construction. This should generally not be called\n * directly. Prefer `ref` wherever possible.\n * @dev Unsafe raw pointer construction. This should generally not be called\n * directly. Prefer `ref` wherever possible.\n * @param _type The type\n * @param _loc The memory address\n * @param _len The length\n * @return newView - The new view with the specified type, location and length\n */\n function unsafeBuildUnchecked(uint256 _type, uint256 _loc, uint256 _len) private pure returns (bytes29 newView) {\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n newView := shl(96, or(newView, _type)) // insert type\n newView := shl(96, or(newView, _loc)) // insert loc\n newView := shl(24, or(newView, _len)) // empty bottom 3 bytes\n }\n }\n\n /**\n * @notice Instantiate a new memory view. This should generally not be called\n * directly. Prefer `ref` wherever possible.\n * @dev Instantiate a new memory view. This should generally not be called\n * directly. Prefer `ref` wherever possible.\n * @param _type The type\n * @param _loc The memory address\n * @param _len The length\n * @return newView - The new view with the specified type, location and length\n */\n function build(uint256 _type, uint256 _loc, uint256 _len) internal pure returns (bytes29 newView) {\n uint256 _end = _loc.add(_len);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n if gt(_end, mload(0x40)) {\n _end := 0\n }\n }\n if (_end == 0) {\n return NULL;\n }\n newView = unsafeBuildUnchecked(_type, _loc, _len);\n }\n\n /**\n * @notice Instantiate a memory view from a byte array.\n * @dev Note that due to Solidity memory representation, it is not possible to\n * implement a deref, as the `bytes` type stores its len in memory.\n * @param arr The byte array\n * @param newType The type\n * @return bytes29 - The memory view\n */\n function ref(bytes memory arr, uint40 newType) internal pure returns (bytes29) {\n uint256 _len = arr.length;\n\n uint256 _loc;\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n _loc := add(arr, 0x20) // our view is of the data, not the struct\n }\n\n return build(newType, _loc, _len);\n }\n\n /**\n * @notice Return the associated type information.\n * @param memView The memory view\n * @return _type - The type associated with the view\n */\n function typeOf(bytes29 memView) internal pure returns (uint40 _type) {\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n // 216 == 256 - 40\n _type := shr(216, memView) // shift out lower 24 bytes\n }\n }\n\n /**\n * @notice Optimized type comparison. Checks that the 5-byte type flag is equal.\n * @param left The first view\n * @param right The second view\n * @return bool - True if the 5-byte type flag is equal\n */\n function sameType(bytes29 left, bytes29 right) internal pure returns (bool) {\n return (left ^ right) \u003e\u003e (2 * TWELVE_BYTES) == 0;\n }\n\n /**\n * @notice Return the memory address of the underlying bytes.\n * @param memView The view\n * @return _loc - The memory address\n */\n function loc(bytes29 memView) internal pure returns (uint96 _loc) {\n uint256 _mask = LOW_12_MASK; // assembly can't use globals\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n // 120 bits = 12 bytes (the encoded loc) + 3 bytes (empty low space)\n _loc := and(shr(120, memView), _mask)\n }\n }\n\n /**\n * @notice The number of memory words this memory view occupies, rounded up.\n * @param memView The view\n * @return uint256 - The number of memory words\n */\n function words(bytes29 memView) internal pure returns (uint256) {\n return uint256(len(memView)).add(32) / 32;\n }\n\n /**\n * @notice The in-memory footprint of a fresh copy of the view.\n * @param memView The view\n * @return uint256 - The in-memory footprint of a fresh copy of the view.\n */\n function footprint(bytes29 memView) internal pure returns (uint256) {\n return words(memView) * 32;\n }\n\n /**\n * @notice The number of bytes of the view.\n * @param memView The view\n * @return _len - The length of the view\n */\n function len(bytes29 memView) internal pure returns (uint96 _len) {\n uint256 _mask = LOW_12_MASK; // assembly can't use globals\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n _len := and(shr(24, memView), _mask)\n }\n }\n\n /**\n * @notice Returns the endpoint of `memView`.\n * @param memView The view\n * @return uint256 - The endpoint of `memView`\n */\n function end(bytes29 memView) internal pure returns (uint256) {\n return loc(memView) + len(memView);\n }\n\n /**\n * @notice Safe slicing without memory modification.\n * @param memView The view\n * @param _index The start index\n * @param _len The length\n * @param newType The new type\n * @return bytes29 - The new view\n */\n function slice(bytes29 memView, uint256 _index, uint256 _len, uint40 newType) internal pure returns (bytes29) {\n uint256 _loc = loc(memView);\n\n // Ensure it doesn't overrun the view\n if (_loc.add(_index).add(_len) \u003e end(memView)) {\n return NULL;\n }\n\n _loc = _loc.add(_index);\n return build(newType, _loc, _len);\n }\n\n /**\n * @notice Shortcut to `slice`. Gets a view representing the first `_len` bytes.\n * @param memView The view\n * @param _len The length\n * @param newType The new type\n * @return bytes29 - The new view\n */\n function prefix(bytes29 memView, uint256 _len, uint40 newType) internal pure returns (bytes29) {\n return slice(memView, 0, _len, newType);\n }\n\n /**\n * @notice Shortcut to `slice`. Gets a view representing the last `_len` byte.\n * @param memView The view\n * @param _len The length\n * @param newType The new type\n * @return bytes29 - The new view\n */\n function postfix(bytes29 memView, uint256 _len, uint40 newType) internal pure returns (bytes29) {\n return slice(memView, uint256(len(memView)).sub(_len), _len, newType);\n }\n\n /**\n * @notice Construct an error message for an indexing overrun.\n * @param _loc The memory address\n * @param _len The length\n * @param _index The index\n * @param _slice The slice where the overrun occurred\n * @return err - The err\n */\n function indexErrOverrun(\n uint256 _loc,\n uint256 _len,\n uint256 _index,\n uint256 _slice\n ) internal pure returns (string memory err) {\n (, uint256 a) = encodeHex(_loc);\n (, uint256 b) = encodeHex(_len);\n (, uint256 c) = encodeHex(_index);\n (, uint256 d) = encodeHex(_slice);\n err = string(\n abi.encodePacked(\n \"TypedMemView/index - Overran the view. Slice is at 0x\",\n uint48(a),\n \" with length 0x\",\n uint48(b),\n \". Attempted to index at offset 0x\",\n uint48(c),\n \" with length 0x\",\n uint48(d),\n \".\"\n )\n );\n }\n\n /**\n * @notice Load up to 32 bytes from the view onto the stack.\n * @dev Returns a bytes32 with only the `_bytes` highest bytes set.\n * This can be immediately cast to a smaller fixed-length byte array.\n * To automatically cast to an integer, use `indexUint`.\n * @param memView The view\n * @param _index The index\n * @param _bytes The bytes\n * @return result - The 32 byte result\n */\n function index(bytes29 memView, uint256 _index, uint8 _bytes) internal pure returns (bytes32 result) {\n if (_bytes == 0) {return bytes32(0);}\n if (_index.add(_bytes) \u003e len(memView)) {\n revert(indexErrOverrun(loc(memView), len(memView), _index, uint256(_bytes)));\n }\n require(_bytes \u003c= 32, \"TypedMemView/index - Attempted to index more than 32 bytes\");\n\n uint8 bitLength = _bytes * 8;\n uint256 _loc = loc(memView);\n uint256 _mask = leftMask(bitLength);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n result := and(mload(add(_loc, _index)), _mask)\n }\n }\n\n /**\n * @notice Parse an unsigned integer from the view at `_index`.\n * @dev Requires that the view have \u003e= `_bytes` bytes following that index.\n * @param memView The view\n * @param _index The index\n * @param _bytes The bytes\n * @return result - The unsigned integer\n */\n function indexUint(bytes29 memView, uint256 _index, uint8 _bytes) internal pure returns (uint256 result) {\n return uint256(index(memView, _index, _bytes)) \u003e\u003e ((32 - _bytes) * 8);\n }\n\n /**\n * @notice Parse an unsigned integer from LE bytes.\n * @param memView The view\n * @param _index The index\n * @param _bytes The bytes\n * @return result - The unsigned integer\n */\n function indexLEUint(bytes29 memView, uint256 _index, uint8 _bytes) internal pure returns (uint256 result) {\n return reverseUint256(uint256(index(memView, _index, _bytes)));\n }\n\n /**\n * @notice Parse an address from the view at `_index`. Requires that the view have \u003e= 20 bytes\n * following that index.\n * @param memView The view\n * @param _index The index\n * @return address - The address\n */\n function indexAddress(bytes29 memView, uint256 _index) internal pure returns (address) {\n return address(uint160(indexUint(memView, _index, 20)));\n }\n\n /**\n * @notice Return the keccak256 hash of the underlying memory\n * @param memView The view\n * @return digest - The keccak256 hash of the underlying memory\n */\n function keccak(bytes29 memView) internal pure returns (bytes32 digest) {\n uint256 _loc = loc(memView);\n uint256 _len = len(memView);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n digest := keccak256(_loc, _len)\n }\n }\n\n /**\n * @notice Return the sha2 digest of the underlying memory.\n * @dev We explicitly deallocate memory afterwards.\n * @param memView The view\n * @return digest - The sha2 hash of the underlying memory\n */\n function sha2(bytes29 memView) internal view returns (bytes32 digest) {\n uint256 _loc = loc(memView);\n uint256 _len = len(memView);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n let ptr := mload(0x40)\n pop(staticcall(gas(), 2, _loc, _len, ptr, 0x20)) // sha2 #1\n digest := mload(ptr)\n }\n }\n\n /**\n * @notice Implements bitcoin's hash160 (rmd160(sha2()))\n * @param memView The pre-image\n * @return digest - the Digest\n */\n function hash160(bytes29 memView) internal view returns (bytes20 digest) {\n uint256 _loc = loc(memView);\n uint256 _len = len(memView);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n let ptr := mload(0x40)\n pop(staticcall(gas(), 2, _loc, _len, ptr, 0x20)) // sha2\n pop(staticcall(gas(), 3, ptr, 0x20, ptr, 0x20)) // rmd160\n digest := mload(add(ptr, 0xc)) // return value is 0-prefixed.\n }\n }\n\n /**\n * @notice Implements bitcoin's hash256 (double sha2)\n * @param memView A view of the preimage\n * @return digest - the Digest\n */\n function hash256(bytes29 memView) internal view returns (bytes32 digest) {\n uint256 _loc = loc(memView);\n uint256 _len = len(memView);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n let ptr := mload(0x40)\n pop(staticcall(gas(), 2, _loc, _len, ptr, 0x20)) // sha2 #1\n pop(staticcall(gas(), 2, ptr, 0x20, ptr, 0x20)) // sha2 #2\n digest := mload(ptr)\n }\n }\n\n /**\n * @notice Return true if the underlying memory is equal. Else false.\n * @param left The first view\n * @param right The second view\n * @return bool - True if the underlying memory is equal\n */\n function untypedEqual(bytes29 left, bytes29 right) internal pure returns (bool) {\n return (loc(left) == loc(right) \u0026\u0026 len(left) == len(right)) || keccak(left) == keccak(right);\n }\n\n /**\n * @notice Return false if the underlying memory is equal. Else true.\n * @param left The first view\n * @param right The second view\n * @return bool - False if the underlying memory is equal\n */\n function untypedNotEqual(bytes29 left, bytes29 right) internal pure returns (bool) {\n return !untypedEqual(left, right);\n }\n\n /**\n * @notice Compares type equality.\n * @dev Shortcuts if the pointers are identical, otherwise compares type and digest.\n * @param left The first view\n * @param right The second view\n * @return bool - True if the types are the same\n */\n function equal(bytes29 left, bytes29 right) internal pure returns (bool) {\n return left == right || (typeOf(left) == typeOf(right) \u0026\u0026 keccak(left) == keccak(right));\n }\n\n /**\n * @notice Compares type inequality.\n * @dev Shortcuts if the pointers are identical, otherwise compares type and digest.\n * @param left The first view\n * @param right The second view\n * @return bool - True if the types are not the same\n */\n function notEqual(bytes29 left, bytes29 right) internal pure returns (bool) {\n return !equal(left, right);\n }\n\n /**\n * @notice Copy the view to a location, return an unsafe memory reference\n * @dev Super Dangerous direct memory access.\n *\n * This reference can be overwritten if anything else modifies memory (!!!).\n * As such it MUST be consumed IMMEDIATELY.\n * This function is private to prevent unsafe usage by callers.\n * @param memView The view\n * @param _newLoc The new location\n * @return written - the unsafe memory reference\n */\n function unsafeCopyTo(bytes29 memView, uint256 _newLoc) private view returns (bytes29 written) {\n require(notNull(memView), \"TypedMemView/copyTo - Null pointer deref\");\n require(isValid(memView), \"TypedMemView/copyTo - Invalid pointer deref\");\n uint256 _len = len(memView);\n uint256 _oldLoc = loc(memView);\n\n uint256 ptr;\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n ptr := mload(0x40)\n // revert if we're writing in occupied memory\n if gt(ptr, _newLoc) {\n revert(0x60, 0x20) // empty revert message\n }\n\n // use the identity precompile to copy\n // guaranteed not to fail, so pop the success\n pop(staticcall(gas(), 4, _oldLoc, _len, _newLoc, _len))\n }\n\n written = unsafeBuildUnchecked(typeOf(memView), _newLoc, _len);\n }\n\n /**\n * @notice Copies the referenced memory to a new loc in memory, returning a `bytes` pointing to\n * the new memory\n * @dev Shortcuts if the pointers are identical, otherwise compares type and digest.\n * @param memView The view\n * @return ret - The view pointing to the new memory\n */\n function clone(bytes29 memView) internal view returns (bytes memory ret) {\n uint256 ptr;\n uint256 _len = len(memView);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n ptr := mload(0x40) // load unused memory pointer\n ret := ptr\n }\n unsafeCopyTo(memView, ptr + 0x20);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n mstore(0x40, add(add(ptr, _len), 0x20)) // write new unused pointer\n mstore(ptr, _len) // write len of new array (in bytes)\n }\n }\n\n /**\n * @notice Join the views in memory, return an unsafe reference to the memory.\n * @dev Super Dangerous direct memory access.\n *\n * This reference can be overwritten if anything else modifies memory (!!!).\n * As such it MUST be consumed IMMEDIATELY.\n * This function is private to prevent unsafe usage by callers.\n * @param memViews The views\n * @return unsafeView - The conjoined view pointing to the new memory\n */\n function unsafeJoin(bytes29[] memory memViews, uint256 _location) private view returns (bytes29 unsafeView) {\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n let ptr := mload(0x40)\n // revert if we're writing in occupied memory\n if gt(ptr, _location) {\n revert(0x60, 0x20) // empty revert message\n }\n }\n\n uint256 _offset = 0;\n for (uint256 i = 0; i \u003c memViews.length; i ++) {\n bytes29 memView = memViews[i];\n unsafeCopyTo(memView, _location + _offset);\n _offset += len(memView);\n }\n unsafeView = unsafeBuildUnchecked(0, _location, _offset);\n }\n\n /**\n * @notice Produce the keccak256 digest of the concatenated contents of multiple views.\n * @param memViews The views\n * @return bytes32 - The keccak256 digest\n */\n function joinKeccak(bytes29[] memory memViews) internal view returns (bytes32) {\n uint256 ptr;\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n ptr := mload(0x40) // load unused memory pointer\n }\n return keccak(unsafeJoin(memViews, ptr));\n }\n\n /**\n * @notice Produce the sha256 digest of the concatenated contents of multiple views.\n * @param memViews The views\n * @return bytes32 - The sha256 digest\n */\n function joinSha2(bytes29[] memory memViews) internal view returns (bytes32) {\n uint256 ptr;\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n ptr := mload(0x40) // load unused memory pointer\n }\n return sha2(unsafeJoin(memViews, ptr));\n }\n\n /**\n * @notice copies all views, joins them into a new bytearray.\n * @param memViews The views\n * @return ret - The new byte array\n */\n function join(bytes29[] memory memViews) internal view returns (bytes memory ret) {\n uint256 ptr;\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n ptr := mload(0x40) // load unused memory pointer\n }\n\n bytes29 _newView = unsafeJoin(memViews, ptr + 0x20);\n uint256 _written = len(_newView);\n uint256 _footprint = footprint(_newView);\n\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n // store the legnth\n mstore(ptr, _written)\n // new pointer is old + 0x20 + the footprint of the body\n mstore(0x40, add(add(ptr, _footprint), 0x20))\n ret := ptr\n }\n }\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * @title IRelayer\n * @notice Sends messages from source domain to destination domain\n */\ninterface IRelayer {\n /**\n * @notice Sends an outgoing message from the source domain.\n * @dev Increment nonce, format the message, and emit `MessageSent` event with message information.\n * @param destinationDomain Domain of destination chain\n * @param recipient Address of message recipient on destination domain as bytes32\n * @param messageBody Raw bytes content of message\n * @return nonce reserved by message\n */\n function sendMessage(\n uint32 destinationDomain,\n bytes32 recipient,\n bytes calldata messageBody\n ) external returns (uint64);\n\n /**\n * @notice Sends an outgoing message from the source domain, with a specified caller on the\n * destination domain.\n * @dev Increment nonce, format the message, and emit `MessageSent` event with message information.\n * WARNING: if the `destinationCaller` does not represent a valid address as bytes32, then it will not be possible\n * to broadcast the message on the destination domain. This is an advanced feature, and the standard\n * sendMessage() should be preferred for use cases where a specific destination caller is not required.\n * @param destinationDomain Domain of destination chain\n * @param recipient Address of message recipient on destination domain as bytes32\n * @param destinationCaller caller on the destination domain, as bytes32\n * @param messageBody Raw bytes content of message\n * @return nonce reserved by message\n */\n function sendMessageWithCaller(\n uint32 destinationDomain,\n bytes32 recipient,\n bytes32 destinationCaller,\n bytes calldata messageBody\n ) external returns (uint64);\n\n /**\n * @notice Replace a message with a new message body and/or destination caller.\n * @dev The `originalAttestation` must be a valid attestation of `originalMessage`.\n * @param originalMessage original message to replace\n * @param originalAttestation attestation of `originalMessage`\n * @param newMessageBody new message body of replaced message\n * @param newDestinationCaller the new destination caller\n */\n function replaceMessage(\n bytes calldata originalMessage,\n bytes calldata originalAttestation,\n bytes calldata newMessageBody,\n bytes32 newDestinationCaller\n ) external;\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * @title IReceiver\n * @notice Receives messages on destination chain and forwards them to IMessageDestinationHandler\n */\ninterface IReceiver {\n /**\n * @notice Receives an incoming message, validating the header and passing\n * the body to application-specific handler.\n * @param message The message raw bytes\n * @param signature The message signature\n * @return success bool, true if successful\n */\n function receiveMessage(bytes calldata message, bytes calldata signature)\n external\n returns (bool success);\n}\n\n/**\n * @title IMessageTransmitter\n * @notice Interface for message transmitters, which both relay and receive messages.\n */\ninterface IMessageTransmitter is IRelayer, IReceiver {\n\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * @title IMessageHandler\n * @notice Handles messages on destination domain forwarded from\n * an IReceiver\n */\ninterface IMessageHandler {\n /**\n * @notice handles an incoming message from a Receiver\n * @param sourceDomain the source domain of the message\n * @param sender the sender of the message\n * @param messageBody The message raw bytes\n * @return success bool, true if successful\n */\n function handleReceiveMessage(\n uint32 sourceDomain,\n bytes32 sender,\n bytes calldata messageBody\n ) external returns (bool);\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * @title Message Library\n * @notice Library for formatted messages used by Relayer and Receiver.\n *\n * @dev The message body is dynamically-sized to support custom message body\n * formats. Other fields must be fixed-size to avoid hash collisions.\n * Each other input value has an explicit type to guarantee fixed-size.\n * Padding: uintNN fields are left-padded, and bytesNN fields are right-padded.\n *\n * Field Bytes Type Index\n * version 4 uint32 0\n * sourceDomain 4 uint32 4\n * destinationDomain 4 uint32 8\n * nonce 8 uint64 12\n * sender 32 bytes32 20\n * recipient 32 bytes32 52\n * destinationCaller 32 bytes32 84\n * messageBody dynamic bytes 116\n *\n **/\nlibrary Message {\n using TypedMemView for bytes;\n using TypedMemView for bytes29;\n\n // Indices of each field in message\n uint8 private constant VERSION_INDEX = 0;\n uint8 private constant SOURCE_DOMAIN_INDEX = 4;\n uint8 private constant DESTINATION_DOMAIN_INDEX = 8;\n uint8 private constant NONCE_INDEX = 12;\n uint8 private constant SENDER_INDEX = 20;\n uint8 private constant RECIPIENT_INDEX = 52;\n uint8 private constant DESTINATION_CALLER_INDEX = 84;\n uint8 private constant MESSAGE_BODY_INDEX = 116;\n\n /**\n * @notice Returns formatted (packed) message with provided fields\n * @param _msgVersion the version of the message format\n * @param _msgSourceDomain Domain of home chain\n * @param _msgDestinationDomain Domain of destination chain\n * @param _msgNonce Destination-specific nonce\n * @param _msgSender Address of sender on source chain as bytes32\n * @param _msgRecipient Address of recipient on destination chain as bytes32\n * @param _msgDestinationCaller Address of caller on destination chain as bytes32\n * @param _msgRawBody Raw bytes of message body\n * @return Formatted message\n **/\n function _formatMessage(\n uint32 _msgVersion,\n uint32 _msgSourceDomain,\n uint32 _msgDestinationDomain,\n uint64 _msgNonce,\n bytes32 _msgSender,\n bytes32 _msgRecipient,\n bytes32 _msgDestinationCaller,\n bytes memory _msgRawBody\n ) internal pure returns (bytes memory) {\n return\n abi.encodePacked(\n _msgVersion,\n _msgSourceDomain,\n _msgDestinationDomain,\n _msgNonce,\n _msgSender,\n _msgRecipient,\n _msgDestinationCaller,\n _msgRawBody\n );\n }\n\n // @notice Returns _message's version field\n function _version(bytes29 _message) internal pure returns (uint32) {\n return uint32(_message.indexUint(VERSION_INDEX, 4));\n }\n\n // @notice Returns _message's sourceDomain field\n function _sourceDomain(bytes29 _message) internal pure returns (uint32) {\n return uint32(_message.indexUint(SOURCE_DOMAIN_INDEX, 4));\n }\n\n // @notice Returns _message's destinationDomain field\n function _destinationDomain(bytes29 _message)\n internal\n pure\n returns (uint32)\n {\n return uint32(_message.indexUint(DESTINATION_DOMAIN_INDEX, 4));\n }\n\n // @notice Returns _message's nonce field\n function _nonce(bytes29 _message) internal pure returns (uint64) {\n return uint64(_message.indexUint(NONCE_INDEX, 8));\n }\n\n // @notice Returns _message's sender field\n function _sender(bytes29 _message) internal pure returns (bytes32) {\n return _message.index(SENDER_INDEX, 32);\n }\n\n // @notice Returns _message's recipient field\n function _recipient(bytes29 _message) internal pure returns (bytes32) {\n return _message.index(RECIPIENT_INDEX, 32);\n }\n\n // @notice Returns _message's destinationCaller field\n function _destinationCaller(bytes29 _message)\n internal\n pure\n returns (bytes32)\n {\n return _message.index(DESTINATION_CALLER_INDEX, 32);\n }\n\n // @notice Returns _message's messageBody field\n function _messageBody(bytes29 _message) internal pure returns (bytes29) {\n return\n _message.slice(\n MESSAGE_BODY_INDEX,\n _message.len() - MESSAGE_BODY_INDEX,\n 0\n );\n }\n\n /**\n * @notice converts address to bytes32 (alignment preserving cast.)\n * @param addr the address to convert to bytes32\n */\n function addressToBytes32(address addr) external pure returns (bytes32) {\n return bytes32(uint256(uint160(addr)));\n }\n\n /**\n * @notice converts bytes32 to address (alignment preserving cast.)\n * @dev Warning: it is possible to have different input values _buf map to the same address.\n * For use cases where this is not acceptable, validate that the first 12 bytes of _buf are zero-padding.\n * @param _buf the bytes32 to convert to address\n */\n function bytes32ToAddress(bytes32 _buf) public pure returns (address) {\n return address(uint160(uint256(_buf)));\n }\n\n /**\n * @notice Reverts if message is malformed or incorrect length\n * @param _message The message as bytes29\n */\n function _validateMessageFormat(bytes29 _message) internal pure {\n require(_message.isValid(), \"Malformed message\");\n require(\n _message.len() \u003e= MESSAGE_BODY_INDEX,\n \"Invalid message: too short\"\n );\n }\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/*\n * @dev Provides information about the current execution context, including the\n * sender of the transaction and its data. While these are generally available\n * via msg.sender and msg.data, they should not be accessed in such a direct\n * manner, since when dealing with GSN meta-transactions the account sending and\n * paying for execution may not be the actual sender (as far as an application\n * is concerned).\n *\n * This contract is only required for intermediate, library-like contracts.\n */\nabstract contract Context {\n function _msgSender() internal view virtual returns (address payable) {\n return msg.sender;\n }\n\n function _msgData() internal view virtual returns (bytes memory) {\n this; // silence state mutability warning without generating bytecode - see https://github.com/ethereum/solidity/issues/2691\n return msg.data;\n }\n}\n\n/**\n * @dev forked from https://github.com/OpenZeppelin/openzeppelin-contracts/blob/7c5f6bc2c8743d83443fa46395d75f2f3f99054a/contracts/access/Ownable.sol\n * Modifications:\n * 1. Update Solidity version from 0.8.0 to 0.7.6 (11/9/2022). (v8 was used\n * as base because it includes internal _transferOwnership method.)\n * 2. Remove renounceOwnership function\n *\n * Description\n * Contract module which provides a basic access control mechanism, where\n * there is an account (an owner) that can be granted exclusive access to\n * specific functions.\n *\n * By default, the owner account will be the one that deploys the contract. This\n * can later be changed with {transferOwnership}.\n *\n * This module is used through inheritance. It will make available the modifier\n * `onlyOwner`, which can be applied to your functions to restrict their use to\n * the owner.\n */\nabstract contract Ownable is Context {\n address private _owner;\n\n event OwnershipTransferred(\n address indexed previousOwner,\n address indexed newOwner\n );\n\n /**\n * @dev Initializes the contract setting the deployer as the initial owner.\n */\n constructor() {\n _transferOwnership(_msgSender());\n }\n\n /**\n * @dev Throws if called by any account other than the owner.\n */\n modifier onlyOwner() {\n _checkOwner();\n _;\n }\n\n /**\n * @dev Returns the address of the current owner.\n */\n function owner() public view virtual returns (address) {\n return _owner;\n }\n\n /**\n * @dev Throws if the sender is not the owner.\n */\n function _checkOwner() internal view virtual {\n require(owner() == _msgSender(), \"Ownable: caller is not the owner\");\n }\n\n /**\n * @dev Transfers ownership of the contract to a new account (`newOwner`).\n * Can only be called by the current owner.\n */\n function transferOwnership(address newOwner) public virtual onlyOwner {\n require(\n newOwner != address(0),\n \"Ownable: new owner is the zero address\"\n );\n _transferOwnership(newOwner);\n }\n\n /**\n * @dev Transfers ownership of the contract to a new account (`newOwner`).\n * Internal function without access restriction.\n */\n function _transferOwnership(address newOwner) internal virtual {\n address oldOwner = _owner;\n _owner = newOwner;\n emit OwnershipTransferred(oldOwner, newOwner);\n }\n}\n\n/**\n * @dev forked from https://github.com/OpenZeppelin/openzeppelin-contracts/blob/7c5f6bc2c8743d83443fa46395d75f2f3f99054a/contracts/access/Ownable2Step.sol\n * Modifications:\n * 1. Update Solidity version from 0.8.0 to 0.7.6. Version 0.8.0 was used\n * as base because this contract was added to OZ repo after version 0.8.0.\n *\n * Contract module which provides access control mechanism, where\n * there is an account (an owner) that can be granted exclusive access to\n * specific functions.\n *\n * By default, the owner account will be the one that deploys the contract. This\n * can later be changed with {transferOwnership} and {acceptOwnership}.\n *\n * This module is used through inheritance. It will make available all functions\n * from parent (Ownable).\n */\nabstract contract Ownable2Step is Ownable {\n address private _pendingOwner;\n\n event OwnershipTransferStarted(\n address indexed previousOwner,\n address indexed newOwner\n );\n\n /**\n * @dev Returns the address of the pending owner.\n */\n function pendingOwner() public view virtual returns (address) {\n return _pendingOwner;\n }\n\n /**\n * @dev Starts the ownership transfer of the contract to a new account. Replaces the pending transfer if there is one.\n * Can only be called by the current owner.\n */\n function transferOwnership(address newOwner)\n public\n virtual\n override\n onlyOwner\n {\n _pendingOwner = newOwner;\n emit OwnershipTransferStarted(owner(), newOwner);\n }\n\n /**\n * @dev Transfers ownership of the contract to a new account (`newOwner`) and deletes any pending owner.\n * Internal function without access restriction.\n */\n function _transferOwnership(address newOwner) internal virtual override {\n delete _pendingOwner;\n super._transferOwnership(newOwner);\n }\n\n /**\n * @dev The new owner accepts the ownership transfer.\n */\n function acceptOwnership() external {\n address sender = _msgSender();\n require(\n pendingOwner() == sender,\n \"Ownable2Step: caller is not the new owner\"\n );\n _transferOwnership(sender);\n }\n}\n\n/**\n * @notice Base contract which allows children to implement an emergency stop\n * mechanism\n * @dev Forked from https://github.com/centrehq/centre-tokens/blob/0d3cab14ebd133a83fc834dbd48d0468bdf0b391/contracts/v1/Pausable.sol\n * Modifications:\n * 1. Update Solidity version from 0.6.12 to 0.7.6 (8/23/2022)\n * 2. Change pauser visibility to private, declare external getter (11/19/22)\n */\ncontract Pausable is Ownable2Step {\n event Pause();\n event Unpause();\n event PauserChanged(address indexed newAddress);\n\n address private _pauser;\n bool public paused = false;\n\n /**\n * @dev Modifier to make a function callable only when the contract is not paused.\n */\n modifier whenNotPaused() {\n require(!paused, \"Pausable: paused\");\n _;\n }\n\n /**\n * @dev throws if called by any account other than the pauser\n */\n modifier onlyPauser() {\n require(msg.sender == _pauser, \"Pausable: caller is not the pauser\");\n _;\n }\n\n /**\n * @notice Returns current pauser\n * @return Pauser's address\n */\n function pauser() external view returns (address) {\n return _pauser;\n }\n\n /**\n * @dev called by the owner to pause, triggers stopped state\n */\n function pause() external onlyPauser {\n paused = true;\n emit Pause();\n }\n\n /**\n * @dev called by the owner to unpause, returns to normal state\n */\n function unpause() external onlyPauser {\n paused = false;\n emit Unpause();\n }\n\n /**\n * @dev update the pauser role\n */\n function updatePauser(address _newPauser) external onlyOwner {\n require(\n _newPauser != address(0),\n \"Pausable: new pauser is the zero address\"\n );\n _pauser = _newPauser;\n emit PauserChanged(_pauser);\n }\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * @dev Interface of the ERC20 standard as defined in the EIP.\n */\ninterface IERC20 {\n /**\n * @dev Returns the amount of tokens in existence.\n */\n function totalSupply() external view returns (uint256);\n\n /**\n * @dev Returns the amount of tokens owned by `account`.\n */\n function balanceOf(address account) external view returns (uint256);\n\n /**\n * @dev Moves `amount` tokens from the caller's account to `recipient`.\n *\n * Returns a boolean value indicating whether the operation succeeded.\n *\n * Emits a {Transfer} event.\n */\n function transfer(address recipient, uint256 amount) external returns (bool);\n\n /**\n * @dev Returns the remaining number of tokens that `spender` will be\n * allowed to spend on behalf of `owner` through {transferFrom}. This is\n * zero by default.\n *\n * This value changes when {approve} or {transferFrom} are called.\n */\n function allowance(address owner, address spender) external view returns (uint256);\n\n /**\n * @dev Sets `amount` as the allowance of `spender` over the caller's tokens.\n *\n * Returns a boolean value indicating whether the operation succeeded.\n *\n * IMPORTANT: Beware that changing an allowance with this method brings the risk\n * that someone may use both the old and the new allowance by unfortunate\n * transaction ordering. One possible solution to mitigate this race\n * condition is to first reduce the spender's allowance to 0 and set the\n * desired value afterwards:\n * https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729\n *\n * Emits an {Approval} event.\n */\n function approve(address spender, uint256 amount) external returns (bool);\n\n /**\n * @dev Moves `amount` tokens from `sender` to `recipient` using the\n * allowance mechanism. `amount` is then deducted from the caller's\n * allowance.\n *\n * Returns a boolean value indicating whether the operation succeeded.\n *\n * Emits a {Transfer} event.\n */\n function transferFrom(address sender, address recipient, uint256 amount) external returns (bool);\n\n /**\n * @dev Emitted when `value` tokens are moved from one account (`from`) to\n * another (`to`).\n *\n * Note that `value` may be zero.\n */\n event Transfer(address indexed from, address indexed to, uint256 value);\n\n /**\n * @dev Emitted when the allowance of a `spender` for an `owner` is set by\n * a call to {approve}. `value` is the new allowance.\n */\n event Approval(address indexed owner, address indexed spender, uint256 value);\n}\n\n/**\n * @dev Wrappers over Solidity's arithmetic operations with added overflow\n * checks.\n *\n * Arithmetic operations in Solidity wrap on overflow. This can easily result\n * in bugs, because programmers usually assume that an overflow raises an\n * error, which is the standard behavior in high level programming languages.\n * `SafeMath` restores this intuition by reverting the transaction when an\n * operation overflows.\n *\n * Using this library instead of the unchecked operations eliminates an entire\n * class of bugs, so it's recommended to use it always.\n */\nlibrary SafeMath {\n /**\n * @dev Returns the addition of two unsigned integers, with an overflow flag.\n *\n * _Available since v3.4._\n */\n function tryAdd(uint256 a, uint256 b) internal pure returns (bool, uint256) {\n uint256 c = a + b;\n if (c \u003c a) return (false, 0);\n return (true, c);\n }\n\n /**\n * @dev Returns the substraction of two unsigned integers, with an overflow flag.