ETH Price: $3,534.49 (-3.83%)

Transaction Decoder

Block:
20023614 at Jun-05-2024 05:43:59 AM +UTC
Transaction Fee:
0.000780663249968942 ETH $2.76
Gas Used:
97,637 Gas / 7.995567766 Gwei

Account State Difference:

  Address   Before After State Difference Code
(Titan Builder)
9.371981689711991041 Eth9.371991453411991041 Eth0.0000097637
0x4B9Be004...74867E8B1
0.003653031368591022 Eth
Nonce: 8
0.00287236811862208 Eth
Nonce: 9
0.000780663249968942

Execution Trace

ETH 0.001 L1ChugSplashProxy.e11013dd( )
  • ProxyAdmin.STATICCALL( )
  • ETH 0.001 L1StandardBridge.bridgeETHTo( _to=0x4B9Be004A809dcc29ED76B673124c2774867E8B1, _minGasLimit=200000, _extraData=0x7375706572627269646765 )
    • ETH 0.001 ResolvedDelegateProxy.3dbb202b( )
      • AddressManager.getAddress( _name=OVM_L1CrossDomainMessenger ) => ( 0x958487e21ba9E073836d598E31f749726f23413f )
      • ETH 0.001 L1CrossDomainMessenger.sendMessage( _target=0x4200000000000000000000000000000000000010, _message=0x1635F5FD0000000000000000000000004B9BE004A809DCC29ED76B673124C2774867E8B10000000000000000000000004B9BE004A809DCC29ED76B673124C2774867E8B100000000000000000000000000000000000000000000000000038D7EA4C680000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000B7375706572627269646765000000000000000000000000000000000000000000, _minGasLimit=200000 )
        • ETH 0.001 Proxy.e9e05c42( )
          • ETH 0.001 OptimismPortal.depositTransaction( _to=0x4200000000000000000000000000000000000007, _value=1000000000000000, _gasLimit=491310, _isCreation=False, _data=0xD764AD0B000100000000000000000000000000000000000000000000000000000000273E0000000000000000000000002B3F201543ADF73160BA42E1A5B7750024F30420000000000000000000000000420000000000000000000000000000000000001000000000000000000000000000000000000000000000000000038D7EA4C680000000000000000000000000000000000000000000000000000000000000030D4000000000000000000000000000000000000000000000000000000000000000C000000000000000000000000000000000000000000000000000000000000000C41635F5FD0000000000000000000000004B9BE004A809DCC29ED76B673124C2774867E8B10000000000000000000000004B9BE004A809DCC29ED76B673124C2774867E8B100000000000000000000000000000000000000000000000000038D7EA4C680000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000B737570657262726964676500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 )
            File 1 of 8: L1ChugSplashProxy
            // SPDX-License-Identifier: MIT
            pragma solidity 0.8.15;
            /**
             * @title IL1ChugSplashDeployer
             */
            interface IL1ChugSplashDeployer {
                function isUpgrading() external view returns (bool);
            }
            /**
             * @custom:legacy
             * @title L1ChugSplashProxy
             * @notice Basic ChugSplash proxy contract for L1. Very close to being a normal proxy but has added
             *         functions `setCode` and `setStorage` for changing the code or storage of the contract.
             *
             *         Note for future developers: do NOT make anything in this contract 'public' unless you
             *         know what you're doing. Anything public can potentially have a function signature that
             *         conflicts with a signature attached to the implementation contract. Public functions
             *         SHOULD always have the `proxyCallIfNotOwner` modifier unless there's some *really* good
             *         reason not to have that modifier. And there almost certainly is not a good reason to not
             *         have that modifier. Beware!
             */
            contract L1ChugSplashProxy {
                /**
                 * @notice "Magic" prefix. When prepended to some arbitrary bytecode and used to create a
                 *         contract, the appended bytecode will be deployed as given.
                 */
                bytes13 internal constant DEPLOY_CODE_PREFIX = 0x600D380380600D6000396000f3;
                /**
                 * @notice bytes32(uint256(keccak256('eip1967.proxy.implementation')) - 1)
                 */
                bytes32 internal constant IMPLEMENTATION_KEY =
                    0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc;
                /**
                 * @notice bytes32(uint256(keccak256('eip1967.proxy.admin')) - 1)
                 */
                bytes32 internal constant OWNER_KEY =
                    0xb53127684a568b3173ae13b9f8a6016e243e63b6e8ee1178d6a717850b5d6103;
                /**
                 * @notice Blocks a function from being called when the parent signals that the system should
                 *         be paused via an isUpgrading function.
                 */
                modifier onlyWhenNotPaused() {
                    address owner = _getOwner();
                    // We do a low-level call because there's no guarantee that the owner actually *is* an
                    // L1ChugSplashDeployer contract and Solidity will throw errors if we do a normal call and
                    // it turns out that it isn't the right type of contract.
                    (bool success, bytes memory returndata) = owner.staticcall(
                        abi.encodeWithSelector(IL1ChugSplashDeployer.isUpgrading.selector)
                    );
                    // If the call was unsuccessful then we assume that there's no "isUpgrading" method and we
                    // can just continue as normal. We also expect that the return value is exactly 32 bytes
                    // long. If this isn't the case then we can safely ignore the result.
                    if (success && returndata.length == 32) {
                        // Although the expected value is a *boolean*, it's safer to decode as a uint256 in the
                        // case that the isUpgrading function returned something other than 0 or 1. But we only
                        // really care about the case where this value is 0 (= false).
                        uint256 ret = abi.decode(returndata, (uint256));
                        require(ret == 0, "L1ChugSplashProxy: system is currently being upgraded");
                    }
                    _;
                }
                /**
                 * @notice Makes a proxy call instead of triggering the given function when the caller is
                 *         either the owner or the zero address. Caller can only ever be the zero address if
                 *         this function is being called off-chain via eth_call, which is totally fine and can
                 *         be convenient for client-side tooling. Avoids situations where the proxy and
                 *         implementation share a sighash and the proxy function ends up being called instead
                 *         of the implementation one.
                 *
                 *         Note: msg.sender == address(0) can ONLY be triggered off-chain via eth_call. If
                 *         there's a way for someone to send a transaction with msg.sender == address(0) in any
                 *         real context then we have much bigger problems. Primary reason to include this
                 *         additional allowed sender is because the owner address can be changed dynamically
                 *         and we do not want clients to have to keep track of the current owner in order to
                 *         make an eth_call that doesn't trigger the proxied contract.
                 */
                // slither-disable-next-line incorrect-modifier
                modifier proxyCallIfNotOwner() {
                    if (msg.sender == _getOwner() || msg.sender == address(0)) {
                        _;
                    } else {
                        // This WILL halt the call frame on completion.
                        _doProxyCall();
                    }
                }
                /**
                 * @param _owner Address of the initial contract owner.
                 */
                constructor(address _owner) {
                    _setOwner(_owner);
                }
                // slither-disable-next-line locked-ether
                receive() external payable {
                    // Proxy call by default.
                    _doProxyCall();
                }
                // slither-disable-next-line locked-ether
                fallback() external payable {
                    // Proxy call by default.
                    _doProxyCall();
                }
                /**
                 * @notice Sets the code that should be running behind this proxy.
                 *
                 *         Note: This scheme is a bit different from the standard proxy scheme where one would
                 *         typically deploy the code separately and then set the implementation address. We're
                 *         doing it this way because it gives us a lot more freedom on the client side. Can
                 *         only be triggered by the contract owner.
                 *
                 * @param _code New contract code to run inside this contract.
                 */
                function setCode(bytes memory _code) external proxyCallIfNotOwner {
                    // Get the code hash of the current implementation.
                    address implementation = _getImplementation();
                    // If the code hash matches the new implementation then we return early.
                    if (keccak256(_code) == _getAccountCodeHash(implementation)) {
                        return;
                    }
                    // Create the deploycode by appending the magic prefix.
                    bytes memory deploycode = abi.encodePacked(DEPLOY_CODE_PREFIX, _code);
                    // Deploy the code and set the new implementation address.
                    address newImplementation;
                    assembly {
                        newImplementation := create(0x0, add(deploycode, 0x20), mload(deploycode))
                    }
                    // Check that the code was actually deployed correctly. I'm not sure if you can ever
                    // actually fail this check. Should only happen if the contract creation from above runs
                    // out of gas but this parent execution thread does NOT run out of gas. Seems like we
                    // should be doing this check anyway though.
                    require(
                        _getAccountCodeHash(newImplementation) == keccak256(_code),
                        "L1ChugSplashProxy: code was not correctly deployed"
                    );
                    _setImplementation(newImplementation);
                }
                /**
                 * @notice Modifies some storage slot within the proxy contract. Gives us a lot of power to
                 *         perform upgrades in a more transparent way. Only callable by the owner.
                 *
                 * @param _key   Storage key to modify.
                 * @param _value New value for the storage key.
                 */
                function setStorage(bytes32 _key, bytes32 _value) external proxyCallIfNotOwner {
                    assembly {
                        sstore(_key, _value)
                    }
                }
                /**
                 * @notice Changes the owner of the proxy contract. Only callable by the owner.
                 *
                 * @param _owner New owner of the proxy contract.
                 */
                function setOwner(address _owner) external proxyCallIfNotOwner {
                    _setOwner(_owner);
                }
                /**
                 * @notice Queries the owner of the proxy contract. Can only be called by the owner OR by
                 *         making an eth_call and setting the "from" address to address(0).
                 *
                 * @return Owner address.
                 */
                function getOwner() external proxyCallIfNotOwner returns (address) {
                    return _getOwner();
                }
                /**
                 * @notice Queries the implementation address. Can only be called by the owner OR by making an
                 *         eth_call and setting the "from" address to address(0).
                 *
                 * @return Implementation address.
                 */
                function getImplementation() external proxyCallIfNotOwner returns (address) {
                    return _getImplementation();
                }
                /**
                 * @notice Sets the implementation address.
                 *
                 * @param _implementation New implementation address.
                 */
                function _setImplementation(address _implementation) internal {
                    assembly {
                        sstore(IMPLEMENTATION_KEY, _implementation)
                    }
                }
                /**
                 * @notice Changes the owner of the proxy contract.
                 *
                 * @param _owner New owner of the proxy contract.
                 */
                function _setOwner(address _owner) internal {
                    assembly {
                        sstore(OWNER_KEY, _owner)
                    }
                }
                /**
                 * @notice Performs the proxy call via a delegatecall.
                 */
                function _doProxyCall() internal onlyWhenNotPaused {
                    address implementation = _getImplementation();
                    require(implementation != address(0), "L1ChugSplashProxy: implementation is not set yet");
                    assembly {
                        // Copy calldata into memory at 0x0....calldatasize.
                        calldatacopy(0x0, 0x0, calldatasize())
                        // Perform the delegatecall, make sure to pass all available gas.
                        let success := delegatecall(gas(), implementation, 0x0, calldatasize(), 0x0, 0x0)
                        // Copy returndata into memory at 0x0....returndatasize. Note that this *will*
                        // overwrite the calldata that we just copied into memory but that doesn't really
                        // matter because we'll be returning in a second anyway.
                        returndatacopy(0x0, 0x0, returndatasize())
                        // Success == 0 means a revert. We'll revert too and pass the data up.
                        if iszero(success) {
                            revert(0x0, returndatasize())
                        }
                        // Otherwise we'll just return and pass the data up.
                        return(0x0, returndatasize())
                    }
                }
                /**
                 * @notice Queries the implementation address.
                 *
                 * @return Implementation address.
                 */
                function _getImplementation() internal view returns (address) {
                    address implementation;
                    assembly {
                        implementation := sload(IMPLEMENTATION_KEY)
                    }
                    return implementation;
                }
                /**
                 * @notice Queries the owner of the proxy contract.
                 *
                 * @return Owner address.
                 */
                function _getOwner() internal view returns (address) {
                    address owner;
                    assembly {
                        owner := sload(OWNER_KEY)
                    }
                    return owner;
                }
                /**
                 * @notice Gets the code hash for a given account.
                 *
                 * @param _account Address of the account to get a code hash for.
                 *
                 * @return Code hash for the account.
                 */
                function _getAccountCodeHash(address _account) internal view returns (bytes32) {
                    bytes32 codeHash;
                    assembly {
                        codeHash := extcodehash(_account)
                    }
                    return codeHash;
                }
            }
            

            File 2 of 8: ProxyAdmin
            // SPDX-License-Identifier: MIT
            pragma solidity 0.8.15;
            import { Ownable } from "@openzeppelin/contracts/access/Ownable.sol";
            /**
             * @custom:legacy
             * @title AddressManager
             * @notice AddressManager is a legacy contract that was used in the old version of the Optimism
             *         system to manage a registry of string names to addresses. We now use a more standard
             *         proxy system instead, but this contract is still necessary for backwards compatibility
             *         with several older contracts.
             */
            contract AddressManager is Ownable {
                /**
                 * @notice Mapping of the hashes of string names to addresses.
                 */
                mapping(bytes32 => address) private addresses;
                /**
                 * @notice Emitted when an address is modified in the registry.
                 *
                 * @param name       String name being set in the registry.
                 * @param newAddress Address set for the given name.
                 * @param oldAddress Address that was previously set for the given name.
                 */
                event AddressSet(string indexed name, address newAddress, address oldAddress);
                /**
                 * @notice Changes the address associated with a particular name.
                 *
                 * @param _name    String name to associate an address with.
                 * @param _address Address to associate with the name.
                 */
                function setAddress(string memory _name, address _address) external onlyOwner {
                    bytes32 nameHash = _getNameHash(_name);
                    address oldAddress = addresses[nameHash];
                    addresses[nameHash] = _address;
                    emit AddressSet(_name, _address, oldAddress);
                }
                /**
                 * @notice Retrieves the address associated with a given name.
                 *
                 * @param _name Name to retrieve an address for.
                 *
                 * @return Address associated with the given name.
                 */
                function getAddress(string memory _name) external view returns (address) {
                    return addresses[_getNameHash(_name)];
                }
                /**
                 * @notice Computes the hash of a name.
                 *
                 * @param _name Name to compute a hash for.
                 *
                 * @return Hash of the given name.
                 */
                function _getNameHash(string memory _name) internal pure returns (bytes32) {
                    return keccak256(abi.encodePacked(_name));
                }
            }
            // SPDX-License-Identifier: MIT
            pragma solidity 0.8.15;
            /**
             * @title IL1ChugSplashDeployer
             */
            interface IL1ChugSplashDeployer {
                function isUpgrading() external view returns (bool);
            }
            /**
             * @custom:legacy
             * @title L1ChugSplashProxy
             * @notice Basic ChugSplash proxy contract for L1. Very close to being a normal proxy but has added
             *         functions `setCode` and `setStorage` for changing the code or storage of the contract.