\n *\n * _Available since v3.4._\n */\n function trySub(uint256 a, uint256 b) internal pure returns (bool, uint256) {\n if (b \u003e a) return (false, 0);\n return (true, a - b);\n }\n\n /**\n * @dev Returns the multiplication of two unsigned integers, with an overflow flag.\n *\n * _Available since v3.4._\n */\n function tryMul(uint256 a, uint256 b) internal pure returns (bool, uint256) {\n // Gas optimization: this is cheaper than requiring 'a' not being zero, but the\n // benefit is lost if 'b' is also tested.\n // See: https://github.com/OpenZeppelin/openzeppelin-contracts/pull/522\n if (a == 0) return (true, 0);\n uint256 c = a * b;\n if (c / a != b) return (false, 0);\n return (true, c);\n }\n\n /**\n * @dev Returns the division of two unsigned integers, with a division by zero flag.\n *\n * _Available since v3.4._\n */\n function tryDiv(uint256 a, uint256 b) internal pure returns (bool, uint256) {\n if (b == 0) return (false, 0);\n return (true, a / b);\n }\n\n /**\n * @dev Returns the remainder of dividing two unsigned integers, with a division by zero flag.\n *\n * _Available since v3.4._\n */\n function tryMod(uint256 a, uint256 b) internal pure returns (bool, uint256) {\n if (b == 0) return (false, 0);\n return (true, a % b);\n }\n\n /**\n * @dev Returns the addition of two unsigned integers, reverting on\n * overflow.\n *\n * Counterpart to Solidity's `+` operator.\n *\n * Requirements:\n *\n * - Addition cannot overflow.\n */\n function add(uint256 a, uint256 b) internal pure returns (uint256) {\n uint256 c = a + b;\n require(c \u003e= a, \"SafeMath: addition overflow\");\n return c;\n }\n\n /**\n * @dev Returns the subtraction of two unsigned integers, reverting on\n * overflow (when the result is negative).\n *\n * Counterpart to Solidity's `-` operator.\n *\n * Requirements:\n *\n * - Subtraction cannot overflow.\n */\n function sub(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b \u003c= a, \"SafeMath: subtraction overflow\");\n return a - b;\n }\n\n /**\n * @dev Returns the multiplication of two unsigned integers, reverting on\n * overflow.\n *\n * Counterpart to Solidity's `*` operator.\n *\n * Requirements:\n *\n * - Multiplication cannot overflow.\n */\n function mul(uint256 a, uint256 b) internal pure returns (uint256) {\n if (a == 0) return 0;\n uint256 c = a * b;\n require(c / a == b, \"SafeMath: multiplication overflow\");\n return c;\n }\n\n /**\n * @dev Returns the integer division of two unsigned integers, reverting on\n * division by zero. The result is rounded towards zero.\n *\n * Counterpart to Solidity's `/` operator. Note: this function uses a\n * `revert` opcode (which leaves remaining gas untouched) while Solidity\n * uses an invalid opcode to revert (consuming all remaining gas).\n *\n * Requirements:\n *\n * - The divisor cannot be zero.\n */\n function div(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b \u003e 0, \"SafeMath: division by zero\");\n return a / b;\n }\n\n /**\n * @dev Returns the remainder of dividing two unsigned integers. (unsigned integer modulo),\n * reverting when dividing by zero.\n *\n * Counterpart to Solidity's `%` operator. This function uses a `revert`\n * opcode (which leaves remaining gas untouched) while Solidity uses an\n * invalid opcode to revert (consuming all remaining gas).\n *\n * Requirements:\n *\n * - The divisor cannot be zero.\n */\n function mod(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b \u003e 0, \"SafeMath: modulo by zero\");\n return a % b;\n }\n\n /**\n * @dev Returns the subtraction of two unsigned integers, reverting with custom message on\n * overflow (when the result is negative).\n *\n * CAUTION: This function is deprecated because it requires allocating memory for the error\n * message unnecessarily. For custom revert reasons use {trySub}.\n *\n * Counterpart to Solidity's `-` operator.\n *\n * Requirements:\n *\n * - Subtraction cannot overflow.\n */\n function sub(uint256 a, uint256 b, string memory errorMessage) internal pure returns (uint256) {\n require(b \u003c= a, errorMessage);\n return a - b;\n }\n\n /**\n * @dev Returns the integer division of two unsigned integers, reverting with custom message on\n * division by zero. The result is rounded towards zero.\n *\n * CAUTION: This function is deprecated because it requires allocating memory for the error\n * message unnecessarily. For custom revert reasons use {tryDiv}.\n *\n * Counterpart to Solidity's `/` operator. Note: this function uses a\n * `revert` opcode (which leaves remaining gas untouched) while Solidity\n * uses an invalid opcode to revert (consuming all remaining gas).\n *\n * Requirements:\n *\n * - The divisor cannot be zero.\n */\n function div(uint256 a, uint256 b, string memory errorMessage) internal pure returns (uint256) {\n require(b \u003e 0, errorMessage);\n return a / b;\n }\n\n /**\n * @dev Returns the remainder of dividing two unsigned integers. (unsigned integer modulo),\n * reverting with custom message when dividing by zero.\n *\n * CAUTION: This function is deprecated because it requires allocating memory for the error\n * message unnecessarily. For custom revert reasons use {tryMod}.\n *\n * Counterpart to Solidity's `%` operator. This function uses a `revert`\n * opcode (which leaves remaining gas untouched) while Solidity uses an\n * invalid opcode to revert (consuming all remaining gas).\n *\n * Requirements:\n *\n * - The divisor cannot be zero.\n */\n function mod(uint256 a, uint256 b, string memory errorMessage) internal pure returns (uint256) {\n require(b \u003e 0, errorMessage);\n return a % b;\n }\n}\n\n/**\n * @dev Collection of functions related to the address type\n */\nlibrary Address {\n /**\n * @dev Returns true if `account` is a contract.\n *\n * [IMPORTANT]\n * ====\n * It is unsafe to assume that an address for which this function returns\n * false is an externally-owned account (EOA) and not a contract.\n *\n * Among others, `isContract` will return false for the following\n * types of addresses:\n *\n * - an externally-owned account\n * - a contract in construction\n * - an address where a contract will be created\n * - an address where a contract lived, but was destroyed\n * ====\n */\n function isContract(address account) internal view returns (bool) {\n // This method relies on extcodesize, which returns 0 for contracts in\n // construction, since the code is only stored at the end of the\n // constructor execution.\n\n uint256 size;\n // solhint-disable-next-line no-inline-assembly\n assembly { size := extcodesize(account) }\n return size \u003e 0;\n }\n\n /**\n * @dev Replacement for Solidity's `transfer`: sends `amount` wei to\n * `recipient`, forwarding all available gas and reverting on errors.\n *\n * https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost\n * of certain opcodes, possibly making contracts go over the 2300 gas limit\n * imposed by `transfer`, making them unable to receive funds via\n * `transfer`. {sendValue} removes this limitation.\n *\n * https://diligence.consensys.net/posts/2019/09/stop-using-soliditys-transfer-now/[Learn more].\n *\n * IMPORTANT: because control is transferred to `recipient`, care must be\n * taken to not create reentrancy vulnerabilities. Consider using\n * {ReentrancyGuard} or the\n * https://solidity.readthedocs.io/en/v0.5.11/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern].\n */\n function sendValue(address payable recipient, uint256 amount) internal {\n require(address(this).balance \u003e= amount, \"Address: insufficient balance\");\n\n // solhint-disable-next-line avoid-low-level-calls, avoid-call-value\n (bool success, ) = recipient.call{ value: amount }(\"\");\n require(success, \"Address: unable to send value, recipient may have reverted\");\n }\n\n /**\n * @dev Performs a Solidity function call using a low level `call`. A\n * plain`call` is an unsafe replacement for a function call: use this\n * function instead.\n *\n * If `target` reverts with a revert reason, it is bubbled up by this\n * function (like regular Solidity function calls).\n *\n * Returns the raw returned data. To convert to the expected return value,\n * use https://solidity.readthedocs.io/en/latest/units-and-global-variables.html?highlight=abi.decode#abi-encoding-and-decoding-functions[`abi.decode`].\n *\n * Requirements:\n *\n * - `target` must be a contract.\n * - calling `target` with `data` must not revert.\n *\n * _Available since v3.1._\n */\n function functionCall(address target, bytes memory data) internal returns (bytes memory) {\n return functionCall(target, data, \"Address: low-level call failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], but with\n * `errorMessage` as a fallback revert reason when `target` reverts.\n *\n * _Available since v3.1._\n */\n function functionCall(address target, bytes memory data, string memory errorMessage) internal returns (bytes memory) {\n return functionCallWithValue(target, data, 0, errorMessage);\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\n * but also transferring `value` wei to `target`.\n *\n * Requirements:\n *\n * - the calling contract must have an ETH balance of at least `value`.\n * - the called Solidity function must be `payable`.\n *\n * _Available since v3.1._\n */\n function functionCallWithValue(address target, bytes memory data, uint256 value) internal returns (bytes memory) {\n return functionCallWithValue(target, data, value, \"Address: low-level call with value failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCallWithValue-address-bytes-uint256-}[`functionCallWithValue`], but\n * with `errorMessage` as a fallback revert reason when `target` reverts.\n *\n * _Available since v3.1._\n */\n function functionCallWithValue(address target, bytes memory data, uint256 value, string memory errorMessage) internal returns (bytes memory) {\n require(address(this).balance \u003e= value, \"Address: insufficient balance for call\");\n require(isContract(target), \"Address: call to non-contract\");\n\n // solhint-disable-next-line avoid-low-level-calls\n (bool success, bytes memory returndata) = target.call{ value: value }(data);\n return _verifyCallResult(success, returndata, errorMessage);\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\n * but performing a static call.\n *\n * _Available since v3.3._\n */\n function functionStaticCall(address target, bytes memory data) internal view returns (bytes memory) {\n return functionStaticCall(target, data, \"Address: low-level static call failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],\n * but performing a static call.\n *\n * _Available since v3.3._\n */\n function functionStaticCall(address target, bytes memory data, string memory errorMessage) internal view returns (bytes memory) {\n require(isContract(target), \"Address: static call to non-contract\");\n\n // solhint-disable-next-line avoid-low-level-calls\n (bool success, bytes memory returndata) = target.staticcall(data);\n return _verifyCallResult(success, returndata, errorMessage);\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\n * but performing a delegate call.\n *\n * _Available since v3.4._\n */\n function functionDelegateCall(address target, bytes memory data) internal returns (bytes memory) {\n return functionDelegateCall(target, data, \"Address: low-level delegate call failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],\n * but performing a delegate call.\n *\n * _Available since v3.4._\n */\n function functionDelegateCall(address target, bytes memory data, string memory errorMessage) internal returns (bytes memory) {\n require(isContract(target), \"Address: delegate call to non-contract\");\n\n // solhint-disable-next-line avoid-low-level-calls\n (bool success, bytes memory returndata) = target.delegatecall(data);\n return _verifyCallResult(success, returndata, errorMessage);\n }\n\n function _verifyCallResult(bool success, bytes memory returndata, string memory errorMessage) private pure returns(bytes memory) {\n if (success) {\n return returndata;\n } else {\n // Look for revert reason and bubble it up if present\n if (returndata.length \u003e 0) {\n // The easiest way to bubble the revert reason is using memory via assembly\n\n // solhint-disable-next-line no-inline-assembly\n assembly {\n let returndata_size := mload(returndata)\n revert(add(32, returndata), returndata_size)\n }\n } else {\n revert(errorMessage);\n }\n }\n }\n}\n\n/**\n * @title SafeERC20\n * @dev Wrappers around ERC20 operations that throw on failure (when the token\n * contract returns false). Tokens that return no value (and instead revert or\n * throw on failure) are also supported, non-reverting calls are assumed to be\n * successful.\n * To use this library you can add a `using SafeERC20 for IERC20;` statement to your contract,\n * which allows you to call the safe operations as `token.safeTransfer(...)`, etc.\n */\nlibrary SafeERC20 {\n using SafeMath for uint256;\n using Address for address;\n\n function safeTransfer(IERC20 token, address to, uint256 value) internal {\n _callOptionalReturn(token, abi.encodeWithSelector(token.transfer.selector, to, value));\n }\n\n function safeTransferFrom(IERC20 token, address from, address to, uint256 value) internal {\n _callOptionalReturn(token, abi.encodeWithSelector(token.transferFrom.selector, from, to, value));\n }\n\n /**\n * @dev Deprecated. This function has issues similar to the ones found in\n * {IERC20-approve}, and its usage is discouraged.\n *\n * Whenever possible, use {safeIncreaseAllowance} and\n * {safeDecreaseAllowance} instead.\n */\n function safeApprove(IERC20 token, address spender, uint256 value) internal {\n // safeApprove should only be called when setting an initial allowance,\n // or when resetting it to zero. To increase and decrease it, use\n // 'safeIncreaseAllowance' and 'safeDecreaseAllowance'\n // solhint-disable-next-line max-line-length\n require((value == 0) || (token.allowance(address(this), spender) == 0),\n \"SafeERC20: approve from non-zero to non-zero allowance\"\n );\n _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, value));\n }\n\n function safeIncreaseAllowance(IERC20 token, address spender, uint256 value) internal {\n uint256 newAllowance = token.allowance(address(this), spender).add(value);\n _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, newAllowance));\n }\n\n function safeDecreaseAllowance(IERC20 token, address spender, uint256 value) internal {\n uint256 newAllowance = token.allowance(address(this), spender).sub(value, \"SafeERC20: decreased allowance below zero\");\n _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, newAllowance));\n }\n\n /**\n * @dev Imitates a Solidity high-level call (i.e. a regular function call to a contract), relaxing the requirement\n * on the return value: the return value is optional (but if data is returned, it must not be false).\n * @param token The token targeted by the call.\n * @param data The call data (encoded using abi.encode or one of its variants).\n */\n function _callOptionalReturn(IERC20 token, bytes memory data) private {\n // We need to perform a low level call here, to bypass Solidity's return data size checking mechanism, since\n // we're implementing it ourselves. We use {Address.functionCall} to perform this call, which verifies that\n // the target address contains contract code and also asserts for success in the low-level call.\n\n bytes memory returndata = address(token).functionCall(data, \"SafeERC20: low-level call failed\");\n if (returndata.length \u003e 0) { // Return data is optional\n // solhint-disable-next-line max-line-length\n require(abi.decode(returndata, (bool)), \"SafeERC20: ERC20 operation did not succeed\");\n }\n }\n}\n\n/**\n * @notice Base contract which allows children to rescue ERC20 locked in their contract.\n * @dev Forked from https://github.com/centrehq/centre-tokens/blob/0d3cab14ebd133a83fc834dbd48d0468bdf0b391/contracts/v1.1/Rescuable.sol\n * Modifications:\n * 1. Update Solidity version from 0.6.12 to 0.7.6 (8/23/2022)\n */\ncontract Rescuable is Ownable2Step {\n using SafeERC20 for IERC20;\n\n address private _rescuer;\n\n event RescuerChanged(address indexed newRescuer);\n\n /**\n * @notice Returns current rescuer\n * @return Rescuer's address\n */\n function rescuer() external view returns (address) {\n return _rescuer;\n }\n\n /**\n * @notice Revert if called by any account other than the rescuer.\n */\n modifier onlyRescuer() {\n require(msg.sender == _rescuer, \"Rescuable: caller is not the rescuer\");\n _;\n }\n\n /**\n * @notice Rescue ERC20 tokens locked up in this contract.\n * @param tokenContract ERC20 token contract address\n * @param to Recipient address\n * @param amount Amount to withdraw\n */\n function rescueERC20(\n IERC20 tokenContract,\n address to,\n uint256 amount\n ) external onlyRescuer {\n tokenContract.safeTransfer(to, amount);\n }\n\n /**\n * @notice Assign the rescuer role to a given address.\n * @param newRescuer New rescuer's address\n */\n function updateRescuer(address newRescuer) external onlyOwner {\n require(\n newRescuer != address(0),\n \"Rescuable: new rescuer is the zero address\"\n );\n _rescuer = newRescuer;\n emit RescuerChanged(newRescuer);\n }\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * @dev Library for managing\n * https://en.wikipedia.org/wiki/Set_(abstract_data_type)[sets] of primitive\n * types.\n *\n * Sets have the following properties:\n *\n * - Elements are added, removed, and checked for existence in constant time\n * (O(1)).\n * - Elements are enumerated in O(n). No guarantees are made on the ordering.\n *\n * ```\n * contract Example {\n * // Add the library methods\n * using EnumerableSet for EnumerableSet.AddressSet;\n *\n * // Declare a set state variable\n * EnumerableSet.AddressSet private mySet;\n * }\n * ```\n *\n * As of v3.3.0, sets of type `bytes32` (`Bytes32Set`), `address` (`AddressSet`)\n * and `uint256` (`UintSet`) are supported.\n */\nlibrary EnumerableSet {\n // To implement this library for multiple types with as little code\n // repetition as possible, we write it in terms of a generic Set type with\n // bytes32 values.\n // The Set implementation uses private functions, and user-facing\n // implementations (such as AddressSet) are just wrappers around the\n // underlying Set.\n // This means that we can only create new EnumerableSets for types that fit\n // in bytes32.\n\n struct Set {\n // Storage of set values\n bytes32[] _values;\n\n // Position of the value in the `values` array, plus 1 because index 0\n // means a value is not in the set.\n mapping (bytes32 =\u003e uint256) _indexes;\n }\n\n /**\n * @dev Add a value to a set. O(1).\n *\n * Returns true if the value was added to the set, that is if it was not\n * already present.\n */\n function _add(Set storage set, bytes32 value) private returns (bool) {\n if (!_contains(set, value)) {\n set._values.push(value);\n // The value is stored at length-1, but we add 1 to all indexes\n // and use 0 as a sentinel value\n set._indexes[value] = set._values.length;\n return true;\n } else {\n return false;\n }\n }\n\n /**\n * @dev Removes a value from a set. O(1).\n *\n * Returns true if the value was removed from the set, that is if it was\n * present.\n */\n function _remove(Set storage set, bytes32 value) private returns (bool) {\n // We read and store the value's index to prevent multiple reads from the same storage slot\n uint256 valueIndex = set._indexes[value];\n\n if (valueIndex != 0) { // Equivalent to contains(set, value)\n // To delete an element from the _values array in O(1), we swap the element to delete with the last one in\n // the array, and then remove the last element (sometimes called as 'swap and pop').\n // This modifies the order of the array, as noted in {at}.\n\n uint256 toDeleteIndex = valueIndex - 1;\n uint256 lastIndex = set._values.length - 1;\n\n // When the value to delete is the last one, the swap operation is unnecessary. However, since this occurs\n // so rarely, we still do the swap anyway to avoid the gas cost of adding an 'if' statement.\n\n bytes32 lastvalue = set._values[lastIndex];\n\n // Move the last value to the index where the value to delete is\n set._values[toDeleteIndex] = lastvalue;\n // Update the index for the moved value\n set._indexes[lastvalue] = toDeleteIndex + 1; // All indexes are 1-based\n\n // Delete the slot where the moved value was stored\n set._values.pop();\n\n // Delete the index for the deleted slot\n delete set._indexes[value];\n\n return true;\n } else {\n return false;\n }\n }\n\n /**\n * @dev Returns true if the value is in the set. O(1).\n */\n function _contains(Set storage set, bytes32 value) private view returns (bool) {\n return set._indexes[value] != 0;\n }\n\n /**\n * @dev Returns the number of values on the set. O(1).\n */\n function _length(Set storage set) private view returns (uint256) {\n return set._values.length;\n }\n\n /**\n * @dev Returns the value stored at position `index` in the set. O(1).\n *\n * Note that there are no guarantees on the ordering of values inside the\n * array, and it may change when more values are added or removed.\n *\n * Requirements:\n *\n * - `index` must be strictly less than {length}.\n */\n function _at(Set storage set, uint256 index) private view returns (bytes32) {\n require(set._values.length \u003e index, \"EnumerableSet: index out of bounds\");\n return set._values[index];\n }\n\n // Bytes32Set\n\n struct Bytes32Set {\n Set _inner;\n }\n\n /**\n * @dev Add a value to a set. O(1).\n *\n * Returns true if the value was added to the set, that is if it was not\n * already present.\n */\n function add(Bytes32Set storage set, bytes32 value) internal returns (bool) {\n return _add(set._inner, value);\n }\n\n /**\n * @dev Removes a value from a set. O(1).\n *\n * Returns true if the value was removed from the set, that is if it was\n * present.\n */\n function remove(Bytes32Set storage set, bytes32 value) internal returns (bool) {\n return _remove(set._inner, value);\n }\n\n /**\n * @dev Returns true if the value is in the set. O(1).\n */\n function contains(Bytes32Set storage set, bytes32 value) internal view returns (bool) {\n return _contains(set._inner, value);\n }\n\n /**\n * @dev Returns the number of values in the set. O(1).\n */\n function length(Bytes32Set storage set) internal view returns (uint256) {\n return _length(set._inner);\n }\n\n /**\n * @dev Returns the value stored at position `index` in the set. O(1).\n *\n * Note that there are no guarantees on the ordering of values inside the\n * array, and it may change when more values are added or removed.\n *\n * Requirements:\n *\n * - `index` must be strictly less than {length}.\n */\n function at(Bytes32Set storage set, uint256 index) internal view returns (bytes32) {\n return _at(set._inner, index);\n }\n\n // AddressSet\n\n struct AddressSet {\n Set _inner;\n }\n\n /**\n * @dev Add a value to a set. O(1).\n *\n * Returns true if the value was added to the set, that is if it was not\n * already present.\n */\n function add(AddressSet storage set, address value) internal returns (bool) {\n return _add(set._inner, bytes32(uint256(uint160(value))));\n }\n\n /**\n * @dev Removes a value from a set. O(1).\n *\n * Returns true if the value was removed from the set, that is if it was\n * present.\n */\n function remove(AddressSet storage set, address value) internal returns (bool) {\n return _remove(set._inner, bytes32(uint256(uint160(value))));\n }\n\n /**\n * @dev Returns true if the value is in the set. O(1).\n */\n function contains(AddressSet storage set, address value) internal view returns (bool) {\n return _contains(set._inner, bytes32(uint256(uint160(value))));\n }\n\n /**\n * @dev Returns the number of values in the set. O(1).\n */\n function length(AddressSet storage set) internal view returns (uint256) {\n return _length(set._inner);\n }\n\n /**\n * @dev Returns the value stored at position `index` in the set. O(1).\n *\n * Note that there are no guarantees on the ordering of values inside the\n * array, and it may change when more values are added or removed.\n *\n * Requirements:\n *\n * - `index` must be strictly less than {length}.\n */\n function at(AddressSet storage set, uint256 index) internal view returns (address) {\n return address(uint160(uint256(_at(set._inner, index))));\n }\n\n // UintSet\n\n struct UintSet {\n Set _inner;\n }\n\n /**\n * @dev Add a value to a set. O(1).\n *\n * Returns true if the value was added to the set, that is if it was not\n * already present.\n */\n function add(UintSet storage set, uint256 value) internal returns (bool) {\n return _add(set._inner, bytes32(value));\n }\n\n /**\n * @dev Removes a value from a set. O(1).\n *\n * Returns true if the value was removed from the set, that is if it was\n * present.\n */\n function remove(UintSet storage set, uint256 value) internal returns (bool) {\n return _remove(set._inner, bytes32(value));\n }\n\n /**\n * @dev Returns true if the value is in the set. O(1).\n */\n function contains(UintSet storage set, uint256 value) internal view returns (bool) {\n return _contains(set._inner, bytes32(value));\n }\n\n /**\n * @dev Returns the number of values on the set. O(1).\n */\n function length(UintSet storage set) internal view returns (uint256) {\n return _length(set._inner);\n }\n\n /**\n * @dev Returns the value stored at position `index` in the set. O(1).\n *\n * Note that there are no guarantees on the ordering of values inside the\n * array, and it may change when more values are added or removed.\n *\n * Requirements:\n *\n * - `index` must be strictly less than {length}.\n */\n function at(UintSet storage set, uint256 index) internal view returns (uint256) {\n return uint256(_at(set._inner, index));\n }\n}\n\n/**\n * @dev Elliptic Curve Digital Signature Algorithm (ECDSA) operations.\n *\n * These functions can be used to verify that a message was signed by the holder\n * of the private keys of a given address.\n */\nlibrary ECDSA {\n /**\n * @dev Returns the address that signed a hashed message (`hash`) with\n * `signature`. This address can then be used for verification purposes.\n *\n * The `ecrecover` EVM opcode allows for malleable (non-unique) signatures:\n * this function rejects them by requiring the `s` value to be in the lower\n * half order, and the `v` value to be either 27 or 28.\n *\n * IMPORTANT: `hash` _must_ be the result of a hash operation for the\n * verification to be secure: it is possible to craft signatures that\n * recover to arbitrary addresses for non-hashed data. A safe way to ensure\n * this is by receiving a hash of the original message (which may otherwise\n * be too long), and then calling {toEthSignedMessageHash} on it.\n */\n function recover(bytes32 hash, bytes memory signature) internal pure returns (address) {\n // Check the signature length\n if (signature.length != 65) {\n revert(\"ECDSA: invalid signature length\");\n }\n\n // Divide the signature in r, s and v variables\n bytes32 r;\n bytes32 s;\n uint8 v;\n\n // ecrecover takes the signature parameters, and the only way to get them\n // currently is to use assembly.\n // solhint-disable-next-line no-inline-assembly\n assembly {\n r := mload(add(signature, 0x20))\n s := mload(add(signature, 0x40))\n v := byte(0, mload(add(signature, 0x60)))\n }\n\n return recover(hash, v, r, s);\n }\n\n /**\n * @dev Overload of {ECDSA-recover-bytes32-bytes-} that receives the `v`,\n * `r` and `s` signature fields separately.\n */\n function recover(bytes32 hash, uint8 v, bytes32 r, bytes32 s) internal pure returns (address) {\n // EIP-2 still allows signature malleability for ecrecover(). Remove this possibility and make the signature\n // unique. Appendix F in the Ethereum Yellow paper (https://ethereum.github.io/yellowpaper/paper.pdf), defines\n // the valid range for s in (281): 0 \u003c s \u003c secp256k1n ÷ 2 + 1, and for v in (282): v ∈ {27, 28}. Most\n // signatures from current libraries generate a unique signature with an s-value in the lower half order.\n //\n // If your library generates malleable signatures, such as s-values in the upper range, calculate a new s-value\n // with 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141 - s1 and flip v from 27 to 28 or\n // vice versa. If your library also generates signatures with 0/1 for v instead 27/28, add 27 to v to accept\n // these malleable signatures as well.\n require(uint256(s) \u003c= 0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0, \"ECDSA: invalid signature 's' value\");\n require(v == 27 || v == 28, \"ECDSA: invalid signature 'v' value\");\n\n // If the signature is valid (and not malleable), return the signer address\n address signer = ecrecover(hash, v, r, s);\n require(signer != address(0), \"ECDSA: invalid signature\");\n\n return signer;\n }\n\n /**\n * @dev Returns an Ethereum Signed Message, created from a `hash`. This\n * replicates the behavior of the\n * https://github.com/ethereum/wiki/wiki/JSON-RPC#eth_sign[`eth_sign`]\n * JSON-RPC method.\n *\n * See {recover}.\n */\n function toEthSignedMessageHash(bytes32 hash) internal pure returns (bytes32) {\n // 32 is the length in bytes of hash,\n // enforced by the type signature above\n return keccak256(abi.encodePacked(\"\\x19Ethereum Signed Message:\\n32\", hash));\n }\n}\n\ncontract Attestable is Ownable2Step {\n // ============ Events ============\n /**\n * @notice Emitted when an attester is enabled\n * @param attester newly enabled attester\n */\n event AttesterEnabled(address indexed attester);\n\n /**\n * @notice Emitted when an attester is disabled\n * @param attester newly disabled attester\n */\n event AttesterDisabled(address indexed attester);\n\n /**\n * @notice Emitted when threshold number of attestations (m in m/n multisig) is updated\n * @param oldSignatureThreshold old signature threshold\n * @param newSignatureThreshold new signature threshold\n */\n event SignatureThresholdUpdated(\n uint256 oldSignatureThreshold,\n uint256 newSignatureThreshold\n );\n\n /**\n * @dev Emitted when attester manager address is updated\n * @param previousAttesterManager representing the address of the previous attester manager\n * @param newAttesterManager representing the address of the new attester manager\n */\n event AttesterManagerUpdated(\n address indexed previousAttesterManager,\n address indexed newAttesterManager\n );\n\n // ============ Libraries ============\n using EnumerableSet for EnumerableSet.AddressSet;\n\n // ============ State Variables ============\n // number of signatures from distinct attesters required for a message to be received (m in m/n multisig)\n uint256 public signatureThreshold;\n\n // 65-byte ECDSA signature: v (32) + r (32) + s (1)\n uint256 internal constant signatureLength = 65;\n\n // enabled attesters (message signers)\n // (length of enabledAttesters is n in m/n multisig of message signers)\n EnumerableSet.AddressSet private enabledAttesters;\n\n // Attester Manager of the contract\n address private _attesterManager;\n\n // ============ Modifiers ============\n /**\n * @dev Throws if called by any account other than the attester manager.\n */\n modifier onlyAttesterManager() {\n require(msg.sender == _attesterManager, \"Caller not attester manager\");\n _;\n }\n\n // ============ Constructor ============\n /**\n * @dev The constructor sets the original attester manager of the contract to the sender account.\n * @param attester attester to initialize\n */\n constructor(address attester) {\n _setAttesterManager(msg.sender);\n // Initially 1 signature is required. Threshold can be increased by attesterManager.\n signatureThreshold = 1;\n enableAttester(attester);\n }\n\n // ============ Public/External Functions ============\n /**\n * @notice Enables an attester\n * @dev Only callable by attesterManager. New attester must be nonzero, and currently disabled.\n * @param newAttester attester to enable\n */\n function enableAttester(address newAttester) public onlyAttesterManager {\n require(newAttester != address(0), \"New attester must be nonzero\");\n require(enabledAttesters.add(newAttester), \"Attester already enabled\");\n emit AttesterEnabled(newAttester);\n }\n\n /**\n * @notice returns true if given `attester` is enabled, else false\n * @param attester attester to check enabled status of\n * @return true if given `attester` is enabled, else false\n */\n function isEnabledAttester(address attester) public view returns (bool) {\n return enabledAttesters.contains(attester);\n }\n\n /**\n * @notice returns the number of enabled attesters\n * @return number of enabled attesters\n */\n function getNumEnabledAttesters() public view returns (uint256) {\n return enabledAttesters.length();\n }\n\n /**\n * @dev Allows the current attester manager to transfer control of the contract to a newAttesterManager.\n * @param newAttesterManager The address to update attester manager to.\n */\n function updateAttesterManager(address newAttesterManager)\n external\n onlyOwner\n {\n require(\n newAttesterManager != address(0),\n \"Invalid attester manager address\"\n );\n address _oldAttesterManager = _attesterManager;\n _setAttesterManager(newAttesterManager);\n emit AttesterManagerUpdated(_oldAttesterManager, newAttesterManager);\n }\n\n /**\n * @notice Disables an attester\n * @dev Only callable by attesterManager. Disabling the attester is not allowed if there is only one attester\n * enabled, or if it would cause the number of enabled attesters to become less than signatureThreshold.\n * (Attester must be currently enabled.)\n * @param attester attester to disable\n */\n function disableAttester(address attester) external onlyAttesterManager {\n // Disallow disabling attester if there is only 1 active attester\n uint256 _numEnabledAttesters = getNumEnabledAttesters();\n\n require(_numEnabledAttesters \u003e 1, \"Too few enabled attesters\");\n\n // Disallow disabling an attester if it would cause the n in m/n multisig to fall below m (threshold # of signers).\n require(\n _numEnabledAttesters \u003e signatureThreshold,\n \"Signature threshold is too low\"\n );\n\n require(enabledAttesters.remove(attester), \"Attester already disabled\");\n emit AttesterDisabled(attester);\n }\n\n /**\n * @notice Sets the threshold of signatures required to attest to a message.\n * (This is the m in m/n multisig.)\n * @dev new signature threshold must be nonzero, and must not exceed number\n * of enabled attesters.\n * @param newSignatureThreshold new signature threshold\n */\n function setSignatureThreshold(uint256 newSignatureThreshold)\n external\n onlyAttesterManager\n {\n require(newSignatureThreshold != 0, \"Invalid signature threshold\");\n\n // New signature threshold cannot exceed the number of enabled attesters\n require(\n newSignatureThreshold \u003c= enabledAttesters.length(),\n \"New signature threshold too high\"\n );\n\n require(\n newSignatureThreshold != signatureThreshold,\n \"Signature threshold already set\"\n );\n\n uint256 _oldSignatureThreshold = signatureThreshold;\n signatureThreshold = newSignatureThreshold;\n emit SignatureThresholdUpdated(\n _oldSignatureThreshold,\n signatureThreshold\n );\n }\n\n /**\n * @dev Returns the address of the attester manager\n * @return address of the attester manager\n */\n function attesterManager() external view returns (address) {\n return _attesterManager;\n }\n\n /**\n * @notice gets enabled attester at given `index`\n * @param index index of attester to check\n * @return enabled attester at given `index`\n */\n function getEnabledAttester(uint256 index) external view returns (address) {\n return enabledAttesters.at(index);\n }\n\n // ============ Internal Utils ============\n /**\n * @dev Sets a new attester manager address\n * @param _newAttesterManager attester manager address to set\n */\n function _setAttesterManager(address _newAttesterManager) internal {\n _attesterManager = _newAttesterManager;\n }\n\n /**\n * @notice reverts if the attestation, which is comprised of one or more concatenated 65-byte signatures, is invalid.\n * @dev Rules for valid attestation:\n * 1. length of `_attestation` == 65 (signature length) * signatureThreshold\n * 2. addresses recovered from attestation must be in increasing order.\n * For example, if signature A is signed by address 0x1..., and signature B\n * is signed by address 0x2..., attestation must be passed as AB.\n * 3. no duplicate signers\n * 4. all signers must be enabled attesters\n *\n * Based on Christian Lundkvist's Simple Multisig\n * (https://github.com/christianlundkvist/simple-multisig/tree/560c463c8651e0a4da331bd8f245ccd2a48ab63d)\n * @param _message message to verify attestation of\n * @param _attestation attestation of `_message`\n */\n function _verifyAttestationSignatures(\n bytes calldata _message,\n bytes calldata _attestation\n ) internal view {\n require(\n _attestation.length == signatureLength * signatureThreshold,\n \"Invalid attestation length\"\n );\n\n // (Attesters cannot be address(0))\n address _latestAttesterAddress = address(0);\n // Address recovered from signatures must be in increasing order, to prevent duplicates\n\n bytes32 _digest = keccak256(_message);\n\n for (uint256 i; i \u003c signatureThreshold; ++i) {\n bytes memory _signature = _attestation[i * signatureLength:i *\n signatureLength +\n signatureLength];\n\n address _recoveredAttester = _recoverAttesterSignature(\n _digest,\n _signature\n );\n\n // Signatures must be in increasing order of address, and may not duplicate signatures from same address\n require(\n _recoveredAttester \u003e _latestAttesterAddress,\n \"Invalid signature order or dupe\"\n );\n require(\n isEnabledAttester(_recoveredAttester),\n \"Invalid signature: not attester\"\n );\n _latestAttesterAddress = _recoveredAttester;\n }\n }\n\n /**\n * @notice Checks that signature was signed by attester\n * @param _digest message hash\n * @param _signature message signature\n * @return address of recovered signer\n **/\n function _recoverAttesterSignature(bytes32 _digest, bytes memory _signature)\n internal\n pure\n returns (address)\n {\n return (ECDSA.recover(_digest, _signature));\n }\n}\n\n/**\n * @title MessageTransmitter\n * @notice Contract responsible for sending and receiving messages across chains.\n */\ncontract MessageTransmitter is\n IMessageTransmitter,\n Pausable,\n Rescuable,\n Attestable\n{\n // ============ Events ============\n /**\n * @notice Emitted when a new message is dispatched\n * @param message Raw bytes of message\n */\n event MessageSent(bytes message);\n\n /**\n * @notice Emitted when a new message is received\n * @param caller Caller (msg.sender) on destination domain\n * @param sourceDomain The source domain this message originated from\n * @param nonce The nonce unique to this message\n * @param sender The sender of this message\n * @param messageBody message body bytes\n */\n event MessageReceived(\n address indexed caller,\n uint32 sourceDomain,\n uint64 indexed nonce,\n bytes32 sender,\n bytes messageBody\n );\n\n /**\n * @notice Emitted when max message body size is updated\n * @param newMaxMessageBodySize new maximum message body size, in bytes\n */\n event MaxMessageBodySizeUpdated(uint256 newMaxMessageBodySize);\n\n // ============ Libraries ============\n using TypedMemView for bytes;\n using TypedMemView for bytes29;\n using Message for bytes29;\n\n // ============ State Variables ============\n // Domain of chain on which the contract is deployed\n uint32 public immutable localDomain;\n\n // Message Format version\n uint32 public immutable version;\n\n // Maximum size of message body, in bytes.\n // This value is set by owner.\n uint256 public maxMessageBodySize;\n\n // Next available nonce from this source domain\n uint64 public nextAvailableNonce;\n\n // Maps a bytes32 hash of (sourceDomain, nonce) -\u003e uint256 (0 if unused, 1 if used)\n mapping(bytes32 =\u003e uint256) public usedNonces;\n\n // ============ Constructor ============\n constructor(\n uint32 _localDomain,\n address _attester,\n uint32 _maxMessageBodySize,\n uint32 _version\n ) Attestable(_attester) {\n localDomain = _localDomain;\n maxMessageBodySize = _maxMessageBodySize;\n version = _version;\n }\n\n // ============ External Functions ============\n /**\n * @notice Send the message to the destination domain and recipient\n * @dev Increment nonce, format the message, and emit `MessageSent` event with message information.\n * @param destinationDomain Domain of destination chain\n * @param recipient Address of message recipient on destination chain as bytes32\n * @param messageBody Raw bytes content of message\n * @return nonce reserved by message\n */\n function sendMessage(\n uint32 destinationDomain,\n bytes32 recipient,\n bytes calldata messageBody\n ) external override whenNotPaused returns (uint64) {\n bytes32 _emptyDestinationCaller = bytes32(0);\n uint64 _nonce = _reserveAndIncrementNonce();\n bytes32 _messageSender = Message.addressToBytes32(msg.sender);\n\n _sendMessage(\n destinationDomain,\n recipient,\n _emptyDestinationCaller,\n _messageSender,\n _nonce,\n messageBody\n );\n\n return _nonce;\n }\n\n /**\n * @notice Replace a message with a new message body and/or destination caller.\n * @dev The `originalAttestation` must be a valid attestation of `originalMessage`.\n * Reverts if msg.sender does not match sender of original message, or if the source domain of the original message\n * does not match this MessageTransmitter's local domain.\n * @param originalMessage original message to replace\n * @param originalAttestation attestation of `originalMessage`\n * @param newMessageBody new message body of replaced message\n * @param newDestinationCaller the new destination caller, which may be the\n * same as the original destination caller, a new destination caller, or an empty\n * destination caller (bytes32(0), indicating that any destination caller is valid.)\n */\n function replaceMessage(\n bytes calldata originalMessage,\n bytes calldata originalAttestation,\n bytes calldata newMessageBody,\n bytes32 newDestinationCaller\n ) external override whenNotPaused {\n // Validate each signature in the attestation\n _verifyAttestationSignatures(originalMessage, originalAttestation);\n\n bytes29 _originalMsg = originalMessage.ref(0);\n\n // Validate message format\n _originalMsg._validateMessageFormat();\n\n // Validate message sender\n bytes32 _sender = _originalMsg._sender();\n require(\n msg.sender == Message.bytes32ToAddress(_sender),\n \"Sender not permitted to use nonce\"\n );\n\n // Validate source domain\n uint32 _sourceDomain = _originalMsg._sourceDomain();\n require(\n _sourceDomain == localDomain,\n \"Message not originally sent from this domain\"\n );\n\n uint32 _destinationDomain = _originalMsg._destinationDomain();\n bytes32 _recipient = _originalMsg._recipient();\n uint64 _nonce = _originalMsg._nonce();\n\n _sendMessage(\n _destinationDomain,\n _recipient,\n newDestinationCaller,\n _sender,\n _nonce,\n newMessageBody\n );\n }\n\n /**\n * @notice Send the message to the destination domain and recipient, for a specified `destinationCaller` on the\n * destination domain.\n * @dev Increment nonce, format the message, and emit `MessageSent` event with message information.\n * WARNING: if the `destinationCaller` does not represent a valid address, then it will not be possible\n * to broadcast the message on the destination domain. This is an advanced feature, and the standard\n * sendMessage() should be preferred for use cases where a specific destination caller is not required.\n * @param destinationDomain Domain of destination chain\n * @param recipient Address of message recipient on destination domain as bytes32\n * @param destinationCaller caller on the destination domain, as bytes32\n * @param messageBody Raw bytes content of message\n * @return nonce reserved by message\n */\n function sendMessageWithCaller(\n uint32 destinationDomain,\n bytes32 recipient,\n bytes32 destinationCaller,\n bytes calldata messageBody\n ) external override whenNotPaused returns (uint64) {\n require(\n destinationCaller != bytes32(0),\n \"Destination caller must be nonzero\"\n );\n\n uint64 _nonce = _reserveAndIncrementNonce();\n bytes32 _messageSender = Message.addressToBytes32(msg.sender);\n\n _sendMessage(\n destinationDomain,\n recipient,\n destinationCaller,\n _messageSender,\n _nonce,\n messageBody\n );\n\n return _nonce;\n }\n\n /**\n * @notice Receive a message. Messages with a given nonce\n * can only be broadcast once for a (sourceDomain, destinationDomain)\n * pair. The message body of a valid message is passed to the\n * specified recipient for further processing.\n *\n * @dev Attestation format:\n * A valid attestation is the concatenated 65-byte signature(s) of exactly\n * `thresholdSignature` signatures, in increasing order of attester address.\n * ***If the attester addresses recovered from signatures are not in\n * increasing order, signature verification will fail.***\n * If incorrect number of signatures or duplicate signatures are supplied,\n * signature verification will fail.\n *\n * Message format:\n * Field Bytes Type Index\n * version 4 uint32 0\n * sourceDomain 4 uint32 4\n * destinationDomain 4 uint32 8\n * nonce 8 uint64 12\n * sender 32 bytes32 20\n * recipient 32 bytes32 52\n * messageBody dynamic bytes 84\n * @param message Message bytes\n * @param attestation Concatenated 65-byte signature(s) of `message`, in increasing order\n * of the attester address recovered from signatures.\n * @return success bool, true if successful\n */\n function receiveMessage(bytes calldata message, bytes calldata attestation)\n external\n override\n whenNotPaused\n returns (bool success)\n {\n // Validate each signature in the attestation\n _verifyAttestationSignatures(message, attestation);\n\n bytes29 _msg = message.ref(0);\n\n // Validate message format\n _msg._validateMessageFormat();\n\n // Validate domain\n require(\n _msg._destinationDomain() == localDomain,\n \"Invalid destination domain\"\n );\n\n // Validate destination caller\n if (_msg._destinationCaller() != bytes32(0)) {\n require(\n _msg._destinationCaller() ==\n Message.addressToBytes32(msg.sender),\n \"Invalid caller for message\"\n );\n }\n\n // Validate version\n require(_msg._version() == version, \"Invalid message version\");\n\n // Validate nonce is available\n uint32 _sourceDomain = _msg._sourceDomain();\n uint64 _nonce = _msg._nonce();\n bytes32 _sourceAndNonce = _hashSourceAndNonce(_sourceDomain, _nonce);\n require(usedNonces[_sourceAndNonce] == 0, \"Nonce already used\");\n // Mark nonce used\n usedNonces[_sourceAndNonce] = 1;\n\n // Handle receive message\n bytes32 _sender = _msg._sender();\n bytes memory _messageBody = _msg._messageBody().clone();\n require(\n IMessageHandler(Message.bytes32ToAddress(_msg._recipient()))\n .handleReceiveMessage(_sourceDomain, _sender, _messageBody),\n \"handleReceiveMessage() failed\"\n );\n\n // Emit MessageReceived event\n emit MessageReceived(\n msg.sender,\n _sourceDomain,\n _nonce,\n _sender,\n _messageBody\n );\n return true;\n }\n\n /**\n * @notice Sets the max message body size\n * @dev This value should not be reduced without good reason,\n * to avoid impacting users who rely on large messages.\n * @param newMaxMessageBodySize new max message body size, in bytes\n */\n function setMaxMessageBodySize(uint256 newMaxMessageBodySize)\n external\n onlyOwner\n {\n maxMessageBodySize = newMaxMessageBodySize;\n emit MaxMessageBodySizeUpdated(maxMessageBodySize);\n }\n\n // ============ Internal Utils ============\n /**\n * @notice Send the message to the destination domain and recipient. If `_destinationCaller` is not equal to bytes32(0),\n * the message can only be received on the destination chain when called by `_destinationCaller`.\n * @dev Format the message and emit `MessageSent` event with message information.\n * @param _destinationDomain Domain of destination chain\n * @param _recipient Address of message recipient on destination domain as bytes32\n * @param _destinationCaller caller on the destination domain, as bytes32\n * @param _sender message sender, as bytes32\n * @param _nonce nonce reserved for message\n * @param _messageBody Raw bytes content of message\n */\n function _sendMessage(\n uint32 _destinationDomain,\n bytes32 _recipient,\n bytes32 _destinationCaller,\n bytes32 _sender,\n uint64 _nonce,\n bytes calldata _messageBody\n ) internal {\n // Validate message body length\n require(\n _messageBody.length \u003c= maxMessageBodySize,\n \"Message body exceeds max size\"\n );\n\n require(_recipient != bytes32(0), \"Recipient must be nonzero\");\n\n // serialize message\n bytes memory _message = Message._formatMessage(\n version,\n localDomain,\n _destinationDomain,\n _nonce,\n _sender,\n _recipient,\n _destinationCaller,\n _messageBody\n );\n\n // Emit MessageSent event\n emit MessageSent(_message);\n }\n\n /**\n * @notice hashes `_source` and `_nonce`.\n * @param _source Domain of chain where the transfer originated\n * @param _nonce The unique identifier for the message from source to\n destination\n * @return hash of source and nonce\n */\n function _hashSourceAndNonce(uint32 _source, uint64 _nonce)\n internal\n pure\n returns (bytes32)\n {\n return keccak256(abi.encodePacked(_source, _nonce));\n }\n\n /**\n * Reserve and increment next available nonce\n * @return nonce reserved\n */\n function _reserveAndIncrementNonce() internal returns (uint64) {\n uint64 _nonceReserved = nextAvailableNonce;\n nextAvailableNonce = nextAvailableNonce + 1;\n return _nonceReserved;\n }\n}\n","language":"Solidity","languageVersion":"0.7.6","compilerVersion":"0.7.6","compilerOptions":"--combined-json bin,bin-runtime,srcmap,srcmap-runtime,abi,userdoc,devdoc,metadata,hashes --optimize --optimize-runs 10000 --allow-paths ., ./, ../","srcMap":"73426:3104:0:-:0;;;;;;;;;;;;;;;;;;;;;;;;;","srcMapRuntime":"73426:3104:0:-:0;;;;;;;;","abiDefinition":[],"userDoc":{"kind":"user","methods":{},"version":1},"developerDoc":{"details":"Wrappers around ERC20 operations that throw on failure (when the token contract returns false). Tokens that return no value (and instead revert or throw on failure) are also supported, non-reverting calls are assumed to be successful. To use this library you can add a `using SafeERC20 for IERC20;` statement to your contract, which allows you to call the safe operations as `token.safeTransfer(...)`, etc.","kind":"dev","methods":{},"title":"SafeERC20","version":1},"metadata":"{\"compiler\":{\"version\":\"0.7.6+commit.7338295f\"},\"language\":\"Solidity\",\"output\":{\"abi\":[],\"devdoc\":{\"details\":\"Wrappers around ERC20 operations that throw on failure (when the token contract returns false). Tokens that return no value (and instead revert or throw on failure) are also supported, non-reverting calls are assumed to be successful. To use this library you can add a `using SafeERC20 for IERC20;` statement to your contract, which allows you to call the safe operations as `token.safeTransfer(...)`, etc.\",\"kind\":\"dev\",\"methods\":{},\"title\":\"SafeERC20\",\"version\":1},\"userdoc\":{\"kind\":\"user\",\"methods\":{},\"version\":1}},\"settings\":{\"compilationTarget\":{\"/solidity/MessageTransmitter.sol\":\"SafeERC20\"},\"evmVersion\":\"istanbul\",\"libraries\":{},\"metadata\":{\"bytecodeHash\":\"ipfs\"},\"optimizer\":{\"enabled\":true,\"runs\":10000},\"remappings\":[]},\"sources\":{\"/solidity/MessageTransmitter.sol\":{\"keccak256\":\"0x66482a7675b7a8f1b856597c0bcce83a042b7f528008def6999bc6ac352490c3\",\"urls\":[\"bzz-raw://1ac50e39d1d55ebb3768c40e3a059e0061a4b3604e6d696b344536449bf54493\",\"dweb:/ipfs/QmVs58APPUCVq74xCsVLCMdfB18yJTqFzgXNL5qEJu7GY6\"]}},\"version\":1}"},"hashes":{}},"/solidity/MessageTransmitter.sol:SafeMath":{"code":"0x60566023600b82828239805160001a607314601657fe5b30600052607381538281f3fe73000000000000000000000000000000000000000030146080604052600080fdfea2646970667358221220af9492fa74450900982792140a6f65f4b785f62d74325ae05a4f942a997ef82064736f6c63430007060033","runtime-code":"0x73000000000000000000000000000000000000000030146080604052600080fdfea2646970667358221220af9492fa74450900982792140a6f65f4b785f62d74325ae05a4f942a997ef82064736f6c63430007060033","info":{"source":"/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npragma solidity 0.7.6;\n\n/*\nThe MIT License (MIT)\n\nCopyright (c) 2016 Smart Contract Solutions, Inc.\n\nPermission is hereby granted, free of charge, to any person obtaining\na copy of this software and associated documentation files (the\n\"Software\"), to deal in the Software without restriction, including\nwithout limitation the rights to use, copy, modify, merge, publish,\ndistribute, sublicense, and/or sell copies of the Software, and to\npermit persons to whom the Software is furnished to do so, subject to\nthe following conditions:\n\nThe above copyright notice and this permission notice shall be included\nin all copies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS\nOR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF\nMERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.\nIN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY\nCLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,\nTORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE\nSOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n*/\n\nlibrary TypedMemView {\n using SafeMath for uint256;\n\n // Why does this exist?\n // the solidity `bytes memory` type has a few weaknesses.\n // 1. You can't index ranges effectively\n // 2. You can't slice without copying\n // 3. The underlying data may represent any type\n // 4. Solidity never deallocates memory, and memory costs grow\n // superlinearly\n\n // By using a memory view instead of a `bytes memory` we get the following\n // advantages:\n // 1. Slices are done on the stack, by manipulating the pointer\n // 2. We can index arbitrary ranges and quickly convert them to stack types\n // 3. We can insert type info into the pointer, and typecheck at runtime\n\n // This makes `TypedMemView` a useful tool for efficient zero-copy\n // algorithms.\n\n // Why bytes29?\n // We want to avoid confusion between views, digests, and other common\n // types so we chose a large and uncommonly used odd number of bytes\n //\n // Note that while bytes are left-aligned in a word, integers and addresses\n // are right-aligned. This means when working in assembly we have to\n // account for the 3 unused bytes on the righthand side\n //\n // First 5 bytes are a type flag.\n // - ff_ffff_fffe is reserved for unknown type.\n // - ff_ffff_ffff is reserved for invalid types/errors.\n // next 12 are memory address\n // next 12 are len\n // bottom 3 bytes are empty\n\n // Assumptions:\n // - non-modification of memory.\n // - No Solidity updates\n // - - wrt free mem point\n // - - wrt bytes representation in memory\n // - - wrt memory addressing in general\n\n // Usage:\n // - create type constants\n // - use `assertType` for runtime type assertions\n // - - unfortunately we can't do this at compile time yet :(\n // - recommended: implement modifiers that perform type checking\n // - - e.g.\n // - - `uint40 constant MY_TYPE = 3;`\n // - - ` modifer onlyMyType(bytes29 myView) { myView.assertType(MY_TYPE); }`\n // - instantiate a typed view from a bytearray using `ref`\n // - use `index` to inspect the contents of the view\n // - use `slice` to create smaller views into the same memory\n // - - `slice` can increase the offset\n // - - `slice can decrease the length`\n // - - must specify the output type of `slice`\n // - - `slice` will return a null view if you try to overrun\n // - - make sure to explicitly check for this with `notNull` or `assertType`\n // - use `equal` for typed comparisons.\n\n // The null view\n bytes29 public constant NULL = hex\"ffffffffffffffffffffffffffffffffffffffffffffffffffffffffff\";\n uint256 constant LOW_12_MASK = 0xffffffffffffffffffffffff;\n uint8 constant TWELVE_BYTES = 96;\n\n /**\n * @notice Returns the encoded hex character that represents the lower 4 bits of the argument.\n * @param _b The byte\n * @return char - The encoded hex character\n */\n function nibbleHex(uint8 _b) internal pure returns (uint8 char) {\n // This can probably be done more efficiently, but it's only in error\n // paths, so we don't really care :)\n uint8 _nibble = _b | 0xf0; // set top 4, keep bottom 4\n if (_nibble == 0xf0) {return 0x30;} // 0\n if (_nibble == 0xf1) {return 0x31;} // 1\n if (_nibble == 0xf2) {return 0x32;} // 2\n if (_nibble == 0xf3) {return 0x33;} // 3\n if (_nibble == 0xf4) {return 0x34;} // 4\n if (_nibble == 0xf5) {return 0x35;} // 5\n if (_nibble == 0xf6) {return 0x36;} // 6\n if (_nibble == 0xf7) {return 0x37;} // 7\n if (_nibble == 0xf8) {return 0x38;} // 8\n if (_nibble == 0xf9) {return 0x39;} // 9\n if (_nibble == 0xfa) {return 0x61;} // a\n if (_nibble == 0xfb) {return 0x62;} // b\n if (_nibble == 0xfc) {return 0x63;} // c\n if (_nibble == 0xfd) {return 0x64;} // d\n if (_nibble == 0xfe) {return 0x65;} // e\n if (_nibble == 0xff) {return 0x66;} // f\n }\n\n /**\n * @notice Returns a uint16 containing the hex-encoded byte.\n * @param _b The byte\n * @return encoded - The hex-encoded byte\n */\n function byteHex(uint8 _b) internal pure returns (uint16 encoded) {\n encoded |= nibbleHex(_b \u003e\u003e 4); // top 4 bits\n encoded \u003c\u003c= 8;\n encoded |= nibbleHex(_b); // lower 4 bits\n }\n\n /**\n * @notice Encodes the uint256 to hex. `first` contains the encoded top 16 bytes.\n * `second` contains the encoded lower 16 bytes.\n *\n * @param _b The 32 bytes as uint256\n * @return first - The top 16 bytes\n * @return second - The bottom 16 bytes\n */\n function encodeHex(uint256 _b) internal pure returns (uint256 first, uint256 second) {\n for (uint8 i = 31; i \u003e 15; i -= 1) {\n uint8 _byte = uint8(_b \u003e\u003e (i * 8));\n first |= byteHex(_byte);\n if (i != 16) {\n first \u003c\u003c= 16;\n }\n }\n\n // abusing underflow here =_=\n for (uint8 i = 15; i \u003c 255 ; i -= 1) {\n uint8 _byte = uint8(_b \u003e\u003e (i * 8));\n second |= byteHex(_byte);\n if (i != 0) {\n second \u003c\u003c= 16;\n }\n }\n }\n\n /**\n * @notice Changes the endianness of a uint256.\n * @dev https://graphics.stanford.edu/~seander/bithacks.html#ReverseParallel\n * @param _b The unsigned integer to reverse\n * @return v - The reversed value\n */\n function reverseUint256(uint256 _b) internal pure returns (uint256 v) {\n v = _b;\n\n // swap bytes\n v = ((v \u003e\u003e 8) \u0026 0x00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF) |\n ((v \u0026 0x00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF) \u003c\u003c 8);\n // swap 2-byte long pairs\n v = ((v \u003e\u003e 16) \u0026 0x0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF) |\n ((v \u0026 0x0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF) \u003c\u003c 16);\n // swap 4-byte long pairs\n v = ((v \u003e\u003e 32) \u0026 0x00000000FFFFFFFF00000000FFFFFFFF00000000FFFFFFFF00000000FFFFFFFF) |\n ((v \u0026 0x00000000FFFFFFFF00000000FFFFFFFF00000000FFFFFFFF00000000FFFFFFFF) \u003c\u003c 32);\n // swap 8-byte long pairs\n v = ((v \u003e\u003e 64) \u0026 0x0000000000000000FFFFFFFFFFFFFFFF0000000000000000FFFFFFFFFFFFFFFF) |\n ((v \u0026 0x0000000000000000FFFFFFFFFFFFFFFF0000000000000000FFFFFFFFFFFFFFFF) \u003c\u003c 64);\n // swap 16-byte long pairs\n v = (v \u003e\u003e 128) | (v \u003c\u003c 128);\n }\n\n /**\n * @notice Create a mask with the highest `_len` bits set.\n * @param _len The length\n * @return mask - The mask\n */\n function leftMask(uint8 _len) private pure returns (uint256 mask) {\n // ugly. redo without assembly?\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n mask := sar(\n sub(_len, 1),\n 0x8000000000000000000000000000000000000000000000000000000000000000\n )\n }\n }\n\n /**\n * @notice Return the null view.\n * @return bytes29 - The null view\n */\n function nullView() internal pure returns (bytes29) {\n return NULL;\n }\n\n /**\n * @notice Check if the view is null.\n * @return bool - True if the view is null\n */\n function isNull(bytes29 memView) internal pure returns (bool) {\n return memView == NULL;\n }\n\n /**\n * @notice Check if the view is not null.\n * @return bool - True if the view is not null\n */\n function notNull(bytes29 memView) internal pure returns (bool) {\n return !isNull(memView);\n }\n\n /**\n * @notice Check if the view is of a valid type and points to a valid location\n * in memory.\n * @dev We perform this check by examining solidity's unallocated memory\n * pointer and ensuring that the view's upper bound is less than that.\n * @param memView The view\n * @return ret - True if the view is valid\n */\n function isValid(bytes29 memView) internal pure returns (bool ret) {\n if (typeOf(memView) == 0xffffffffff) {return false;}\n uint256 _end = end(memView);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n ret := not(gt(_end, mload(0x40)))\n }\n }\n\n /**\n * @notice Require that a typed memory view be valid.\n * @dev Returns the view for easy chaining.\n * @param memView The view\n * @return bytes29 - The validated view\n */\n function assertValid(bytes29 memView) internal pure returns (bytes29) {\n require(isValid(memView), \"Validity assertion failed\");\n return memView;\n }\n\n /**\n * @notice Return true if the memview is of the expected type. Otherwise false.\n * @param memView The view\n * @param _expected The expected type\n * @return bool - True if the memview is of the expected type\n */\n function isType(bytes29 memView, uint40 _expected) internal pure returns (bool) {\n return typeOf(memView) == _expected;\n }\n\n /**\n * @notice Require that a typed memory view has a specific type.\n * @dev Returns the view for easy chaining.\n * @param memView The view\n * @param _expected The expected type\n * @return bytes29 - The view with validated type\n */\n function assertType(bytes29 memView, uint40 _expected) internal pure returns (bytes29) {\n if (!isType(memView, _expected)) {\n (, uint256 g) = encodeHex(uint256(typeOf(memView)));\n (, uint256 e) = encodeHex(uint256(_expected));\n string memory err = string(\n abi.encodePacked(\n \"Type assertion failed. Got 0x\",\n uint80(g),\n \". Expected 0x\",\n uint80(e)\n )\n );\n revert(err);\n }\n return memView;\n }\n\n /**\n * @notice Return an identical view with a different type.\n * @param memView The view\n * @param _newType The new type\n * @return newView - The new view with the specified type\n */\n function castTo(bytes29 memView, uint40 _newType) internal pure returns (bytes29 newView) {\n // then | in the new type\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n // shift off the top 5 bytes\n newView := or(newView, shr(40, shl(40, memView)))\n newView := or(newView, shl(216, _newType))\n }\n }\n\n /**\n * @notice Unsafe raw pointer construction. This should generally not be called\n * directly. Prefer `ref` wherever possible.\n * @dev Unsafe raw pointer construction. This should generally not be called\n * directly. Prefer `ref` wherever possible.\n * @param _type The type\n * @param _loc The memory address\n * @param _len The length\n * @return newView - The new view with the specified type, location and length\n */\n function unsafeBuildUnchecked(uint256 _type, uint256 _loc, uint256 _len) private pure returns (bytes29 newView) {\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n newView := shl(96, or(newView, _type)) // insert type\n newView := shl(96, or(newView, _loc)) // insert loc\n newView := shl(24, or(newView, _len)) // empty bottom 3 bytes\n }\n }\n\n /**\n * @notice Instantiate a new memory view. This should generally not be called\n * directly. Prefer `ref` wherever possible.\n * @dev Instantiate a new memory view. This should generally not be called\n * directly. Prefer `ref` wherever possible.\n * @param _type The type\n * @param _loc The memory address\n * @param _len The length\n * @return newView - The new view with the specified type, location and length\n */\n function build(uint256 _type, uint256 _loc, uint256 _len) internal pure returns (bytes29 newView) {\n uint256 _end = _loc.add(_len);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n if gt(_end, mload(0x40)) {\n _end := 0\n }\n }\n if (_end == 0) {\n return NULL;\n }\n newView = unsafeBuildUnchecked(_type, _loc, _len);\n }\n\n /**\n * @notice Instantiate a memory view from a byte array.\n * @dev Note that due to Solidity memory representation, it is not possible to\n * implement a deref, as the `bytes` type stores its len in memory.\n * @param arr The byte array\n * @param newType The type\n * @return bytes29 - The memory view\n */\n function ref(bytes memory arr, uint40 newType) internal pure returns (bytes29) {\n uint256 _len = arr.length;\n\n uint256 _loc;\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n _loc := add(arr, 0x20) // our view is of the data, not the struct\n }\n\n return build(newType, _loc, _len);\n }\n\n /**\n * @notice Return the associated type information.\n * @param memView The memory view\n * @return _type - The type associated with the view\n */\n function typeOf(bytes29 memView) internal pure returns (uint40 _type) {\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n // 216 == 256 - 40\n _type := shr(216, memView) // shift out lower 24 bytes\n }\n }\n\n /**\n * @notice Optimized type comparison. Checks that the 5-byte type flag is equal.\n * @param left The first view\n * @param right The second view\n * @return bool - True if the 5-byte type flag is equal\n */\n function sameType(bytes29 left, bytes29 right) internal pure returns (bool) {\n return (left ^ right) \u003e\u003e (2 * TWELVE_BYTES) == 0;\n }\n\n /**\n * @notice Return the memory address of the underlying bytes.\n * @param memView The view\n * @return _loc - The memory address\n */\n function loc(bytes29 memView) internal pure returns (uint96 _loc) {\n uint256 _mask = LOW_12_MASK; // assembly can't use globals\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n // 120 bits = 12 bytes (the encoded loc) + 3 bytes (empty low space)\n _loc := and(shr(120, memView), _mask)\n }\n }\n\n /**\n * @notice The number of memory words this memory view occupies, rounded up.\n * @param memView The view\n * @return uint256 - The number of memory words\n */\n function words(bytes29 memView) internal pure returns (uint256) {\n return uint256(len(memView)).add(32) / 32;\n }\n\n /**\n * @notice The in-memory footprint of a fresh copy of the view.\n * @param memView The view\n * @return uint256 - The in-memory footprint of a fresh copy of the view.\n */\n function footprint(bytes29 memView) internal pure returns (uint256) {\n return words(memView) * 32;\n }\n\n /**\n * @notice The number of bytes of the view.\n * @param memView The view\n * @return _len - The length of the view\n */\n function len(bytes29 memView) internal pure returns (uint96 _len) {\n uint256 _mask = LOW_12_MASK; // assembly can't use globals\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n _len := and(shr(24, memView), _mask)\n }\n }\n\n /**\n * @notice Returns the endpoint of `memView`.\n * @param memView The view\n * @return uint256 - The endpoint of `memView`\n */\n function end(bytes29 memView) internal pure returns (uint256) {\n return loc(memView) + len(memView);\n }\n\n /**\n * @notice Safe slicing without memory modification.\n * @param memView The view\n * @param _index The start index\n * @param _len The length\n * @param newType The new type\n * @return bytes29 - The new view\n */\n function slice(bytes29 memView, uint256 _index, uint256 _len, uint40 newType) internal pure returns (bytes29) {\n uint256 _loc = loc(memView);\n\n // Ensure it doesn't overrun the view\n if (_loc.add(_index).add(_len) \u003e end(memView)) {\n return NULL;\n }\n\n _loc = _loc.add(_index);\n return build(newType, _loc, _len);\n }\n\n /**\n * @notice Shortcut to `slice`. Gets a view representing the first `_len` bytes.\n * @param memView The view\n * @param _len The length\n * @param newType The new type\n * @return bytes29 - The new view\n */\n function prefix(bytes29 memView, uint256 _len, uint40 newType) internal pure returns (bytes29) {\n return slice(memView, 0, _len, newType);\n }\n\n /**\n * @notice Shortcut to `slice`. Gets a view representing the last `_len` byte.\n * @param memView The view\n * @param _len The length\n * @param newType The new type\n * @return bytes29 - The new view\n */\n function postfix(bytes29 memView, uint256 _len, uint40 newType) internal pure returns (bytes29) {\n return slice(memView, uint256(len(memView)).sub(_len), _len, newType);\n }\n\n /**\n * @notice Construct an error message for an indexing overrun.\n * @param _loc The memory address\n * @param _len The length\n * @param _index The index\n * @param _slice The slice where the overrun occurred\n * @return err - The err\n */\n function indexErrOverrun(\n uint256 _loc,\n uint256 _len,\n uint256 _index,\n uint256 _slice\n ) internal pure returns (string memory err) {\n (, uint256 a) = encodeHex(_loc);\n (, uint256 b) = encodeHex(_len);\n (, uint256 c) = encodeHex(_index);\n (, uint256 d) = encodeHex(_slice);\n err = string(\n abi.encodePacked(\n \"TypedMemView/index - Overran the view. Slice is at 0x\",\n uint48(a),\n \" with length 0x\",\n uint48(b),\n \". Attempted to index at offset 0x\",\n uint48(c),\n \" with length 0x\",\n uint48(d),\n \".\"\n )\n );\n }\n\n /**\n * @notice Load up to 32 bytes from the view onto the stack.\n * @dev Returns a bytes32 with only the `_bytes` highest bytes set.\n * This can be immediately cast to a smaller fixed-length byte array.\n * To automatically cast to an integer, use `indexUint`.\n * @param memView The view\n * @param _index The index\n * @param _bytes The bytes\n * @return result - The 32 byte result\n */\n function index(bytes29 memView, uint256 _index, uint8 _bytes) internal pure returns (bytes32 result) {\n if (_bytes == 0) {return bytes32(0);}\n if (_index.add(_bytes) \u003e len(memView)) {\n revert(indexErrOverrun(loc(memView), len(memView), _index, uint256(_bytes)));\n }\n require(_bytes \u003c= 32, \"TypedMemView/index - Attempted to index more than 32 bytes\");\n\n uint8 bitLength = _bytes * 8;\n uint256 _loc = loc(memView);\n uint256 _mask = leftMask(bitLength);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n result := and(mload(add(_loc, _index)), _mask)\n }\n }\n\n /**\n * @notice Parse an unsigned integer from the view at `_index`.\n * @dev Requires that the view have \u003e= `_bytes` bytes following that index.\n * @param memView The view\n * @param _index The index\n * @param _bytes The bytes\n * @return result - The unsigned integer\n */\n function indexUint(bytes29 memView, uint256 _index, uint8 _bytes) internal pure returns (uint256 result) {\n return uint256(index(memView, _index, _bytes)) \u003e\u003e ((32 - _bytes) * 8);\n }\n\n /**\n * @notice Parse an unsigned integer from LE bytes.