             *
             *         Note for future developers: do NOT make anything in this contract 'public' unless you
             *         know what you're doing. Anything public can potentially have a function signature that
             *         conflicts with a signature attached to the implementation contract. Public functions
             *         SHOULD always have the `proxyCallIfNotOwner` modifier unless there's some *really* good
             *         reason not to have that modifier. And there almost certainly is not a good reason to not
             *         have that modifier. Beware!
             */
            contract L1ChugSplashProxy {
                /**
                 * @notice "Magic" prefix. When prepended to some arbitrary bytecode and used to create a
                 *         contract, the appended bytecode will be deployed as given.
                 */
                bytes13 internal constant DEPLOY_CODE_PREFIX = 0x600D380380600D6000396000f3;
                /**
                 * @notice bytes32(uint256(keccak256('eip1967.proxy.implementation')) - 1)
                 */
                bytes32 internal constant IMPLEMENTATION_KEY =
                    0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc;
                /**
                 * @notice bytes32(uint256(keccak256('eip1967.proxy.admin')) - 1)
                 */
                bytes32 internal constant OWNER_KEY =
                    0xb53127684a568b3173ae13b9f8a6016e243e63b6e8ee1178d6a717850b5d6103;
                /**
                 * @notice Blocks a function from being called when the parent signals that the system should
                 *         be paused via an isUpgrading function.
                 */
                modifier onlyWhenNotPaused() {
                    address owner = _getOwner();
                    // We do a low-level call because there's no guarantee that the owner actually *is* an
                    // L1ChugSplashDeployer contract and Solidity will throw errors if we do a normal call and
                    // it turns out that it isn't the right type of contract.
                    (bool success, bytes memory returndata) = owner.staticcall(
                        abi.encodeWithSelector(IL1ChugSplashDeployer.isUpgrading.selector)
                    );
                    // If the call was unsuccessful then we assume that there's no "isUpgrading" method and we
                    // can just continue as normal. We also expect that the return value is exactly 32 bytes
                    // long. If this isn't the case then we can safely ignore the result.
                    if (success && returndata.length == 32) {
                        // Although the expected value is a *boolean*, it's safer to decode as a uint256 in the
                        // case that the isUpgrading function returned something other than 0 or 1. But we only
                        // really care about the case where this value is 0 (= false).
                        uint256 ret = abi.decode(returndata, (uint256));
                        require(ret == 0, "L1ChugSplashProxy: system is currently being upgraded");
                    }
                    _;
                }
                /**
                 * @notice Makes a proxy call instead of triggering the given function when the caller is
                 *         either the owner or the zero address. Caller can only ever be the zero address if
                 *         this function is being called off-chain via eth_call, which is totally fine and can
                 *         be convenient for client-side tooling. Avoids situations where the proxy and
                 *         implementation share a sighash and the proxy function ends up being called instead
                 *         of the implementation one.
                 *
                 *         Note: msg.sender == address(0) can ONLY be triggered off-chain via eth_call. If
                 *         there's a way for someone to send a transaction with msg.sender == address(0) in any
                 *         real context then we have much bigger problems. Primary reason to include this
                 *         additional allowed sender is because the owner address can be changed dynamically
                 *         and we do not want clients to have to keep track of the current owner in order to
                 *         make an eth_call that doesn't trigger the proxied contract.
                 */
                // slither-disable-next-line incorrect-modifier
                modifier proxyCallIfNotOwner() {
                    if (msg.sender == _getOwner() || msg.sender == address(0)) {
                        _;
                    } else {
                        // This WILL halt the call frame on completion.
                        _doProxyCall();
                    }
                }
                /**
                 * @param _owner Address of the initial contract owner.
                 */
                constructor(address _owner) {
                    _setOwner(_owner);
                }
                // slither-disable-next-line locked-ether
                receive() external payable {
                    // Proxy call by default.
                    _doProxyCall();
                }
                // slither-disable-next-line locked-ether
                fallback() external payable {
                    // Proxy call by default.
                    _doProxyCall();
                }
                /**
                 * @notice Sets the code that should be running behind this proxy.
                 *
                 *         Note: This scheme is a bit different from the standard proxy scheme where one would
                 *         typically deploy the code separately and then set the implementation address. We're
                 *         doing it this way because it gives us a lot more freedom on the client side. Can
                 *         only be triggered by the contract owner.
                 *
                 * @param _code New contract code to run inside this contract.
                 */
                function setCode(bytes memory _code) external proxyCallIfNotOwner {
                    // Get the code hash of the current implementation.
                    address implementation = _getImplementation();
                    // If the code hash matches the new implementation then we return early.
                    if (keccak256(_code) == _getAccountCodeHash(implementation)) {
                        return;
                    }
                    // Create the deploycode by appending the magic prefix.
                    bytes memory deploycode = abi.encodePacked(DEPLOY_CODE_PREFIX, _code);
                    // Deploy the code and set the new implementation address.
                    address newImplementation;
                    assembly {
                        newImplementation := create(0x0, add(deploycode, 0x20), mload(deploycode))
                    }
                    // Check that the code was actually deployed correctly. I'm not sure if you can ever
                    // actually fail this check. Should only happen if the contract creation from above runs
                    // out of gas but this parent execution thread does NOT run out of gas. Seems like we
                    // should be doing this check anyway though.
                    require(
                        _getAccountCodeHash(newImplementation) == keccak256(_code),
                        "L1ChugSplashProxy: code was not correctly deployed"
                    );
                    _setImplementation(newImplementation);
                }
                /**
                 * @notice Modifies some storage slot within the proxy contract. Gives us a lot of power to
                 *         perform upgrades in a more transparent way. Only callable by the owner.
                 *
                 * @param _key   Storage key to modify.
                 * @param _value New value for the storage key.
                 */
                function setStorage(bytes32 _key, bytes32 _value) external proxyCallIfNotOwner {
                    assembly {
                        sstore(_key, _value)
                    }
                }
                /**
                 * @notice Changes the owner of the proxy contract. Only callable by the owner.
                 *
                 * @param _owner New owner of the proxy contract.
                 */
                function setOwner(address _owner) external proxyCallIfNotOwner {
                    _setOwner(_owner);
                }
                /**
                 * @notice Queries the owner of the proxy contract. Can only be called by the owner OR by
                 *         making an eth_call and setting the "from" address to address(0).
                 *
                 * @return Owner address.
                 */
                function getOwner() external proxyCallIfNotOwner returns (address) {
                    return _getOwner();
                }
                /**
                 * @notice Queries the implementation address. Can only be called by the owner OR by making an
                 *         eth_call and setting the "from" address to address(0).
                 *
                 * @return Implementation address.
                 */
                function getImplementation() external proxyCallIfNotOwner returns (address) {
                    return _getImplementation();
                }
                /**
                 * @notice Sets the implementation address.
                 *
                 * @param _implementation New implementation address.
                 */
                function _setImplementation(address _implementation) internal {
                    assembly {
                        sstore(IMPLEMENTATION_KEY, _implementation)
                    }
                }
                /**
                 * @notice Changes the owner of the proxy contract.
                 *
                 * @param _owner New owner of the proxy contract.
                 */
                function _setOwner(address _owner) internal {
                    assembly {
                        sstore(OWNER_KEY, _owner)
                    }
                }
                /**
                 * @notice Performs the proxy call via a delegatecall.
                 */
                function _doProxyCall() internal onlyWhenNotPaused {
                    address implementation = _getImplementation();
                    require(implementation != address(0), "L1ChugSplashProxy: implementation is not set yet");
                    assembly {
                        // Copy calldata into memory at 0x0....calldatasize.
                        calldatacopy(0x0, 0x0, calldatasize())
                        // Perform the delegatecall, make sure to pass all available gas.
                        let success := delegatecall(gas(), implementation, 0x0, calldatasize(), 0x0, 0x0)
                        // Copy returndata into memory at 0x0....returndatasize. Note that this *will*
                        // overwrite the calldata that we just copied into memory but that doesn't really
                        // matter because we'll be returning in a second anyway.
                        returndatacopy(0x0, 0x0, returndatasize())
                        // Success == 0 means a revert. We'll revert too and pass the data up.
                        if iszero(success) {
                            revert(0x0, returndatasize())
                        }
                        // Otherwise we'll just return and pass the data up.
                        return(0x0, returndatasize())
                    }
                }
                /**
                 * @notice Queries the implementation address.
                 *
                 * @return Implementation address.
                 */
                function _getImplementation() internal view returns (address) {
                    address implementation;
                    assembly {
                        implementation := sload(IMPLEMENTATION_KEY)
                    }
                    return implementation;
                }
                /**
                 * @notice Queries the owner of the proxy contract.
                 *
                 * @return Owner address.
                 */
                function _getOwner() internal view returns (address) {
                    address owner;
                    assembly {
                        owner := sload(OWNER_KEY)
                    }
                    return owner;
                }
                /**
                 * @notice Gets the code hash for a given account.
                 *
                 * @param _account Address of the account to get a code hash for.
                 *
                 * @return Code hash for the account.
                 */
                function _getAccountCodeHash(address _account) internal view returns (bytes32) {
                    bytes32 codeHash;
                    assembly {
                        codeHash := extcodehash(_account)
                    }
                    return codeHash;
                }
            }
            // SPDX-License-Identifier: MIT
            pragma solidity 0.8.15;
            /**
             * @title Proxy
             * @notice Proxy is a transparent proxy that passes through the call if the caller is the owner or
             *         if the caller is address(0), meaning that the call originated from an off-chain
             *         simulation.
             */
            contract Proxy {
                /**
                 * @notice The storage slot that holds the address of the implementation.
                 *         bytes32(uint256(keccak256('eip1967.proxy.implementation')) - 1)
                 */
                bytes32 internal constant IMPLEMENTATION_KEY =
                    0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc;
                /**
                 * @notice The storage slot that holds the address of the owner.
                 *         bytes32(uint256(keccak256('eip1967.proxy.admin')) - 1)
                 */
                bytes32 internal constant OWNER_KEY =
                    0xb53127684a568b3173ae13b9f8a6016e243e63b6e8ee1178d6a717850b5d6103;
                /**
                 * @notice An event that is emitted each time the implementation is changed. This event is part
                 *         of the EIP-1967 specification.
                 *
                 * @param implementation The address of the implementation contract
                 */
                event Upgraded(address indexed implementation);
                /**
                 * @notice An event that is emitted each time the owner is upgraded. This event is part of the
                 *         EIP-1967 specification.
                 *
                 * @param previousAdmin The previous owner of the contract
                 * @param newAdmin      The new owner of the contract
                 */
                event AdminChanged(address previousAdmin, address newAdmin);
                /**
                 * @notice A modifier that reverts if not called by the owner or by address(0) to allow
                 *         eth_call to interact with this proxy without needing to use low-level storage
                 *         inspection. We assume that nobody is able to trigger calls from address(0) during
                 *         normal EVM execution.
                 */
                modifier proxyCallIfNotAdmin() {
                    if (msg.sender == _getAdmin() || msg.sender == address(0)) {
                        _;
                    } else {
                        // This WILL halt the call frame on completion.
                        _doProxyCall();
                    }
                }
                /**
                 * @notice Sets the initial admin during contract deployment. Admin address is stored at the
                 *         EIP-1967 admin storage slot so that accidental storage collision with the
                 *         implementation is not possible.
                 *
                 * @param _admin Address of the initial contract admin. Admin as the ability to access the
                 *               transparent proxy interface.
                 */
                constructor(address _admin) {
                    _changeAdmin(_admin);
                }
                // slither-disable-next-line locked-ether
                receive() external payable {
                    // Proxy call by default.
                    _doProxyCall();
                }
                // slither-disable-next-line locked-ether
                fallback() external payable {
                    // Proxy call by default.
                    _doProxyCall();
                }
                /**
                 * @notice Set the implementation contract address. The code at the given address will execute
                 *         when this contract is called.
                 *
                 * @param _implementation Address of the implementation contract.
                 */
                function upgradeTo(address _implementation) public virtual proxyCallIfNotAdmin {
                    _setImplementation(_implementation);
                }
                /**
                 * @notice Set the implementation and call a function in a single transaction. Useful to ensure
                 *         atomic execution of initialization-based upgrades.
                 *
                 * @param _implementation Address of the implementation contract.
                 * @param _data           Calldata to delegatecall the new implementation with.
                 */
                function upgradeToAndCall(address _implementation, bytes calldata _data)
                    public
                    payable
                    virtual
                    proxyCallIfNotAdmin
                    returns (bytes memory)
                {
                    _setImplementation(_implementation);
                    (bool success, bytes memory returndata) = _implementation.delegatecall(_data);
                    require(success, "Proxy: delegatecall to new implementation contract failed");
                    return returndata;
                }
                /**
                 * @notice Changes the owner of the proxy contract. Only callable by the owner.
                 *
                 * @param _admin New owner of the proxy contract.
                 */
                function changeAdmin(address _admin) public virtual proxyCallIfNotAdmin {
                    _changeAdmin(_admin);
                }
                /**
                 * @notice Gets the owner of the proxy contract.
                 *
                 * @return Owner address.
                 */
                function admin() public virtual proxyCallIfNotAdmin returns (address) {
                    return _getAdmin();
                }
                /**
                 * @notice Queries the implementation address.
                 *
                 * @return Implementation address.
                 */
                function implementation() public virtual proxyCallIfNotAdmin returns (address) {
                    return _getImplementation();
                }
                /**
                 * @notice Sets the implementation address.
                 *
                 * @param _implementation New implementation address.
                 */
                function _setImplementation(address _implementation) internal {
                    assembly {
                        sstore(IMPLEMENTATION_KEY, _implementation)
                    }
                    emit Upgraded(_implementation);
                }
                /**
                 * @notice Changes the owner of the proxy contract.
                 *
                 * @param _admin New owner of the proxy contract.
                 */
                function _changeAdmin(address _admin) internal {
                    address previous = _getAdmin();
                    assembly {
                        sstore(OWNER_KEY, _admin)
                    }
                    emit AdminChanged(previous, _admin);
                }
                /**
                 * @notice Performs the proxy call via a delegatecall.
                 */
                function _doProxyCall() internal {
                    address impl = _getImplementation();
                    require(impl != address(0), "Proxy: implementation not initialized");
                    assembly {
                        // Copy calldata into memory at 0x0....calldatasize.