\n * @param memView The view\n * @param _index The index\n * @param _bytes The bytes\n * @return result - The unsigned integer\n */\n function indexLEUint(bytes29 memView, uint256 _index, uint8 _bytes) internal pure returns (uint256 result) {\n return reverseUint256(uint256(index(memView, _index, _bytes)));\n }\n\n /**\n * @notice Parse an address from the view at `_index`. Requires that the view have \u003e= 20 bytes\n * following that index.\n * @param memView The view\n * @param _index The index\n * @return address - The address\n */\n function indexAddress(bytes29 memView, uint256 _index) internal pure returns (address) {\n return address(uint160(indexUint(memView, _index, 20)));\n }\n\n /**\n * @notice Return the keccak256 hash of the underlying memory\n * @param memView The view\n * @return digest - The keccak256 hash of the underlying memory\n */\n function keccak(bytes29 memView) internal pure returns (bytes32 digest) {\n uint256 _loc = loc(memView);\n uint256 _len = len(memView);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n digest := keccak256(_loc, _len)\n }\n }\n\n /**\n * @notice Return the sha2 digest of the underlying memory.\n * @dev We explicitly deallocate memory afterwards.\n * @param memView The view\n * @return digest - The sha2 hash of the underlying memory\n */\n function sha2(bytes29 memView) internal view returns (bytes32 digest) {\n uint256 _loc = loc(memView);\n uint256 _len = len(memView);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n let ptr := mload(0x40)\n pop(staticcall(gas(), 2, _loc, _len, ptr, 0x20)) // sha2 #1\n digest := mload(ptr)\n }\n }\n\n /**\n * @notice Implements bitcoin's hash160 (rmd160(sha2()))\n * @param memView The pre-image\n * @return digest - the Digest\n */\n function hash160(bytes29 memView) internal view returns (bytes20 digest) {\n uint256 _loc = loc(memView);\n uint256 _len = len(memView);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n let ptr := mload(0x40)\n pop(staticcall(gas(), 2, _loc, _len, ptr, 0x20)) // sha2\n pop(staticcall(gas(), 3, ptr, 0x20, ptr, 0x20)) // rmd160\n digest := mload(add(ptr, 0xc)) // return value is 0-prefixed.\n }\n }\n\n /**\n * @notice Implements bitcoin's hash256 (double sha2)\n * @param memView A view of the preimage\n * @return digest - the Digest\n */\n function hash256(bytes29 memView) internal view returns (bytes32 digest) {\n uint256 _loc = loc(memView);\n uint256 _len = len(memView);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n let ptr := mload(0x40)\n pop(staticcall(gas(), 2, _loc, _len, ptr, 0x20)) // sha2 #1\n pop(staticcall(gas(), 2, ptr, 0x20, ptr, 0x20)) // sha2 #2\n digest := mload(ptr)\n }\n }\n\n /**\n * @notice Return true if the underlying memory is equal. Else false.\n * @param left The first view\n * @param right The second view\n * @return bool - True if the underlying memory is equal\n */\n function untypedEqual(bytes29 left, bytes29 right) internal pure returns (bool) {\n return (loc(left) == loc(right) \u0026\u0026 len(left) == len(right)) || keccak(left) == keccak(right);\n }\n\n /**\n * @notice Return false if the underlying memory is equal. Else true.\n * @param left The first view\n * @param right The second view\n * @return bool - False if the underlying memory is equal\n */\n function untypedNotEqual(bytes29 left, bytes29 right) internal pure returns (bool) {\n return !untypedEqual(left, right);\n }\n\n /**\n * @notice Compares type equality.\n * @dev Shortcuts if the pointers are identical, otherwise compares type and digest.\n * @param left The first view\n * @param right The second view\n * @return bool - True if the types are the same\n */\n function equal(bytes29 left, bytes29 right) internal pure returns (bool) {\n return left == right || (typeOf(left) == typeOf(right) \u0026\u0026 keccak(left) == keccak(right));\n }\n\n /**\n * @notice Compares type inequality.\n * @dev Shortcuts if the pointers are identical, otherwise compares type and digest.\n * @param left The first view\n * @param right The second view\n * @return bool - True if the types are not the same\n */\n function notEqual(bytes29 left, bytes29 right) internal pure returns (bool) {\n return !equal(left, right);\n }\n\n /**\n * @notice Copy the view to a location, return an unsafe memory reference\n * @dev Super Dangerous direct memory access.\n *\n * This reference can be overwritten if anything else modifies memory (!!!).\n * As such it MUST be consumed IMMEDIATELY.\n * This function is private to prevent unsafe usage by callers.\n * @param memView The view\n * @param _newLoc The new location\n * @return written - the unsafe memory reference\n */\n function unsafeCopyTo(bytes29 memView, uint256 _newLoc) private view returns (bytes29 written) {\n require(notNull(memView), \"TypedMemView/copyTo - Null pointer deref\");\n require(isValid(memView), \"TypedMemView/copyTo - Invalid pointer deref\");\n uint256 _len = len(memView);\n uint256 _oldLoc = loc(memView);\n\n uint256 ptr;\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n ptr := mload(0x40)\n // revert if we're writing in occupied memory\n if gt(ptr, _newLoc) {\n revert(0x60, 0x20) // empty revert message\n }\n\n // use the identity precompile to copy\n // guaranteed not to fail, so pop the success\n pop(staticcall(gas(), 4, _oldLoc, _len, _newLoc, _len))\n }\n\n written = unsafeBuildUnchecked(typeOf(memView), _newLoc, _len);\n }\n\n /**\n * @notice Copies the referenced memory to a new loc in memory, returning a `bytes` pointing to\n * the new memory\n * @dev Shortcuts if the pointers are identical, otherwise compares type and digest.\n * @param memView The view\n * @return ret - The view pointing to the new memory\n */\n function clone(bytes29 memView) internal view returns (bytes memory ret) {\n uint256 ptr;\n uint256 _len = len(memView);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n ptr := mload(0x40) // load unused memory pointer\n ret := ptr\n }\n unsafeCopyTo(memView, ptr + 0x20);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n mstore(0x40, add(add(ptr, _len), 0x20)) // write new unused pointer\n mstore(ptr, _len) // write len of new array (in bytes)\n }\n }\n\n /**\n * @notice Join the views in memory, return an unsafe reference to the memory.\n * @dev Super Dangerous direct memory access.\n *\n * This reference can be overwritten if anything else modifies memory (!!!).\n * As such it MUST be consumed IMMEDIATELY.\n * This function is private to prevent unsafe usage by callers.\n * @param memViews The views\n * @return unsafeView - The conjoined view pointing to the new memory\n */\n function unsafeJoin(bytes29[] memory memViews, uint256 _location) private view returns (bytes29 unsafeView) {\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n let ptr := mload(0x40)\n // revert if we're writing in occupied memory\n if gt(ptr, _location) {\n revert(0x60, 0x20) // empty revert message\n }\n }\n\n uint256 _offset = 0;\n for (uint256 i = 0; i \u003c memViews.length; i ++) {\n bytes29 memView = memViews[i];\n unsafeCopyTo(memView, _location + _offset);\n _offset += len(memView);\n }\n unsafeView = unsafeBuildUnchecked(0, _location, _offset);\n }\n\n /**\n * @notice Produce the keccak256 digest of the concatenated contents of multiple views.\n * @param memViews The views\n * @return bytes32 - The keccak256 digest\n */\n function joinKeccak(bytes29[] memory memViews) internal view returns (bytes32) {\n uint256 ptr;\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n ptr := mload(0x40) // load unused memory pointer\n }\n return keccak(unsafeJoin(memViews, ptr));\n }\n\n /**\n * @notice Produce the sha256 digest of the concatenated contents of multiple views.\n * @param memViews The views\n * @return bytes32 - The sha256 digest\n */\n function joinSha2(bytes29[] memory memViews) internal view returns (bytes32) {\n uint256 ptr;\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n ptr := mload(0x40) // load unused memory pointer\n }\n return sha2(unsafeJoin(memViews, ptr));\n }\n\n /**\n * @notice copies all views, joins them into a new bytearray.\n * @param memViews The views\n * @return ret - The new byte array\n */\n function join(bytes29[] memory memViews) internal view returns (bytes memory ret) {\n uint256 ptr;\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n ptr := mload(0x40) // load unused memory pointer\n }\n\n bytes29 _newView = unsafeJoin(memViews, ptr + 0x20);\n uint256 _written = len(_newView);\n uint256 _footprint = footprint(_newView);\n\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n // store the legnth\n mstore(ptr, _written)\n // new pointer is old + 0x20 + the footprint of the body\n mstore(0x40, add(add(ptr, _footprint), 0x20))\n ret := ptr\n }\n }\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * @title IRelayer\n * @notice Sends messages from source domain to destination domain\n */\ninterface IRelayer {\n /**\n * @notice Sends an outgoing message from the source domain.\n * @dev Increment nonce, format the message, and emit `MessageSent` event with message information.\n * @param destinationDomain Domain of destination chain\n * @param recipient Address of message recipient on destination domain as bytes32\n * @param messageBody Raw bytes content of message\n * @return nonce reserved by message\n */\n function sendMessage(\n uint32 destinationDomain,\n bytes32 recipient,\n bytes calldata messageBody\n ) external returns (uint64);\n\n /**\n * @notice Sends an outgoing message from the source domain, with a specified caller on the\n * destination domain.\n * @dev Increment nonce, format the message, and emit `MessageSent` event with message information.\n * WARNING: if the `destinationCaller` does not represent a valid address as bytes32, then it will not be possible\n * to broadcast the message on the destination domain. This is an advanced feature, and the standard\n * sendMessage() should be preferred for use cases where a specific destination caller is not required.\n * @param destinationDomain Domain of destination chain\n * @param recipient Address of message recipient on destination domain as bytes32\n * @param destinationCaller caller on the destination domain, as bytes32\n * @param messageBody Raw bytes content of message\n * @return nonce reserved by message\n */\n function sendMessageWithCaller(\n uint32 destinationDomain,\n bytes32 recipient,\n bytes32 destinationCaller,\n bytes calldata messageBody\n ) external returns (uint64);\n\n /**\n * @notice Replace a message with a new message body and/or destination caller.\n * @dev The `originalAttestation` must be a valid attestation of `originalMessage`.\n * @param originalMessage original message to replace\n * @param originalAttestation attestation of `originalMessage`\n * @param newMessageBody new message body of replaced message\n * @param newDestinationCaller the new destination caller\n */\n function replaceMessage(\n bytes calldata originalMessage,\n bytes calldata originalAttestation,\n bytes calldata newMessageBody,\n bytes32 newDestinationCaller\n ) external;\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * @title IReceiver\n * @notice Receives messages on destination chain and forwards them to IMessageDestinationHandler\n */\ninterface IReceiver {\n /**\n * @notice Receives an incoming message, validating the header and passing\n * the body to application-specific handler.\n * @param message The message raw bytes\n * @param signature The message signature\n * @return success bool, true if successful\n */\n function receiveMessage(bytes calldata message, bytes calldata signature)\n external\n returns (bool success);\n}\n\n/**\n * @title IMessageTransmitter\n * @notice Interface for message transmitters, which both relay and receive messages.\n */\ninterface IMessageTransmitter is IRelayer, IReceiver {\n\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * @title IMessageHandler\n * @notice Handles messages on destination domain forwarded from\n * an IReceiver\n */\ninterface IMessageHandler {\n /**\n * @notice handles an incoming message from a Receiver\n * @param sourceDomain the source domain of the message\n * @param sender the sender of the message\n * @param messageBody The message raw bytes\n * @return success bool, true if successful\n */\n function handleReceiveMessage(\n uint32 sourceDomain,\n bytes32 sender,\n bytes calldata messageBody\n ) external returns (bool);\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * @title Message Library\n * @notice Library for formatted messages used by Relayer and Receiver.\n *\n * @dev The message body is dynamically-sized to support custom message body\n * formats. Other fields must be fixed-size to avoid hash collisions.\n * Each other input value has an explicit type to guarantee fixed-size.\n * Padding: uintNN fields are left-padded, and bytesNN fields are right-padded.\n *\n * Field Bytes Type Index\n * version 4 uint32 0\n * sourceDomain 4 uint32 4\n * destinationDomain 4 uint32 8\n * nonce 8 uint64 12\n * sender 32 bytes32 20\n * recipient 32 bytes32 52\n * destinationCaller 32 bytes32 84\n * messageBody dynamic bytes 116\n *\n **/\nlibrary Message {\n using TypedMemView for bytes;\n using TypedMemView for bytes29;\n\n // Indices of each field in message\n uint8 private constant VERSION_INDEX = 0;\n uint8 private constant SOURCE_DOMAIN_INDEX = 4;\n uint8 private constant DESTINATION_DOMAIN_INDEX = 8;\n uint8 private constant NONCE_INDEX = 12;\n uint8 private constant SENDER_INDEX = 20;\n uint8 private constant RECIPIENT_INDEX = 52;\n uint8 private constant DESTINATION_CALLER_INDEX = 84;\n uint8 private constant MESSAGE_BODY_INDEX = 116;\n\n /**\n * @notice Returns formatted (packed) message with provided fields\n * @param _msgVersion the version of the message format\n * @param _msgSourceDomain Domain of home chain\n * @param _msgDestinationDomain Domain of destination chain\n * @param _msgNonce Destination-specific nonce\n * @param _msgSender Address of sender on source chain as bytes32\n * @param _msgRecipient Address of recipient on destination chain as bytes32\n * @param _msgDestinationCaller Address of caller on destination chain as bytes32\n * @param _msgRawBody Raw bytes of message body\n * @return Formatted message\n **/\n function _formatMessage(\n uint32 _msgVersion,\n uint32 _msgSourceDomain,\n uint32 _msgDestinationDomain,\n uint64 _msgNonce,\n bytes32 _msgSender,\n bytes32 _msgRecipient,\n bytes32 _msgDestinationCaller,\n bytes memory _msgRawBody\n ) internal pure returns (bytes memory) {\n return\n abi.encodePacked(\n _msgVersion,\n _msgSourceDomain,\n _msgDestinationDomain,\n _msgNonce,\n _msgSender,\n _msgRecipient,\n _msgDestinationCaller,\n _msgRawBody\n );\n }\n\n // @notice Returns _message's version field\n function _version(bytes29 _message) internal pure returns (uint32) {\n return uint32(_message.indexUint(VERSION_INDEX, 4));\n }\n\n // @notice Returns _message's sourceDomain field\n function _sourceDomain(bytes29 _message) internal pure returns (uint32) {\n return uint32(_message.indexUint(SOURCE_DOMAIN_INDEX, 4));\n }\n\n // @notice Returns _message's destinationDomain field\n function _destinationDomain(bytes29 _message)\n internal\n pure\n returns (uint32)\n {\n return uint32(_message.indexUint(DESTINATION_DOMAIN_INDEX, 4));\n }\n\n // @notice Returns _message's nonce field\n function _nonce(bytes29 _message) internal pure returns (uint64) {\n return uint64(_message.indexUint(NONCE_INDEX, 8));\n }\n\n // @notice Returns _message's sender field\n function _sender(bytes29 _message) internal pure returns (bytes32) {\n return _message.index(SENDER_INDEX, 32);\n }\n\n // @notice Returns _message's recipient field\n function _recipient(bytes29 _message) internal pure returns (bytes32) {\n return _message.index(RECIPIENT_INDEX, 32);\n }\n\n // @notice Returns _message's destinationCaller field\n function _destinationCaller(bytes29 _message)\n internal\n pure\n returns (bytes32)\n {\n return _message.index(DESTINATION_CALLER_INDEX, 32);\n }\n\n // @notice Returns _message's messageBody field\n function _messageBody(bytes29 _message) internal pure returns (bytes29) {\n return\n _message.slice(\n MESSAGE_BODY_INDEX,\n _message.len() - MESSAGE_BODY_INDEX,\n 0\n );\n }\n\n /**\n * @notice converts address to bytes32 (alignment preserving cast.)\n * @param addr the address to convert to bytes32\n */\n function addressToBytes32(address addr) external pure returns (bytes32) {\n return bytes32(uint256(uint160(addr)));\n }\n\n /**\n * @notice converts bytes32 to address (alignment preserving cast.)\n * @dev Warning: it is possible to have different input values _buf map to the same address.\n * For use cases where this is not acceptable, validate that the first 12 bytes of _buf are zero-padding.\n * @param _buf the bytes32 to convert to address\n */\n function bytes32ToAddress(bytes32 _buf) public pure returns (address) {\n return address(uint160(uint256(_buf)));\n }\n\n /**\n * @notice Reverts if message is malformed or incorrect length\n * @param _message The message as bytes29\n */\n function _validateMessageFormat(bytes29 _message) internal pure {\n require(_message.isValid(), \"Malformed message\");\n require(\n _message.len() \u003e= MESSAGE_BODY_INDEX,\n \"Invalid message: too short\"\n );\n }\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/*\n * @dev Provides information about the current execution context, including the\n * sender of the transaction and its data. While these are generally available\n * via msg.sender and msg.data, they should not be accessed in such a direct\n * manner, since when dealing with GSN meta-transactions the account sending and\n * paying for execution may not be the actual sender (as far as an application\n * is concerned).\n *\n * This contract is only required for intermediate, library-like contracts.\n */\nabstract contract Context {\n function _msgSender() internal view virtual returns (address payable) {\n return msg.sender;\n }\n\n function _msgData() internal view virtual returns (bytes memory) {\n this; // silence state mutability warning without generating bytecode - see https://github.com/ethereum/solidity/issues/2691\n return msg.data;\n }\n}\n\n/**\n * @dev forked from https://github.com/OpenZeppelin/openzeppelin-contracts/blob/7c5f6bc2c8743d83443fa46395d75f2f3f99054a/contracts/access/Ownable.sol\n * Modifications:\n * 1. Update Solidity version from 0.8.0 to 0.7.6 (11/9/2022). (v8 was used\n * as base because it includes internal _transferOwnership method.)\n * 2. Remove renounceOwnership function\n *\n * Description\n * Contract module which provides a basic access control mechanism, where\n * there is an account (an owner) that can be granted exclusive access to\n * specific functions.\n *\n * By default, the owner account will be the one that deploys the contract. This\n * can later be changed with {transferOwnership}.\n *\n * This module is used through inheritance. It will make available the modifier\n * `onlyOwner`, which can be applied to your functions to restrict their use to\n * the owner.\n */\nabstract contract Ownable is Context {\n address private _owner;\n\n event OwnershipTransferred(\n address indexed previousOwner,\n address indexed newOwner\n );\n\n /**\n * @dev Initializes the contract setting the deployer as the initial owner.\n */\n constructor() {\n _transferOwnership(_msgSender());\n }\n\n /**\n * @dev Throws if called by any account other than the owner.\n */\n modifier onlyOwner() {\n _checkOwner();\n _;\n }\n\n /**\n * @dev Returns the address of the current owner.\n */\n function owner() public view virtual returns (address) {\n return _owner;\n }\n\n /**\n * @dev Throws if the sender is not the owner.\n */\n function _checkOwner() internal view virtual {\n require(owner() == _msgSender(), \"Ownable: caller is not the owner\");\n }\n\n /**\n * @dev Transfers ownership of the contract to a new account (`newOwner`).\n * Can only be called by the current owner.\n */\n function transferOwnership(address newOwner) public virtual onlyOwner {\n require(\n newOwner != address(0),\n \"Ownable: new owner is the zero address\"\n );\n _transferOwnership(newOwner);\n }\n\n /**\n * @dev Transfers ownership of the contract to a new account (`newOwner`).\n * Internal function without access restriction.\n */\n function _transferOwnership(address newOwner) internal virtual {\n address oldOwner = _owner;\n _owner = newOwner;\n emit OwnershipTransferred(oldOwner, newOwner);\n }\n}\n\n/**\n * @dev forked from https://github.com/OpenZeppelin/openzeppelin-contracts/blob/7c5f6bc2c8743d83443fa46395d75f2f3f99054a/contracts/access/Ownable2Step.sol\n * Modifications:\n * 1. Update Solidity version from 0.8.0 to 0.7.6. Version 0.8.0 was used\n * as base because this contract was added to OZ repo after version 0.8.0.\n *\n * Contract module which provides access control mechanism, where\n * there is an account (an owner) that can be granted exclusive access to\n * specific functions.\n *\n * By default, the owner account will be the one that deploys the contract. This\n * can later be changed with {transferOwnership} and {acceptOwnership}.\n *\n * This module is used through inheritance. It will make available all functions\n * from parent (Ownable).\n */\nabstract contract Ownable2Step is Ownable {\n address private _pendingOwner;\n\n event OwnershipTransferStarted(\n address indexed previousOwner,\n address indexed newOwner\n );\n\n /**\n * @dev Returns the address of the pending owner.\n */\n function pendingOwner() public view virtual returns (address) {\n return _pendingOwner;\n }\n\n /**\n * @dev Starts the ownership transfer of the contract to a new account. Replaces the pending transfer if there is one.\n * Can only be called by the current owner.\n */\n function transferOwnership(address newOwner)\n public\n virtual\n override\n onlyOwner\n {\n _pendingOwner = newOwner;\n emit OwnershipTransferStarted(owner(), newOwner);\n }\n\n /**\n * @dev Transfers ownership of the contract to a new account (`newOwner`) and deletes any pending owner.\n * Internal function without access restriction.\n */\n function _transferOwnership(address newOwner) internal virtual override {\n delete _pendingOwner;\n super._transferOwnership(newOwner);\n }\n\n /**\n * @dev The new owner accepts the ownership transfer.\n */\n function acceptOwnership() external {\n address sender = _msgSender();\n require(\n pendingOwner() == sender,\n \"Ownable2Step: caller is not the new owner\"\n );\n _transferOwnership(sender);\n }\n}\n\n/**\n * @notice Base contract which allows children to implement an emergency stop\n * mechanism\n * @dev Forked from https://github.com/centrehq/centre-tokens/blob/0d3cab14ebd133a83fc834dbd48d0468bdf0b391/contracts/v1/Pausable.sol\n * Modifications:\n * 1. Update Solidity version from 0.6.12 to 0.7.6 (8/23/2022)\n * 2. Change pauser visibility to private, declare external getter (11/19/22)\n */\ncontract Pausable is Ownable2Step {\n event Pause();\n event Unpause();\n event PauserChanged(address indexed newAddress);\n\n address private _pauser;\n bool public paused = false;\n\n /**\n * @dev Modifier to make a function callable only when the contract is not paused.\n */\n modifier whenNotPaused() {\n require(!paused, \"Pausable: paused\");\n _;\n }\n\n /**\n * @dev throws if called by any account other than the pauser\n */\n modifier onlyPauser() {\n require(msg.sender == _pauser, \"Pausable: caller is not the pauser\");\n _;\n }\n\n /**\n * @notice Returns current pauser\n * @return Pauser's address\n */\n function pauser() external view returns (address) {\n return _pauser;\n }\n\n /**\n * @dev called by the owner to pause, triggers stopped state\n */\n function pause() external onlyPauser {\n paused = true;\n emit Pause();\n }\n\n /**\n * @dev called by the owner to unpause, returns to normal state\n */\n function unpause() external onlyPauser {\n paused = false;\n emit Unpause();\n }\n\n /**\n * @dev update the pauser role\n */\n function updatePauser(address _newPauser) external onlyOwner {\n require(\n _newPauser != address(0),\n \"Pausable: new pauser is the zero address\"\n );\n _pauser = _newPauser;\n emit PauserChanged(_pauser);\n }\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * @dev Interface of the ERC20 standard as defined in the EIP.\n */\ninterface IERC20 {\n /**\n * @dev Returns the amount of tokens in existence.\n */\n function totalSupply() external view returns (uint256);\n\n /**\n * @dev Returns the amount of tokens owned by `account`.\n */\n function balanceOf(address account) external view returns (uint256);\n\n /**\n * @dev Moves `amount` tokens from the caller's account to `recipient`.\n *\n * Returns a boolean value indicating whether the operation succeeded.\n *\n * Emits a {Transfer} event.\n */\n function transfer(address recipient, uint256 amount) external returns (bool);\n\n /**\n * @dev Returns the remaining number of tokens that `spender` will be\n * allowed to spend on behalf of `owner` through {transferFrom}. This is\n * zero by default.\n *\n * This value changes when {approve} or {transferFrom} are called.\n */\n function allowance(address owner, address spender) external view returns (uint256);\n\n /**\n * @dev Sets `amount` as the allowance of `spender` over the caller's tokens.\n *\n * Returns a boolean value indicating whether the operation succeeded.\n *\n * IMPORTANT: Beware that changing an allowance with this method brings the risk\n * that someone may use both the old and the new allowance by unfortunate\n * transaction ordering. One possible solution to mitigate this race\n * condition is to first reduce the spender's allowance to 0 and set the\n * desired value afterwards:\n * https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729\n *\n * Emits an {Approval} event.\n */\n function approve(address spender, uint256 amount) external returns (bool);\n\n /**\n * @dev Moves `amount` tokens from `sender` to `recipient` using the\n * allowance mechanism. `amount` is then deducted from the caller's\n * allowance.\n *\n * Returns a boolean value indicating whether the operation succeeded.\n *\n * Emits a {Transfer} event.\n */\n function transferFrom(address sender, address recipient, uint256 amount) external returns (bool);\n\n /**\n * @dev Emitted when `value` tokens are moved from one account (`from`) to\n * another (`to`).\n *\n * Note that `value` may be zero.\n */\n event Transfer(address indexed from, address indexed to, uint256 value);\n\n /**\n * @dev Emitted when the allowance of a `spender` for an `owner` is set by\n * a call to {approve}. `value` is the new allowance.\n */\n event Approval(address indexed owner, address indexed spender, uint256 value);\n}\n\n/**\n * @dev Wrappers over Solidity's arithmetic operations with added overflow\n * checks.\n *\n * Arithmetic operations in Solidity wrap on overflow. This can easily result\n * in bugs, because programmers usually assume that an overflow raises an\n * error, which is the standard behavior in high level programming languages.\n * `SafeMath` restores this intuition by reverting the transaction when an\n * operation overflows.\n *\n * Using this library instead of the unchecked operations eliminates an entire\n * class of bugs, so it's recommended to use it always.\n */\nlibrary SafeMath {\n /**\n * @dev Returns the addition of two unsigned integers, with an overflow flag.\n *\n * _Available since v3.4._\n */\n function tryAdd(uint256 a, uint256 b) internal pure returns (bool, uint256) {\n uint256 c = a + b;\n if (c \u003c a) return (false, 0);\n return (true, c);\n }\n\n /**\n * @dev Returns the substraction of two unsigned integers, with an overflow flag.\n *\n * _Available since v3.4._\n */\n function trySub(uint256 a, uint256 b) internal pure returns (bool, uint256) {\n if (b \u003e a) return (false, 0);\n return (true, a - b);\n }\n\n /**\n * @dev Returns the multiplication of two unsigned integers, with an overflow flag.\n *\n * _Available since v3.4._\n */\n function tryMul(uint256 a, uint256 b) internal pure returns (bool, uint256) {\n // Gas optimization: this is cheaper than requiring 'a' not being zero, but the\n // benefit is lost if 'b' is also tested.\n // See: https://github.com/OpenZeppelin/openzeppelin-contracts/pull/522\n if (a == 0) return (true, 0);\n uint256 c = a * b;\n if (c / a != b) return (false, 0);\n return (true, c);\n }\n\n /**\n * @dev Returns the division of two unsigned integers, with a division by zero flag.\n *\n * _Available since v3.4._\n */\n function tryDiv(uint256 a, uint256 b) internal pure returns (bool, uint256) {\n if (b == 0) return (false, 0);\n return (true, a / b);\n }\n\n /**\n * @dev Returns the remainder of dividing two unsigned integers, with a division by zero flag.\n *\n * _Available since v3.4._\n */\n function tryMod(uint256 a, uint256 b) internal pure returns (bool, uint256) {\n if (b == 0) return (false, 0);\n return (true, a % b);\n }\n\n /**\n * @dev Returns the addition of two unsigned integers, reverting on\n * overflow.\n *\n * Counterpart to Solidity's `+` operator.\n *\n * Requirements:\n *\n * - Addition cannot overflow.\n */\n function add(uint256 a, uint256 b) internal pure returns (uint256) {\n uint256 c = a + b;\n require(c \u003e= a, \"SafeMath: addition overflow\");\n return c;\n }\n\n /**\n * @dev Returns the subtraction of two unsigned integers, reverting on\n * overflow (when the result is negative).\n *\n * Counterpart to Solidity's `-` operator.\n *\n * Requirements:\n *\n * - Subtraction cannot overflow.\n */\n function sub(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b \u003c= a, \"SafeMath: subtraction overflow\");\n return a - b;\n }\n\n /**\n * @dev Returns the multiplication of two unsigned integers, reverting on\n * overflow.\n *\n * Counterpart to Solidity's `*` operator.\n *\n * Requirements:\n *\n * - Multiplication cannot overflow.\n */\n function mul(uint256 a, uint256 b) internal pure returns (uint256) {\n if (a == 0) return 0;\n uint256 c = a * b;\n require(c / a == b, \"SafeMath: multiplication overflow\");\n return c;\n }\n\n /**\n * @dev Returns the integer division of two unsigned integers, reverting on\n * division by zero. The result is rounded towards zero.\n *\n * Counterpart to Solidity's `/` operator. Note: this function uses a\n * `revert` opcode (which leaves remaining gas untouched) while Solidity\n * uses an invalid opcode to revert (consuming all remaining gas).\n *\n * Requirements:\n *\n * - The divisor cannot be zero.\n */\n function div(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b \u003e 0, \"SafeMath: division by zero\");\n return a / b;\n }\n\n /**\n * @dev Returns the remainder of dividing two unsigned integers. (unsigned integer modulo),\n * reverting when dividing by zero.\n *\n * Counterpart to Solidity's `%` operator. This function uses a `revert`\n * opcode (which leaves remaining gas untouched) while Solidity uses an\n * invalid opcode to revert (consuming all remaining gas).\n *\n * Requirements:\n *\n * - The divisor cannot be zero.\n */\n function mod(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b \u003e 0, \"SafeMath: modulo by zero\");\n return a % b;\n }\n\n /**\n * @dev Returns the subtraction of two unsigned integers, reverting with custom message on\n * overflow (when the result is negative).\n *\n * CAUTION: This function is deprecated because it requires allocating memory for the error\n * message unnecessarily. For custom revert reasons use {trySub}.\n *\n * Counterpart to Solidity's `-` operator.\n *\n * Requirements:\n *\n * - Subtraction cannot overflow.\n */\n function sub(uint256 a, uint256 b, string memory errorMessage) internal pure returns (uint256) {\n require(b \u003c= a, errorMessage);\n return a - b;\n }\n\n /**\n * @dev Returns the integer division of two unsigned integers, reverting with custom message on\n * division by zero. The result is rounded towards zero.\n *\n * CAUTION: This function is deprecated because it requires allocating memory for the error\n * message unnecessarily. For custom revert reasons use {tryDiv}.\n *\n * Counterpart to Solidity's `/` operator. Note: this function uses a\n * `revert` opcode (which leaves remaining gas untouched) while Solidity\n * uses an invalid opcode to revert (consuming all remaining gas).\n *\n * Requirements:\n *\n * - The divisor cannot be zero.\n */\n function div(uint256 a, uint256 b, string memory errorMessage) internal pure returns (uint256) {\n require(b \u003e 0, errorMessage);\n return a / b;\n }\n\n /**\n * @dev Returns the remainder of dividing two unsigned integers. (unsigned integer modulo),\n * reverting with custom message when dividing by zero.\n *\n * CAUTION: This function is deprecated because it requires allocating memory for the error\n * message unnecessarily. For custom revert reasons use {tryMod}.\n *\n * Counterpart to Solidity's `%` operator. This function uses a `revert`\n * opcode (which leaves remaining gas untouched) while Solidity uses an\n * invalid opcode to revert (consuming all remaining gas).\n *\n * Requirements:\n *\n * - The divisor cannot be zero.\n */\n function mod(uint256 a, uint256 b, string memory errorMessage) internal pure returns (uint256) {\n require(b \u003e 0, errorMessage);\n return a % b;\n }\n}\n\n/**\n * @dev Collection of functions related to the address type\n */\nlibrary Address {\n /**\n * @dev Returns true if `account` is a contract.\n *\n * [IMPORTANT]\n * ====\n * It is unsafe to assume that an address for which this function returns\n * false is an externally-owned account (EOA) and not a contract.\n *\n * Among others, `isContract` will return false for the following\n * types of addresses:\n *\n * - an externally-owned account\n * - a contract in construction\n * - an address where a contract will be created\n * - an address where a contract lived, but was destroyed\n * ====\n */\n function isContract(address account) internal view returns (bool) {\n // This method relies on extcodesize, which returns 0 for contracts in\n // construction, since the code is only stored at the end of the\n // constructor execution.\n\n uint256 size;\n // solhint-disable-next-line no-inline-assembly\n assembly { size := extcodesize(account) }\n return size \u003e 0;\n }\n\n /**\n * @dev Replacement for Solidity's `transfer`: sends `amount` wei to\n * `recipient`, forwarding all available gas and reverting on errors.\n *\n * https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost\n * of certain opcodes, possibly making contracts go over the 2300 gas limit\n * imposed by `transfer`, making them unable to receive funds via\n * `transfer`. {sendValue} removes this limitation.\n *\n * https://diligence.consensys.net/posts/2019/09/stop-using-soliditys-transfer-now/[Learn more].\n *\n * IMPORTANT: because control is transferred to `recipient`, care must be\n * taken to not create reentrancy vulnerabilities. Consider using\n * {ReentrancyGuard} or the\n * https://solidity.readthedocs.io/en/v0.5.11/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern].\n */\n function sendValue(address payable recipient, uint256 amount) internal {\n require(address(this).balance \u003e= amount, \"Address: insufficient balance\");\n\n // solhint-disable-next-line avoid-low-level-calls, avoid-call-value\n (bool success, ) = recipient.call{ value: amount }(\"\");\n require(success, \"Address: unable to send value, recipient may have reverted\");\n }\n\n /**\n * @dev Performs a Solidity function call using a low level `call`. A\n * plain`call` is an unsafe replacement for a function call: use this\n * function instead.\n *\n * If `target` reverts with a revert reason, it is bubbled up by this\n * function (like regular Solidity function calls).