                        calldatacopy(0x0, 0x0, calldatasize())
                        // Perform the delegatecall, make sure to pass all available gas.
                        let success := delegatecall(gas(), impl, 0x0, calldatasize(), 0x0, 0x0)
                        // Copy returndata into memory at 0x0....returndatasize. Note that this *will*
                        // overwrite the calldata that we just copied into memory but that doesn't really
                        // matter because we'll be returning in a second anyway.
                        returndatacopy(0x0, 0x0, returndatasize())
                        // Success == 0 means a revert. We'll revert too and pass the data up.
                        if iszero(success) {
                            revert(0x0, returndatasize())
                        }
                        // Otherwise we'll just return and pass the data up.
                        return(0x0, returndatasize())
                    }
                }
                /**
                 * @notice Queries the implementation address.
                 *
                 * @return Implementation address.
                 */
                function _getImplementation() internal view returns (address) {
                    address impl;
                    assembly {
                        impl := sload(IMPLEMENTATION_KEY)
                    }
                    return impl;
                }
                /**
                 * @notice Queries the owner of the proxy contract.
                 *
                 * @return Owner address.
                 */
                function _getAdmin() internal view returns (address) {
                    address owner;
                    assembly {
                        owner := sload(OWNER_KEY)
                    }
                    return owner;
                }
            }
            // SPDX-License-Identifier: MIT
            pragma solidity 0.8.15;
            import { Ownable } from "@openzeppelin/contracts/access/Ownable.sol";
            import { Proxy } from "./Proxy.sol";
            import { AddressManager } from "../legacy/AddressManager.sol";
            import { L1ChugSplashProxy } from "../legacy/L1ChugSplashProxy.sol";
            /**
             * @title IStaticERC1967Proxy
             * @notice IStaticERC1967Proxy is a static version of the ERC1967 proxy interface.
             */
            interface IStaticERC1967Proxy {
                function implementation() external view returns (address);
                function admin() external view returns (address);
            }
            /**
             * @title IStaticL1ChugSplashProxy
             * @notice IStaticL1ChugSplashProxy is a static version of the ChugSplash proxy interface.
             */
            interface IStaticL1ChugSplashProxy {
                function getImplementation() external view returns (address);
                function getOwner() external view returns (address);
            }
            /**
             * @title ProxyAdmin
             * @notice This is an auxiliary contract meant to be assigned as the admin of an ERC1967 Proxy,
             *         based on the OpenZeppelin implementation. It has backwards compatibility logic to work
             *         with the various types of proxies that have been deployed by Optimism in the past.
             */
            contract ProxyAdmin is Ownable {
                /**
                 * @notice The proxy types that the ProxyAdmin can manage.
                 *
                 * @custom:value ERC1967    Represents an ERC1967 compliant transparent proxy interface.
                 * @custom:value CHUGSPLASH Represents the Chugsplash proxy interface (legacy).
                 * @custom:value RESOLVED   Represents the ResolvedDelegate proxy (legacy).
                 */
                enum ProxyType {
                    ERC1967,
                    CHUGSPLASH,
                    RESOLVED
                }
                /**
                 * @notice A mapping of proxy types, used for backwards compatibility.
                 */
                mapping(address => ProxyType) public proxyType;
                /**
                 * @notice A reverse mapping of addresses to names held in the AddressManager. This must be
                 *         manually kept up to date with changes in the AddressManager for this contract
                 *         to be able to work as an admin for the ResolvedDelegateProxy type.
                 */
                mapping(address => string) public implementationName;
                /**
                 * @notice The address of the address manager, this is required to manage the
                 *         ResolvedDelegateProxy type.
                 */
                AddressManager public addressManager;
                /**
                 * @notice A legacy upgrading indicator used by the old Chugsplash Proxy.
                 */
                bool internal upgrading;
                /**
                 * @param _owner Address of the initial owner of this contract.
                 */
                constructor(address _owner) Ownable() {
                    _transferOwnership(_owner);
                }
                /**
                 * @notice Sets the proxy type for a given address. Only required for non-standard (legacy)
                 *         proxy types.
                 *
                 * @param _address Address of the proxy.
                 * @param _type    Type of the proxy.
                 */
                function setProxyType(address _address, ProxyType _type) external onlyOwner {
                    proxyType[_address] = _type;
                }
                /**
                 * @notice Sets the implementation name for a given address. Only required for
                 *         ResolvedDelegateProxy type proxies that have an implementation name.
                 *
                 * @param _address Address of the ResolvedDelegateProxy.
                 * @param _name    Name of the implementation for the proxy.
                 */
                function setImplementationName(address _address, string memory _name) external onlyOwner {
                    implementationName[_address] = _name;
                }
                /**
                 * @notice Set the address of the AddressManager. This is required to manage legacy
                 *         ResolvedDelegateProxy type proxy contracts.
                 *
                 * @param _address Address of the AddressManager.
                 */
                function setAddressManager(AddressManager _address) external onlyOwner {
                    addressManager = _address;
                }
                /**
                 * @custom:legacy
                 * @notice Set an address in the address manager. Since only the owner of the AddressManager
                 *         can directly modify addresses and the ProxyAdmin will own the AddressManager, this
                 *         gives the owner of the ProxyAdmin the ability to modify addresses directly.
                 *
                 * @param _name    Name to set within the AddressManager.
                 * @param _address Address to attach to the given name.
                 */
                function setAddress(string memory _name, address _address) external onlyOwner {
                    addressManager.setAddress(_name, _address);
                }
                /**
                 * @custom:legacy
                 * @notice Set the upgrading status for the Chugsplash proxy type.
                 *
                 * @param _upgrading Whether or not the system is upgrading.
                 */
                function setUpgrading(bool _upgrading) external onlyOwner {
                    upgrading = _upgrading;
                }
                /**
                 * @custom:legacy
                 * @notice Legacy function used to tell ChugSplashProxy contracts if an upgrade is happening.
                 *
                 * @return Whether or not there is an upgrade going on. May not actually tell you whether an
                 *         upgrade is going on, since we don't currently plan to use this variable for anything
                 *         other than a legacy indicator to fix a UX bug in the ChugSplash proxy.
                 */
                function isUpgrading() external view returns (bool) {
                    return upgrading;
                }
                /**
                 * @notice Returns the implementation of the given proxy address.
                 *
                 * @param _proxy Address of the proxy to get the implementation of.
                 *
                 * @return Address of the implementation of the proxy.
                 */
                function getProxyImplementation(address _proxy) external view returns (address) {
                    ProxyType ptype = proxyType[_proxy];
                    if (ptype == ProxyType.ERC1967) {
                        return IStaticERC1967Proxy(_proxy).implementation();
                    } else if (ptype == ProxyType.CHUGSPLASH) {
                        return IStaticL1ChugSplashProxy(_proxy).getImplementation();
                    } else if (ptype == ProxyType.RESOLVED) {
                        return addressManager.getAddress(implementationName[_proxy]);
                    } else {
                        revert("ProxyAdmin: unknown proxy type");
                    }
                }
                /**
                 * @notice Returns the admin of the given proxy address.
                 *
                 * @param _proxy Address of the proxy to get the admin of.
                 *
                 * @return Address of the admin of the proxy.
                 */
                function getProxyAdmin(address payable _proxy) external view returns (address) {
                    ProxyType ptype = proxyType[_proxy];
                    if (ptype == ProxyType.ERC1967) {
                        return IStaticERC1967Proxy(_proxy).admin();
                    } else if (ptype == ProxyType.CHUGSPLASH) {
                        return IStaticL1ChugSplashProxy(_proxy).getOwner();
                    } else if (ptype == ProxyType.RESOLVED) {
                        return addressManager.owner();
                    } else {
                        revert("ProxyAdmin: unknown proxy type");
                    }
                }
                /**
                 * @notice Updates the admin of the given proxy address.
                 *
                 * @param _proxy    Address of the proxy to update.
                 * @param _newAdmin Address of the new proxy admin.
                 */
                function changeProxyAdmin(address payable _proxy, address _newAdmin) external onlyOwner {
                    ProxyType ptype = proxyType[_proxy];
                    if (ptype == ProxyType.ERC1967) {
                        Proxy(_proxy).changeAdmin(_newAdmin);
                    } else if (ptype == ProxyType.CHUGSPLASH) {
                        L1ChugSplashProxy(_proxy).setOwner(_newAdmin);
                    } else if (ptype == ProxyType.RESOLVED) {
                        addressManager.transferOwnership(_newAdmin);
                    } else {
                        revert("ProxyAdmin: unknown proxy type");
                    }
                }
                /**
                 * @notice Changes a proxy's implementation contract.
                 *
                 * @param _proxy          Address of the proxy to upgrade.
                 * @param _implementation Address of the new implementation address.
                 */
                function upgrade(address payable _proxy, address _implementation) public onlyOwner {
                    ProxyType ptype = proxyType[_proxy];
                    if (ptype == ProxyType.ERC1967) {
                        Proxy(_proxy).upgradeTo(_implementation);
                    } else if (ptype == ProxyType.CHUGSPLASH) {
                        L1ChugSplashProxy(_proxy).setStorage(
                            // bytes32(uint256(keccak256('eip1967.proxy.implementation')) - 1)
                            0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc,
                            bytes32(uint256(uint160(_implementation)))
                        );
                    } else if (ptype == ProxyType.RESOLVED) {
                        string memory name = implementationName[_proxy];
                        addressManager.setAddress(name, _implementation);
                    } else {
                        // It should not be possible to retrieve a ProxyType value which is not matched by
                        // one of the previous conditions.
                        assert(false);
                    }
                }
                /**
                 * @notice Changes a proxy's implementation contract and delegatecalls the new implementation
                 *         with some given data. Useful for atomic upgrade-and-initialize calls.
                 *
                 * @param _proxy          Address of the proxy to upgrade.
                 * @param _implementation Address of the new implementation address.
                 * @param _data           Data to trigger the new implementation with.
                 */
                function upgradeAndCall(
                    address payable _proxy,
                    address _implementation,
                    bytes memory _data
                ) external payable onlyOwner {
                    ProxyType ptype = proxyType[_proxy];
                    if (ptype == ProxyType.ERC1967) {
                        Proxy(_proxy).upgradeToAndCall{ value: msg.value }(_implementation, _data);
                    } else {
                        // reverts if proxy type is unknown
                        upgrade(_proxy, _implementation);
                        (bool success, ) = _proxy.call{ value: msg.value }(_data);
                        require(success, "ProxyAdmin: call to proxy after upgrade failed");
                    }
                }
            }
            // SPDX-License-Identifier: MIT
            // OpenZeppelin Contracts (last updated v4.7.0) (access/Ownable.sol)
            pragma solidity ^0.8.0;
            import "../utils/Context.sol";
            /**
             * @dev Contract module which provides a basic access control mechanism, where
             * there is an account (an owner) that can be granted exclusive access to
             * specific functions.
             *
             * By default, the owner account will be the one that deploys the contract. This
             * can later be changed with {transferOwnership}.
             *
             * This module is used through inheritance. It will make available the modifier
             * `onlyOwner`, which can be applied to your functions to restrict their use to
             * the owner.
             */
            abstract contract Ownable is Context {
                address private _owner;
                event OwnershipTransferred(address indexed previousOwner, address indexed newOwner);
                /**
                 * @dev Initializes the contract setting the deployer as the initial owner.
                 */
                constructor() {
                    _transferOwnership(_msgSender());
                }
                /**
                 * @dev Throws if called by any account other than the owner.
                 */
                modifier onlyOwner() {
                    _checkOwner();
                    _;
                }
                /**
                 * @dev Returns the address of the current owner.
                 */
                function owner() public view virtual returns (address) {
                    return _owner;
                }
                /**
                 * @dev Throws if the sender is not the owner.
                 */
                function _checkOwner() internal view virtual {
                    require(owner() == _msgSender(), "Ownable: caller is not the owner");
                }
                /**
                 * @dev Leaves the contract without owner. It will not be possible to call
                 * `onlyOwner` functions anymore. Can only be called by the current owner.
                 *
                 * NOTE: Renouncing ownership will leave the contract without an owner,
                 * thereby removing any functionality that is only available to the owner.
                 */
                function renounceOwnership() public virtual onlyOwner {
                    _transferOwnership(address(0));
                }
                /**
                 * @dev Transfers ownership of the contract to a new account (`newOwner`).
                 * Can only be called by the current owner.
                 */
                function transferOwnership(address newOwner) public virtual onlyOwner {
                    require(newOwner != address(0), "Ownable: new owner is the zero address");
                    _transferOwnership(newOwner);
                }
                /**
                 * @dev Transfers ownership of the contract to a new account (`newOwner`).
                 * Internal function without access restriction.
                 */
                function _transferOwnership(address newOwner) internal virtual {
                    address oldOwner = _owner;
                    _owner = newOwner;
                    emit OwnershipTransferred(oldOwner, newOwner);
                }
            }
            // SPDX-License-Identifier: MIT
            // OpenZeppelin Contracts v4.4.1 (utils/Context.sol)
            pragma solidity ^0.8.0;
            /**
             * @dev Provides information about the current execution context, including the
             * sender of the transaction and its data. While these are generally available
             * via msg.sender and msg.data, they should not be accessed in such a direct
             * manner, since when dealing with meta-transactions the account sending and
             * paying for execution may not be the actual sender (as far as an application
             * is concerned).
             *
             * This contract is only required for intermediate, library-like contracts.
             */
            abstract contract Context {
                function _msgSender() internal view virtual returns (address) {
                    return msg.sender;
                }
                function _msgData() internal view virtual returns (bytes calldata) {
                    return msg.data;
                }
            }
            

            File 3 of 8: L1StandardBridge
            // SPDX-License-Identifier: MIT
            pragma solidity 0.8.15;
            import { Predeploys } from "../libraries/Predeploys.sol";
            import { StandardBridge } from "../universal/StandardBridge.sol";
            import { Semver } from "../universal/Semver.sol";
            /**
             * @custom:proxied
             * @title L1StandardBridge
             * @notice The L1StandardBridge is responsible for transfering ETH and ERC20 tokens between L1 and
             *         L2. In the case that an ERC20 token is native to L1, it will be escrowed within this
             *         contract. If the ERC20 token is native to L2, it will be burnt. Before Bedrock, ETH was
             *         stored within this contract. After Bedrock, ETH is instead stored inside the
             *         OptimismPortal contract.