\n *\n * Returns the raw returned data. To convert to the expected return value,\n * use https://solidity.readthedocs.io/en/latest/units-and-global-variables.html?highlight=abi.decode#abi-encoding-and-decoding-functions[`abi.decode`].\n *\n * Requirements:\n *\n * - `target` must be a contract.\n * - calling `target` with `data` must not revert.\n *\n * _Available since v3.1._\n */\n function functionCall(address target, bytes memory data) internal returns (bytes memory) {\n return functionCall(target, data, \"Address: low-level call failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], but with\n * `errorMessage` as a fallback revert reason when `target` reverts.\n *\n * _Available since v3.1._\n */\n function functionCall(address target, bytes memory data, string memory errorMessage) internal returns (bytes memory) {\n return functionCallWithValue(target, data, 0, errorMessage);\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\n * but also transferring `value` wei to `target`.\n *\n * Requirements:\n *\n * - the calling contract must have an ETH balance of at least `value`.\n * - the called Solidity function must be `payable`.\n *\n * _Available since v3.1._\n */\n function functionCallWithValue(address target, bytes memory data, uint256 value) internal returns (bytes memory) {\n return functionCallWithValue(target, data, value, \"Address: low-level call with value failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCallWithValue-address-bytes-uint256-}[`functionCallWithValue`], but\n * with `errorMessage` as a fallback revert reason when `target` reverts.\n *\n * _Available since v3.1._\n */\n function functionCallWithValue(address target, bytes memory data, uint256 value, string memory errorMessage) internal returns (bytes memory) {\n require(address(this).balance \u003e= value, \"Address: insufficient balance for call\");\n require(isContract(target), \"Address: call to non-contract\");\n\n // solhint-disable-next-line avoid-low-level-calls\n (bool success, bytes memory returndata) = target.call{ value: value }(data);\n return _verifyCallResult(success, returndata, errorMessage);\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\n * but performing a static call.\n *\n * _Available since v3.3._\n */\n function functionStaticCall(address target, bytes memory data) internal view returns (bytes memory) {\n return functionStaticCall(target, data, \"Address: low-level static call failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],\n * but performing a static call.\n *\n * _Available since v3.3._\n */\n function functionStaticCall(address target, bytes memory data, string memory errorMessage) internal view returns (bytes memory) {\n require(isContract(target), \"Address: static call to non-contract\");\n\n // solhint-disable-next-line avoid-low-level-calls\n (bool success, bytes memory returndata) = target.staticcall(data);\n return _verifyCallResult(success, returndata, errorMessage);\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\n * but performing a delegate call.\n *\n * _Available since v3.4._\n */\n function functionDelegateCall(address target, bytes memory data) internal returns (bytes memory) {\n return functionDelegateCall(target, data, \"Address: low-level delegate call failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],\n * but performing a delegate call.\n *\n * _Available since v3.4._\n */\n function functionDelegateCall(address target, bytes memory data, string memory errorMessage) internal returns (bytes memory) {\n require(isContract(target), \"Address: delegate call to non-contract\");\n\n // solhint-disable-next-line avoid-low-level-calls\n (bool success, bytes memory returndata) = target.delegatecall(data);\n return _verifyCallResult(success, returndata, errorMessage);\n }\n\n function _verifyCallResult(bool success, bytes memory returndata, string memory errorMessage) private pure returns(bytes memory) {\n if (success) {\n return returndata;\n } else {\n // Look for revert reason and bubble it up if present\n if (returndata.length \u003e 0) {\n // The easiest way to bubble the revert reason is using memory via assembly\n\n // solhint-disable-next-line no-inline-assembly\n assembly {\n let returndata_size := mload(returndata)\n revert(add(32, returndata), returndata_size)\n }\n } else {\n revert(errorMessage);\n }\n }\n }\n}\n\n/**\n * @title SafeERC20\n * @dev Wrappers around ERC20 operations that throw on failure (when the token\n * contract returns false). Tokens that return no value (and instead revert or\n * throw on failure) are also supported, non-reverting calls are assumed to be\n * successful.\n * To use this library you can add a `using SafeERC20 for IERC20;` statement to your contract,\n * which allows you to call the safe operations as `token.safeTransfer(...)`, etc.\n */\nlibrary SafeERC20 {\n using SafeMath for uint256;\n using Address for address;\n\n function safeTransfer(IERC20 token, address to, uint256 value) internal {\n _callOptionalReturn(token, abi.encodeWithSelector(token.transfer.selector, to, value));\n }\n\n function safeTransferFrom(IERC20 token, address from, address to, uint256 value) internal {\n _callOptionalReturn(token, abi.encodeWithSelector(token.transferFrom.selector, from, to, value));\n }\n\n /**\n * @dev Deprecated. This function has issues similar to the ones found in\n * {IERC20-approve}, and its usage is discouraged.\n *\n * Whenever possible, use {safeIncreaseAllowance} and\n * {safeDecreaseAllowance} instead.\n */\n function safeApprove(IERC20 token, address spender, uint256 value) internal {\n // safeApprove should only be called when setting an initial allowance,\n // or when resetting it to zero. To increase and decrease it, use\n // 'safeIncreaseAllowance' and 'safeDecreaseAllowance'\n // solhint-disable-next-line max-line-length\n require((value == 0) || (token.allowance(address(this), spender) == 0),\n \"SafeERC20: approve from non-zero to non-zero allowance\"\n );\n _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, value));\n }\n\n function safeIncreaseAllowance(IERC20 token, address spender, uint256 value) internal {\n uint256 newAllowance = token.allowance(address(this), spender).add(value);\n _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, newAllowance));\n }\n\n function safeDecreaseAllowance(IERC20 token, address spender, uint256 value) internal {\n uint256 newAllowance = token.allowance(address(this), spender).sub(value, \"SafeERC20: decreased allowance below zero\");\n _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, newAllowance));\n }\n\n /**\n * @dev Imitates a Solidity high-level call (i.e. a regular function call to a contract), relaxing the requirement\n * on the return value: the return value is optional (but if data is returned, it must not be false).\n * @param token The token targeted by the call.\n * @param data The call data (encoded using abi.encode or one of its variants).\n */\n function _callOptionalReturn(IERC20 token, bytes memory data) private {\n // We need to perform a low level call here, to bypass Solidity's return data size checking mechanism, since\n // we're implementing it ourselves. We use {Address.functionCall} to perform this call, which verifies that\n // the target address contains contract code and also asserts for success in the low-level call.\n\n bytes memory returndata = address(token).functionCall(data, \"SafeERC20: low-level call failed\");\n if (returndata.length \u003e 0) { // Return data is optional\n // solhint-disable-next-line max-line-length\n require(abi.decode(returndata, (bool)), \"SafeERC20: ERC20 operation did not succeed\");\n }\n }\n}\n\n/**\n * @notice Base contract which allows children to rescue ERC20 locked in their contract.\n * @dev Forked from https://github.com/centrehq/centre-tokens/blob/0d3cab14ebd133a83fc834dbd48d0468bdf0b391/contracts/v1.1/Rescuable.sol\n * Modifications:\n * 1. Update Solidity version from 0.6.12 to 0.7.6 (8/23/2022)\n */\ncontract Rescuable is Ownable2Step {\n using SafeERC20 for IERC20;\n\n address private _rescuer;\n\n event RescuerChanged(address indexed newRescuer);\n\n /**\n * @notice Returns current rescuer\n * @return Rescuer's address\n */\n function rescuer() external view returns (address) {\n return _rescuer;\n }\n\n /**\n * @notice Revert if called by any account other than the rescuer.\n */\n modifier onlyRescuer() {\n require(msg.sender == _rescuer, \"Rescuable: caller is not the rescuer\");\n _;\n }\n\n /**\n * @notice Rescue ERC20 tokens locked up in this contract.\n * @param tokenContract ERC20 token contract address\n * @param to Recipient address\n * @param amount Amount to withdraw\n */\n function rescueERC20(\n IERC20 tokenContract,\n address to,\n uint256 amount\n ) external onlyRescuer {\n tokenContract.safeTransfer(to, amount);\n }\n\n /**\n * @notice Assign the rescuer role to a given address.\n * @param newRescuer New rescuer's address\n */\n function updateRescuer(address newRescuer) external onlyOwner {\n require(\n newRescuer != address(0),\n \"Rescuable: new rescuer is the zero address\"\n );\n _rescuer = newRescuer;\n emit RescuerChanged(newRescuer);\n }\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * @dev Library for managing\n * https://en.wikipedia.org/wiki/Set_(abstract_data_type)[sets] of primitive\n * types.\n *\n * Sets have the following properties:\n *\n * - Elements are added, removed, and checked for existence in constant time\n * (O(1)).\n * - Elements are enumerated in O(n). No guarantees are made on the ordering.\n *\n * ```\n * contract Example {\n * // Add the library methods\n * using EnumerableSet for EnumerableSet.AddressSet;\n *\n * // Declare a set state variable\n * EnumerableSet.AddressSet private mySet;\n * }\n * ```\n *\n * As of v3.3.0, sets of type `bytes32` (`Bytes32Set`), `address` (`AddressSet`)\n * and `uint256` (`UintSet`) are supported.\n */\nlibrary EnumerableSet {\n // To implement this library for multiple types with as little code\n // repetition as possible, we write it in terms of a generic Set type with\n // bytes32 values.\n // The Set implementation uses private functions, and user-facing\n // implementations (such as AddressSet) are just wrappers around the\n // underlying Set.\n // This means that we can only create new EnumerableSets for types that fit\n // in bytes32.\n\n struct Set {\n // Storage of set values\n bytes32[] _values;\n\n // Position of the value in the `values` array, plus 1 because index 0\n // means a value is not in the set.\n mapping (bytes32 =\u003e uint256) _indexes;\n }\n\n /**\n * @dev Add a value to a set. O(1).\n *\n * Returns true if the value was added to the set, that is if it was not\n * already present.\n */\n function _add(Set storage set, bytes32 value) private returns (bool) {\n if (!_contains(set, value)) {\n set._values.push(value);\n // The value is stored at length-1, but we add 1 to all indexes\n // and use 0 as a sentinel value\n set._indexes[value] = set._values.length;\n return true;\n } else {\n return false;\n }\n }\n\n /**\n * @dev Removes a value from a set. O(1).\n *\n * Returns true if the value was removed from the set, that is if it was\n * present.\n */\n function _remove(Set storage set, bytes32 value) private returns (bool) {\n // We read and store the value's index to prevent multiple reads from the same storage slot\n uint256 valueIndex = set._indexes[value];\n\n if (valueIndex != 0) { // Equivalent to contains(set, value)\n // To delete an element from the _values array in O(1), we swap the element to delete with the last one in\n // the array, and then remove the last element (sometimes called as 'swap and pop').\n // This modifies the order of the array, as noted in {at}.\n\n uint256 toDeleteIndex = valueIndex - 1;\n uint256 lastIndex = set._values.length - 1;\n\n // When the value to delete is the last one, the swap operation is unnecessary. However, since this occurs\n // so rarely, we still do the swap anyway to avoid the gas cost of adding an 'if' statement.\n\n bytes32 lastvalue = set._values[lastIndex];\n\n // Move the last value to the index where the value to delete is\n set._values[toDeleteIndex] = lastvalue;\n // Update the index for the moved value\n set._indexes[lastvalue] = toDeleteIndex + 1; // All indexes are 1-based\n\n // Delete the slot where the moved value was stored\n set._values.pop();\n\n // Delete the index for the deleted slot\n delete set._indexes[value];\n\n return true;\n } else {\n return false;\n }\n }\n\n /**\n * @dev Returns true if the value is in the set. O(1).\n */\n function _contains(Set storage set, bytes32 value) private view returns (bool) {\n return set._indexes[value] != 0;\n }\n\n /**\n * @dev Returns the number of values on the set. O(1).\n */\n function _length(Set storage set) private view returns (uint256) {\n return set._values.length;\n }\n\n /**\n * @dev Returns the value stored at position `index` in the set. O(1).\n *\n * Note that there are no guarantees on the ordering of values inside the\n * array, and it may change when more values are added or removed.\n *\n * Requirements:\n *\n * - `index` must be strictly less than {length}.\n */\n function _at(Set storage set, uint256 index) private view returns (bytes32) {\n require(set._values.length \u003e index, \"EnumerableSet: index out of bounds\");\n return set._values[index];\n }\n\n // Bytes32Set\n\n struct Bytes32Set {\n Set _inner;\n }\n\n /**\n * @dev Add a value to a set. O(1).\n *\n * Returns true if the value was added to the set, that is if it was not\n * already present.\n */\n function add(Bytes32Set storage set, bytes32 value) internal returns (bool) {\n return _add(set._inner, value);\n }\n\n /**\n * @dev Removes a value from a set. O(1).\n *\n * Returns true if the value was removed from the set, that is if it was\n * present.\n */\n function remove(Bytes32Set storage set, bytes32 value) internal returns (bool) {\n return _remove(set._inner, value);\n }\n\n /**\n * @dev Returns true if the value is in the set. O(1).\n */\n function contains(Bytes32Set storage set, bytes32 value) internal view returns (bool) {\n return _contains(set._inner, value);\n }\n\n /**\n * @dev Returns the number of values in the set. O(1).\n */\n function length(Bytes32Set storage set) internal view returns (uint256) {\n return _length(set._inner);\n }\n\n /**\n * @dev Returns the value stored at position `index` in the set. O(1).\n *\n * Note that there are no guarantees on the ordering of values inside the\n * array, and it may change when more values are added or removed.\n *\n * Requirements:\n *\n * - `index` must be strictly less than {length}.\n */\n function at(Bytes32Set storage set, uint256 index) internal view returns (bytes32) {\n return _at(set._inner, index);\n }\n\n // AddressSet\n\n struct AddressSet {\n Set _inner;\n }\n\n /**\n * @dev Add a value to a set. O(1).\n *\n * Returns true if the value was added to the set, that is if it was not\n * already present.\n */\n function add(AddressSet storage set, address value) internal returns (bool) {\n return _add(set._inner, bytes32(uint256(uint160(value))));\n }\n\n /**\n * @dev Removes a value from a set. O(1).\n *\n * Returns true if the value was removed from the set, that is if it was\n * present.\n */\n function remove(AddressSet storage set, address value) internal returns (bool) {\n return _remove(set._inner, bytes32(uint256(uint160(value))));\n }\n\n /**\n * @dev Returns true if the value is in the set. O(1).\n */\n function contains(AddressSet storage set, address value) internal view returns (bool) {\n return _contains(set._inner, bytes32(uint256(uint160(value))));\n }\n\n /**\n * @dev Returns the number of values in the set. O(1).\n */\n function length(AddressSet storage set) internal view returns (uint256) {\n return _length(set._inner);\n }\n\n /**\n * @dev Returns the value stored at position `index` in the set. O(1).\n *\n * Note that there are no guarantees on the ordering of values inside the\n * array, and it may change when more values are added or removed.\n *\n * Requirements:\n *\n * - `index` must be strictly less than {length}.\n */\n function at(AddressSet storage set, uint256 index) internal view returns (address) {\n return address(uint160(uint256(_at(set._inner, index))));\n }\n\n // UintSet\n\n struct UintSet {\n Set _inner;\n }\n\n /**\n * @dev Add a value to a set. O(1).\n *\n * Returns true if the value was added to the set, that is if it was not\n * already present.\n */\n function add(UintSet storage set, uint256 value) internal returns (bool) {\n return _add(set._inner, bytes32(value));\n }\n\n /**\n * @dev Removes a value from a set. O(1).\n *\n * Returns true if the value was removed from the set, that is if it was\n * present.\n */\n function remove(UintSet storage set, uint256 value) internal returns (bool) {\n return _remove(set._inner, bytes32(value));\n }\n\n /**\n * @dev Returns true if the value is in the set. O(1).\n */\n function contains(UintSet storage set, uint256 value) internal view returns (bool) {\n return _contains(set._inner, bytes32(value));\n }\n\n /**\n * @dev Returns the number of values on the set. O(1).\n */\n function length(UintSet storage set) internal view returns (uint256) {\n return _length(set._inner);\n }\n\n /**\n * @dev Returns the value stored at position `index` in the set. O(1).\n *\n * Note that there are no guarantees on the ordering of values inside the\n * array, and it may change when more values are added or removed.\n *\n * Requirements:\n *\n * - `index` must be strictly less than {length}.\n */\n function at(UintSet storage set, uint256 index) internal view returns (uint256) {\n return uint256(_at(set._inner, index));\n }\n}\n\n/**\n * @dev Elliptic Curve Digital Signature Algorithm (ECDSA) operations.\n *\n * These functions can be used to verify that a message was signed by the holder\n * of the private keys of a given address.\n */\nlibrary ECDSA {\n /**\n * @dev Returns the address that signed a hashed message (`hash`) with\n * `signature`. This address can then be used for verification purposes.\n *\n * The `ecrecover` EVM opcode allows for malleable (non-unique) signatures:\n * this function rejects them by requiring the `s` value to be in the lower\n * half order, and the `v` value to be either 27 or 28.\n *\n * IMPORTANT: `hash` _must_ be the result of a hash operation for the\n * verification to be secure: it is possible to craft signatures that\n * recover to arbitrary addresses for non-hashed data. A safe way to ensure\n * this is by receiving a hash of the original message (which may otherwise\n * be too long), and then calling {toEthSignedMessageHash} on it.\n */\n function recover(bytes32 hash, bytes memory signature) internal pure returns (address) {\n // Check the signature length\n if (signature.length != 65) {\n revert(\"ECDSA: invalid signature length\");\n }\n\n // Divide the signature in r, s and v variables\n bytes32 r;\n bytes32 s;\n uint8 v;\n\n // ecrecover takes the signature parameters, and the only way to get them\n // currently is to use assembly.\n // solhint-disable-next-line no-inline-assembly\n assembly {\n r := mload(add(signature, 0x20))\n s := mload(add(signature, 0x40))\n v := byte(0, mload(add(signature, 0x60)))\n }\n\n return recover(hash, v, r, s);\n }\n\n /**\n * @dev Overload of {ECDSA-recover-bytes32-bytes-} that receives the `v`,\n * `r` and `s` signature fields separately.\n */\n function recover(bytes32 hash, uint8 v, bytes32 r, bytes32 s) internal pure returns (address) {\n // EIP-2 still allows signature malleability for ecrecover(). Remove this possibility and make the signature\n // unique. Appendix F in the Ethereum Yellow paper (https://ethereum.github.io/yellowpaper/paper.pdf), defines\n // the valid range for s in (281): 0 \u003c s \u003c secp256k1n ÷ 2 + 1, and for v in (282): v ∈ {27, 28}. Most\n // signatures from current libraries generate a unique signature with an s-value in the lower half order.\n //\n // If your library generates malleable signatures, such as s-values in the upper range, calculate a new s-value\n // with 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141 - s1 and flip v from 27 to 28 or\n // vice versa. If your library also generates signatures with 0/1 for v instead 27/28, add 27 to v to accept\n // these malleable signatures as well.\n require(uint256(s) \u003c= 0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0, \"ECDSA: invalid signature 's' value\");\n require(v == 27 || v == 28, \"ECDSA: invalid signature 'v' value\");\n\n // If the signature is valid (and not malleable), return the signer address\n address signer = ecrecover(hash, v, r, s);\n require(signer != address(0), \"ECDSA: invalid signature\");\n\n return signer;\n }\n\n /**\n * @dev Returns an Ethereum Signed Message, created from a `hash`. This\n * replicates the behavior of the\n * https://github.com/ethereum/wiki/wiki/JSON-RPC#eth_sign[`eth_sign`]\n * JSON-RPC method.\n *\n * See {recover}.\n */\n function toEthSignedMessageHash(bytes32 hash) internal pure returns (bytes32) {\n // 32 is the length in bytes of hash,\n // enforced by the type signature above\n return keccak256(abi.encodePacked(\"\\x19Ethereum Signed Message:\\n32\", hash));\n }\n}\n\ncontract Attestable is Ownable2Step {\n // ============ Events ============\n /**\n * @notice Emitted when an attester is enabled\n * @param attester newly enabled attester\n */\n event AttesterEnabled(address indexed attester);\n\n /**\n * @notice Emitted when an attester is disabled\n * @param attester newly disabled attester\n */\n event AttesterDisabled(address indexed attester);\n\n /**\n * @notice Emitted when threshold number of attestations (m in m/n multisig) is updated\n * @param oldSignatureThreshold old signature threshold\n * @param newSignatureThreshold new signature threshold\n */\n event SignatureThresholdUpdated(\n uint256 oldSignatureThreshold,\n uint256 newSignatureThreshold\n );\n\n /**\n * @dev Emitted when attester manager address is updated\n * @param previousAttesterManager representing the address of the previous attester manager\n * @param newAttesterManager representing the address of the new attester manager\n */\n event AttesterManagerUpdated(\n address indexed previousAttesterManager,\n address indexed newAttesterManager\n );\n\n // ============ Libraries ============\n using EnumerableSet for EnumerableSet.AddressSet;\n\n // ============ State Variables ============\n // number of signatures from distinct attesters required for a message to be received (m in m/n multisig)\n uint256 public signatureThreshold;\n\n // 65-byte ECDSA signature: v (32) + r (32) + s (1)\n uint256 internal constant signatureLength = 65;\n\n // enabled attesters (message signers)\n // (length of enabledAttesters is n in m/n multisig of message signers)\n EnumerableSet.AddressSet private enabledAttesters;\n\n // Attester Manager of the contract\n address private _attesterManager;\n\n // ============ Modifiers ============\n /**\n * @dev Throws if called by any account other than the attester manager.\n */\n modifier onlyAttesterManager() {\n require(msg.sender == _attesterManager, \"Caller not attester manager\");\n _;\n }\n\n // ============ Constructor ============\n /**\n * @dev The constructor sets the original attester manager of the contract to the sender account.\n * @param attester attester to initialize\n */\n constructor(address attester) {\n _setAttesterManager(msg.sender);\n // Initially 1 signature is required. Threshold can be increased by attesterManager.\n signatureThreshold = 1;\n enableAttester(attester);\n }\n\n // ============ Public/External Functions ============\n /**\n * @notice Enables an attester\n * @dev Only callable by attesterManager. New attester must be nonzero, and currently disabled.\n * @param newAttester attester to enable\n */\n function enableAttester(address newAttester) public onlyAttesterManager {\n require(newAttester != address(0), \"New attester must be nonzero\");\n require(enabledAttesters.add(newAttester), \"Attester already enabled\");\n emit AttesterEnabled(newAttester);\n }\n\n /**\n * @notice returns true if given `attester` is enabled, else false\n * @param attester attester to check enabled status of\n * @return true if given `attester` is enabled, else false\n */\n function isEnabledAttester(address attester) public view returns (bool) {\n return enabledAttesters.contains(attester);\n }\n\n /**\n * @notice returns the number of enabled attesters\n * @return number of enabled attesters\n */\n function getNumEnabledAttesters() public view returns (uint256) {\n return enabledAttesters.length();\n }\n\n /**\n * @dev Allows the current attester manager to transfer control of the contract to a newAttesterManager.\n * @param newAttesterManager The address to update attester manager to.\n */\n function updateAttesterManager(address newAttesterManager)\n external\n onlyOwner\n {\n require(\n newAttesterManager != address(0),\n \"Invalid attester manager address\"\n );\n address _oldAttesterManager = _attesterManager;\n _setAttesterManager(newAttesterManager);\n emit AttesterManagerUpdated(_oldAttesterManager, newAttesterManager);\n }\n\n /**\n * @notice Disables an attester\n * @dev Only callable by attesterManager. Disabling the attester is not allowed if there is only one attester\n * enabled, or if it would cause the number of enabled attesters to become less than signatureThreshold.\n * (Attester must be currently enabled.)\n * @param attester attester to disable\n */\n function disableAttester(address attester) external onlyAttesterManager {\n // Disallow disabling attester if there is only 1 active attester\n uint256 _numEnabledAttesters = getNumEnabledAttesters();\n\n require(_numEnabledAttesters \u003e 1, \"Too few enabled attesters\");\n\n // Disallow disabling an attester if it would cause the n in m/n multisig to fall below m (threshold # of signers).\n require(\n _numEnabledAttesters \u003e signatureThreshold,\n \"Signature threshold is too low\"\n );\n\n require(enabledAttesters.remove(attester), \"Attester already disabled\");\n emit AttesterDisabled(attester);\n }\n\n /**\n * @notice Sets the threshold of signatures required to attest to a message.\n * (This is the m in m/n multisig.)\n * @dev new signature threshold must be nonzero, and must not exceed number\n * of enabled attesters.\n * @param newSignatureThreshold new signature threshold\n */\n function setSignatureThreshold(uint256 newSignatureThreshold)\n external\n onlyAttesterManager\n {\n require(newSignatureThreshold != 0, \"Invalid signature threshold\");\n\n // New signature threshold cannot exceed the number of enabled attesters\n require(\n newSignatureThreshold \u003c= enabledAttesters.length(),\n \"New signature threshold too high\"\n );\n\n require(\n newSignatureThreshold != signatureThreshold,\n \"Signature threshold already set\"\n );\n\n uint256 _oldSignatureThreshold = signatureThreshold;\n signatureThreshold = newSignatureThreshold;\n emit SignatureThresholdUpdated(\n _oldSignatureThreshold,\n signatureThreshold\n );\n }\n\n /**\n * @dev Returns the address of the attester manager\n * @return address of the attester manager\n */\n function attesterManager() external view returns (address) {\n return _attesterManager;\n }\n\n /**\n * @notice gets enabled attester at given `index`\n * @param index index of attester to check\n * @return enabled attester at given `index`\n */\n function getEnabledAttester(uint256 index) external view returns (address) {\n return enabledAttesters.at(index);\n }\n\n // ============ Internal Utils ============\n /**\n * @dev Sets a new attester manager address\n * @param _newAttesterManager attester manager address to set\n */\n function _setAttesterManager(address _newAttesterManager) internal {\n _attesterManager = _newAttesterManager;\n }\n\n /**\n * @notice reverts if the attestation, which is comprised of one or more concatenated 65-byte signatures, is invalid.\n * @dev Rules for valid attestation:\n * 1. length of `_attestation` == 65 (signature length) * signatureThreshold\n * 2. addresses recovered from attestation must be in increasing order.\n * For example, if signature A is signed by address 0x1..., and signature B\n * is signed by address 0x2..., attestation must be passed as AB.\n * 3. no duplicate signers\n * 4. all signers must be enabled attesters\n *\n * Based on Christian Lundkvist's Simple Multisig\n * (https://github.com/christianlundkvist/simple-multisig/tree/560c463c8651e0a4da331bd8f245ccd2a48ab63d)\n * @param _message message to verify attestation of\n * @param _attestation attestation of `_message`\n */\n function _verifyAttestationSignatures(\n bytes calldata _message,\n bytes calldata _attestation\n ) internal view {\n require(\n _attestation.length == signatureLength * signatureThreshold,\n \"Invalid attestation length\"\n );\n\n // (Attesters cannot be address(0))\n address _latestAttesterAddress = address(0);\n // Address recovered from signatures must be in increasing order, to prevent duplicates\n\n bytes32 _digest = keccak256(_message);\n\n for (uint256 i; i \u003c signatureThreshold; ++i) {\n bytes memory _signature = _attestation[i * signatureLength:i *\n signatureLength +\n signatureLength];\n\n address _recoveredAttester = _recoverAttesterSignature(\n _digest,\n _signature\n );\n\n // Signatures must be in increasing order of address, and may not duplicate signatures from same address\n require(\n _recoveredAttester \u003e _latestAttesterAddress,\n \"Invalid signature order or dupe\"\n );\n require(\n isEnabledAttester(_recoveredAttester),\n \"Invalid signature: not attester\"\n );\n _latestAttesterAddress = _recoveredAttester;\n }\n }\n\n /**\n * @notice Checks that signature was signed by attester\n * @param _digest message hash\n * @param _signature message signature\n * @return address of recovered signer\n **/\n function _recoverAttesterSignature(bytes32 _digest, bytes memory _signature)\n internal\n pure\n returns (address)\n {\n return (ECDSA.recover(_digest, _signature));\n }\n}\n\n/**\n * @title MessageTransmitter\n * @notice Contract responsible for sending and receiving messages across chains.\n */\ncontract MessageTransmitter is\n IMessageTransmitter,\n Pausable,\n Rescuable,\n Attestable\n{\n // ============ Events ============\n /**\n * @notice Emitted when a new message is dispatched\n * @param message Raw bytes of message\n */\n event MessageSent(bytes message);\n\n /**\n * @notice Emitted when a new message is received\n * @param caller Caller (msg.sender) on destination domain\n * @param sourceDomain The source domain this message originated from\n * @param nonce The nonce unique to this message\n * @param sender The sender of this message\n * @param messageBody message body bytes\n */\n event MessageReceived(\n address indexed caller,\n uint32 sourceDomain,\n uint64 indexed nonce,\n bytes32 sender,\n bytes messageBody\n );\n\n /**\n * @notice Emitted when max message body size is updated\n * @param newMaxMessageBodySize new maximum message body size, in bytes\n */\n event MaxMessageBodySizeUpdated(uint256 newMaxMessageBodySize);\n\n // ============ Libraries ============\n using TypedMemView for bytes;\n using TypedMemView for bytes29;\n using Message for bytes29;\n\n // ============ State Variables ============\n // Domain of chain on which the contract is deployed\n uint32 public immutable localDomain;\n\n // Message Format version\n uint32 public immutable version;\n\n // Maximum size of message body, in bytes.\n // This value is set by owner.\n uint256 public maxMessageBodySize;\n\n // Next available nonce from this source domain\n uint64 public nextAvailableNonce;\n\n // Maps a bytes32 hash of (sourceDomain, nonce) -\u003e uint256 (0 if unused, 1 if used)\n mapping(bytes32 =\u003e uint256) public usedNonces;\n\n // ============ Constructor ============\n constructor(\n uint32 _localDomain,\n address _attester,\n uint32 _maxMessageBodySize,\n uint32 _version\n ) Attestable(_attester) {\n localDomain = _localDomain;\n maxMessageBodySize = _maxMessageBodySize;\n version = _version;\n }\n\n // ============ External Functions ============\n /**\n * @notice Send the message to the destination domain and recipient\n * @dev Increment nonce, format the message, and emit `MessageSent` event with message information.\n * @param destinationDomain Domain of destination chain\n * @param recipient Address of message recipient on destination chain as bytes32\n * @param messageBody Raw bytes content of message\n * @return nonce reserved by message\n */\n function sendMessage(\n uint32 destinationDomain,\n bytes32 recipient,\n bytes calldata messageBody\n ) external override whenNotPaused returns (uint64) {\n bytes32 _emptyDestinationCaller = bytes32(0);\n uint64 _nonce = _reserveAndIncrementNonce();\n bytes32 _messageSender = Message.addressToBytes32(msg.sender);\n\n _sendMessage(\n destinationDomain,\n recipient,\n _emptyDestinationCaller,\n _messageSender,\n _nonce,\n messageBody\n );\n\n return _nonce;\n }\n\n /**\n * @notice Replace a message with a new message body and/or destination caller.\n * @dev The `originalAttestation` must be a valid attestation of `originalMessage`.\n * Reverts if msg.sender does not match sender of original message, or if the source domain of the original message\n * does not match this MessageTransmitter's local domain.\n * @param originalMessage original message to replace\n * @param originalAttestation attestation of `originalMessage`\n * @param newMessageBody new message body of replaced message\n * @param newDestinationCaller the new destination caller, which may be the\n * same as the original destination caller, a new destination caller, or an empty\n * destination caller (bytes32(0), indicating that any destination caller is valid.)\n */\n function replaceMessage(\n bytes calldata originalMessage,\n bytes calldata originalAttestation,\n bytes calldata newMessageBody,\n bytes32 newDestinationCaller\n ) external override whenNotPaused {\n // Validate each signature in the attestation\n _verifyAttestationSignatures(originalMessage, originalAttestation);\n\n bytes29 _originalMsg = originalMessage.ref(0);\n\n // Validate message format\n _originalMsg._validateMessageFormat();\n\n // Validate message sender\n bytes32 _sender = _originalMsg._sender();\n require(\n msg.sender == Message.bytes32ToAddress(_sender),\n \"Sender not permitted to use nonce\"\n );\n\n // Validate source domain\n uint32 _sourceDomain = _originalMsg._sourceDomain();\n require(\n _sourceDomain == localDomain,\n \"Message not originally sent from this domain\"\n );\n\n uint32 _destinationDomain = _originalMsg._destinationDomain();\n bytes32 _recipient = _originalMsg._recipient();\n uint64 _nonce = _originalMsg._nonce();\n\n _sendMessage(\n _destinationDomain,\n _recipient,\n newDestinationCaller,\n _sender,\n _nonce,\n newMessageBody\n );\n }\n\n /**\n * @notice Send the message to the destination domain and recipient, for a specified `destinationCaller` on the\n * destination domain.\n * @dev Increment nonce, format the message, and emit `MessageSent` event with message information.\n * WARNING: if the `destinationCaller` does not represent a valid address, then it will not be possible\n * to broadcast the message on the destination domain. This is an advanced feature, and the standard\n * sendMessage() should be preferred for use cases where a specific destination caller is not required.