             *         NOTE: this contract is not intended to support all variations of ERC20 tokens. Examples
             *         of some token types that may not be properly supported by this contract include, but are
             *         not limited to: tokens with transfer fees, rebasing tokens, and tokens with blocklists.
             */
            contract L1StandardBridge is StandardBridge, Semver {
                /**
                 * @custom:legacy
                 * @notice Emitted whenever a deposit of ETH from L1 into L2 is initiated.
                 *
                 * @param from      Address of the depositor.
                 * @param to        Address of the recipient on L2.
                 * @param amount    Amount of ETH deposited.
                 * @param extraData Extra data attached to the deposit.
                 */
                event ETHDepositInitiated(
                    address indexed from,
                    address indexed to,
                    uint256 amount,
                    bytes extraData
                );
                /**
                 * @custom:legacy
                 * @notice Emitted whenever a withdrawal of ETH from L2 to L1 is finalized.
                 *
                 * @param from      Address of the withdrawer.
                 * @param to        Address of the recipient on L1.
                 * @param amount    Amount of ETH withdrawn.
                 * @param extraData Extra data attached to the withdrawal.
                 */
                event ETHWithdrawalFinalized(
                    address indexed from,
                    address indexed to,
                    uint256 amount,
                    bytes extraData
                );
                /**
                 * @custom:legacy
                 * @notice Emitted whenever an ERC20 deposit is initiated.
                 *
                 * @param l1Token   Address of the token on L1.
                 * @param l2Token   Address of the corresponding token on L2.
                 * @param from      Address of the depositor.
                 * @param to        Address of the recipient on L2.
                 * @param amount    Amount of the ERC20 deposited.
                 * @param extraData Extra data attached to the deposit.
                 */
                event ERC20DepositInitiated(
                    address indexed l1Token,
                    address indexed l2Token,
                    address indexed from,
                    address to,
                    uint256 amount,
                    bytes extraData
                );
                /**
                 * @custom:legacy
                 * @notice Emitted whenever an ERC20 withdrawal is finalized.
                 *
                 * @param l1Token   Address of the token on L1.
                 * @param l2Token   Address of the corresponding token on L2.
                 * @param from      Address of the withdrawer.
                 * @param to        Address of the recipient on L1.
                 * @param amount    Amount of the ERC20 withdrawn.
                 * @param extraData Extra data attached to the withdrawal.
                 */
                event ERC20WithdrawalFinalized(
                    address indexed l1Token,
                    address indexed l2Token,
                    address indexed from,
                    address to,
                    uint256 amount,
                    bytes extraData
                );
                /**
                 * @custom:semver 1.1.0
                 *
                 * @param _messenger Address of the L1CrossDomainMessenger.
                 */
                constructor(address payable _messenger)
                    Semver(1, 1, 0)
                    StandardBridge(_messenger, payable(Predeploys.L2_STANDARD_BRIDGE))
                {}
                /**
                 * @notice Allows EOAs to bridge ETH by sending directly to the bridge.
                 */
                receive() external payable override onlyEOA {
                    _initiateETHDeposit(msg.sender, msg.sender, RECEIVE_DEFAULT_GAS_LIMIT, bytes(""));
                }
                /**
                 * @custom:legacy
                 * @notice Deposits some amount of ETH into the sender's account on L2.
                 *
                 * @param _minGasLimit Minimum gas limit for the deposit message on L2.
                 * @param _extraData   Optional data to forward to L2. Data supplied here will not be used to
                 *                     execute any code on L2 and is only emitted as extra data for the
                 *                     convenience of off-chain tooling.
                 */
                function depositETH(uint32 _minGasLimit, bytes calldata _extraData) external payable onlyEOA {
                    _initiateETHDeposit(msg.sender, msg.sender, _minGasLimit, _extraData);
                }
                /**
                 * @custom:legacy
                 * @notice Deposits some amount of ETH into a target account on L2.
                 *         Note that if ETH is sent to a contract on L2 and the call fails, then that ETH will
                 *         be locked in the L2StandardBridge. ETH may be recoverable if the call can be
                 *         successfully replayed by increasing the amount of gas supplied to the call. If the
                 *         call will fail for any amount of gas, then the ETH will be locked permanently.
                 *
                 * @param _to          Address of the recipient on L2.
                 * @param _minGasLimit Minimum gas limit for the deposit message on L2.
                 * @param _extraData   Optional data to forward to L2. Data supplied here will not be used to
                 *                     execute any code on L2 and is only emitted as extra data for the
                 *                     convenience of off-chain tooling.
                 */
                function depositETHTo(
                    address _to,
                    uint32 _minGasLimit,
                    bytes calldata _extraData
                ) external payable {
                    _initiateETHDeposit(msg.sender, _to, _minGasLimit, _extraData);
                }
                /**
                 * @custom:legacy
                 * @notice Deposits some amount of ERC20 tokens into the sender's account on L2.
                 *
                 * @param _l1Token     Address of the L1 token being deposited.
                 * @param _l2Token     Address of the corresponding token on L2.
                 * @param _amount      Amount of the ERC20 to deposit.
                 * @param _minGasLimit Minimum gas limit for the deposit message on L2.
                 * @param _extraData   Optional data to forward to L2. Data supplied here will not be used to
                 *                     execute any code on L2 and is only emitted as extra data for the
                 *                     convenience of off-chain tooling.
                 */
                function depositERC20(
                    address _l1Token,
                    address _l2Token,
                    uint256 _amount,
                    uint32 _minGasLimit,
                    bytes calldata _extraData
                ) external virtual onlyEOA {
                    _initiateERC20Deposit(
                        _l1Token,
                        _l2Token,
                        msg.sender,
                        msg.sender,
                        _amount,
                        _minGasLimit,
                        _extraData
                    );
                }
                /**
                 * @custom:legacy
                 * @notice Deposits some amount of ERC20 tokens into a target account on L2.
                 *
                 * @param _l1Token     Address of the L1 token being deposited.
                 * @param _l2Token     Address of the corresponding token on L2.
                 * @param _to          Address of the recipient on L2.
                 * @param _amount      Amount of the ERC20 to deposit.
                 * @param _minGasLimit Minimum gas limit for the deposit message on L2.
                 * @param _extraData   Optional data to forward to L2. Data supplied here will not be used to
                 *                     execute any code on L2 and is only emitted as extra data for the
                 *                     convenience of off-chain tooling.
                 */
                function depositERC20To(
                    address _l1Token,
                    address _l2Token,
                    address _to,
                    uint256 _amount,
                    uint32 _minGasLimit,
                    bytes calldata _extraData
                ) external virtual {
                    _initiateERC20Deposit(
                        _l1Token,
                        _l2Token,
                        msg.sender,
                        _to,
                        _amount,
                        _minGasLimit,
                        _extraData
                    );
                }
                /**
                 * @custom:legacy
                 * @notice Finalizes a withdrawal of ETH from L2.
                 *
                 * @param _from      Address of the withdrawer on L2.
                 * @param _to        Address of the recipient on L1.
                 * @param _amount    Amount of ETH to withdraw.
                 * @param _extraData Optional data forwarded from L2.
                 */
                function finalizeETHWithdrawal(
                    address _from,
                    address _to,
                    uint256 _amount,
                    bytes calldata _extraData
                ) external payable {
                    finalizeBridgeETH(_from, _to, _amount, _extraData);
                }
                /**
                 * @custom:legacy
                 * @notice Finalizes a withdrawal of ERC20 tokens from L2.
                 *
                 * @param _l1Token   Address of the token on L1.
                 * @param _l2Token   Address of the corresponding token on L2.
                 * @param _from      Address of the withdrawer on L2.
                 * @param _to        Address of the recipient on L1.
                 * @param _amount    Amount of the ERC20 to withdraw.
                 * @param _extraData Optional data forwarded from L2.
                 */
                function finalizeERC20Withdrawal(
                    address _l1Token,
                    address _l2Token,
                    address _from,
                    address _to,
                    uint256 _amount,
                    bytes calldata _extraData
                ) external {
                    finalizeBridgeERC20(_l1Token, _l2Token, _from, _to, _amount, _extraData);
                }
                /**
                 * @custom:legacy
                 * @notice Retrieves the access of the corresponding L2 bridge contract.
                 *
                 * @return Address of the corresponding L2 bridge contract.
                 */
                function l2TokenBridge() external view returns (address) {
                    return address(OTHER_BRIDGE);
                }
                /**
                 * @notice Internal function for initiating an ETH deposit.
                 *
                 * @param _from        Address of the sender on L1.
                 * @param _to          Address of the recipient on L2.
                 * @param _minGasLimit Minimum gas limit for the deposit message on L2.
                 * @param _extraData   Optional data to forward to L2.
                 */
                function _initiateETHDeposit(
                    address _from,
                    address _to,
                    uint32 _minGasLimit,
                    bytes memory _extraData
                ) internal {
                    _initiateBridgeETH(_from, _to, msg.value, _minGasLimit, _extraData);
                }
                /**
                 * @notice Internal function for initiating an ERC20 deposit.
                 *
                 * @param _l1Token     Address of the L1 token being deposited.
                 * @param _l2Token     Address of the corresponding token on L2.
                 * @param _from        Address of the sender on L1.
                 * @param _to          Address of the recipient on L2.
                 * @param _amount      Amount of the ERC20 to deposit.
                 * @param _minGasLimit Minimum gas limit for the deposit message on L2.
                 * @param _extraData   Optional data to forward to L2.
                 */
                function _initiateERC20Deposit(
                    address _l1Token,
                    address _l2Token,
                    address _from,
                    address _to,
                    uint256 _amount,
                    uint32 _minGasLimit,
                    bytes memory _extraData
                ) internal {
                    _initiateBridgeERC20(_l1Token, _l2Token, _from, _to, _amount, _minGasLimit, _extraData);
                }
                /**
                 * @notice Emits the legacy ETHDepositInitiated event followed by the ETHBridgeInitiated event.
                 *         This is necessary for backwards compatibility with the legacy bridge.
                 *
                 * @inheritdoc StandardBridge
                 */
                function _emitETHBridgeInitiated(
                    address _from,
                    address _to,
                    uint256 _amount,
                    bytes memory _extraData
                ) internal override {
                    emit ETHDepositInitiated(_from, _to, _amount, _extraData);
                    super._emitETHBridgeInitiated(_from, _to, _amount, _extraData);
                }
                /**
                 * @notice Emits the legacy ETHWithdrawalFinalized event followed by the ETHBridgeFinalized
                 *         event. This is necessary for backwards compatibility with the legacy bridge.
                 *
                 * @inheritdoc StandardBridge
                 */
                function _emitETHBridgeFinalized(
                    address _from,
                    address _to,
                    uint256 _amount,
                    bytes memory _extraData
                ) internal override {
                    emit ETHWithdrawalFinalized(_from, _to, _amount, _extraData);
                    super._emitETHBridgeFinalized(_from, _to, _amount, _extraData);
                }
                /**
                 * @notice Emits the legacy ERC20DepositInitiated event followed by the ERC20BridgeInitiated
                 *         event. This is necessary for backwards compatibility with the legacy bridge.
                 *
                 * @inheritdoc StandardBridge
                 */
                function _emitERC20BridgeInitiated(
                    address _localToken,
                    address _remoteToken,
                    address _from,
                    address _to,
                    uint256 _amount,
                    bytes memory _extraData
                ) internal override {
                    emit ERC20DepositInitiated(_localToken, _remoteToken, _from, _to, _amount, _extraData);
                    super._emitERC20BridgeInitiated(_localToken, _remoteToken, _from, _to, _amount, _extraData);
                }
                /**
                 * @notice Emits the legacy ERC20WithdrawalFinalized event followed by the ERC20BridgeFinalized
                 *         event. This is necessary for backwards compatibility with the legacy bridge.
                 *
                 * @inheritdoc StandardBridge
                 */
                function _emitERC20BridgeFinalized(
                    address _localToken,
                    address _remoteToken,
                    address _from,
                    address _to,
                    uint256 _amount,
                    bytes memory _extraData
                ) internal override {
                    emit ERC20WithdrawalFinalized(_localToken, _remoteToken, _from, _to, _amount, _extraData);
                    super._emitERC20BridgeFinalized(_localToken, _remoteToken, _from, _to, _amount, _extraData);
                }
            }
            // SPDX-License-Identifier: MIT
            pragma solidity 0.8.15;
            import { Initializable } from "@openzeppelin/contracts/proxy/utils/Initializable.sol";
            import { Math } from "@openzeppelin/contracts/utils/math/Math.sol";
            import { Burn } from "../libraries/Burn.sol";
            import { Arithmetic } from "../libraries/Arithmetic.sol";
            /**
             * @custom:upgradeable
             * @title ResourceMetering
             * @notice ResourceMetering implements an EIP-1559 style resource metering system where pricing
             *         updates automatically based on current demand.
             */
            abstract contract ResourceMetering is Initializable {
                /**
                 * @notice Represents the various parameters that control the way in which resources are
                 *         metered. Corresponds to the EIP-1559 resource metering system.
                 *
                 * @custom:field prevBaseFee   Base fee from the previous block(s).
                 * @custom:field prevBoughtGas Amount of gas bought so far in the current block.
                 * @custom:field prevBlockNum  Last block number that the base fee was updated.
                 */
                struct ResourceParams {
                    uint128 prevBaseFee;
                    uint64 prevBoughtGas;
                    uint64 prevBlockNum;
                }
                /**
                 * @notice Represents the configuration for the EIP-1559 based curve for the deposit gas
                 *         market. These values should be set with care as it is possible to set them in
                 *         a way that breaks the deposit gas market. The target resource limit is defined as
                 *         maxResourceLimit / elasticityMultiplier. This struct was designed to fit within a
                 *         single word. There is additional space for additions in the future.
                 *
                 * @custom:field maxResourceLimit             Represents the maximum amount of deposit gas that
                 *                                            can be purchased per block.
                 * @custom:field elasticityMultiplier         Determines the target resource limit along with
                 *                                            the resource limit.
                 * @custom:field baseFeeMaxChangeDenominator  Determines max change on fee per block.
                 * @custom:field minimumBaseFee               The min deposit base fee, it is clamped to this
                 *                                            value.
                 * @custom:field systemTxMaxGas               The amount of gas supplied to the system
                 *                                            transaction. This should be set to the same number
                 *                                            that the op-node sets as the gas limit for the
                 *                                            system transaction.
                 * @custom:field maximumBaseFee               The max deposit base fee, it is clamped to this
                 *                                            value.
                 */
                struct ResourceConfig {
                    uint32 maxResourceLimit;
                    uint8 elasticityMultiplier;
                    uint8 baseFeeMaxChangeDenominator;
                    uint32 minimumBaseFee;
                    uint32 systemTxMaxGas;
                    uint128 maximumBaseFee;
                }
                /**
                 * @notice EIP-1559 style gas parameters.
                 */
                ResourceParams public params;
                /**
                 * @notice Reserve extra slots (to a total of 50) in the storage layout for future upgrades.
                 */
                uint256[48] private __gap;
                /**
                 * @notice Meters access to a function based an amount of a requested resource.
                 *
                 * @param _amount Amount of the resource requested.
                 */
                modifier metered(uint64 _amount) {
                    // Record initial gas amount so we can refund for it later.
                    uint256 initialGas = gasleft();
                    // Run the underlying function.
                    _;
                    // Run the metering function.
                    _metered(_amount, initialGas);
                }
                /**
                 * @notice An internal function that holds all of the logic for metering a resource.
                 *
                 * @param _amount     Amount of the resource requested.
                 * @param _initialGas The amount of gas before any modifier execution.
                 */
                function _metered(uint64 _amount, uint256 _initialGas) internal {
                    // Update block number and base fee if necessary.
                    uint256 blockDiff = block.number - params.prevBlockNum;
                    ResourceConfig memory config = _resourceConfig();
                    int256 targetResourceLimit = int256(uint256(config.maxResourceLimit)) /
                        int256(uint256(config.elasticityMultiplier));
                    if (blockDiff > 0) {
                        // Handle updating EIP-1559 style gas parameters. We use EIP-1559 to restrict the rate
                        // at which deposits can be created and therefore limit the potential for deposits to
                        // spam the L2 system. Fee scheme is very similar to EIP-1559 with minor changes.
                        int256 gasUsedDelta = int256(uint256(params.prevBoughtGas)) - targetResourceLimit;
                        int256 baseFeeDelta = (int256(uint256(params.prevBaseFee)) * gasUsedDelta) /
                            (targetResourceLimit * int256(uint256(config.baseFeeMaxChangeDenominator)));
                        // Update base fee by adding the base fee delta and clamp the resulting value between
                        // min and max.
                        int256 newBaseFee = Arithmetic.clamp({
                            _value: int256(uint256(params.prevBaseFee)) + baseFeeDelta,
                            _min: int256(uint256(config.minimumBaseFee)),
                            _max: int256(uint256(config.maximumBaseFee))
                        });
                        // If we skipped more than one block, we also need to account for every empty block.
                        // Empty block means there was no demand for deposits in that block, so we should
                        // reflect this lack of demand in the fee.
                        if (blockDiff > 1) {
                            // Update the base fee by repeatedly applying the exponent 1-(1/change_denominator)
                            // blockDiff - 1 times. Simulates multiple empty blocks. Clamp the resulting value
                            // between min and max.
                            newBaseFee = Arithmetic.clamp({
                                _value: Arithmetic.cdexp({
                                    _coefficient: newBaseFee,
                                    _denominator: int256(uint256(config.baseFeeMaxChangeDenominator)),
                                    _exponent: int256(blockDiff - 1)
                                }),
                                _min: int256(uint256(config.minimumBaseFee)),
                                _max: int256(uint256(config.maximumBaseFee))
                            });
                        }
                        // Update new base fee, reset bought gas, and update block number.
                        params.prevBaseFee = uint128(uint256(newBaseFee));
                        params.prevBoughtGas = 0;
                        params.prevBlockNum = uint64(block.number);
                    }
                    // Make sure we can actually buy the resource amount requested by the user.
                    params.prevBoughtGas += _amount;
                    require(
                        int256(uint256(params.prevBoughtGas)) <= int256(uint256(config.maxResourceLimit)),
                        "ResourceMetering: cannot buy more gas than available gas limit"
                    );
                    // Determine the amount of ETH to be paid.
                    uint256 resourceCost = uint256(_amount) * uint256(params.prevBaseFee);
                    // We currently charge for this ETH amount as an L1 gas burn, so we convert the ETH amount
                    // into gas by dividing by the L1 base fee. We assume a minimum base fee of 1 gwei to avoid
                    // division by zero for L1s that don't support 1559 or to avoid excessive gas burns during
                    // periods of extremely low L1 demand. One-day average gas fee hasn't dipped below 1 gwei
                    // during any 1 day period in the last 5 years, so should be fine.
                    uint256 gasCost = resourceCost / Math.max(block.basefee, 1 gwei);
                    // Give the user a refund based on the amount of gas they used to do all of the work up to
                    // this point. Since we're at the end of the modifier, this should be pretty accurate. Acts
                    // effectively like a dynamic stipend (with a minimum value).
                    uint256 usedGas = _initialGas - gasleft();
                    if (gasCost > usedGas) {
                        Burn.gas(gasCost - usedGas);
                    }
                }
                /**
                 * @notice Virtual function that returns the resource config. Contracts that inherit this
                 *         contract must implement this function.
                 *
                 * @return ResourceConfig
                 */
                function _resourceConfig() internal virtual returns (ResourceConfig memory);
                /**
                 * @notice Sets initial resource parameter values. This function must either be called by the
                 *         initializer function of an upgradeable child contract.
                 */
                // solhint-disable-next-line func-name-mixedcase
                function __ResourceMetering_init() internal onlyInitializing {
                    params = ResourceParams({
                        prevBaseFee: 1 gwei,
                        prevBoughtGas: 0,
                        prevBlockNum: uint64(block.number)
                    });
                }
            }
            // SPDX-License-Identifier: MIT
            pragma solidity 0.8.15;
            import { SignedMath } from "@openzeppelin/contracts/utils/math/SignedMath.sol";
            import { FixedPointMathLib } from "@rari-capital/solmate/src/utils/FixedPointMathLib.sol";
            /**
             * @title Arithmetic
             * @notice Even more math than before.
             */
            library Arithmetic {
                /**
                 * @notice Clamps a value between a minimum and maximum.
                 *
                 * @param _value The value to clamp.
                 * @param _min   The minimum value.
                 * @param _max   The maximum value.
                 *
                 * @return The clamped value.
                 */
                function clamp(
                    int256 _value,
                    int256 _min,
                    int256 _max
                ) internal pure returns (int256) {
                    return SignedMath.min(SignedMath.max(_value, _min), _max);
                }
                /**
                 * @notice (c)oefficient (d)enominator (exp)onentiation function.
                 *         Returns the result of: c * (1 - 1/d)^exp.
                 *
                 * @param _coefficient Coefficient of the function.
                 * @param _denominator Fractional denominator.
                 * @param _exponent    Power function exponent.
                 *
                 * @return Result of c * (1 - 1/d)^exp.
                 */
                function cdexp(
                    int256 _coefficient,
                    int256 _denominator,
                    int256 _exponent
                ) internal pure returns (int256) {
                    return
                        (_coefficient *
                            (FixedPointMathLib.powWad(1e18 - (1e18 / _denominator), _exponent * 1e18))) / 1e18;
                }
            }
            // SPDX-License-Identifier: MIT
            pragma solidity 0.8.15;
            /**
             * @title Burn
             * @notice Utilities for burning stuff.
             */
            library Burn {
                /**
                 * Burns a given amount of ETH.
                 *
                 * @param _amount Amount of ETH to burn.
                 */
                function eth(uint256 _amount) internal {
                    new Burner{ value: _amount }();
                }
                /**
                 * Burns a given amount of gas.
                 *
                 * @param _amount Amount of gas to burn.
                 */
                function gas(uint256 _amount) internal view {
                    uint256 i = 0;
                    uint256 initialGas = gasleft();
                    while (initialGas - gasleft() < _amount) {
                        ++i;
                    }
                }
            }
            /**
             * @title Burner
             * @notice Burner self-destructs on creation and sends all ETH to itself, removing all ETH given to
             *         the contract from the circulating supply. Self-destructing is the only way to remove ETH
             *         from the circulating supply.
             */
            contract Burner {
                constructor() payable {
                    selfdestruct(payable(address(this)));
                }
            }
            // SPDX-License-Identifier: MIT
            pragma solidity ^0.8.0;
            import { ResourceMetering } from "../L1/ResourceMetering.sol";
            /**
             * @title Constants
             * @notice Constants is a library for storing constants. Simple! Don't put everything in here, just
             *         the stuff used in multiple contracts. Constants that only apply to a single contract
             *         should be defined in that contract instead.
             */
            library Constants {
                /**
                 * @notice Special address to be used as the tx origin for gas estimation calls in the
                 *         OptimismPortal and CrossDomainMessenger calls. You only need to use this address if
                 *         the minimum gas limit specified by the user is not actually enough to execute the
                 *         given message and you're attempting to estimate the actual necessary gas limit. We
                 *         use address(1) because it's the ecrecover precompile and therefore guaranteed to
                 *         never have any code on any EVM chain.
                 */
                address internal constant ESTIMATION_ADDRESS = address(1);
                /**
                 * @notice Value used for the L2 sender storage slot in both the OptimismPortal and the
                 *         CrossDomainMessenger contracts before an actual sender is set. This value is
                 *         non-zero to reduce the gas cost of message passing transactions.
                 */
                address internal constant DEFAULT_L2_SENDER = 0x000000000000000000000000000000000000dEaD;
                /**
                 * @notice Returns the default values for the ResourceConfig. These are the recommended values
                 *         for a production network.
                 */
                function DEFAULT_RESOURCE_CONFIG()
                    internal
                    pure
                    returns (ResourceMetering.ResourceConfig memory)
                {
                    ResourceMetering.ResourceConfig memory config = ResourceMetering.ResourceConfig({
                        maxResourceLimit: 20_000_000,
                        elasticityMultiplier: 10,
                        baseFeeMaxChangeDenominator: 8,
                        minimumBaseFee: 1 gwei,
                        systemTxMaxGas: 1_000_000,
                        maximumBaseFee: type(uint128).max
                    });
                    return config;
                }
            }
            // SPDX-License-Identifier: MIT
            pragma solidity ^0.8.0;
            import { Types } from "./Types.sol";
            import { Hashing } from "./Hashing.sol";
            import { RLPWriter } from "./rlp/RLPWriter.sol";
            /**
             * @title Encoding
             * @notice Encoding handles Optimism's various different encoding schemes.
             */
            library Encoding {
                /**
                 * @notice RLP encodes the L2 transaction that would be generated when a given deposit is sent
                 *         to the L2 system. Useful for searching for a deposit in the L2 system. The
                 *         transaction is prefixed with 0x7e to identify its EIP-2718 type.
                 *
                 * @param _tx User deposit transaction to encode.
                 *
                 * @return RLP encoded L2 deposit transaction.
                 */
                function encodeDepositTransaction(Types.UserDepositTransaction memory _tx)
                    internal
                    pure
                    returns (bytes memory)
                {
                    bytes32 source = Hashing.hashDepositSource(_tx.l1BlockHash, _tx.logIndex);
                    bytes[] memory raw = new bytes[](8);
                    raw[0] = RLPWriter.writeBytes(abi.encodePacked(source));
                    raw[1] = RLPWriter.writeAddress(_tx.from);
                    raw[2] = _tx.isCreation ? RLPWriter.writeBytes("") : RLPWriter.writeAddress(_tx.to);
                    raw[3] = RLPWriter.writeUint(_tx.mint);
                    raw[4] = RLPWriter.writeUint(_tx.value);
                    raw[5] = RLPWriter.writeUint(uint256(_tx.gasLimit));
                    raw[6] = RLPWriter.writeBool(false);
                    raw[7] = RLPWriter.writeBytes(_tx.data);
                    return abi.encodePacked(uint8(0x7e), RLPWriter.writeList(raw));
                }
                /**
                 * @notice Encodes the cross domain message based on the version that is encoded into the
                 *         message nonce.
                 *
                 * @param _nonce    Message nonce with version encoded into the first two bytes.
                 * @param _sender   Address of the sender of the message.
                 * @param _target   Address of the target of the message.
                 * @param _value    ETH value to send to the target.
                 * @param _gasLimit Gas limit to use for the message.
                 * @param _data     Data to send with the message.
                 *
                 * @return Encoded cross domain message.
                 */
                function encodeCrossDomainMessage(
                    uint256 _nonce,
                    address _sender,
                    address _target,
                    uint256 _value,
                    uint256 _gasLimit,
                    bytes memory _data
                ) internal pure returns (bytes memory) {
                    (, uint16 version) = decodeVersionedNonce(_nonce);
                    if (version == 0) {
                        return encodeCrossDomainMessageV0(_target, _sender, _data, _nonce);
                    } else if (version == 1) {
                        return encodeCrossDomainMessageV1(_nonce, _sender, _target, _value, _gasLimit, _data);
                    } else {
                        revert("Encoding: unknown cross domain message version");
                    }
                }
                /**
                 * @notice Encodes a cross domain message based on the V0 (legacy) encoding.
                 *
                 * @param _target Address of the target of the message.
                 * @param _sender Address of the sender of the message.
                 * @param _data   Data to send with the message.
                 * @param _nonce  Message nonce.
                 *
                 * @return Encoded cross domain message.
                 */
                function encodeCrossDomainMessageV0(
                    address _target,
                    address _sender,
                    bytes memory _data,
                    uint256 _nonce
                ) internal pure returns (bytes memory) {
                    return
                        abi.encodeWithSignature(
                            "relayMessage(address,address,bytes,uint256)",
                            _target,
                            _sender,
                            _data,
                            _nonce
                        );
                }
                /**
                 * @notice Encodes a cross domain message based on the V1 (current) encoding.
                 *
                 * @param _nonce    Message nonce.
                 * @param _sender   Address of the sender of the message.
                 * @param _target   Address of the target of the message.
                 * @param _value    ETH value to send to the target.
                 * @param _gasLimit Gas limit to use for the message.
                 * @param _data     Data to send with the message.
                 *
                 * @return Encoded cross domain message.
                 */
                function encodeCrossDomainMessageV1(
                    uint256 _nonce,
                    address _sender,
                    address _target,
                    uint256 _value,
                    uint256 _gasLimit,
                    bytes memory _data
                ) internal pure returns (bytes memory) {
                    return
                        abi.encodeWithSignature(
                            "relayMessage(uint256,address,address,uint256,uint256,bytes)",
                            _nonce,
                            _sender,
                            _target,
                            _value,
                            _gasLimit,
                            _data
                        );
                }
                /**
                 * @notice Adds a version number into the first two bytes of a message nonce.
                 *
                 * @param _nonce   Message nonce to encode into.