\n * @param destinationDomain Domain of destination chain\n * @param recipient Address of message recipient on destination domain as bytes32\n * @param destinationCaller caller on the destination domain, as bytes32\n * @param messageBody Raw bytes content of message\n * @return nonce reserved by message\n */\n function sendMessageWithCaller(\n uint32 destinationDomain,\n bytes32 recipient,\n bytes32 destinationCaller,\n bytes calldata messageBody\n ) external override whenNotPaused returns (uint64) {\n require(\n destinationCaller != bytes32(0),\n \"Destination caller must be nonzero\"\n );\n\n uint64 _nonce = _reserveAndIncrementNonce();\n bytes32 _messageSender = Message.addressToBytes32(msg.sender);\n\n _sendMessage(\n destinationDomain,\n recipient,\n destinationCaller,\n _messageSender,\n _nonce,\n messageBody\n );\n\n return _nonce;\n }\n\n /**\n * @notice Receive a message. Messages with a given nonce\n * can only be broadcast once for a (sourceDomain, destinationDomain)\n * pair. The message body of a valid message is passed to the\n * specified recipient for further processing.\n *\n * @dev Attestation format:\n * A valid attestation is the concatenated 65-byte signature(s) of exactly\n * `thresholdSignature` signatures, in increasing order of attester address.\n * ***If the attester addresses recovered from signatures are not in\n * increasing order, signature verification will fail.***\n * If incorrect number of signatures or duplicate signatures are supplied,\n * signature verification will fail.\n *\n * Message format:\n * Field Bytes Type Index\n * version 4 uint32 0\n * sourceDomain 4 uint32 4\n * destinationDomain 4 uint32 8\n * nonce 8 uint64 12\n * sender 32 bytes32 20\n * recipient 32 bytes32 52\n * messageBody dynamic bytes 84\n * @param message Message bytes\n * @param attestation Concatenated 65-byte signature(s) of `message`, in increasing order\n * of the attester address recovered from signatures.\n * @return success bool, true if successful\n */\n function receiveMessage(bytes calldata message, bytes calldata attestation)\n external\n override\n whenNotPaused\n returns (bool success)\n {\n // Validate each signature in the attestation\n _verifyAttestationSignatures(message, attestation);\n\n bytes29 _msg = message.ref(0);\n\n // Validate message format\n _msg._validateMessageFormat();\n\n // Validate domain\n require(\n _msg._destinationDomain() == localDomain,\n \"Invalid destination domain\"\n );\n\n // Validate destination caller\n if (_msg._destinationCaller() != bytes32(0)) {\n require(\n _msg._destinationCaller() ==\n Message.addressToBytes32(msg.sender),\n \"Invalid caller for message\"\n );\n }\n\n // Validate version\n require(_msg._version() == version, \"Invalid message version\");\n\n // Validate nonce is available\n uint32 _sourceDomain = _msg._sourceDomain();\n uint64 _nonce = _msg._nonce();\n bytes32 _sourceAndNonce = _hashSourceAndNonce(_sourceDomain, _nonce);\n require(usedNonces[_sourceAndNonce] == 0, \"Nonce already used\");\n // Mark nonce used\n usedNonces[_sourceAndNonce] = 1;\n\n // Handle receive message\n bytes32 _sender = _msg._sender();\n bytes memory _messageBody = _msg._messageBody().clone();\n require(\n IMessageHandler(Message.bytes32ToAddress(_msg._recipient()))\n .handleReceiveMessage(_sourceDomain, _sender, _messageBody),\n \"handleReceiveMessage() failed\"\n );\n\n // Emit MessageReceived event\n emit MessageReceived(\n msg.sender,\n _sourceDomain,\n _nonce,\n _sender,\n _messageBody\n );\n return true;\n }\n\n /**\n * @notice Sets the max message body size\n * @dev This value should not be reduced without good reason,\n * to avoid impacting users who rely on large messages.\n * @param newMaxMessageBodySize new max message body size, in bytes\n */\n function setMaxMessageBodySize(uint256 newMaxMessageBodySize)\n external\n onlyOwner\n {\n maxMessageBodySize = newMaxMessageBodySize;\n emit MaxMessageBodySizeUpdated(maxMessageBodySize);\n }\n\n // ============ Internal Utils ============\n /**\n * @notice Send the message to the destination domain and recipient. If `_destinationCaller` is not equal to bytes32(0),\n * the message can only be received on the destination chain when called by `_destinationCaller`.\n * @dev Format the message and emit `MessageSent` event with message information.\n * @param _destinationDomain Domain of destination chain\n * @param _recipient Address of message recipient on destination domain as bytes32\n * @param _destinationCaller caller on the destination domain, as bytes32\n * @param _sender message sender, as bytes32\n * @param _nonce nonce reserved for message\n * @param _messageBody Raw bytes content of message\n */\n function _sendMessage(\n uint32 _destinationDomain,\n bytes32 _recipient,\n bytes32 _destinationCaller,\n bytes32 _sender,\n uint64 _nonce,\n bytes calldata _messageBody\n ) internal {\n // Validate message body length\n require(\n _messageBody.length \u003c= maxMessageBodySize,\n \"Message body exceeds max size\"\n );\n\n require(_recipient != bytes32(0), \"Recipient must be nonzero\");\n\n // serialize message\n bytes memory _message = Message._formatMessage(\n version,\n localDomain,\n _destinationDomain,\n _nonce,\n _sender,\n _recipient,\n _destinationCaller,\n _messageBody\n );\n\n // Emit MessageSent event\n emit MessageSent(_message);\n }\n\n /**\n * @notice hashes `_source` and `_nonce`.\n * @param _source Domain of chain where the transfer originated\n * @param _nonce The unique identifier for the message from source to\n destination\n * @return hash of source and nonce\n */\n function _hashSourceAndNonce(uint32 _source, uint64 _nonce)\n internal\n pure\n returns (bytes32)\n {\n return keccak256(abi.encodePacked(_source, _nonce));\n }\n\n /**\n * Reserve and increment next available nonce\n * @return nonce reserved\n */\n function _reserveAndIncrementNonce() internal returns (uint64) {\n uint64 _nonceReserved = nextAvailableNonce;\n nextAvailableNonce = nextAvailableNonce + 1;\n return _nonceReserved;\n }\n}\n","language":"Solidity","languageVersion":"0.7.6","compilerVersion":"0.7.6","compilerOptions":"--combined-json bin,bin-runtime,srcmap,srcmap-runtime,abi,userdoc,devdoc,metadata,hashes --optimize --optimize-runs 10000 --allow-paths ., ./, ../","srcMap":"58618:6594:0:-:0;;;;;;;;;;;;;;;;;;;;;;;;;","srcMapRuntime":"58618:6594:0:-:0;;;;;;;;","abiDefinition":[],"userDoc":{"kind":"user","methods":{},"version":1},"developerDoc":{"details":"Wrappers over Solidity's arithmetic operations with added overflow checks. Arithmetic operations in Solidity wrap on overflow. This can easily result in bugs, because programmers usually assume that an overflow raises an error, which is the standard behavior in high level programming languages. `SafeMath` restores this intuition by reverting the transaction when an operation overflows. Using this library instead of the unchecked operations eliminates an entire class of bugs, so it's recommended to use it always.","kind":"dev","methods":{},"version":1},"metadata":"{\"compiler\":{\"version\":\"0.7.6+commit.7338295f\"},\"language\":\"Solidity\",\"output\":{\"abi\":[],\"devdoc\":{\"details\":\"Wrappers over Solidity's arithmetic operations with added overflow checks. Arithmetic operations in Solidity wrap on overflow. This can easily result in bugs, because programmers usually assume that an overflow raises an error, which is the standard behavior in high level programming languages. `SafeMath` restores this intuition by reverting the transaction when an operation overflows. Using this library instead of the unchecked operations eliminates an entire class of bugs, so it's recommended to use it always.\",\"kind\":\"dev\",\"methods\":{},\"version\":1},\"userdoc\":{\"kind\":\"user\",\"methods\":{},\"version\":1}},\"settings\":{\"compilationTarget\":{\"/solidity/MessageTransmitter.sol\":\"SafeMath\"},\"evmVersion\":\"istanbul\",\"libraries\":{},\"metadata\":{\"bytecodeHash\":\"ipfs\"},\"optimizer\":{\"enabled\":true,\"runs\":10000},\"remappings\":[]},\"sources\":{\"/solidity/MessageTransmitter.sol\":{\"keccak256\":\"0x66482a7675b7a8f1b856597c0bcce83a042b7f528008def6999bc6ac352490c3\",\"urls\":[\"bzz-raw://1ac50e39d1d55ebb3768c40e3a059e0061a4b3604e6d696b344536449bf54493\",\"dweb:/ipfs/QmVs58APPUCVq74xCsVLCMdfB18yJTqFzgXNL5qEJu7GY6\"]}},\"version\":1}"},"hashes":{}},"/solidity/MessageTransmitter.sol:TypedMemView":{"code":"0x60cd610025600b82828239805160001a60731461001857fe5b30600052607381538281f3fe730000000000000000000000000000000000000000301460806040526004361060335760003560e01c8063f26be3fc146038575b600080fd5b603e6073565b604080517fffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0000009092168252519081900360200190f35b7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0000008156fea264697066735822122078d7da5a74bf463c97c4a8e3f4a12c2bd32aaf813b57e7960ca2f727f847ab5f64736f6c63430007060033","runtime-code":"0x730000000000000000000000000000000000000000301460806040526004361060335760003560e01c8063f26be3fc146038575b600080fd5b603e6073565b604080517fffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0000009092168252519081900360200190f35b7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0000008156fea264697066735822122078d7da5a74bf463c97c4a8e3f4a12c2bd32aaf813b57e7960ca2f727f847ab5f64736f6c63430007060033","info":{"source":"/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npragma solidity 0.7.6;\n\n/*\nThe MIT License (MIT)\n\nCopyright (c) 2016 Smart Contract Solutions, Inc.\n\nPermission is hereby granted, free of charge, to any person obtaining\na copy of this software and associated documentation files (the\n\"Software\"), to deal in the Software without restriction, including\nwithout limitation the rights to use, copy, modify, merge, publish,\ndistribute, sublicense, and/or sell copies of the Software, and to\npermit persons to whom the Software is furnished to do so, subject to\nthe following conditions:\n\nThe above copyright notice and this permission notice shall be included\nin all copies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS\nOR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF\nMERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.\nIN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY\nCLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,\nTORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE\nSOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n*/\n\nlibrary TypedMemView {\n using SafeMath for uint256;\n\n // Why does this exist?\n // the solidity `bytes memory` type has a few weaknesses.\n // 1. You can't index ranges effectively\n // 2. You can't slice without copying\n // 3. The underlying data may represent any type\n // 4. Solidity never deallocates memory, and memory costs grow\n // superlinearly\n\n // By using a memory view instead of a `bytes memory` we get the following\n // advantages:\n // 1. Slices are done on the stack, by manipulating the pointer\n // 2. We can index arbitrary ranges and quickly convert them to stack types\n // 3. We can insert type info into the pointer, and typecheck at runtime\n\n // This makes `TypedMemView` a useful tool for efficient zero-copy\n // algorithms.\n\n // Why bytes29?\n // We want to avoid confusion between views, digests, and other common\n // types so we chose a large and uncommonly used odd number of bytes\n //\n // Note that while bytes are left-aligned in a word, integers and addresses\n // are right-aligned. This means when working in assembly we have to\n // account for the 3 unused bytes on the righthand side\n //\n // First 5 bytes are a type flag.\n // - ff_ffff_fffe is reserved for unknown type.\n // - ff_ffff_ffff is reserved for invalid types/errors.\n // next 12 are memory address\n // next 12 are len\n // bottom 3 bytes are empty\n\n // Assumptions:\n // - non-modification of memory.\n // - No Solidity updates\n // - - wrt free mem point\n // - - wrt bytes representation in memory\n // - - wrt memory addressing in general\n\n // Usage:\n // - create type constants\n // - use `assertType` for runtime type assertions\n // - - unfortunately we can't do this at compile time yet :(\n // - recommended: implement modifiers that perform type checking\n // - - e.g.\n // - - `uint40 constant MY_TYPE = 3;`\n // - - ` modifer onlyMyType(bytes29 myView) { myView.assertType(MY_TYPE); }`\n // - instantiate a typed view from a bytearray using `ref`\n // - use `index` to inspect the contents of the view\n // - use `slice` to create smaller views into the same memory\n // - - `slice` can increase the offset\n // - - `slice can decrease the length`\n // - - must specify the output type of `slice`\n // - - `slice` will return a null view if you try to overrun\n // - - make sure to explicitly check for this with `notNull` or `assertType`\n // - use `equal` for typed comparisons.\n\n // The null view\n bytes29 public constant NULL = hex\"ffffffffffffffffffffffffffffffffffffffffffffffffffffffffff\";\n uint256 constant LOW_12_MASK = 0xffffffffffffffffffffffff;\n uint8 constant TWELVE_BYTES = 96;\n\n /**\n * @notice Returns the encoded hex character that represents the lower 4 bits of the argument.\n * @param _b The byte\n * @return char - The encoded hex character\n */\n function nibbleHex(uint8 _b) internal pure returns (uint8 char) {\n // This can probably be done more efficiently, but it's only in error\n // paths, so we don't really care :)\n uint8 _nibble = _b | 0xf0; // set top 4, keep bottom 4\n if (_nibble == 0xf0) {return 0x30;} // 0\n if (_nibble == 0xf1) {return 0x31;} // 1\n if (_nibble == 0xf2) {return 0x32;} // 2\n if (_nibble == 0xf3) {return 0x33;} // 3\n if (_nibble == 0xf4) {return 0x34;} // 4\n if (_nibble == 0xf5) {return 0x35;} // 5\n if (_nibble == 0xf6) {return 0x36;} // 6\n if (_nibble == 0xf7) {return 0x37;} // 7\n if (_nibble == 0xf8) {return 0x38;} // 8\n if (_nibble == 0xf9) {return 0x39;} // 9\n if (_nibble == 0xfa) {return 0x61;} // a\n if (_nibble == 0xfb) {return 0x62;} // b\n if (_nibble == 0xfc) {return 0x63;} // c\n if (_nibble == 0xfd) {return 0x64;} // d\n if (_nibble == 0xfe) {return 0x65;} // e\n if (_nibble == 0xff) {return 0x66;} // f\n }\n\n /**\n * @notice Returns a uint16 containing the hex-encoded byte.\n * @param _b The byte\n * @return encoded - The hex-encoded byte\n */\n function byteHex(uint8 _b) internal pure returns (uint16 encoded) {\n encoded |= nibbleHex(_b \u003e\u003e 4); // top 4 bits\n encoded \u003c\u003c= 8;\n encoded |= nibbleHex(_b); // lower 4 bits\n }\n\n /**\n * @notice Encodes the uint256 to hex. `first` contains the encoded top 16 bytes.\n * `second` contains the encoded lower 16 bytes.\n *\n * @param _b The 32 bytes as uint256\n * @return first - The top 16 bytes\n * @return second - The bottom 16 bytes\n */\n function encodeHex(uint256 _b) internal pure returns (uint256 first, uint256 second) {\n for (uint8 i = 31; i \u003e 15; i -= 1) {\n uint8 _byte = uint8(_b \u003e\u003e (i * 8));\n first |= byteHex(_byte);\n if (i != 16) {\n first \u003c\u003c= 16;\n }\n }\n\n // abusing underflow here =_=\n for (uint8 i = 15; i \u003c 255 ; i -= 1) {\n uint8 _byte = uint8(_b \u003e\u003e (i * 8));\n second |= byteHex(_byte);\n if (i != 0) {\n second \u003c\u003c= 16;\n }\n }\n }\n\n /**\n * @notice Changes the endianness of a uint256.\n * @dev https://graphics.stanford.edu/~seander/bithacks.html#ReverseParallel\n * @param _b The unsigned integer to reverse\n * @return v - The reversed value\n */\n function reverseUint256(uint256 _b) internal pure returns (uint256 v) {\n v = _b;\n\n // swap bytes\n v = ((v \u003e\u003e 8) \u0026 0x00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF) |\n ((v \u0026 0x00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF00FF) \u003c\u003c 8);\n // swap 2-byte long pairs\n v = ((v \u003e\u003e 16) \u0026 0x0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF) |\n ((v \u0026 0x0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF0000FFFF) \u003c\u003c 16);\n // swap 4-byte long pairs\n v = ((v \u003e\u003e 32) \u0026 0x00000000FFFFFFFF00000000FFFFFFFF00000000FFFFFFFF00000000FFFFFFFF) |\n ((v \u0026 0x00000000FFFFFFFF00000000FFFFFFFF00000000FFFFFFFF00000000FFFFFFFF) \u003c\u003c 32);\n // swap 8-byte long pairs\n v = ((v \u003e\u003e 64) \u0026 0x0000000000000000FFFFFFFFFFFFFFFF0000000000000000FFFFFFFFFFFFFFFF) |\n ((v \u0026 0x0000000000000000FFFFFFFFFFFFFFFF0000000000000000FFFFFFFFFFFFFFFF) \u003c\u003c 64);\n // swap 16-byte long pairs\n v = (v \u003e\u003e 128) | (v \u003c\u003c 128);\n }\n\n /**\n * @notice Create a mask with the highest `_len` bits set.\n * @param _len The length\n * @return mask - The mask\n */\n function leftMask(uint8 _len) private pure returns (uint256 mask) {\n // ugly. redo without assembly?\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n mask := sar(\n sub(_len, 1),\n 0x8000000000000000000000000000000000000000000000000000000000000000\n )\n }\n }\n\n /**\n * @notice Return the null view.\n * @return bytes29 - The null view\n */\n function nullView() internal pure returns (bytes29) {\n return NULL;\n }\n\n /**\n * @notice Check if the view is null.\n * @return bool - True if the view is null\n */\n function isNull(bytes29 memView) internal pure returns (bool) {\n return memView == NULL;\n }\n\n /**\n * @notice Check if the view is not null.\n * @return bool - True if the view is not null\n */\n function notNull(bytes29 memView) internal pure returns (bool) {\n return !isNull(memView);\n }\n\n /**\n * @notice Check if the view is of a valid type and points to a valid location\n * in memory.\n * @dev We perform this check by examining solidity's unallocated memory\n * pointer and ensuring that the view's upper bound is less than that.\n * @param memView The view\n * @return ret - True if the view is valid\n */\n function isValid(bytes29 memView) internal pure returns (bool ret) {\n if (typeOf(memView) == 0xffffffffff) {return false;}\n uint256 _end = end(memView);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n ret := not(gt(_end, mload(0x40)))\n }\n }\n\n /**\n * @notice Require that a typed memory view be valid.\n * @dev Returns the view for easy chaining.\n * @param memView The view\n * @return bytes29 - The validated view\n */\n function assertValid(bytes29 memView) internal pure returns (bytes29) {\n require(isValid(memView), \"Validity assertion failed\");\n return memView;\n }\n\n /**\n * @notice Return true if the memview is of the expected type. Otherwise false.\n * @param memView The view\n * @param _expected The expected type\n * @return bool - True if the memview is of the expected type\n */\n function isType(bytes29 memView, uint40 _expected) internal pure returns (bool) {\n return typeOf(memView) == _expected;\n }\n\n /**\n * @notice Require that a typed memory view has a specific type.\n * @dev Returns the view for easy chaining.\n * @param memView The view\n * @param _expected The expected type\n * @return bytes29 - The view with validated type\n */\n function assertType(bytes29 memView, uint40 _expected) internal pure returns (bytes29) {\n if (!isType(memView, _expected)) {\n (, uint256 g) = encodeHex(uint256(typeOf(memView)));\n (, uint256 e) = encodeHex(uint256(_expected));\n string memory err = string(\n abi.encodePacked(\n \"Type assertion failed. Got 0x\",\n uint80(g),\n \". Expected 0x\",\n uint80(e)\n )\n );\n revert(err);\n }\n return memView;\n }\n\n /**\n * @notice Return an identical view with a different type.\n * @param memView The view\n * @param _newType The new type\n * @return newView - The new view with the specified type\n */\n function castTo(bytes29 memView, uint40 _newType) internal pure returns (bytes29 newView) {\n // then | in the new type\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n // shift off the top 5 bytes\n newView := or(newView, shr(40, shl(40, memView)))\n newView := or(newView, shl(216, _newType))\n }\n }\n\n /**\n * @notice Unsafe raw pointer construction. This should generally not be called\n * directly. Prefer `ref` wherever possible.\n * @dev Unsafe raw pointer construction. This should generally not be called\n * directly. Prefer `ref` wherever possible.\n * @param _type The type\n * @param _loc The memory address\n * @param _len The length\n * @return newView - The new view with the specified type, location and length\n */\n function unsafeBuildUnchecked(uint256 _type, uint256 _loc, uint256 _len) private pure returns (bytes29 newView) {\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n newView := shl(96, or(newView, _type)) // insert type\n newView := shl(96, or(newView, _loc)) // insert loc\n newView := shl(24, or(newView, _len)) // empty bottom 3 bytes\n }\n }\n\n /**\n * @notice Instantiate a new memory view. This should generally not be called\n * directly. Prefer `ref` wherever possible.\n * @dev Instantiate a new memory view. This should generally not be called\n * directly. Prefer `ref` wherever possible.\n * @param _type The type\n * @param _loc The memory address\n * @param _len The length\n * @return newView - The new view with the specified type, location and length\n */\n function build(uint256 _type, uint256 _loc, uint256 _len) internal pure returns (bytes29 newView) {\n uint256 _end = _loc.add(_len);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n if gt(_end, mload(0x40)) {\n _end := 0\n }\n }\n if (_end == 0) {\n return NULL;\n }\n newView = unsafeBuildUnchecked(_type, _loc, _len);\n }\n\n /**\n * @notice Instantiate a memory view from a byte array.\n * @dev Note that due to Solidity memory representation, it is not possible to\n * implement a deref, as the `bytes` type stores its len in memory.\n * @param arr The byte array\n * @param newType The type\n * @return bytes29 - The memory view\n */\n function ref(bytes memory arr, uint40 newType) internal pure returns (bytes29) {\n uint256 _len = arr.length;\n\n uint256 _loc;\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n _loc := add(arr, 0x20) // our view is of the data, not the struct\n }\n\n return build(newType, _loc, _len);\n }\n\n /**\n * @notice Return the associated type information.\n * @param memView The memory view\n * @return _type - The type associated with the view\n */\n function typeOf(bytes29 memView) internal pure returns (uint40 _type) {\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n // 216 == 256 - 40\n _type := shr(216, memView) // shift out lower 24 bytes\n }\n }\n\n /**\n * @notice Optimized type comparison. Checks that the 5-byte type flag is equal.\n * @param left The first view\n * @param right The second view\n * @return bool - True if the 5-byte type flag is equal\n */\n function sameType(bytes29 left, bytes29 right) internal pure returns (bool) {\n return (left ^ right) \u003e\u003e (2 * TWELVE_BYTES) == 0;\n }\n\n /**\n * @notice Return the memory address of the underlying bytes.\n * @param memView The view\n * @return _loc - The memory address\n */\n function loc(bytes29 memView) internal pure returns (uint96 _loc) {\n uint256 _mask = LOW_12_MASK; // assembly can't use globals\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n // 120 bits = 12 bytes (the encoded loc) + 3 bytes (empty low space)\n _loc := and(shr(120, memView), _mask)\n }\n }\n\n /**\n * @notice The number of memory words this memory view occupies, rounded up.\n * @param memView The view\n * @return uint256 - The number of memory words\n */\n function words(bytes29 memView) internal pure returns (uint256) {\n return uint256(len(memView)).add(32) / 32;\n }\n\n /**\n * @notice The in-memory footprint of a fresh copy of the view.\n * @param memView The view\n * @return uint256 - The in-memory footprint of a fresh copy of the view.\n */\n function footprint(bytes29 memView) internal pure returns (uint256) {\n return words(memView) * 32;\n }\n\n /**\n * @notice The number of bytes of the view.\n * @param memView The view\n * @return _len - The length of the view\n */\n function len(bytes29 memView) internal pure returns (uint96 _len) {\n uint256 _mask = LOW_12_MASK; // assembly can't use globals\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n _len := and(shr(24, memView), _mask)\n }\n }\n\n /**\n * @notice Returns the endpoint of `memView`.\n * @param memView The view\n * @return uint256 - The endpoint of `memView`\n */\n function end(bytes29 memView) internal pure returns (uint256) {\n return loc(memView) + len(memView);\n }\n\n /**\n * @notice Safe slicing without memory modification.\n * @param memView The view\n * @param _index The start index\n * @param _len The length\n * @param newType The new type\n * @return bytes29 - The new view\n */\n function slice(bytes29 memView, uint256 _index, uint256 _len, uint40 newType) internal pure returns (bytes29) {\n uint256 _loc = loc(memView);\n\n // Ensure it doesn't overrun the view\n if (_loc.add(_index).add(_len) \u003e end(memView)) {\n return NULL;\n }\n\n _loc = _loc.add(_index);\n return build(newType, _loc, _len);\n }\n\n /**\n * @notice Shortcut to `slice`. Gets a view representing the first `_len` bytes.\n * @param memView The view\n * @param _len The length\n * @param newType The new type\n * @return bytes29 - The new view\n */\n function prefix(bytes29 memView, uint256 _len, uint40 newType) internal pure returns (bytes29) {\n return slice(memView, 0, _len, newType);\n }\n\n /**\n * @notice Shortcut to `slice`. Gets a view representing the last `_len` byte.\n * @param memView The view\n * @param _len The length\n * @param newType The new type\n * @return bytes29 - The new view\n */\n function postfix(bytes29 memView, uint256 _len, uint40 newType) internal pure returns (bytes29) {\n return slice(memView, uint256(len(memView)).sub(_len), _len, newType);\n }\n\n /**\n * @notice Construct an error message for an indexing overrun.\n * @param _loc The memory address\n * @param _len The length\n * @param _index The index\n * @param _slice The slice where the overrun occurred\n * @return err - The err\n */\n function indexErrOverrun(\n uint256 _loc,\n uint256 _len,\n uint256 _index,\n uint256 _slice\n ) internal pure returns (string memory err) {\n (, uint256 a) = encodeHex(_loc);\n (, uint256 b) = encodeHex(_len);\n (, uint256 c) = encodeHex(_index);\n (, uint256 d) = encodeHex(_slice);\n err = string(\n abi.encodePacked(\n \"TypedMemView/index - Overran the view. Slice is at 0x\",\n uint48(a),\n \" with length 0x\",\n uint48(b),\n \". Attempted to index at offset 0x\",\n uint48(c),\n \" with length 0x\",\n uint48(d),\n \".\"\n )\n );\n }\n\n /**\n * @notice Load up to 32 bytes from the view onto the stack.\n * @dev Returns a bytes32 with only the `_bytes` highest bytes set.\n * This can be immediately cast to a smaller fixed-length byte array.\n * To automatically cast to an integer, use `indexUint`.\n * @param memView The view\n * @param _index The index\n * @param _bytes The bytes\n * @return result - The 32 byte result\n */\n function index(bytes29 memView, uint256 _index, uint8 _bytes) internal pure returns (bytes32 result) {\n if (_bytes == 0) {return bytes32(0);}\n if (_index.add(_bytes) \u003e len(memView)) {\n revert(indexErrOverrun(loc(memView), len(memView), _index, uint256(_bytes)));\n }\n require(_bytes \u003c= 32, \"TypedMemView/index - Attempted to index more than 32 bytes\");\n\n uint8 bitLength = _bytes * 8;\n uint256 _loc = loc(memView);\n uint256 _mask = leftMask(bitLength);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n result := and(mload(add(_loc, _index)), _mask)\n }\n }\n\n /**\n * @notice Parse an unsigned integer from the view at `_index`.\n * @dev Requires that the view have \u003e= `_bytes` bytes following that index.\n * @param memView The view\n * @param _index The index\n * @param _bytes The bytes\n * @return result - The unsigned integer\n */\n function indexUint(bytes29 memView, uint256 _index, uint8 _bytes) internal pure returns (uint256 result) {\n return uint256(index(memView, _index, _bytes)) \u003e\u003e ((32 - _bytes) * 8);\n }\n\n /**\n * @notice Parse an unsigned integer from LE bytes.\n * @param memView The view\n * @param _index The index\n * @param _bytes The bytes\n * @return result - The unsigned integer\n */\n function indexLEUint(bytes29 memView, uint256 _index, uint8 _bytes) internal pure returns (uint256 result) {\n return reverseUint256(uint256(index(memView, _index, _bytes)));\n }\n\n /**\n * @notice Parse an address from the view at `_index`. Requires that the view have \u003e= 20 bytes\n * following that index.\n * @param memView The view\n * @param _index The index\n * @return address - The address\n */\n function indexAddress(bytes29 memView, uint256 _index) internal pure returns (address) {\n return address(uint160(indexUint(memView, _index, 20)));\n }\n\n /**\n * @notice Return the keccak256 hash of the underlying memory\n * @param memView The view\n * @return digest - The keccak256 hash of the underlying memory\n */\n function keccak(bytes29 memView) internal pure returns (bytes32 digest) {\n uint256 _loc = loc(memView);\n uint256 _len = len(memView);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n digest := keccak256(_loc, _len)\n }\n }\n\n /**\n * @notice Return the sha2 digest of the underlying memory.\n * @dev We explicitly deallocate memory afterwards.\n * @param memView The view\n * @return digest - The sha2 hash of the underlying memory\n */\n function sha2(bytes29 memView) internal view returns (bytes32 digest) {\n uint256 _loc = loc(memView);\n uint256 _len = len(memView);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n let ptr := mload(0x40)\n pop(staticcall(gas(), 2, _loc, _len, ptr, 0x20)) // sha2 #1\n digest := mload(ptr)\n }\n }\n\n /**\n * @notice Implements bitcoin's hash160 (rmd160(sha2()))\n * @param memView The pre-image\n * @return digest - the Digest\n */\n function hash160(bytes29 memView) internal view returns (bytes20 digest) {\n uint256 _loc = loc(memView);\n uint256 _len = len(memView);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n let ptr := mload(0x40)\n pop(staticcall(gas(), 2, _loc, _len, ptr, 0x20)) // sha2\n pop(staticcall(gas(), 3, ptr, 0x20, ptr, 0x20)) // rmd160\n digest := mload(add(ptr, 0xc)) // return value is 0-prefixed.\n }\n }\n\n /**\n * @notice Implements bitcoin's hash256 (double sha2)\n * @param memView A view of the preimage\n * @return digest - the Digest\n */\n function hash256(bytes29 memView) internal view returns (bytes32 digest) {\n uint256 _loc = loc(memView);\n uint256 _len = len(memView);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n let ptr := mload(0x40)\n pop(staticcall(gas(), 2, _loc, _len, ptr, 0x20)) // sha2 #1\n pop(staticcall(gas(), 2, ptr, 0x20, ptr, 0x20)) // sha2 #2\n digest := mload(ptr)\n }\n }\n\n /**\n * @notice Return true if the underlying memory is equal. Else false.\n * @param left The first view\n * @param right The second view\n * @return bool - True if the underlying memory is equal\n */\n function untypedEqual(bytes29 left, bytes29 right) internal pure returns (bool) {\n return (loc(left) == loc(right) \u0026\u0026 len(left) == len(right)) || keccak(left) == keccak(right);\n }\n\n /**\n * @notice Return false if the underlying memory is equal. Else true.\n * @param left The first view\n * @param right The second view\n * @return bool - False if the underlying memory is equal\n */\n function untypedNotEqual(bytes29 left, bytes29 right) internal pure returns (bool) {\n return !untypedEqual(left, right);\n }\n\n /**\n * @notice Compares type equality.\n * @dev Shortcuts if the pointers are identical, otherwise compares type and digest.\n * @param left The first view\n * @param right The second view\n * @return bool - True if the types are the same\n */\n function equal(bytes29 left, bytes29 right) internal pure returns (bool) {\n return left == right || (typeOf(left) == typeOf(right) \u0026\u0026 keccak(left) == keccak(right));\n }\n\n /**\n * @notice Compares type inequality.\n * @dev Shortcuts if the pointers are identical, otherwise compares type and digest.\n * @param left The first view\n * @param right The second view\n * @return bool - True if the types are not the same\n */\n function notEqual(bytes29 left, bytes29 right) internal pure returns (bool) {\n return !equal(left, right);\n }\n\n /**\n * @notice Copy the view to a location, return an unsafe memory reference\n * @dev Super Dangerous direct memory access.\n *\n * This reference can be overwritten if anything else modifies memory (!!!).\n * As such it MUST be consumed IMMEDIATELY.\n * This function is private to prevent unsafe usage by callers.\n * @param memView The view\n * @param _newLoc The new location\n * @return written - the unsafe memory reference\n */\n function unsafeCopyTo(bytes29 memView, uint256 _newLoc) private view returns (bytes29 written) {\n require(notNull(memView), \"TypedMemView/copyTo - Null pointer deref\");\n require(isValid(memView), \"TypedMemView/copyTo - Invalid pointer deref\");\n uint256 _len = len(memView);\n uint256 _oldLoc = loc(memView);\n\n uint256 ptr;\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n ptr := mload(0x40)\n // revert if we're writing in occupied memory\n if gt(ptr, _newLoc) {\n revert(0x60, 0x20) // empty revert message\n }\n\n // use the identity precompile to copy\n // guaranteed not to fail, so pop the success\n pop(staticcall(gas(), 4, _oldLoc, _len, _newLoc, _len))\n }\n\n written = unsafeBuildUnchecked(typeOf(memView), _newLoc, _len);\n }\n\n /**\n * @notice Copies the referenced memory to a new loc in memory, returning a `bytes` pointing to\n * the new memory\n * @dev Shortcuts if the pointers are identical, otherwise compares type and digest.\n * @param memView The view\n * @return ret - The view pointing to the new memory\n */\n function clone(bytes29 memView) internal view returns (bytes memory ret) {\n uint256 ptr;\n uint256 _len = len(memView);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n ptr := mload(0x40) // load unused memory pointer\n ret := ptr\n }\n unsafeCopyTo(memView, ptr + 0x20);\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n mstore(0x40, add(add(ptr, _len), 0x20)) // write new unused pointer\n mstore(ptr, _len) // write len of new array (in bytes)\n }\n }\n\n /**\n * @notice Join the views in memory, return an unsafe reference to the memory.\n * @dev Super Dangerous direct memory access.\n *\n * This reference can be overwritten if anything else modifies memory (!!!).\n * As such it MUST be consumed IMMEDIATELY.\n * This function is private to prevent unsafe usage by callers.\n * @param memViews The views\n * @return unsafeView - The conjoined view pointing to the new memory\n */\n function unsafeJoin(bytes29[] memory memViews, uint256 _location) private view returns (bytes29 unsafeView) {\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n let ptr := mload(0x40)\n // revert if we're writing in occupied memory\n if gt(ptr, _location) {\n revert(0x60, 0x20) // empty revert message\n }\n }\n\n uint256 _offset = 0;\n for (uint256 i = 0; i \u003c memViews.length; i ++) {\n bytes29 memView = memViews[i];\n unsafeCopyTo(memView, _location + _offset);\n _offset += len(memView);\n }\n unsafeView = unsafeBuildUnchecked(0, _location, _offset);\n }\n\n /**\n * @notice Produce the keccak256 digest of the concatenated contents of multiple views.\n * @param memViews The views\n * @return bytes32 - The keccak256 digest\n */\n function joinKeccak(bytes29[] memory memViews) internal view returns (bytes32) {\n uint256 ptr;\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n ptr := mload(0x40) // load unused memory pointer\n }\n return keccak(unsafeJoin(memViews, ptr));\n }\n\n /**\n * @notice Produce the sha256 digest of the concatenated contents of multiple views.