                 * @param _version Version number to encode into the message nonce.
                 *
                 * @return Message nonce with version encoded into the first two bytes.
                 */
                function encodeVersionedNonce(uint240 _nonce, uint16 _version) internal pure returns (uint256) {
                    uint256 nonce;
                    assembly {
                        nonce := or(shl(240, _version), _nonce)
                    }
                    return nonce;
                }
                /**
                 * @notice Pulls the version out of a version-encoded nonce.
                 *
                 * @param _nonce Message nonce with version encoded into the first two bytes.
                 *
                 * @return Nonce without encoded version.
                 * @return Version of the message.
                 */
                function decodeVersionedNonce(uint256 _nonce) internal pure returns (uint240, uint16) {
                    uint240 nonce;
                    uint16 version;
                    assembly {
                        nonce := and(_nonce, 0x0000ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff)
                        version := shr(240, _nonce)
                    }
                    return (nonce, version);
                }
            }
            // SPDX-License-Identifier: MIT
            pragma solidity ^0.8.0;
            import { Types } from "./Types.sol";
            import { Encoding } from "./Encoding.sol";
            /**
             * @title Hashing
             * @notice Hashing handles Optimism's various different hashing schemes.
             */
            library Hashing {
                /**
                 * @notice Computes the hash of the RLP encoded L2 transaction that would be generated when a
                 *         given deposit is sent to the L2 system. Useful for searching for a deposit in the L2
                 *         system.
                 *
                 * @param _tx User deposit transaction to hash.
                 *
                 * @return Hash of the RLP encoded L2 deposit transaction.
                 */
                function hashDepositTransaction(Types.UserDepositTransaction memory _tx)
                    internal
                    pure
                    returns (bytes32)
                {
                    return keccak256(Encoding.encodeDepositTransaction(_tx));
                }
                /**
                 * @notice Computes the deposit transaction's "source hash", a value that guarantees the hash
                 *         of the L2 transaction that corresponds to a deposit is unique and is
                 *         deterministically generated from L1 transaction data.
                 *
                 * @param _l1BlockHash Hash of the L1 block where the deposit was included.
                 * @param _logIndex    The index of the log that created the deposit transaction.
                 *
                 * @return Hash of the deposit transaction's "source hash".
                 */
                function hashDepositSource(bytes32 _l1BlockHash, uint256 _logIndex)
                    internal
                    pure
                    returns (bytes32)
                {
                    bytes32 depositId = keccak256(abi.encode(_l1BlockHash, _logIndex));
                    return keccak256(abi.encode(bytes32(0), depositId));
                }
                /**
                 * @notice Hashes the cross domain message based on the version that is encoded into the
                 *         message nonce.
                 *
                 * @param _nonce    Message nonce with version encoded into the first two bytes.
                 * @param _sender   Address of the sender of the message.
                 * @param _target   Address of the target of the message.
                 * @param _value    ETH value to send to the target.
                 * @param _gasLimit Gas limit to use for the message.
                 * @param _data     Data to send with the message.
                 *
                 * @return Hashed cross domain message.
                 */
                function hashCrossDomainMessage(
                    uint256 _nonce,
                    address _sender,
                    address _target,
                    uint256 _value,
                    uint256 _gasLimit,
                    bytes memory _data
                ) internal pure returns (bytes32) {
                    (, uint16 version) = Encoding.decodeVersionedNonce(_nonce);
                    if (version == 0) {
                        return hashCrossDomainMessageV0(_target, _sender, _data, _nonce);
                    } else if (version == 1) {
                        return hashCrossDomainMessageV1(_nonce, _sender, _target, _value, _gasLimit, _data);
                    } else {
                        revert("Hashing: unknown cross domain message version");
                    }
                }
                /**
                 * @notice Hashes a cross domain message based on the V0 (legacy) encoding.
                 *
                 * @param _target Address of the target of the message.
                 * @param _sender Address of the sender of the message.
                 * @param _data   Data to send with the message.
                 * @param _nonce  Message nonce.
                 *
                 * @return Hashed cross domain message.
                 */
                function hashCrossDomainMessageV0(
                    address _target,
                    address _sender,
                    bytes memory _data,
                    uint256 _nonce
                ) internal pure returns (bytes32) {
                    return keccak256(Encoding.encodeCrossDomainMessageV0(_target, _sender, _data, _nonce));
                }
                /**
                 * @notice Hashes a cross domain message based on the V1 (current) encoding.
                 *
                 * @param _nonce    Message nonce.
                 * @param _sender   Address of the sender of the message.
                 * @param _target   Address of the target of the message.
                 * @param _value    ETH value to send to the target.
                 * @param _gasLimit Gas limit to use for the message.
                 * @param _data     Data to send with the message.
                 *
                 * @return Hashed cross domain message.
                 */
                function hashCrossDomainMessageV1(
                    uint256 _nonce,
                    address _sender,
                    address _target,
                    uint256 _value,
                    uint256 _gasLimit,
                    bytes memory _data
                ) internal pure returns (bytes32) {
                    return
                        keccak256(
                            Encoding.encodeCrossDomainMessageV1(
                                _nonce,
                                _sender,
                                _target,
                                _value,
                                _gasLimit,
                                _data
                            )
                        );
                }
                /**
                 * @notice Derives the withdrawal hash according to the encoding in the L2 Withdrawer contract
                 *
                 * @param _tx Withdrawal transaction to hash.
                 *
                 * @return Hashed withdrawal transaction.
                 */
                function hashWithdrawal(Types.WithdrawalTransaction memory _tx)
                    internal
                    pure
                    returns (bytes32)
                {
                    return
                        keccak256(
                            abi.encode(_tx.nonce, _tx.sender, _tx.target, _tx.value, _tx.gasLimit, _tx.data)
                        );
                }
                /**
                 * @notice Hashes the various elements of an output root proof into an output root hash which
                 *         can be used to check if the proof is valid.
                 *
                 * @param _outputRootProof Output root proof which should hash to an output root.
                 *
                 * @return Hashed output root proof.
                 */
                function hashOutputRootProof(Types.OutputRootProof memory _outputRootProof)
                    internal
                    pure
                    returns (bytes32)
                {
                    return
                        keccak256(
                            abi.encode(
                                _outputRootProof.version,
                                _outputRootProof.stateRoot,
                                _outputRootProof.messagePasserStorageRoot,
                                _outputRootProof.latestBlockhash
                            )
                        );
                }
            }
            // SPDX-License-Identifier: MIT
            pragma solidity ^0.8.0;
            /**
             * @title Predeploys
             * @notice Contains constant addresses for contracts that are pre-deployed to the L2 system.
             */
            library Predeploys {
                /**
                 * @notice Address of the L2ToL1MessagePasser predeploy.
                 */
                address internal constant L2_TO_L1_MESSAGE_PASSER = 0x4200000000000000000000000000000000000016;
                /**
                 * @notice Address of the L2CrossDomainMessenger predeploy.
                 */
                address internal constant L2_CROSS_DOMAIN_MESSENGER =
                    0x4200000000000000000000000000000000000007;
                /**
                 * @notice Address of the L2StandardBridge predeploy.
                 */
                address internal constant L2_STANDARD_BRIDGE = 0x4200000000000000000000000000000000000010;
                /**
                 * @notice Address of the L2ERC721Bridge predeploy.
                 */
                address internal constant L2_ERC721_BRIDGE = 0x4200000000000000000000000000000000000014;
                /**
                 * @notice Address of the SequencerFeeWallet predeploy.
                 */
                address internal constant SEQUENCER_FEE_WALLET = 0x4200000000000000000000000000000000000011;
                /**
                 * @notice Address of the OptimismMintableERC20Factory predeploy.
                 */
                address internal constant OPTIMISM_MINTABLE_ERC20_FACTORY =
                    0x4200000000000000000000000000000000000012;
                /**
                 * @notice Address of the OptimismMintableERC721Factory predeploy.
                 */
                address internal constant OPTIMISM_MINTABLE_ERC721_FACTORY =
                    0x4200000000000000000000000000000000000017;
                /**
                 * @notice Address of the L1Block predeploy.
                 */
                address internal constant L1_BLOCK_ATTRIBUTES = 0x4200000000000000000000000000000000000015;
                /**
                 * @notice Address of the GasPriceOracle predeploy. Includes fee information
                 *         and helpers for computing the L1 portion of the transaction fee.
                 */
                address internal constant GAS_PRICE_ORACLE = 0x420000000000000000000000000000000000000F;
                /**
                 * @custom:legacy
                 * @notice Address of the L1MessageSender predeploy. Deprecated. Use L2CrossDomainMessenger
                 *         or access tx.origin (or msg.sender) in a L1 to L2 transaction instead.
                 */
                address internal constant L1_MESSAGE_SENDER = 0x4200000000000000000000000000000000000001;
                /**
                 * @custom:legacy
                 * @notice Address of the DeployerWhitelist predeploy. No longer active.
                 */
                address internal constant DEPLOYER_WHITELIST = 0x4200000000000000000000000000000000000002;
                /**
                 * @custom:legacy
                 * @notice Address of the LegacyERC20ETH predeploy. Deprecated. Balances are migrated to the
                 *         state trie as of the Bedrock upgrade. Contract has been locked and write functions
                 *         can no longer be accessed.
                 */
                address internal constant LEGACY_ERC20_ETH = 0xDeadDeAddeAddEAddeadDEaDDEAdDeaDDeAD0000;
                /**
                 * @custom:legacy
                 * @notice Address of the L1BlockNumber predeploy. Deprecated. Use the L1Block predeploy
                 *         instead, which exposes more information about the L1 state.
                 */
                address internal constant L1_BLOCK_NUMBER = 0x4200000000000000000000000000000000000013;
                /**
                 * @custom:legacy
                 * @notice Address of the LegacyMessagePasser predeploy. Deprecate. Use the updated
                 *         L2ToL1MessagePasser contract instead.
                 */
                address internal constant LEGACY_MESSAGE_PASSER = 0x4200000000000000000000000000000000000000;
                /**
                 * @notice Address of the ProxyAdmin predeploy.
                 */
                address internal constant PROXY_ADMIN = 0x4200000000000000000000000000000000000018;
                /**
                 * @notice Address of the BaseFeeVault predeploy.
                 */
                address internal constant BASE_FEE_VAULT = 0x4200000000000000000000000000000000000019;
                /**
                 * @notice Address of the L1FeeVault predeploy.
                 */
                address internal constant L1_FEE_VAULT = 0x420000000000000000000000000000000000001A;
                /**
                 * @notice Address of the GovernanceToken predeploy.
                 */
                address internal constant GOVERNANCE_TOKEN = 0x4200000000000000000000000000000000000042;
            }
            // SPDX-License-Identifier: MIT
            pragma solidity 0.8.15;
            /**
             * @title SafeCall
             * @notice Perform low level safe calls
             */
            library SafeCall {
                /**
                 * @notice Perform a low level call without copying any returndata
                 *
                 * @param _target   Address to call
                 * @param _gas      Amount of gas to pass to the call
                 * @param _value    Amount of value to pass to the call
                 * @param _calldata Calldata to pass to the call
                 */
                function call(
                    address _target,
                    uint256 _gas,
                    uint256 _value,
                    bytes memory _calldata
                ) internal returns (bool) {
                    bool _success;
                    assembly {
                        _success := call(
                            _gas, // gas
                            _target, // recipient
                            _value, // ether value
                            add(_calldata, 32), // inloc
                            mload(_calldata), // inlen
                            0, // outloc
                            0 // outlen
                        )
                    }
                    return _success;
                }
                /**
                 * @notice Perform a low level call without copying any returndata. This function
                 *         will revert if the call cannot be performed with the specified minimum
                 *         gas.
                 *
                 * @param _target   Address to call
                 * @param _minGas   The minimum amount of gas that may be passed to the call
                 * @param _value    Amount of value to pass to the call
                 * @param _calldata Calldata to pass to the call
                 */
                function callWithMinGas(
                    address _target,
                    uint256 _minGas,
                    uint256 _value,
                    bytes memory _calldata
                ) internal returns (bool) {
                    bool _success;
                    assembly {
                        // Assertion: gasleft() >= ((_minGas + 200) * 64) / 63
                        //
                        // Because EIP-150 ensures that, a maximum of 63/64ths of the remaining gas in the call
                        // frame may be passed to a subcontext, we need to ensure that the gas will not be
                        // truncated to hold this function's invariant: "If a call is performed by
                        // `callWithMinGas`, it must receive at least the specified minimum gas limit." In
                        // addition, exactly 51 gas is consumed between the below `GAS` opcode and the `CALL`
                        // opcode, so it is factored in with some extra room for error.
                        if lt(gas(), div(mul(64, add(_minGas, 200)), 63)) {
                            // Store the "Error(string)" selector in scratch space.
                            mstore(0, 0x08c379a0)
                            // Store the pointer to the string length in scratch space.
                            mstore(32, 32)
                            // Store the string.
                            //
                            // SAFETY:
                            // - We pad the beginning of the string with two zero bytes as well as the
                            // length (24) to ensure that we override the free memory pointer at offset
                            // 0x40. This is necessary because the free memory pointer is likely to
                            // be greater than 1 byte when this function is called, but it is incredibly
                            // unlikely that it will be greater than 3 bytes. As for the data within
                            // 0x60, it is ensured that it is 0 due to 0x60 being the zero offset.
                            // - It's fine to clobber the free memory pointer, we're reverting.
                            mstore(88, 0x0000185361666543616c6c3a204e6f7420656e6f75676820676173)
                            // Revert with 'Error("SafeCall: Not enough gas")'
                            revert(28, 100)
                        }
                        // The call will be supplied at least (((_minGas + 200) * 64) / 63) - 49 gas due to the
                        // above assertion. This ensures that, in all circumstances, the call will
                        // receive at least the minimum amount of gas specified.
                        // We can prove this property by solving the inequalities:
                        // ((((_minGas + 200) * 64) / 63) - 49) >= _minGas
                        // ((((_minGas + 200) * 64) / 63) - 51) * (63 / 64) >= _minGas
                        // Both inequalities hold true for all possible values of `_minGas`.
                        _success := call(
                            gas(), // gas
                            _target, // recipient
                            _value, // ether value
                            add(_calldata, 32), // inloc
                            mload(_calldata), // inlen
                            0x00, // outloc
                            0x00 // outlen
                        )
                    }
                    return _success;
                }
            }
            // SPDX-License-Identifier: MIT
            pragma solidity ^0.8.0;
            /**
             * @title Types
             * @notice Contains various types used throughout the Optimism contract system.