\n * @param memViews The views\n * @return bytes32 - The sha256 digest\n */\n function joinSha2(bytes29[] memory memViews) internal view returns (bytes32) {\n uint256 ptr;\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n ptr := mload(0x40) // load unused memory pointer\n }\n return sha2(unsafeJoin(memViews, ptr));\n }\n\n /**\n * @notice copies all views, joins them into a new bytearray.\n * @param memViews The views\n * @return ret - The new byte array\n */\n function join(bytes29[] memory memViews) internal view returns (bytes memory ret) {\n uint256 ptr;\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n ptr := mload(0x40) // load unused memory pointer\n }\n\n bytes29 _newView = unsafeJoin(memViews, ptr + 0x20);\n uint256 _written = len(_newView);\n uint256 _footprint = footprint(_newView);\n\n assembly {\n // solium-disable-previous-line security/no-inline-assembly\n // store the legnth\n mstore(ptr, _written)\n // new pointer is old + 0x20 + the footprint of the body\n mstore(0x40, add(add(ptr, _footprint), 0x20))\n ret := ptr\n }\n }\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * @title IRelayer\n * @notice Sends messages from source domain to destination domain\n */\ninterface IRelayer {\n /**\n * @notice Sends an outgoing message from the source domain.\n * @dev Increment nonce, format the message, and emit `MessageSent` event with message information.\n * @param destinationDomain Domain of destination chain\n * @param recipient Address of message recipient on destination domain as bytes32\n * @param messageBody Raw bytes content of message\n * @return nonce reserved by message\n */\n function sendMessage(\n uint32 destinationDomain,\n bytes32 recipient,\n bytes calldata messageBody\n ) external returns (uint64);\n\n /**\n * @notice Sends an outgoing message from the source domain, with a specified caller on the\n * destination domain.\n * @dev Increment nonce, format the message, and emit `MessageSent` event with message information.\n * WARNING: if the `destinationCaller` does not represent a valid address as bytes32, then it will not be possible\n * to broadcast the message on the destination domain. This is an advanced feature, and the standard\n * sendMessage() should be preferred for use cases where a specific destination caller is not required.\n * @param destinationDomain Domain of destination chain\n * @param recipient Address of message recipient on destination domain as bytes32\n * @param destinationCaller caller on the destination domain, as bytes32\n * @param messageBody Raw bytes content of message\n * @return nonce reserved by message\n */\n function sendMessageWithCaller(\n uint32 destinationDomain,\n bytes32 recipient,\n bytes32 destinationCaller,\n bytes calldata messageBody\n ) external returns (uint64);\n\n /**\n * @notice Replace a message with a new message body and/or destination caller.\n * @dev The `originalAttestation` must be a valid attestation of `originalMessage`.\n * @param originalMessage original message to replace\n * @param originalAttestation attestation of `originalMessage`\n * @param newMessageBody new message body of replaced message\n * @param newDestinationCaller the new destination caller\n */\n function replaceMessage(\n bytes calldata originalMessage,\n bytes calldata originalAttestation,\n bytes calldata newMessageBody,\n bytes32 newDestinationCaller\n ) external;\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * @title IReceiver\n * @notice Receives messages on destination chain and forwards them to IMessageDestinationHandler\n */\ninterface IReceiver {\n /**\n * @notice Receives an incoming message, validating the header and passing\n * the body to application-specific handler.\n * @param message The message raw bytes\n * @param signature The message signature\n * @return success bool, true if successful\n */\n function receiveMessage(bytes calldata message, bytes calldata signature)\n external\n returns (bool success);\n}\n\n/**\n * @title IMessageTransmitter\n * @notice Interface for message transmitters, which both relay and receive messages.\n */\ninterface IMessageTransmitter is IRelayer, IReceiver {\n\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * @title IMessageHandler\n * @notice Handles messages on destination domain forwarded from\n * an IReceiver\n */\ninterface IMessageHandler {\n /**\n * @notice handles an incoming message from a Receiver\n * @param sourceDomain the source domain of the message\n * @param sender the sender of the message\n * @param messageBody The message raw bytes\n * @return success bool, true if successful\n */\n function handleReceiveMessage(\n uint32 sourceDomain,\n bytes32 sender,\n bytes calldata messageBody\n ) external returns (bool);\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * @title Message Library\n * @notice Library for formatted messages used by Relayer and Receiver.\n *\n * @dev The message body is dynamically-sized to support custom message body\n * formats. Other fields must be fixed-size to avoid hash collisions.\n * Each other input value has an explicit type to guarantee fixed-size.\n * Padding: uintNN fields are left-padded, and bytesNN fields are right-padded.\n *\n * Field Bytes Type Index\n * version 4 uint32 0\n * sourceDomain 4 uint32 4\n * destinationDomain 4 uint32 8\n * nonce 8 uint64 12\n * sender 32 bytes32 20\n * recipient 32 bytes32 52\n * destinationCaller 32 bytes32 84\n * messageBody dynamic bytes 116\n *\n **/\nlibrary Message {\n using TypedMemView for bytes;\n using TypedMemView for bytes29;\n\n // Indices of each field in message\n uint8 private constant VERSION_INDEX = 0;\n uint8 private constant SOURCE_DOMAIN_INDEX = 4;\n uint8 private constant DESTINATION_DOMAIN_INDEX = 8;\n uint8 private constant NONCE_INDEX = 12;\n uint8 private constant SENDER_INDEX = 20;\n uint8 private constant RECIPIENT_INDEX = 52;\n uint8 private constant DESTINATION_CALLER_INDEX = 84;\n uint8 private constant MESSAGE_BODY_INDEX = 116;\n\n /**\n * @notice Returns formatted (packed) message with provided fields\n * @param _msgVersion the version of the message format\n * @param _msgSourceDomain Domain of home chain\n * @param _msgDestinationDomain Domain of destination chain\n * @param _msgNonce Destination-specific nonce\n * @param _msgSender Address of sender on source chain as bytes32\n * @param _msgRecipient Address of recipient on destination chain as bytes32\n * @param _msgDestinationCaller Address of caller on destination chain as bytes32\n * @param _msgRawBody Raw bytes of message body\n * @return Formatted message\n **/\n function _formatMessage(\n uint32 _msgVersion,\n uint32 _msgSourceDomain,\n uint32 _msgDestinationDomain,\n uint64 _msgNonce,\n bytes32 _msgSender,\n bytes32 _msgRecipient,\n bytes32 _msgDestinationCaller,\n bytes memory _msgRawBody\n ) internal pure returns (bytes memory) {\n return\n abi.encodePacked(\n _msgVersion,\n _msgSourceDomain,\n _msgDestinationDomain,\n _msgNonce,\n _msgSender,\n _msgRecipient,\n _msgDestinationCaller,\n _msgRawBody\n );\n }\n\n // @notice Returns _message's version field\n function _version(bytes29 _message) internal pure returns (uint32) {\n return uint32(_message.indexUint(VERSION_INDEX, 4));\n }\n\n // @notice Returns _message's sourceDomain field\n function _sourceDomain(bytes29 _message) internal pure returns (uint32) {\n return uint32(_message.indexUint(SOURCE_DOMAIN_INDEX, 4));\n }\n\n // @notice Returns _message's destinationDomain field\n function _destinationDomain(bytes29 _message)\n internal\n pure\n returns (uint32)\n {\n return uint32(_message.indexUint(DESTINATION_DOMAIN_INDEX, 4));\n }\n\n // @notice Returns _message's nonce field\n function _nonce(bytes29 _message) internal pure returns (uint64) {\n return uint64(_message.indexUint(NONCE_INDEX, 8));\n }\n\n // @notice Returns _message's sender field\n function _sender(bytes29 _message) internal pure returns (bytes32) {\n return _message.index(SENDER_INDEX, 32);\n }\n\n // @notice Returns _message's recipient field\n function _recipient(bytes29 _message) internal pure returns (bytes32) {\n return _message.index(RECIPIENT_INDEX, 32);\n }\n\n // @notice Returns _message's destinationCaller field\n function _destinationCaller(bytes29 _message)\n internal\n pure\n returns (bytes32)\n {\n return _message.index(DESTINATION_CALLER_INDEX, 32);\n }\n\n // @notice Returns _message's messageBody field\n function _messageBody(bytes29 _message) internal pure returns (bytes29) {\n return\n _message.slice(\n MESSAGE_BODY_INDEX,\n _message.len() - MESSAGE_BODY_INDEX,\n 0\n );\n }\n\n /**\n * @notice converts address to bytes32 (alignment preserving cast.)\n * @param addr the address to convert to bytes32\n */\n function addressToBytes32(address addr) external pure returns (bytes32) {\n return bytes32(uint256(uint160(addr)));\n }\n\n /**\n * @notice converts bytes32 to address (alignment preserving cast.)\n * @dev Warning: it is possible to have different input values _buf map to the same address.\n * For use cases where this is not acceptable, validate that the first 12 bytes of _buf are zero-padding.\n * @param _buf the bytes32 to convert to address\n */\n function bytes32ToAddress(bytes32 _buf) public pure returns (address) {\n return address(uint160(uint256(_buf)));\n }\n\n /**\n * @notice Reverts if message is malformed or incorrect length\n * @param _message The message as bytes29\n */\n function _validateMessageFormat(bytes29 _message) internal pure {\n require(_message.isValid(), \"Malformed message\");\n require(\n _message.len() \u003e= MESSAGE_BODY_INDEX,\n \"Invalid message: too short\"\n );\n }\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/*\n * @dev Provides information about the current execution context, including the\n * sender of the transaction and its data. While these are generally available\n * via msg.sender and msg.data, they should not be accessed in such a direct\n * manner, since when dealing with GSN meta-transactions the account sending and\n * paying for execution may not be the actual sender (as far as an application\n * is concerned).\n *\n * This contract is only required for intermediate, library-like contracts.\n */\nabstract contract Context {\n function _msgSender() internal view virtual returns (address payable) {\n return msg.sender;\n }\n\n function _msgData() internal view virtual returns (bytes memory) {\n this; // silence state mutability warning without generating bytecode - see https://github.com/ethereum/solidity/issues/2691\n return msg.data;\n }\n}\n\n/**\n * @dev forked from https://github.com/OpenZeppelin/openzeppelin-contracts/blob/7c5f6bc2c8743d83443fa46395d75f2f3f99054a/contracts/access/Ownable.sol\n * Modifications:\n * 1. Update Solidity version from 0.8.0 to 0.7.6 (11/9/2022). (v8 was used\n * as base because it includes internal _transferOwnership method.)\n * 2. Remove renounceOwnership function\n *\n * Description\n * Contract module which provides a basic access control mechanism, where\n * there is an account (an owner) that can be granted exclusive access to\n * specific functions.\n *\n * By default, the owner account will be the one that deploys the contract. This\n * can later be changed with {transferOwnership}.\n *\n * This module is used through inheritance. It will make available the modifier\n * `onlyOwner`, which can be applied to your functions to restrict their use to\n * the owner.\n */\nabstract contract Ownable is Context {\n address private _owner;\n\n event OwnershipTransferred(\n address indexed previousOwner,\n address indexed newOwner\n );\n\n /**\n * @dev Initializes the contract setting the deployer as the initial owner.\n */\n constructor() {\n _transferOwnership(_msgSender());\n }\n\n /**\n * @dev Throws if called by any account other than the owner.\n */\n modifier onlyOwner() {\n _checkOwner();\n _;\n }\n\n /**\n * @dev Returns the address of the current owner.\n */\n function owner() public view virtual returns (address) {\n return _owner;\n }\n\n /**\n * @dev Throws if the sender is not the owner.\n */\n function _checkOwner() internal view virtual {\n require(owner() == _msgSender(), \"Ownable: caller is not the owner\");\n }\n\n /**\n * @dev Transfers ownership of the contract to a new account (`newOwner`).\n * Can only be called by the current owner.\n */\n function transferOwnership(address newOwner) public virtual onlyOwner {\n require(\n newOwner != address(0),\n \"Ownable: new owner is the zero address\"\n );\n _transferOwnership(newOwner);\n }\n\n /**\n * @dev Transfers ownership of the contract to a new account (`newOwner`).\n * Internal function without access restriction.\n */\n function _transferOwnership(address newOwner) internal virtual {\n address oldOwner = _owner;\n _owner = newOwner;\n emit OwnershipTransferred(oldOwner, newOwner);\n }\n}\n\n/**\n * @dev forked from https://github.com/OpenZeppelin/openzeppelin-contracts/blob/7c5f6bc2c8743d83443fa46395d75f2f3f99054a/contracts/access/Ownable2Step.sol\n * Modifications:\n * 1. Update Solidity version from 0.8.0 to 0.7.6. Version 0.8.0 was used\n * as base because this contract was added to OZ repo after version 0.8.0.\n *\n * Contract module which provides access control mechanism, where\n * there is an account (an owner) that can be granted exclusive access to\n * specific functions.\n *\n * By default, the owner account will be the one that deploys the contract. This\n * can later be changed with {transferOwnership} and {acceptOwnership}.\n *\n * This module is used through inheritance. It will make available all functions\n * from parent (Ownable).\n */\nabstract contract Ownable2Step is Ownable {\n address private _pendingOwner;\n\n event OwnershipTransferStarted(\n address indexed previousOwner,\n address indexed newOwner\n );\n\n /**\n * @dev Returns the address of the pending owner.\n */\n function pendingOwner() public view virtual returns (address) {\n return _pendingOwner;\n }\n\n /**\n * @dev Starts the ownership transfer of the contract to a new account. Replaces the pending transfer if there is one.\n * Can only be called by the current owner.\n */\n function transferOwnership(address newOwner)\n public\n virtual\n override\n onlyOwner\n {\n _pendingOwner = newOwner;\n emit OwnershipTransferStarted(owner(), newOwner);\n }\n\n /**\n * @dev Transfers ownership of the contract to a new account (`newOwner`) and deletes any pending owner.\n * Internal function without access restriction.\n */\n function _transferOwnership(address newOwner) internal virtual override {\n delete _pendingOwner;\n super._transferOwnership(newOwner);\n }\n\n /**\n * @dev The new owner accepts the ownership transfer.\n */\n function acceptOwnership() external {\n address sender = _msgSender();\n require(\n pendingOwner() == sender,\n \"Ownable2Step: caller is not the new owner\"\n );\n _transferOwnership(sender);\n }\n}\n\n/**\n * @notice Base contract which allows children to implement an emergency stop\n * mechanism\n * @dev Forked from https://github.com/centrehq/centre-tokens/blob/0d3cab14ebd133a83fc834dbd48d0468bdf0b391/contracts/v1/Pausable.sol\n * Modifications:\n * 1. Update Solidity version from 0.6.12 to 0.7.6 (8/23/2022)\n * 2. Change pauser visibility to private, declare external getter (11/19/22)\n */\ncontract Pausable is Ownable2Step {\n event Pause();\n event Unpause();\n event PauserChanged(address indexed newAddress);\n\n address private _pauser;\n bool public paused = false;\n\n /**\n * @dev Modifier to make a function callable only when the contract is not paused.\n */\n modifier whenNotPaused() {\n require(!paused, \"Pausable: paused\");\n _;\n }\n\n /**\n * @dev throws if called by any account other than the pauser\n */\n modifier onlyPauser() {\n require(msg.sender == _pauser, \"Pausable: caller is not the pauser\");\n _;\n }\n\n /**\n * @notice Returns current pauser\n * @return Pauser's address\n */\n function pauser() external view returns (address) {\n return _pauser;\n }\n\n /**\n * @dev called by the owner to pause, triggers stopped state\n */\n function pause() external onlyPauser {\n paused = true;\n emit Pause();\n }\n\n /**\n * @dev called by the owner to unpause, returns to normal state\n */\n function unpause() external onlyPauser {\n paused = false;\n emit Unpause();\n }\n\n /**\n * @dev update the pauser role\n */\n function updatePauser(address _newPauser) external onlyOwner {\n require(\n _newPauser != address(0),\n \"Pausable: new pauser is the zero address\"\n );\n _pauser = _newPauser;\n emit PauserChanged(_pauser);\n }\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * @dev Interface of the ERC20 standard as defined in the EIP.\n */\ninterface IERC20 {\n /**\n * @dev Returns the amount of tokens in existence.\n */\n function totalSupply() external view returns (uint256);\n\n /**\n * @dev Returns the amount of tokens owned by `account`.\n */\n function balanceOf(address account) external view returns (uint256);\n\n /**\n * @dev Moves `amount` tokens from the caller's account to `recipient`.\n *\n * Returns a boolean value indicating whether the operation succeeded.\n *\n * Emits a {Transfer} event.\n */\n function transfer(address recipient, uint256 amount) external returns (bool);\n\n /**\n * @dev Returns the remaining number of tokens that `spender` will be\n * allowed to spend on behalf of `owner` through {transferFrom}. This is\n * zero by default.\n *\n * This value changes when {approve} or {transferFrom} are called.\n */\n function allowance(address owner, address spender) external view returns (uint256);\n\n /**\n * @dev Sets `amount` as the allowance of `spender` over the caller's tokens.\n *\n * Returns a boolean value indicating whether the operation succeeded.\n *\n * IMPORTANT: Beware that changing an allowance with this method brings the risk\n * that someone may use both the old and the new allowance by unfortunate\n * transaction ordering. One possible solution to mitigate this race\n * condition is to first reduce the spender's allowance to 0 and set the\n * desired value afterwards:\n * https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729\n *\n * Emits an {Approval} event.\n */\n function approve(address spender, uint256 amount) external returns (bool);\n\n /**\n * @dev Moves `amount` tokens from `sender` to `recipient` using the\n * allowance mechanism. `amount` is then deducted from the caller's\n * allowance.\n *\n * Returns a boolean value indicating whether the operation succeeded.\n *\n * Emits a {Transfer} event.\n */\n function transferFrom(address sender, address recipient, uint256 amount) external returns (bool);\n\n /**\n * @dev Emitted when `value` tokens are moved from one account (`from`) to\n * another (`to`).\n *\n * Note that `value` may be zero.\n */\n event Transfer(address indexed from, address indexed to, uint256 value);\n\n /**\n * @dev Emitted when the allowance of a `spender` for an `owner` is set by\n * a call to {approve}. `value` is the new allowance.\n */\n event Approval(address indexed owner, address indexed spender, uint256 value);\n}\n\n/**\n * @dev Wrappers over Solidity's arithmetic operations with added overflow\n * checks.\n *\n * Arithmetic operations in Solidity wrap on overflow. This can easily result\n * in bugs, because programmers usually assume that an overflow raises an\n * error, which is the standard behavior in high level programming languages.\n * `SafeMath` restores this intuition by reverting the transaction when an\n * operation overflows.\n *\n * Using this library instead of the unchecked operations eliminates an entire\n * class of bugs, so it's recommended to use it always.\n */\nlibrary SafeMath {\n /**\n * @dev Returns the addition of two unsigned integers, with an overflow flag.\n *\n * _Available since v3.4._\n */\n function tryAdd(uint256 a, uint256 b) internal pure returns (bool, uint256) {\n uint256 c = a + b;\n if (c \u003c a) return (false, 0);\n return (true, c);\n }\n\n /**\n * @dev Returns the substraction of two unsigned integers, with an overflow flag.\n *\n * _Available since v3.4._\n */\n function trySub(uint256 a, uint256 b) internal pure returns (bool, uint256) {\n if (b \u003e a) return (false, 0);\n return (true, a - b);\n }\n\n /**\n * @dev Returns the multiplication of two unsigned integers, with an overflow flag.\n *\n * _Available since v3.4._\n */\n function tryMul(uint256 a, uint256 b) internal pure returns (bool, uint256) {\n // Gas optimization: this is cheaper than requiring 'a' not being zero, but the\n // benefit is lost if 'b' is also tested.\n // See: https://github.com/OpenZeppelin/openzeppelin-contracts/pull/522\n if (a == 0) return (true, 0);\n uint256 c = a * b;\n if (c / a != b) return (false, 0);\n return (true, c);\n }\n\n /**\n * @dev Returns the division of two unsigned integers, with a division by zero flag.\n *\n * _Available since v3.4._\n */\n function tryDiv(uint256 a, uint256 b) internal pure returns (bool, uint256) {\n if (b == 0) return (false, 0);\n return (true, a / b);\n }\n\n /**\n * @dev Returns the remainder of dividing two unsigned integers, with a division by zero flag.\n *\n * _Available since v3.4._\n */\n function tryMod(uint256 a, uint256 b) internal pure returns (bool, uint256) {\n if (b == 0) return (false, 0);\n return (true, a % b);\n }\n\n /**\n * @dev Returns the addition of two unsigned integers, reverting on\n * overflow.\n *\n * Counterpart to Solidity's `+` operator.\n *\n * Requirements:\n *\n * - Addition cannot overflow.\n */\n function add(uint256 a, uint256 b) internal pure returns (uint256) {\n uint256 c = a + b;\n require(c \u003e= a, \"SafeMath: addition overflow\");\n return c;\n }\n\n /**\n * @dev Returns the subtraction of two unsigned integers, reverting on\n * overflow (when the result is negative).\n *\n * Counterpart to Solidity's `-` operator.\n *\n * Requirements:\n *\n * - Subtraction cannot overflow.\n */\n function sub(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b \u003c= a, \"SafeMath: subtraction overflow\");\n return a - b;\n }\n\n /**\n * @dev Returns the multiplication of two unsigned integers, reverting on\n * overflow.\n *\n * Counterpart to Solidity's `*` operator.\n *\n * Requirements:\n *\n * - Multiplication cannot overflow.\n */\n function mul(uint256 a, uint256 b) internal pure returns (uint256) {\n if (a == 0) return 0;\n uint256 c = a * b;\n require(c / a == b, \"SafeMath: multiplication overflow\");\n return c;\n }\n\n /**\n * @dev Returns the integer division of two unsigned integers, reverting on\n * division by zero. The result is rounded towards zero.\n *\n * Counterpart to Solidity's `/` operator. Note: this function uses a\n * `revert` opcode (which leaves remaining gas untouched) while Solidity\n * uses an invalid opcode to revert (consuming all remaining gas).\n *\n * Requirements:\n *\n * - The divisor cannot be zero.\n */\n function div(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b \u003e 0, \"SafeMath: division by zero\");\n return a / b;\n }\n\n /**\n * @dev Returns the remainder of dividing two unsigned integers. (unsigned integer modulo),\n * reverting when dividing by zero.\n *\n * Counterpart to Solidity's `%` operator. This function uses a `revert`\n * opcode (which leaves remaining gas untouched) while Solidity uses an\n * invalid opcode to revert (consuming all remaining gas).\n *\n * Requirements:\n *\n * - The divisor cannot be zero.\n */\n function mod(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b \u003e 0, \"SafeMath: modulo by zero\");\n return a % b;\n }\n\n /**\n * @dev Returns the subtraction of two unsigned integers, reverting with custom message on\n * overflow (when the result is negative).\n *\n * CAUTION: This function is deprecated because it requires allocating memory for the error\n * message unnecessarily. For custom revert reasons use {trySub}.\n *\n * Counterpart to Solidity's `-` operator.\n *\n * Requirements:\n *\n * - Subtraction cannot overflow.\n */\n function sub(uint256 a, uint256 b, string memory errorMessage) internal pure returns (uint256) {\n require(b \u003c= a, errorMessage);\n return a - b;\n }\n\n /**\n * @dev Returns the integer division of two unsigned integers, reverting with custom message on\n * division by zero. The result is rounded towards zero.\n *\n * CAUTION: This function is deprecated because it requires allocating memory for the error\n * message unnecessarily. For custom revert reasons use {tryDiv}.\n *\n * Counterpart to Solidity's `/` operator. Note: this function uses a\n * `revert` opcode (which leaves remaining gas untouched) while Solidity\n * uses an invalid opcode to revert (consuming all remaining gas).\n *\n * Requirements:\n *\n * - The divisor cannot be zero.\n */\n function div(uint256 a, uint256 b, string memory errorMessage) internal pure returns (uint256) {\n require(b \u003e 0, errorMessage);\n return a / b;\n }\n\n /**\n * @dev Returns the remainder of dividing two unsigned integers. (unsigned integer modulo),\n * reverting with custom message when dividing by zero.\n *\n * CAUTION: This function is deprecated because it requires allocating memory for the error\n * message unnecessarily. For custom revert reasons use {tryMod}.\n *\n * Counterpart to Solidity's `%` operator. This function uses a `revert`\n * opcode (which leaves remaining gas untouched) while Solidity uses an\n * invalid opcode to revert (consuming all remaining gas).\n *\n * Requirements:\n *\n * - The divisor cannot be zero.\n */\n function mod(uint256 a, uint256 b, string memory errorMessage) internal pure returns (uint256) {\n require(b \u003e 0, errorMessage);\n return a % b;\n }\n}\n\n/**\n * @dev Collection of functions related to the address type\n */\nlibrary Address {\n /**\n * @dev Returns true if `account` is a contract.\n *\n * [IMPORTANT]\n * ====\n * It is unsafe to assume that an address for which this function returns\n * false is an externally-owned account (EOA) and not a contract.\n *\n * Among others, `isContract` will return false for the following\n * types of addresses:\n *\n * - an externally-owned account\n * - a contract in construction\n * - an address where a contract will be created\n * - an address where a contract lived, but was destroyed\n * ====\n */\n function isContract(address account) internal view returns (bool) {\n // This method relies on extcodesize, which returns 0 for contracts in\n // construction, since the code is only stored at the end of the\n // constructor execution.\n\n uint256 size;\n // solhint-disable-next-line no-inline-assembly\n assembly { size := extcodesize(account) }\n return size \u003e 0;\n }\n\n /**\n * @dev Replacement for Solidity's `transfer`: sends `amount` wei to\n * `recipient`, forwarding all available gas and reverting on errors.\n *\n * https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost\n * of certain opcodes, possibly making contracts go over the 2300 gas limit\n * imposed by `transfer`, making them unable to receive funds via\n * `transfer`. {sendValue} removes this limitation.\n *\n * https://diligence.consensys.net/posts/2019/09/stop-using-soliditys-transfer-now/[Learn more].\n *\n * IMPORTANT: because control is transferred to `recipient`, care must be\n * taken to not create reentrancy vulnerabilities. Consider using\n * {ReentrancyGuard} or the\n * https://solidity.readthedocs.io/en/v0.5.11/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern].\n */\n function sendValue(address payable recipient, uint256 amount) internal {\n require(address(this).balance \u003e= amount, \"Address: insufficient balance\");\n\n // solhint-disable-next-line avoid-low-level-calls, avoid-call-value\n (bool success, ) = recipient.call{ value: amount }(\"\");\n require(success, \"Address: unable to send value, recipient may have reverted\");\n }\n\n /**\n * @dev Performs a Solidity function call using a low level `call`. A\n * plain`call` is an unsafe replacement for a function call: use this\n * function instead.\n *\n * If `target` reverts with a revert reason, it is bubbled up by this\n * function (like regular Solidity function calls).\n *\n * Returns the raw returned data. To convert to the expected return value,\n * use https://solidity.readthedocs.io/en/latest/units-and-global-variables.html?highlight=abi.decode#abi-encoding-and-decoding-functions[`abi.decode`].\n *\n * Requirements:\n *\n * - `target` must be a contract.\n * - calling `target` with `data` must not revert.\n *\n * _Available since v3.1._\n */\n function functionCall(address target, bytes memory data) internal returns (bytes memory) {\n return functionCall(target, data, \"Address: low-level call failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], but with\n * `errorMessage` as a fallback revert reason when `target` reverts.\n *\n * _Available since v3.1._\n */\n function functionCall(address target, bytes memory data, string memory errorMessage) internal returns (bytes memory) {\n return functionCallWithValue(target, data, 0, errorMessage);\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\n * but also transferring `value` wei to `target`.\n *\n * Requirements:\n *\n * - the calling contract must have an ETH balance of at least `value`.\n * - the called Solidity function must be `payable`.\n *\n * _Available since v3.1._\n */\n function functionCallWithValue(address target, bytes memory data, uint256 value) internal returns (bytes memory) {\n return functionCallWithValue(target, data, value, \"Address: low-level call with value failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCallWithValue-address-bytes-uint256-}[`functionCallWithValue`], but\n * with `errorMessage` as a fallback revert reason when `target` reverts.\n *\n * _Available since v3.1._\n */\n function functionCallWithValue(address target, bytes memory data, uint256 value, string memory errorMessage) internal returns (bytes memory) {\n require(address(this).balance \u003e= value, \"Address: insufficient balance for call\");\n require(isContract(target), \"Address: call to non-contract\");\n\n // solhint-disable-next-line avoid-low-level-calls\n (bool success, bytes memory returndata) = target.call{ value: value }(data);\n return _verifyCallResult(success, returndata, errorMessage);\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\n * but performing a static call.\n *\n * _Available since v3.3._\n */\n function functionStaticCall(address target, bytes memory data) internal view returns (bytes memory) {\n return functionStaticCall(target, data, \"Address: low-level static call failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],\n * but performing a static call.\n *\n * _Available since v3.3._\n */\n function functionStaticCall(address target, bytes memory data, string memory errorMessage) internal view returns (bytes memory) {\n require(isContract(target), \"Address: static call to non-contract\");\n\n // solhint-disable-next-line avoid-low-level-calls\n (bool success, bytes memory returndata) = target.staticcall(data);\n return _verifyCallResult(success, returndata, errorMessage);\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],\n * but performing a delegate call.\n *\n * _Available since v3.4._\n */\n function functionDelegateCall(address target, bytes memory data) internal returns (bytes memory) {\n return functionDelegateCall(target, data, \"Address: low-level delegate call failed\");\n }\n\n /**\n * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],\n * but performing a delegate call.\n *\n * _Available since v3.4._\n */\n function functionDelegateCall(address target, bytes memory data, string memory errorMessage) internal returns (bytes memory) {\n require(isContract(target), \"Address: delegate call to non-contract\");\n\n // solhint-disable-next-line avoid-low-level-calls\n (bool success, bytes memory returndata) = target.delegatecall(data);\n return _verifyCallResult(success, returndata, errorMessage);\n }\n\n function _verifyCallResult(bool success, bytes memory returndata, string memory errorMessage) private pure returns(bytes memory) {\n if (success) {\n return returndata;\n } else {\n // Look for revert reason and bubble it up if present\n if (returndata.length \u003e 0) {\n // The easiest way to bubble the revert reason is using memory via assembly\n\n // solhint-disable-next-line no-inline-assembly\n assembly {\n let returndata_size := mload(returndata)\n revert(add(32, returndata), returndata_size)\n }\n } else {\n revert(errorMessage);\n }\n }\n }\n}\n\n/**\n * @title SafeERC20\n * @dev Wrappers around ERC20 operations that throw on failure (when the token\n * contract returns false). Tokens that return no value (and instead revert or\n * throw on failure) are also supported, non-reverting calls are assumed to be\n * successful.\n * To use this library you can add a `using SafeERC20 for IERC20;` statement to your contract,\n * which allows you to call the safe operations as `token.safeTransfer(...)`, etc.\n */\nlibrary SafeERC20 {\n using SafeMath for uint256;\n using Address for address;\n\n function safeTransfer(IERC20 token, address to, uint256 value) internal {\n _callOptionalReturn(token, abi.encodeWithSelector(token.transfer.selector, to, value));\n }\n\n function safeTransferFrom(IERC20 token, address from, address to, uint256 value) internal {\n _callOptionalReturn(token, abi.encodeWithSelector(token.transferFrom.selector, from, to, value));\n }\n\n /**\n * @dev Deprecated. This function has issues similar to the ones found in\n * {IERC20-approve}, and its usage is discouraged.\n *\n * Whenever possible, use {safeIncreaseAllowance} and\n * {safeDecreaseAllowance} instead.\n */\n function safeApprove(IERC20 token, address spender, uint256 value) internal {\n // safeApprove should only be called when setting an initial allowance,\n // or when resetting it to zero. To increase and decrease it, use\n // 'safeIncreaseAllowance' and 'safeDecreaseAllowance'\n // solhint-disable-next-line max-line-length\n require((value == 0) || (token.allowance(address(this), spender) == 0),\n \"SafeERC20: approve from non-zero to non-zero allowance\"\n );\n _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, value));\n }\n\n function safeIncreaseAllowance(IERC20 token, address spender, uint256 value) internal {\n uint256 newAllowance = token.allowance(address(this), spender).add(value);\n _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, newAllowance));\n }\n\n function safeDecreaseAllowance(IERC20 token, address spender, uint256 value) internal {\n uint256 newAllowance = token.allowance(address(this), spender).sub(value, \"SafeERC20: decreased allowance below zero\");\n _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, newAllowance));\n }\n\n /**\n * @dev Imitates a Solidity high-level call (i.e. a regular function call to a contract), relaxing the requirement\n * on the return value: the return value is optional (but if data is returned, it must not be false).\n * @param token The token targeted by the call.\n * @param data The call data (encoded using abi.encode or one of its variants).\n */\n function _callOptionalReturn(IERC20 token, bytes memory data) private {\n // We need to perform a low level call here, to bypass Solidity's return data size checking mechanism, since\n // we're implementing it ourselves. We use {Address.functionCall} to perform this call, which verifies that\n // the target address contains contract code and also asserts for success in the low-level call.\n\n bytes memory returndata = address(token).functionCall(data, \"SafeERC20: low-level call failed\");\n if (returndata.length \u003e 0) { // Return data is optional\n // solhint-disable-next-line max-line-length\n require(abi.decode(returndata, (bool)), \"SafeERC20: ERC20 operation did not succeed\");\n }\n }\n}\n\n/**\n * @notice Base contract which allows children to rescue ERC20 locked in their contract.