             */
            library Types {
                /**
                 * @notice OutputProposal represents a commitment to the L2 state. The timestamp is the L1
                 *         timestamp that the output root is posted. This timestamp is used to verify that the
                 *         finalization period has passed since the output root was submitted.
                 *
                 * @custom:field outputRoot    Hash of the L2 output.
                 * @custom:field timestamp     Timestamp of the L1 block that the output root was submitted in.
                 * @custom:field l2BlockNumber L2 block number that the output corresponds to.
                 */
                struct OutputProposal {
                    bytes32 outputRoot;
                    uint128 timestamp;
                    uint128 l2BlockNumber;
                }
                /**
                 * @notice Struct representing the elements that are hashed together to generate an output root
                 *         which itself represents a snapshot of the L2 state.
                 *
                 * @custom:field version                  Version of the output root.
                 * @custom:field stateRoot                Root of the state trie at the block of this output.
                 * @custom:field messagePasserStorageRoot Root of the message passer storage trie.
                 * @custom:field latestBlockhash          Hash of the block this output was generated from.
                 */
                struct OutputRootProof {
                    bytes32 version;
                    bytes32 stateRoot;
                    bytes32 messagePasserStorageRoot;
                    bytes32 latestBlockhash;
                }
                /**
                 * @notice Struct representing a deposit transaction (L1 => L2 transaction) created by an end
                 *         user (as opposed to a system deposit transaction generated by the system).
                 *
                 * @custom:field from        Address of the sender of the transaction.
                 * @custom:field to          Address of the recipient of the transaction.
                 * @custom:field isCreation  True if the transaction is a contract creation.
                 * @custom:field value       Value to send to the recipient.
                 * @custom:field mint        Amount of ETH to mint.
                 * @custom:field gasLimit    Gas limit of the transaction.
                 * @custom:field data        Data of the transaction.
                 * @custom:field l1BlockHash Hash of the block the transaction was submitted in.
                 * @custom:field logIndex    Index of the log in the block the transaction was submitted in.
                 */
                struct UserDepositTransaction {
                    address from;
                    address to;
                    bool isCreation;
                    uint256 value;
                    uint256 mint;
                    uint64 gasLimit;
                    bytes data;
                    bytes32 l1BlockHash;
                    uint256 logIndex;
                }
                /**
                 * @notice Struct representing a withdrawal transaction.
                 *
                 * @custom:field nonce    Nonce of the withdrawal transaction
                 * @custom:field sender   Address of the sender of the transaction.
                 * @custom:field target   Address of the recipient of the transaction.
                 * @custom:field value    Value to send to the recipient.
                 * @custom:field gasLimit Gas limit of the transaction.
                 * @custom:field data     Data of the transaction.
                 */
                struct WithdrawalTransaction {
                    uint256 nonce;
                    address sender;
                    address target;
                    uint256 value;
                    uint256 gasLimit;
                    bytes data;
                }
            }
            // SPDX-License-Identifier: MIT
            pragma solidity ^0.8.0;
            /**
             * @custom:attribution https://github.com/bakaoh/solidity-rlp-encode
             * @title RLPWriter
             * @author RLPWriter is a library for encoding Solidity types to RLP bytes. Adapted from Bakaoh's
             *         RLPEncode library (https://github.com/bakaoh/solidity-rlp-encode) with minor
             *         modifications to improve legibility.
             */
            library RLPWriter {
                /**
                 * @notice RLP encodes a byte string.
                 *
                 * @param _in The byte string to encode.
                 *
                 * @return The RLP encoded string in bytes.
                 */
                function writeBytes(bytes memory _in) internal pure returns (bytes memory) {
                    bytes memory encoded;
                    if (_in.length == 1 && uint8(_in[0]) < 128) {
                        encoded = _in;
                    } else {
                        encoded = abi.encodePacked(_writeLength(_in.length, 128), _in);
                    }
                    return encoded;
                }
                /**
                 * @notice RLP encodes a list of RLP encoded byte byte strings.
                 *
                 * @param _in The list of RLP encoded byte strings.
                 *
                 * @return The RLP encoded list of items in bytes.
                 */
                function writeList(bytes[] memory _in) internal pure returns (bytes memory) {
                    bytes memory list = _flatten(_in);
                    return abi.encodePacked(_writeLength(list.length, 192), list);
                }
                /**
                 * @notice RLP encodes a string.
                 *
                 * @param _in The string to encode.
                 *
                 * @return The RLP encoded string in bytes.
                 */
                function writeString(string memory _in) internal pure returns (bytes memory) {
                    return writeBytes(bytes(_in));
                }
                /**
                 * @notice RLP encodes an address.
                 *
                 * @param _in The address to encode.
                 *
                 * @return The RLP encoded address in bytes.
                 */
                function writeAddress(address _in) internal pure returns (bytes memory) {
                    return writeBytes(abi.encodePacked(_in));
                }
                /**
                 * @notice RLP encodes a uint.
                 *
                 * @param _in The uint256 to encode.
                 *
                 * @return The RLP encoded uint256 in bytes.
                 */
                function writeUint(uint256 _in) internal pure returns (bytes memory) {
                    return writeBytes(_toBinary(_in));
                }
                /**
                 * @notice RLP encodes a bool.
                 *
                 * @param _in The bool to encode.
                 *
                 * @return The RLP encoded bool in bytes.
                 */
                function writeBool(bool _in) internal pure returns (bytes memory) {
                    bytes memory encoded = new bytes(1);
                    encoded[0] = (_in ? bytes1(0x01) : bytes1(0x80));
                    return encoded;
                }
                /**
                 * @notice Encode the first byte and then the `len` in binary form if `length` is more than 55.
                 *
                 * @param _len    The length of the string or the payload.
                 * @param _offset 128 if item is string, 192 if item is list.
                 *
                 * @return RLP encoded bytes.
                 */
                function _writeLength(uint256 _len, uint256 _offset) private pure returns (bytes memory) {
                    bytes memory encoded;
                    if (_len < 56) {
                        encoded = new bytes(1);
                        encoded[0] = bytes1(uint8(_len) + uint8(_offset));
                    } else {
                        uint256 lenLen;
                        uint256 i = 1;
                        while (_len / i != 0) {
                            lenLen++;
                            i *= 256;
                        }
                        encoded = new bytes(lenLen + 1);
                        encoded[0] = bytes1(uint8(lenLen) + uint8(_offset) + 55);
                        for (i = 1; i <= lenLen; i++) {
                            encoded[i] = bytes1(uint8((_len / (256**(lenLen - i))) % 256));
                        }
                    }
                    return encoded;
                }
                /**
                 * @notice Encode integer in big endian binary form with no leading zeroes.
                 *
                 * @param _x The integer to encode.
                 *
                 * @return RLP encoded bytes.
                 */
                function _toBinary(uint256 _x) private pure returns (bytes memory) {
                    bytes memory b = abi.encodePacked(_x);
                    uint256 i = 0;
                    for (; i < 32; i++) {
                        if (b[i] != 0) {
                            break;
                        }
                    }
                    bytes memory res = new bytes(32 - i);
                    for (uint256 j = 0; j < res.length; j++) {
                        res[j] = b[i++];
                    }
                    return res;
                }
                /**
                 * @custom:attribution https://github.com/Arachnid/solidity-stringutils
                 * @notice Copies a piece of memory to another location.
                 *
                 * @param _dest Destination location.
                 * @param _src  Source location.
                 * @param _len  Length of memory to copy.
                 */
                function _memcpy(
                    uint256 _dest,
                    uint256 _src,
                    uint256 _len
                ) private pure {
                    uint256 dest = _dest;
                    uint256 src = _src;
                    uint256 len = _len;
                    for (; len >= 32; len -= 32) {
                        assembly {
                            mstore(dest, mload(src))
                        }
                        dest += 32;
                        src += 32;
                    }
                    uint256 mask;
                    unchecked {
                        mask = 256**(32 - len) - 1;
                    }
                    assembly {
                        let srcpart := and(mload(src), not(mask))
                        let destpart := and(mload(dest), mask)
                        mstore(dest, or(destpart, srcpart))
                    }
                }
                /**
                 * @custom:attribution https://github.com/sammayo/solidity-rlp-encoder
                 * @notice Flattens a list of byte strings into one byte string.
                 *
                 * @param _list List of byte strings to flatten.
                 *
                 * @return The flattened byte string.
                 */
                function _flatten(bytes[] memory _list) private pure returns (bytes memory) {
                    if (_list.length == 0) {
                        return new bytes(0);
                    }
                    uint256 len;
                    uint256 i = 0;
                    for (; i < _list.length; i++) {
                        len += _list[i].length;
                    }
                    bytes memory flattened = new bytes(len);
                    uint256 flattenedPtr;
                    assembly {
                        flattenedPtr := add(flattened, 0x20)
                    }
                    for (i = 0; i < _list.length; i++) {
                        bytes memory item = _list[i];
                        uint256 listPtr;
                        assembly {
                            listPtr := add(item, 0x20)
                        }
                        _memcpy(flattenedPtr, listPtr, item.length);
                        flattenedPtr += _list[i].length;
                    }
                    return flattened;
                }
            }
            // SPDX-License-Identifier: MIT
            pragma solidity 0.8.15;
            import { Initializable } from "@openzeppelin/contracts-upgradeable/proxy/utils/Initializable.sol";
            import { SafeCall } from "../libraries/SafeCall.sol";
            import { Hashing } from "../libraries/Hashing.sol";
            import { Encoding } from "../libraries/Encoding.sol";
            import { Constants } from "../libraries/Constants.sol";
            /**
             * @custom:legacy
             * @title CrossDomainMessengerLegacySpacer0
             * @notice Contract only exists to add a spacer to the CrossDomainMessenger where the
             *         libAddressManager variable used to exist. Must be the first contract in the inheritance
             *         tree of the CrossDomainMessenger.
             */
            contract CrossDomainMessengerLegacySpacer0 {
                /**
                 * @custom:legacy
                 * @custom:spacer libAddressManager
                 * @notice Spacer for backwards compatibility.
                 */
                address private spacer_0_0_20;
            }
            /**
             * @custom:legacy
             * @title CrossDomainMessengerLegacySpacer1
             * @notice Contract only exists to add a spacer to the CrossDomainMessenger where the
             *         PausableUpgradable and OwnableUpgradeable variables used to exist. Must be
             *         the third contract in the inheritance tree of the CrossDomainMessenger.
             */
            contract CrossDomainMessengerLegacySpacer1 {
                /**
                 * @custom:legacy
                 * @custom:spacer __gap
                 * @notice Spacer for backwards compatibility. Comes from OpenZeppelin
                 *         ContextUpgradable via OwnableUpgradeable.
                 *
                 */
                uint256[50] private spacer_1_0_1600;
                /**
                 * @custom:legacy
                 * @custom:spacer _owner
                 * @notice Spacer for backwards compatibility.
                 *         Come from OpenZeppelin OwnableUpgradeable.
                 */
                address private spacer_51_0_20;
                /**
                 * @custom:legacy
                 * @custom:spacer __gap
                 * @notice Spacer for backwards compatibility. Comes from OpenZeppelin
                 *         ContextUpgradable via PausableUpgradable.
                 */
                uint256[49] private spacer_52_0_1568;
                /**
                 * @custom:legacy
                 * @custom:spacer _paused
                 * @notice Spacer for backwards compatibility. Comes from OpenZeppelin
                 *         PausableUpgradable.
                 */
                bool private spacer_101_0_1;
                /**
                 * @custom:legacy
                 * @custom:spacer __gap
                 * @notice Spacer for backwards compatibility. Comes from OpenZeppelin
                 *         PausableUpgradable.
                 */
                uint256[49] private spacer_102_0_1568;
                /**
                 * @custom:legacy
                 * @custom:spacer ReentrancyGuardUpgradeable's `_status` field.
                 * @notice Spacer for backwards compatibility
                 */
                uint256 private spacer_151_0_32;
                /**
                 * @custom:spacer ReentrancyGuardUpgradeable
                 * @notice Spacer for backwards compatibility
                 */
                uint256[49] private __gap_reentrancy_guard;
                /**
                 * @custom:legacy
                 * @custom:spacer blockedMessages
                 * @notice Spacer for backwards compatibility.
                 */
                mapping(bytes32 => bool) private spacer_201_0_32;
                /**
                 * @custom:legacy
                 * @custom:spacer relayedMessages
                 * @notice Spacer for backwards compatibility.
                 */
                mapping(bytes32 => bool) private spacer_202_0_32;
            }
            /**
             * @custom:upgradeable
             * @title CrossDomainMessenger
             * @notice CrossDomainMessenger is a base contract that provides the core logic for the L1 and L2
             *         cross-chain messenger contracts. It's designed to be a universal interface that only
             *         needs to be extended slightly to provide low-level message passing functionality on each
             *         chain it's deployed on. Currently only designed for message passing between two paired
             *         chains and does not support one-to-many interactions.
             *
             *         Any changes to this contract MUST result in a semver bump for contracts that inherit it.
             */
            abstract contract CrossDomainMessenger is
                CrossDomainMessengerLegacySpacer0,
                Initializable,
                CrossDomainMessengerLegacySpacer1
            {
                /**
                 * @notice Current message version identifier.
                 */
                uint16 public constant MESSAGE_VERSION = 1;
                /**
                 * @notice Constant overhead added to the base gas for a message.
                 */
                uint64 public constant MIN_GAS_CONSTANT_OVERHEAD = 200_000;
                /**
                 * @notice Numerator for dynamic overhead added to the base gas for a message.
                 */
                uint64 public constant MIN_GAS_DYNAMIC_OVERHEAD_NUMERATOR = 1016;
                /**
                 * @notice Denominator for dynamic overhead added to the base gas for a message.
                 */
                uint64 public constant MIN_GAS_DYNAMIC_OVERHEAD_DENOMINATOR = 1000;
                /**
                 * @notice Extra gas added to base gas for each byte of calldata in a message.
                 */
                uint64 public constant MIN_GAS_CALLDATA_OVERHEAD = 16;
                /**
                 * @notice Address of the paired CrossDomainMessenger contract on the other chain.
                 */
                address public immutable OTHER_MESSENGER;
                /**
                 * @notice Mapping of message hashes to boolean receipt values. Note that a message will only
                 *         be present in this mapping if it has successfully been relayed on this chain, and
                 *         can therefore not be relayed again.