\n * @dev Forked from https://github.com/centrehq/centre-tokens/blob/0d3cab14ebd133a83fc834dbd48d0468bdf0b391/contracts/v1.1/Rescuable.sol\n * Modifications:\n * 1. Update Solidity version from 0.6.12 to 0.7.6 (8/23/2022)\n */\ncontract Rescuable is Ownable2Step {\n using SafeERC20 for IERC20;\n\n address private _rescuer;\n\n event RescuerChanged(address indexed newRescuer);\n\n /**\n * @notice Returns current rescuer\n * @return Rescuer's address\n */\n function rescuer() external view returns (address) {\n return _rescuer;\n }\n\n /**\n * @notice Revert if called by any account other than the rescuer.\n */\n modifier onlyRescuer() {\n require(msg.sender == _rescuer, \"Rescuable: caller is not the rescuer\");\n _;\n }\n\n /**\n * @notice Rescue ERC20 tokens locked up in this contract.\n * @param tokenContract ERC20 token contract address\n * @param to Recipient address\n * @param amount Amount to withdraw\n */\n function rescueERC20(\n IERC20 tokenContract,\n address to,\n uint256 amount\n ) external onlyRescuer {\n tokenContract.safeTransfer(to, amount);\n }\n\n /**\n * @notice Assign the rescuer role to a given address.\n * @param newRescuer New rescuer's address\n */\n function updateRescuer(address newRescuer) external onlyOwner {\n require(\n newRescuer != address(0),\n \"Rescuable: new rescuer is the zero address\"\n );\n _rescuer = newRescuer;\n emit RescuerChanged(newRescuer);\n }\n}\n\n/*\n * Copyright (c) 2022, Circle Internet Financial Limited.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n/**\n * @dev Library for managing\n * https://en.wikipedia.org/wiki/Set_(abstract_data_type)[sets] of primitive\n * types.\n *\n * Sets have the following properties:\n *\n * - Elements are added, removed, and checked for existence in constant time\n * (O(1)).\n * - Elements are enumerated in O(n). No guarantees are made on the ordering.\n *\n * ```\n * contract Example {\n * // Add the library methods\n * using EnumerableSet for EnumerableSet.AddressSet;\n *\n * // Declare a set state variable\n * EnumerableSet.AddressSet private mySet;\n * }\n * ```\n *\n * As of v3.3.0, sets of type `bytes32` (`Bytes32Set`), `address` (`AddressSet`)\n * and `uint256` (`UintSet`) are supported.\n */\nlibrary EnumerableSet {\n // To implement this library for multiple types with as little code\n // repetition as possible, we write it in terms of a generic Set type with\n // bytes32 values.\n // The Set implementation uses private functions, and user-facing\n // implementations (such as AddressSet) are just wrappers around the\n // underlying Set.\n // This means that we can only create new EnumerableSets for types that fit\n // in bytes32.\n\n struct Set {\n // Storage of set values\n bytes32[] _values;\n\n // Position of the value in the `values` array, plus 1 because index 0\n // means a value is not in the set.\n mapping (bytes32 =\u003e uint256) _indexes;\n }\n\n /**\n * @dev Add a value to a set. O(1).\n *\n * Returns true if the value was added to the set, that is if it was not\n * already present.\n */\n function _add(Set storage set, bytes32 value) private returns (bool) {\n if (!_contains(set, value)) {\n set._values.push(value);\n // The value is stored at length-1, but we add 1 to all indexes\n // and use 0 as a sentinel value\n set._indexes[value] = set._values.length;\n return true;\n } else {\n return false;\n }\n }\n\n /**\n * @dev Removes a value from a set. O(1).\n *\n * Returns true if the value was removed from the set, that is if it was\n * present.\n */\n function _remove(Set storage set, bytes32 value) private returns (bool) {\n // We read and store the value's index to prevent multiple reads from the same storage slot\n uint256 valueIndex = set._indexes[value];\n\n if (valueIndex != 0) { // Equivalent to contains(set, value)\n // To delete an element from the _values array in O(1), we swap the element to delete with the last one in\n // the array, and then remove the last element (sometimes called as 'swap and pop').\n // This modifies the order of the array, as noted in {at}.\n\n uint256 toDeleteIndex = valueIndex - 1;\n uint256 lastIndex = set._values.length - 1;\n\n // When the value to delete is the last one, the swap operation is unnecessary. However, since this occurs\n // so rarely, we still do the swap anyway to avoid the gas cost of adding an 'if' statement.\n\n bytes32 lastvalue = set._values[lastIndex];\n\n // Move the last value to the index where the value to delete is\n set._values[toDeleteIndex] = lastvalue;\n // Update the index for the moved value\n set._indexes[lastvalue] = toDeleteIndex + 1; // All indexes are 1-based\n\n // Delete the slot where the moved value was stored\n set._values.pop();\n\n // Delete the index for the deleted slot\n delete set._indexes[value];\n\n return true;\n } else {\n return false;\n }\n }\n\n /**\n * @dev Returns true if the value is in the set. O(1).\n */\n function _contains(Set storage set, bytes32 value) private view returns (bool) {\n return set._indexes[value] != 0;\n }\n\n /**\n * @dev Returns the number of values on the set. O(1).\n */\n function _length(Set storage set) private view returns (uint256) {\n return set._values.length;\n }\n\n /**\n * @dev Returns the value stored at position `index` in the set. O(1).\n *\n * Note that there are no guarantees on the ordering of values inside the\n * array, and it may change when more values are added or removed.\n *\n * Requirements:\n *\n * - `index` must be strictly less than {length}.\n */\n function _at(Set storage set, uint256 index) private view returns (bytes32) {\n require(set._values.length \u003e index, \"EnumerableSet: index out of bounds\");\n return set._values[index];\n }\n\n // Bytes32Set\n\n struct Bytes32Set {\n Set _inner;\n }\n\n /**\n * @dev Add a value to a set. O(1).\n *\n * Returns true if the value was added to the set, that is if it was not\n * already present.\n */\n function add(Bytes32Set storage set, bytes32 value) internal returns (bool) {\n return _add(set._inner, value);\n }\n\n /**\n * @dev Removes a value from a set. O(1).\n *\n * Returns true if the value was removed from the set, that is if it was\n * present.\n */\n function remove(Bytes32Set storage set, bytes32 value) internal returns (bool) {\n return _remove(set._inner, value);\n }\n\n /**\n * @dev Returns true if the value is in the set. O(1).\n */\n function contains(Bytes32Set storage set, bytes32 value) internal view returns (bool) {\n return _contains(set._inner, value);\n }\n\n /**\n * @dev Returns the number of values in the set. O(1).\n */\n function length(Bytes32Set storage set) internal view returns (uint256) {\n return _length(set._inner);\n }\n\n /**\n * @dev Returns the value stored at position `index` in the set. O(1).\n *\n * Note that there are no guarantees on the ordering of values inside the\n * array, and it may change when more values are added or removed.\n *\n * Requirements:\n *\n * - `index` must be strictly less than {length}.\n */\n function at(Bytes32Set storage set, uint256 index) internal view returns (bytes32) {\n return _at(set._inner, index);\n }\n\n // AddressSet\n\n struct AddressSet {\n Set _inner;\n }\n\n /**\n * @dev Add a value to a set. O(1).\n *\n * Returns true if the value was added to the set, that is if it was not\n * already present.\n */\n function add(AddressSet storage set, address value) internal returns (bool) {\n return _add(set._inner, bytes32(uint256(uint160(value))));\n }\n\n /**\n * @dev Removes a value from a set. O(1).\n *\n * Returns true if the value was removed from the set, that is if it was\n * present.\n */\n function remove(AddressSet storage set, address value) internal returns (bool) {\n return _remove(set._inner, bytes32(uint256(uint160(value))));\n }\n\n /**\n * @dev Returns true if the value is in the set. O(1).\n */\n function contains(AddressSet storage set, address value) internal view returns (bool) {\n return _contains(set._inner, bytes32(uint256(uint160(value))));\n }\n\n /**\n * @dev Returns the number of values in the set. O(1).\n */\n function length(AddressSet storage set) internal view returns (uint256) {\n return _length(set._inner);\n }\n\n /**\n * @dev Returns the value stored at position `index` in the set. O(1).\n *\n * Note that there are no guarantees on the ordering of values inside the\n * array, and it may change when more values are added or removed.\n *\n * Requirements:\n *\n * - `index` must be strictly less than {length}.\n */\n function at(AddressSet storage set, uint256 index) internal view returns (address) {\n return address(uint160(uint256(_at(set._inner, index))));\n }\n\n // UintSet\n\n struct UintSet {\n Set _inner;\n }\n\n /**\n * @dev Add a value to a set. O(1).\n *\n * Returns true if the value was added to the set, that is if it was not\n * already present.\n */\n function add(UintSet storage set, uint256 value) internal returns (bool) {\n return _add(set._inner, bytes32(value));\n }\n\n /**\n * @dev Removes a value from a set. O(1).\n *\n * Returns true if the value was removed from the set, that is if it was\n * present.\n */\n function remove(UintSet storage set, uint256 value) internal returns (bool) {\n return _remove(set._inner, bytes32(value));\n }\n\n /**\n * @dev Returns true if the value is in the set. O(1).\n */\n function contains(UintSet storage set, uint256 value) internal view returns (bool) {\n return _contains(set._inner, bytes32(value));\n }\n\n /**\n * @dev Returns the number of values on the set. O(1).\n */\n function length(UintSet storage set) internal view returns (uint256) {\n return _length(set._inner);\n }\n\n /**\n * @dev Returns the value stored at position `index` in the set. O(1).\n *\n * Note that there are no guarantees on the ordering of values inside the\n * array, and it may change when more values are added or removed.\n *\n * Requirements:\n *\n * - `index` must be strictly less than {length}.\n */\n function at(UintSet storage set, uint256 index) internal view returns (uint256) {\n return uint256(_at(set._inner, index));\n }\n}\n\n/**\n * @dev Elliptic Curve Digital Signature Algorithm (ECDSA) operations.\n *\n * These functions can be used to verify that a message was signed by the holder\n * of the private keys of a given address.\n */\nlibrary ECDSA {\n /**\n * @dev Returns the address that signed a hashed message (`hash`) with\n * `signature`. This address can then be used for verification purposes.\n *\n * The `ecrecover` EVM opcode allows for malleable (non-unique) signatures:\n * this function rejects them by requiring the `s` value to be in the lower\n * half order, and the `v` value to be either 27 or 28.\n *\n * IMPORTANT: `hash` _must_ be the result of a hash operation for the\n * verification to be secure: it is possible to craft signatures that\n * recover to arbitrary addresses for non-hashed data. A safe way to ensure\n * this is by receiving a hash of the original message (which may otherwise\n * be too long), and then calling {toEthSignedMessageHash} on it.\n */\n function recover(bytes32 hash, bytes memory signature) internal pure returns (address) {\n // Check the signature length\n if (signature.length != 65) {\n revert(\"ECDSA: invalid signature length\");\n }\n\n // Divide the signature in r, s and v variables\n bytes32 r;\n bytes32 s;\n uint8 v;\n\n // ecrecover takes the signature parameters, and the only way to get them\n // currently is to use assembly.\n // solhint-disable-next-line no-inline-assembly\n assembly {\n r := mload(add(signature, 0x20))\n s := mload(add(signature, 0x40))\n v := byte(0, mload(add(signature, 0x60)))\n }\n\n return recover(hash, v, r, s);\n }\n\n /**\n * @dev Overload of {ECDSA-recover-bytes32-bytes-} that receives the `v`,\n * `r` and `s` signature fields separately.\n */\n function recover(bytes32 hash, uint8 v, bytes32 r, bytes32 s) internal pure returns (address) {\n // EIP-2 still allows signature malleability for ecrecover(). Remove this possibility and make the signature\n // unique. Appendix F in the Ethereum Yellow paper (https://ethereum.github.io/yellowpaper/paper.pdf), defines\n // the valid range for s in (281): 0 \u003c s \u003c secp256k1n ÷ 2 + 1, and for v in (282): v ∈ {27, 28}. Most\n // signatures from current libraries generate a unique signature with an s-value in the lower half order.\n //\n // If your library generates malleable signatures, such as s-values in the upper range, calculate a new s-value\n // with 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141 - s1 and flip v from 27 to 28 or\n // vice versa. If your library also generates signatures with 0/1 for v instead 27/28, add 27 to v to accept\n // these malleable signatures as well.\n require(uint256(s) \u003c= 0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0, \"ECDSA: invalid signature 's' value\");\n require(v == 27 || v == 28, \"ECDSA: invalid signature 'v' value\");\n\n // If the signature is valid (and not malleable), return the signer address\n address signer = ecrecover(hash, v, r, s);\n require(signer != address(0), \"ECDSA: invalid signature\");\n\n return signer;\n }\n\n /**\n * @dev Returns an Ethereum Signed Message, created from a `hash`. This\n * replicates the behavior of the\n * https://github.com/ethereum/wiki/wiki/JSON-RPC#eth_sign[`eth_sign`]\n * JSON-RPC method.\n *\n * See {recover}.\n */\n function toEthSignedMessageHash(bytes32 hash) internal pure returns (bytes32) {\n // 32 is the length in bytes of hash,\n // enforced by the type signature above\n return keccak256(abi.encodePacked(\"\\x19Ethereum Signed Message:\\n32\", hash));\n }\n}\n\ncontract Attestable is Ownable2Step {\n // ============ Events ============\n /**\n * @notice Emitted when an attester is enabled\n * @param attester newly enabled attester\n */\n event AttesterEnabled(address indexed attester);\n\n /**\n * @notice Emitted when an attester is disabled\n * @param attester newly disabled attester\n */\n event AttesterDisabled(address indexed attester);\n\n /**\n * @notice Emitted when threshold number of attestations (m in m/n multisig) is updated\n * @param oldSignatureThreshold old signature threshold\n * @param newSignatureThreshold new signature threshold\n */\n event SignatureThresholdUpdated(\n uint256 oldSignatureThreshold,\n uint256 newSignatureThreshold\n );\n\n /**\n * @dev Emitted when attester manager address is updated\n * @param previousAttesterManager representing the address of the previous attester manager\n * @param newAttesterManager representing the address of the new attester manager\n */\n event AttesterManagerUpdated(\n address indexed previousAttesterManager,\n address indexed newAttesterManager\n );\n\n // ============ Libraries ============\n using EnumerableSet for EnumerableSet.AddressSet;\n\n // ============ State Variables ============\n // number of signatures from distinct attesters required for a message to be received (m in m/n multisig)\n uint256 public signatureThreshold;\n\n // 65-byte ECDSA signature: v (32) + r (32) + s (1)\n uint256 internal constant signatureLength = 65;\n\n // enabled attesters (message signers)\n // (length of enabledAttesters is n in m/n multisig of message signers)\n EnumerableSet.AddressSet private enabledAttesters;\n\n // Attester Manager of the contract\n address private _attesterManager;\n\n // ============ Modifiers ============\n /**\n * @dev Throws if called by any account other than the attester manager.\n */\n modifier onlyAttesterManager() {\n require(msg.sender == _attesterManager, \"Caller not attester manager\");\n _;\n }\n\n // ============ Constructor ============\n /**\n * @dev The constructor sets the original attester manager of the contract to the sender account.\n * @param attester attester to initialize\n */\n constructor(address attester) {\n _setAttesterManager(msg.sender);\n // Initially 1 signature is required. Threshold can be increased by attesterManager.\n signatureThreshold = 1;\n enableAttester(attester);\n }\n\n // ============ Public/External Functions ============\n /**\n * @notice Enables an attester\n * @dev Only callable by attesterManager. New attester must be nonzero, and currently disabled.\n * @param newAttester attester to enable\n */\n function enableAttester(address newAttester) public onlyAttesterManager {\n require(newAttester != address(0), \"New attester must be nonzero\");\n require(enabledAttesters.add(newAttester), \"Attester already enabled\");\n emit AttesterEnabled(newAttester);\n }\n\n /**\n * @notice returns true if given `attester` is enabled, else false\n * @param attester attester to check enabled status of\n * @return true if given `attester` is enabled, else false\n */\n function isEnabledAttester(address attester) public view returns (bool) {\n return enabledAttesters.contains(attester);\n }\n\n /**\n * @notice returns the number of enabled attesters\n * @return number of enabled attesters\n */\n function getNumEnabledAttesters() public view returns (uint256) {\n return enabledAttesters.length();\n }\n\n /**\n * @dev Allows the current attester manager to transfer control of the contract to a newAttesterManager.\n * @param newAttesterManager The address to update attester manager to.\n */\n function updateAttesterManager(address newAttesterManager)\n external\n onlyOwner\n {\n require(\n newAttesterManager != address(0),\n \"Invalid attester manager address\"\n );\n address _oldAttesterManager = _attesterManager;\n _setAttesterManager(newAttesterManager);\n emit AttesterManagerUpdated(_oldAttesterManager, newAttesterManager);\n }\n\n /**\n * @notice Disables an attester\n * @dev Only callable by attesterManager. Disabling the attester is not allowed if there is only one attester\n * enabled, or if it would cause the number of enabled attesters to become less than signatureThreshold.\n * (Attester must be currently enabled.)\n * @param attester attester to disable\n */\n function disableAttester(address attester) external onlyAttesterManager {\n // Disallow disabling attester if there is only 1 active attester\n uint256 _numEnabledAttesters = getNumEnabledAttesters();\n\n require(_numEnabledAttesters \u003e 1, \"Too few enabled attesters\");\n\n // Disallow disabling an attester if it would cause the n in m/n multisig to fall below m (threshold # of signers).\n require(\n _numEnabledAttesters \u003e signatureThreshold,\n \"Signature threshold is too low\"\n );\n\n require(enabledAttesters.remove(attester), \"Attester already disabled\");\n emit AttesterDisabled(attester);\n }\n\n /**\n * @notice Sets the threshold of signatures required to attest to a message.\n * (This is the m in m/n multisig.)\n * @dev new signature threshold must be nonzero, and must not exceed number\n * of enabled attesters.\n * @param newSignatureThreshold new signature threshold\n */\n function setSignatureThreshold(uint256 newSignatureThreshold)\n external\n onlyAttesterManager\n {\n require(newSignatureThreshold != 0, \"Invalid signature threshold\");\n\n // New signature threshold cannot exceed the number of enabled attesters\n require(\n newSignatureThreshold \u003c= enabledAttesters.length(),\n \"New signature threshold too high\"\n );\n\n require(\n newSignatureThreshold != signatureThreshold,\n \"Signature threshold already set\"\n );\n\n uint256 _oldSignatureThreshold = signatureThreshold;\n signatureThreshold = newSignatureThreshold;\n emit SignatureThresholdUpdated(\n _oldSignatureThreshold,\n signatureThreshold\n );\n }\n\n /**\n * @dev Returns the address of the attester manager\n * @return address of the attester manager\n */\n function attesterManager() external view returns (address) {\n return _attesterManager;\n }\n\n /**\n * @notice gets enabled attester at given `index`\n * @param index index of attester to check\n * @return enabled attester at given `index`\n */\n function getEnabledAttester(uint256 index) external view returns (address) {\n return enabledAttesters.at(index);\n }\n\n // ============ Internal Utils ============\n /**\n * @dev Sets a new attester manager address\n * @param _newAttesterManager attester manager address to set\n */\n function _setAttesterManager(address _newAttesterManager) internal {\n _attesterManager = _newAttesterManager;\n }\n\n /**\n * @notice reverts if the attestation, which is comprised of one or more concatenated 65-byte signatures, is invalid.\n * @dev Rules for valid attestation:\n * 1. length of `_attestation` == 65 (signature length) * signatureThreshold\n * 2. addresses recovered from attestation must be in increasing order.\n * For example, if signature A is signed by address 0x1..., and signature B\n * is signed by address 0x2..., attestation must be passed as AB.\n * 3. no duplicate signers\n * 4. all signers must be enabled attesters\n *\n * Based on Christian Lundkvist's Simple Multisig\n * (https://github.com/christianlundkvist/simple-multisig/tree/560c463c8651e0a4da331bd8f245ccd2a48ab63d)\n * @param _message message to verify attestation of\n * @param _attestation attestation of `_message`\n */\n function _verifyAttestationSignatures(\n bytes calldata _message,\n bytes calldata _attestation\n ) internal view {\n require(\n _attestation.length == signatureLength * signatureThreshold,\n \"Invalid attestation length\"\n );\n\n // (Attesters cannot be address(0))\n address _latestAttesterAddress = address(0);\n // Address recovered from signatures must be in increasing order, to prevent duplicates\n\n bytes32 _digest = keccak256(_message);\n\n for (uint256 i; i \u003c signatureThreshold; ++i) {\n bytes memory _signature = _attestation[i * signatureLength:i *\n signatureLength +\n signatureLength];\n\n address _recoveredAttester = _recoverAttesterSignature(\n _digest,\n _signature\n );\n\n // Signatures must be in increasing order of address, and may not duplicate signatures from same address\n require(\n _recoveredAttester \u003e _latestAttesterAddress,\n \"Invalid signature order or dupe\"\n );\n require(\n isEnabledAttester(_recoveredAttester),\n \"Invalid signature: not attester\"\n );\n _latestAttesterAddress = _recoveredAttester;\n }\n }\n\n /**\n * @notice Checks that signature was signed by attester\n * @param _digest message hash\n * @param _signature message signature\n * @return address of recovered signer\n **/\n function _recoverAttesterSignature(bytes32 _digest, bytes memory _signature)\n internal\n pure\n returns (address)\n {\n return (ECDSA.recover(_digest, _signature));\n }\n}\n\n/**\n * @title MessageTransmitter\n * @notice Contract responsible for sending and receiving messages across chains.\n */\ncontract MessageTransmitter is\n IMessageTransmitter,\n Pausable,\n Rescuable,\n Attestable\n{\n // ============ Events ============\n /**\n * @notice Emitted when a new message is dispatched\n * @param message Raw bytes of message\n */\n event MessageSent(bytes message);\n\n /**\n * @notice Emitted when a new message is received\n * @param caller Caller (msg.sender) on destination domain\n * @param sourceDomain The source domain this message originated from\n * @param nonce The nonce unique to this message\n * @param sender The sender of this message\n * @param messageBody message body bytes\n */\n event MessageReceived(\n address indexed caller,\n uint32 sourceDomain,\n uint64 indexed nonce,\n bytes32 sender,\n bytes messageBody\n );\n\n /**\n * @notice Emitted when max message body size is updated\n * @param newMaxMessageBodySize new maximum message body size, in bytes\n */\n event MaxMessageBodySizeUpdated(uint256 newMaxMessageBodySize);\n\n // ============ Libraries ============\n using TypedMemView for bytes;\n using TypedMemView for bytes29;\n using Message for bytes29;\n\n // ============ State Variables ============\n // Domain of chain on which the contract is deployed\n uint32 public immutable localDomain;\n\n // Message Format version\n uint32 public immutable version;\n\n // Maximum size of message body, in bytes.\n // This value is set by owner.\n uint256 public maxMessageBodySize;\n\n // Next available nonce from this source domain\n uint64 public nextAvailableNonce;\n\n // Maps a bytes32 hash of (sourceDomain, nonce) -\u003e uint256 (0 if unused, 1 if used)\n mapping(bytes32 =\u003e uint256) public usedNonces;\n\n // ============ Constructor ============\n constructor(\n uint32 _localDomain,\n address _attester,\n uint32 _maxMessageBodySize,\n uint32 _version\n ) Attestable(_attester) {\n localDomain = _localDomain;\n maxMessageBodySize = _maxMessageBodySize;\n version = _version;\n }\n\n // ============ External Functions ============\n /**\n * @notice Send the message to the destination domain and recipient\n * @dev Increment nonce, format the message, and emit `MessageSent` event with message information.\n * @param destinationDomain Domain of destination chain\n * @param recipient Address of message recipient on destination chain as bytes32\n * @param messageBody Raw bytes content of message\n * @return nonce reserved by message\n */\n function sendMessage(\n uint32 destinationDomain,\n bytes32 recipient,\n bytes calldata messageBody\n ) external override whenNotPaused returns (uint64) {\n bytes32 _emptyDestinationCaller = bytes32(0);\n uint64 _nonce = _reserveAndIncrementNonce();\n bytes32 _messageSender = Message.addressToBytes32(msg.sender);\n\n _sendMessage(\n destinationDomain,\n recipient,\n _emptyDestinationCaller,\n _messageSender,\n _nonce,\n messageBody\n );\n\n return _nonce;\n }\n\n /**\n * @notice Replace a message with a new message body and/or destination caller.\n * @dev The `originalAttestation` must be a valid attestation of `originalMessage`.\n * Reverts if msg.sender does not match sender of original message, or if the source domain of the original message\n * does not match this MessageTransmitter's local domain.\n * @param originalMessage original message to replace\n * @param originalAttestation attestation of `originalMessage`\n * @param newMessageBody new message body of replaced message\n * @param newDestinationCaller the new destination caller, which may be the\n * same as the original destination caller, a new destination caller, or an empty\n * destination caller (bytes32(0), indicating that any destination caller is valid.)\n */\n function replaceMessage(\n bytes calldata originalMessage,\n bytes calldata originalAttestation,\n bytes calldata newMessageBody,\n bytes32 newDestinationCaller\n ) external override whenNotPaused {\n // Validate each signature in the attestation\n _verifyAttestationSignatures(originalMessage, originalAttestation);\n\n bytes29 _originalMsg = originalMessage.ref(0);\n\n // Validate message format\n _originalMsg._validateMessageFormat();\n\n // Validate message sender\n bytes32 _sender = _originalMsg._sender();\n require(\n msg.sender == Message.bytes32ToAddress(_sender),\n \"Sender not permitted to use nonce\"\n );\n\n // Validate source domain\n uint32 _sourceDomain = _originalMsg._sourceDomain();\n require(\n _sourceDomain == localDomain,\n \"Message not originally sent from this domain\"\n );\n\n uint32 _destinationDomain = _originalMsg._destinationDomain();\n bytes32 _recipient = _originalMsg._recipient();\n uint64 _nonce = _originalMsg._nonce();\n\n _sendMessage(\n _destinationDomain,\n _recipient,\n newDestinationCaller,\n _sender,\n _nonce,\n newMessageBody\n );\n }\n\n /**\n * @notice Send the message to the destination domain and recipient, for a specified `destinationCaller` on the\n * destination domain.\n * @dev Increment nonce, format the message, and emit `MessageSent` event with message information.\n * WARNING: if the `destinationCaller` does not represent a valid address, then it will not be possible\n * to broadcast the message on the destination domain. This is an advanced feature, and the standard\n * sendMessage() should be preferred for use cases where a specific destination caller is not required.\n * @param destinationDomain Domain of destination chain\n * @param recipient Address of message recipient on destination domain as bytes32\n * @param destinationCaller caller on the destination domain, as bytes32\n * @param messageBody Raw bytes content of message\n * @return nonce reserved by message\n */\n function sendMessageWithCaller(\n uint32 destinationDomain,\n bytes32 recipient,\n bytes32 destinationCaller,\n bytes calldata messageBody\n ) external override whenNotPaused returns (uint64) {\n require(\n destinationCaller != bytes32(0),\n \"Destination caller must be nonzero\"\n );\n\n uint64 _nonce = _reserveAndIncrementNonce();\n bytes32 _messageSender = Message.addressToBytes32(msg.sender);\n\n _sendMessage(\n destinationDomain,\n recipient,\n destinationCaller,\n _messageSender,\n _nonce,\n messageBody\n );\n\n return _nonce;\n }\n\n /**\n * @notice Receive a message. Messages with a given nonce\n * can only be broadcast once for a (sourceDomain, destinationDomain)\n * pair. The message body of a valid message is passed to the\n * specified recipient for further processing.\n *\n * @dev Attestation format:\n * A valid attestation is the concatenated 65-byte signature(s) of exactly\n * `thresholdSignature` signatures, in increasing order of attester address.\n * ***If the attester addresses recovered from signatures are not in\n * increasing order, signature verification will fail.***\n * If incorrect number of signatures or duplicate signatures are supplied,\n * signature verification will fail.\n *\n * Message format:\n * Field Bytes Type Index\n * version 4 uint32 0\n * sourceDomain 4 uint32 4\n * destinationDomain 4 uint32 8\n * nonce 8 uint64 12\n * sender 32 bytes32 20\n * recipient 32 bytes32 52\n * messageBody dynamic bytes 84\n * @param message Message bytes\n * @param attestation Concatenated 65-byte signature(s) of `message`, in increasing order\n * of the attester address recovered from signatures.\n * @return success bool, true if successful\n */\n function receiveMessage(bytes calldata message, bytes calldata attestation)\n external\n override\n whenNotPaused\n returns (bool success)\n {\n // Validate each signature in the attestation\n _verifyAttestationSignatures(message, attestation);\n\n bytes29 _msg = message.ref(0);\n\n // Validate message format\n _msg._validateMessageFormat();\n\n // Validate domain\n require(\n _msg._destinationDomain() == localDomain,\n \"Invalid destination domain\"\n );\n\n // Validate destination caller\n if (_msg._destinationCaller() != bytes32(0)) {\n require(\n _msg._destinationCaller() ==\n Message.addressToBytes32(msg.sender),\n \"Invalid caller for message\"\n );\n }\n\n // Validate version\n require(_msg._version() == version, \"Invalid message version\");\n\n // Validate nonce is available\n uint32 _sourceDomain = _msg._sourceDomain();\n uint64 _nonce = _msg._nonce();\n bytes32 _sourceAndNonce = _hashSourceAndNonce(_sourceDomain, _nonce);\n require(usedNonces[_sourceAndNonce] == 0, \"Nonce already used\");\n // Mark nonce used\n usedNonces[_sourceAndNonce] = 1;\n\n // Handle receive message\n bytes32 _sender = _msg._sender();\n bytes memory _messageBody = _msg._messageBody().clone();\n require(\n IMessageHandler(Message.bytes32ToAddress(_msg._recipient()))\n .handleReceiveMessage(_sourceDomain, _sender, _messageBody),\n \"handleReceiveMessage() failed\"\n );\n\n // Emit MessageReceived event\n emit MessageReceived(\n msg.sender,\n _sourceDomain,\n _nonce,\n _sender,\n _messageBody\n );\n return true;\n }\n\n /**\n * @notice Sets the max message body size\n * @dev This value should not be reduced without good reason,\n * to avoid impacting users who rely on large messages.\n * @param newMaxMessageBodySize new max message body size, in bytes\n */\n function setMaxMessageBodySize(uint256 newMaxMessageBodySize)\n external\n onlyOwner\n {\n maxMessageBodySize = newMaxMessageBodySize;\n emit MaxMessageBodySizeUpdated(maxMessageBodySize);\n }\n\n // ============ Internal Utils ============\n /**\n * @notice Send the message to the destination domain and recipient. If `_destinationCaller` is not equal to bytes32(0),\n * the message can only be received on the destination chain when called by `_destinationCaller`.\n * @dev Format the message and emit `MessageSent` event with message information.\n * @param _destinationDomain Domain of destination chain\n * @param _recipient Address of message recipient on destination domain as bytes32\n * @param _destinationCaller caller on the destination domain, as bytes32\n * @param _sender message sender, as bytes32\n * @param _nonce nonce reserved for message\n * @param _messageBody Raw bytes content of message\n */\n function _sendMessage(\n uint32 _destinationDomain,\n bytes32 _recipient,\n bytes32 _destinationCaller,\n bytes32 _sender,\n uint64 _nonce,\n bytes calldata _messageBody\n ) internal {\n // Validate message body length\n require(\n _messageBody.length \u003c= maxMessageBodySize,\n \"Message body exceeds max size\"\n );\n\n require(_recipient != bytes32(0), \"Recipient must be nonzero\");\n\n // serialize message\n bytes memory _message = Message._formatMessage(\n version,\n localDomain,\n _destinationDomain,\n _nonce,\n _sender,\n _recipient,\n _destinationCaller,\n _messageBody\n );\n\n // Emit MessageSent event\n emit MessageSent(_message);\n }\n\n /**\n * @notice hashes `_source` and `_nonce`.\n * @param _source Domain of chain where the transfer originated\n * @param _nonce The unique identifier for the message from source to\n destination\n * @return hash of source and nonce\n */\n function _hashSourceAndNonce(uint32 _source, uint64 _nonce)\n internal\n pure\n returns (bytes32)\n {\n return keccak256(abi.encodePacked(_source, _nonce));\n }\n\n /**\n * Reserve and increment next available nonce\n * @return nonce reserved\n */\n function _reserveAndIncrementNonce() internal returns (uint64) {\n uint64 _nonceReserved = nextAvailableNonce;\n nextAvailableNonce = nextAvailableNonce + 1;\n return _nonceReserved;\n }\n}\n","language":"Solidity","languageVersion":"0.7.6","compilerVersion":"0.7.6","compilerOptions":"--combined-json bin,bin-runtime,srcmap,srcmap-runtime,abi,userdoc,devdoc,metadata,hashes --optimize --optimize-runs 10000 --allow-paths ., ./, ../","srcMap":"1747:31414:0:-:0;;;;;;;;;;;;;;;;;;;;;;;;;","srcMapRuntime":"1747:31414:0:-:0;;;;;;;;;;;;;;;;;;;;;;;;4293:94;;;:::i;:::-;;;;;;;;;;;;;;;;;;;;;;:::o","abiDefinition":[{"inputs":[],"name":"NULL","outputs":[{"internalType":"bytes29","name":"","type":"bytes29"}],"stateMutability":"view","type":"function"}],"userDoc":{"kind":"user","methods":{},"version":1},"developerDoc":{"kind":"dev","methods":{},"version":1},"metadata":"{\"compiler\":{\"version\":\"0.7.6+commit.7338295f\"},\"language\":\"Solidity\",\"output\":{\"abi\":[{\"inputs\":[],\"name\":\"NULL\",\"outputs\":[{\"internalType\":\"bytes29\",\"name\":\"\",\"type\":\"bytes29\"}],\"stateMutability\":\"view\",\"type\":\"function\"}],\"devdoc\":{\"kind\":\"dev\",\"methods\":{},\"version\":1},\"userdoc\":{\"kind\":\"user\",\"methods\":{},\"version\":1}},\"settings\":{\"compilationTarget\":{\"/solidity/MessageTransmitter.sol\":\"TypedMemView\"},\"evmVersion\":\"istanbul\",\"libraries\":{},\"metadata\":{\"bytecodeHash\":\"ipfs\"},\"optimizer\":{\"enabled\":true,\"runs\":10000},\"remappings\":[]},\"sources\":{\"/solidity/MessageTransmitter.sol\":{\"keccak256\":\"0x66482a7675b7a8f1b856597c0bcce83a042b7f528008def6999bc6ac352490c3\",\"urls\":[\"bzz-raw://1ac50e39d1d55ebb3768c40e3a059e0061a4b3604e6d696b344536449bf54493\",\"dweb:/ipfs/QmVs58APPUCVq74xCsVLCMdfB18yJTqFzgXNL5qEJu7GY6\"]}},\"version\":1}"},"hashes":{"NULL()":"f26be3fc"}}}