                 */
                mapping(bytes32 => bool) public successfulMessages;
                /**
                 * @notice Address of the sender of the currently executing message on the other chain. If the
                 *         value of this variable is the default value (0x00000000...dead) then no message is
                 *         currently being executed. Use the xDomainMessageSender getter which will throw an
                 *         error if this is the case.
                 */
                address internal xDomainMsgSender;
                /**
                 * @notice Nonce for the next message to be sent, without the message version applied. Use the
                 *         messageNonce getter which will insert the message version into the nonce to give you
                 *         the actual nonce to be used for the message.
                 */
                uint240 internal msgNonce;
                /**
                 * @notice Mapping of message hashes to a boolean if and only if the message has failed to be
                 *         executed at least once. A message will not be present in this mapping if it
                 *         successfully executed on the first attempt.
                 */
                mapping(bytes32 => bool) public failedMessages;
                /**
                 * @notice A mapping of hashes to reentrancy locks.
                 */
                mapping(bytes32 => bool) internal reentrancyLocks;
                /**
                 * @notice Reserve extra slots in the storage layout for future upgrades.
                 *         A gap size of 41 was chosen here, so that the first slot used in a child contract
                 *         would be a multiple of 50.
                 */
                uint256[41] private __gap;
                /**
                 * @notice Emitted whenever a message is sent to the other chain.
                 *
                 * @param target       Address of the recipient of the message.
                 * @param sender       Address of the sender of the message.
                 * @param message      Message to trigger the recipient address with.
                 * @param messageNonce Unique nonce attached to the message.
                 * @param gasLimit     Minimum gas limit that the message can be executed with.
                 */
                event SentMessage(
                    address indexed target,
                    address sender,
                    bytes message,
                    uint256 messageNonce,
                    uint256 gasLimit
                );
                /**
                 * @notice Additional event data to emit, required as of Bedrock. Cannot be merged with the
                 *         SentMessage event without breaking the ABI of this contract, this is good enough.
                 *
                 * @param sender Address of the sender of the message.
                 * @param value  ETH value sent along with the message to the recipient.
                 */
                event SentMessageExtension1(address indexed sender, uint256 value);
                /**
                 * @notice Emitted whenever a message is successfully relayed on this chain.
                 *
                 * @param msgHash Hash of the message that was relayed.
                 */
                event RelayedMessage(bytes32 indexed msgHash);
                /**
                 * @notice Emitted whenever a message fails to be relayed on this chain.
                 *
                 * @param msgHash Hash of the message that failed to be relayed.
                 */
                event FailedRelayedMessage(bytes32 indexed msgHash);
                /**
                 * @param _otherMessenger Address of the messenger on the paired chain.
                 */
                constructor(address _otherMessenger) {
                    OTHER_MESSENGER = _otherMessenger;
                }
                /**
                 * @notice Sends a message to some target address on the other chain. Note that if the call
                 *         always reverts, then the message will be unrelayable, and any ETH sent will be
                 *         permanently locked. The same will occur if the target on the other chain is
                 *         considered unsafe (see the _isUnsafeTarget() function).
                 *
                 * @param _target      Target contract or wallet address.
                 * @param _message     Message to trigger the target address with.
                 * @param _minGasLimit Minimum gas limit that the message can be executed with.
                 */
                function sendMessage(
                    address _target,
                    bytes calldata _message,
                    uint32 _minGasLimit
                ) external payable {
                    // Triggers a message to the other messenger. Note that the amount of gas provided to the
                    // message is the amount of gas requested by the user PLUS the base gas value. We want to
                    // guarantee the property that the call to the target contract will always have at least
                    // the minimum gas limit specified by the user.
                    _sendMessage(
                        OTHER_MESSENGER,
                        baseGas(_message, _minGasLimit),
                        msg.value,
                        abi.encodeWithSelector(
                            this.relayMessage.selector,
                            messageNonce(),
                            msg.sender,
                            _target,
                            msg.value,
                            _minGasLimit,
                            _message
                        )
                    );
                    emit SentMessage(_target, msg.sender, _message, messageNonce(), _minGasLimit);
                    emit SentMessageExtension1(msg.sender, msg.value);
                    unchecked {
                        ++msgNonce;
                    }
                }
                /**
                 * @notice Relays a message that was sent by the other CrossDomainMessenger contract. Can only
                 *         be executed via cross-chain call from the other messenger OR if the message was
                 *         already received once and is currently being replayed.
                 *
                 * @param _nonce       Nonce of the message being relayed.
                 * @param _sender      Address of the user who sent the message.
                 * @param _target      Address that the message is targeted at.
                 * @param _value       ETH value to send with the message.
                 * @param _minGasLimit Minimum amount of gas that the message can be executed with.
                 * @param _message     Message to send to the target.
                 */
                function relayMessage(
                    uint256 _nonce,
                    address _sender,
                    address _target,
                    uint256 _value,
                    uint256 _minGasLimit,
                    bytes calldata _message
                ) external payable {
                    (, uint16 version) = Encoding.decodeVersionedNonce(_nonce);
                    require(
                        version < 2,
                        "CrossDomainMessenger: only version 0 or 1 messages are supported at this time"
                    );
                    // If the message is version 0, then it's a migrated legacy withdrawal. We therefore need
                    // to check that the legacy version of the message has not already been relayed.
                    if (version == 0) {
                        bytes32 oldHash = Hashing.hashCrossDomainMessageV0(_target, _sender, _message, _nonce);
                        require(
                            successfulMessages[oldHash] == false,
                            "CrossDomainMessenger: legacy withdrawal already relayed"
                        );
                    }
                    // We use the v1 message hash as the unique identifier for the message because it commits
                    // to the value and minimum gas limit of the message.
                    bytes32 versionedHash = Hashing.hashCrossDomainMessageV1(
                        _nonce,
                        _sender,
                        _target,
                        _value,
                        _minGasLimit,
                        _message
                    );
                    // Check if the reentrancy lock for the `versionedHash` is already set.
                    if (reentrancyLocks[versionedHash]) {
                        revert("ReentrancyGuard: reentrant call");
                    }
                    // Trigger the reentrancy lock for `versionedHash`
                    reentrancyLocks[versionedHash] = true;
                    if (_isOtherMessenger()) {
                        // These properties should always hold when the message is first submitted (as
                        // opposed to being replayed).
                        assert(msg.value == _value);
                        assert(!failedMessages[versionedHash]);
                    } else {
                        require(
                            msg.value == 0,
                            "CrossDomainMessenger: value must be zero unless message is from a system address"
                        );
                        require(
                            failedMessages[versionedHash],
                            "CrossDomainMessenger: message cannot be replayed"
                        );
                    }
                    require(
                        _isUnsafeTarget(_target) == false,
                        "CrossDomainMessenger: cannot send message to blocked system address"
                    );
                    require(
                        successfulMessages[versionedHash] == false,
                        "CrossDomainMessenger: message has already been relayed"
                    );
                    xDomainMsgSender = _sender;
                    bool success = SafeCall.callWithMinGas(_target, _minGasLimit, _value, _message);
                    xDomainMsgSender = Constants.DEFAULT_L2_SENDER;
                    if (success) {
                        successfulMessages[versionedHash] = true;
                        emit RelayedMessage(versionedHash);
                    } else {
                        failedMessages[versionedHash] = true;
                        emit FailedRelayedMessage(versionedHash);
                        // Revert in this case if the transaction was triggered by the estimation address. This
                        // should only be possible during gas estimation or we have bigger problems. Reverting
                        // here will make the behavior of gas estimation change such that the gas limit
                        // computed will be the amount required to relay the message, even if that amount is
                        // greater than the minimum gas limit specified by the user.
                        if (tx.origin == Constants.ESTIMATION_ADDRESS) {
                            revert("CrossDomainMessenger: failed to relay message");
                        }
                    }
                    // Clear the reentrancy lock for `versionedHash`
                    reentrancyLocks[versionedHash] = false;
                }
                /**
                 * @notice Retrieves the address of the contract or wallet that initiated the currently
                 *         executing message on the other chain. Will throw an error if there is no message
                 *         currently being executed. Allows the recipient of a call to see who triggered it.
                 *
                 * @return Address of the sender of the currently executing message on the other chain.
                 */
                function xDomainMessageSender() external view returns (address) {
                    require(
                        xDomainMsgSender != Constants.DEFAULT_L2_SENDER,
                        "CrossDomainMessenger: xDomainMessageSender is not set"
                    );
                    return xDomainMsgSender;
                }
                /**
                 * @notice Retrieves the next message nonce. Message version will be added to the upper two
                 *         bytes of the message nonce. Message version allows us to treat messages as having
                 *         different structures.
                 *
                 * @return Nonce of the next message to be sent, with added message version.
                 */
                function messageNonce() public view returns (uint256) {
                    return Encoding.encodeVersionedNonce(msgNonce, MESSAGE_VERSION);
                }
                /**
                 * @notice Computes the amount of gas required to guarantee that a given message will be
                 *         received on the other chain without running out of gas. Guaranteeing that a message
                 *         will not run out of gas is important because this ensures that a message can always
                 *         be replayed on the other chain if it fails to execute completely.
                 *
                 * @param _message     Message to compute the amount of required gas for.
                 * @param _minGasLimit Minimum desired gas limit when message goes to target.
                 *
                 * @return Amount of gas required to guarantee message receipt.
                 */
                function baseGas(bytes calldata _message, uint32 _minGasLimit) public pure returns (uint64) {
                    // We peform the following math on uint64s to avoid overflow errors. Multiplying the
                    // by MIN_GAS_DYNAMIC_OVERHEAD_NUMERATOR would otherwise limit the _minGasLimit to
                    // type(uint32).max / MIN_GAS_DYNAMIC_OVERHEAD_NUMERATOR ~= 4.2m.
                    return
                        // Dynamic overhead
                        ((uint64(_minGasLimit) * MIN_GAS_DYNAMIC_OVERHEAD_NUMERATOR) /
                            MIN_GAS_DYNAMIC_OVERHEAD_DENOMINATOR) +
                        // Calldata overhead
                        (uint64(_message.length) * MIN_GAS_CALLDATA_OVERHEAD) +
                        // Constant overhead
                        MIN_GAS_CONSTANT_OVERHEAD;
                }
                /**
                 * @notice Intializer.
                 */
                // solhint-disable-next-line func-name-mixedcase
                function __CrossDomainMessenger_init() internal onlyInitializing {
                    xDomainMsgSender = Constants.DEFAULT_L2_SENDER;
                }
                /**
                 * @notice Sends a low-level message to the other messenger. Needs to be implemented by child
                 *         contracts because the logic for this depends on the network where the messenger is
                 *         being deployed.
                 *
                 * @param _to       Recipient of the message on the other chain.
                 * @param _gasLimit Minimum gas limit the message can be executed with.
                 * @param _value    Amount of ETH to send with the message.
                 * @param _data     Message data.
                 */
                function _sendMessage(
                    address _to,
                    uint64 _gasLimit,
                    uint256 _value,
                    bytes memory _data
                ) internal virtual;
                /**
                 * @notice Checks whether the message is coming from the other messenger. Implemented by child
                 *         contracts because the logic for this depends on the network where the messenger is
                 *         being deployed.
                 *
                 * @return Whether the message is coming from the other messenger.
                 */
                function _isOtherMessenger() internal view virtual returns (bool);
                /**
                 * @notice Checks whether a given call target is a system address that could cause the
                 *         messenger to peform an unsafe action. This is NOT a mechanism for blocking user
                 *         addresses. This is ONLY used to prevent the execution of messages to specific
                 *         system addresses that could cause security issues, e.g., having the
                 *         CrossDomainMessenger send messages to itself.
                 *
                 * @param _target Address of the contract to check.
                 *
                 * @return Whether or not the address is an unsafe system address.
                 */
                function _isUnsafeTarget(address _target) internal view virtual returns (bool);
            }
            // SPDX-License-Identifier: MIT
            pragma solidity ^0.8.0;
            import { IERC165 } from "@openzeppelin/contracts/utils/introspection/IERC165.sol";
            /**
             * @title IOptimismMintableERC20
             * @notice This interface is available on the OptimismMintableERC20 contract. We declare it as a
             *         separate interface so that it can be used in custom implementations of
             *         OptimismMintableERC20.
             */
            interface IOptimismMintableERC20 is IERC165 {
                function remoteToken() external view returns (address);
                function bridge() external returns (address);
                function mint(address _to, uint256 _amount) external;
                function burn(address _from, uint256 _amount) external;
            }
            /**
             * @custom:legacy
             * @title ILegacyMintableERC20
             * @notice This interface was available on the legacy L2StandardERC20 contract. It remains available
             *         on the OptimismMintableERC20 contract for backwards compatibility.
             */
            interface ILegacyMintableERC20 is IERC165 {
                function l1Token() external view returns (address);
                function mint(address _to, uint256 _amount) external;
                function burn(address _from, uint256 _amount) external;
            }
            // SPDX-License-Identifier: MIT
            pragma solidity 0.8.15;
            import { ERC20 } from "@openzeppelin/contracts/token/ERC20/ERC20.sol";
            import { IERC165 } from "@openzeppelin/contracts/utils/introspection/IERC165.sol";
            import { ILegacyMintableERC20, IOptimismMintableERC20 } from "./IOptimismMintableERC20.sol";
            import { Semver } from "../universal/Semver.sol";
            /**
             * @title OptimismMintableERC20
             * @notice OptimismMintableERC20 is a standard extension of the base ERC20 token contract designed
             *         to allow the StandardBridge contracts to mint and burn tokens. This makes it possible to
             *         use an OptimismMintablERC20 as the L2 representation of an L1 token, or vice-versa.
             *         Designed to be backwards compatible with the older StandardL2ERC20 token which was only
             *         meant for use on L2.
             */
            contract OptimismMintableERC20 is IOptimismMintableERC20, ILegacyMintableERC20, ERC20, Semver {
                /**
                 * @notice Address of the corresponding version of this token on the remote chain.
                 */
                address public immutable REMOTE_TOKEN;
                /**
                 * @notice Address of the StandardBridge on this network.
                 */
                address public immutable BRIDGE;
                /**
                 * @notice Emitted whenever tokens are minted for an account.
                 *
                 * @param account Address of the account tokens are being minted for.
                 * @param amount  Amount of tokens minted.
                 */
                event Mint(address indexed account, uint256 amount);
                /**
                 * @notice Emitted whenever tokens are burned from an account.
                 *
                 * @param account Address of the account tokens are being burned from.
                 * @param amount  Amount of tokens burned.
                 */
                event Burn(address indexed account, uint256 amount);
                /**
                 * @notice A modifier that only allows the bridge to call
                 */
                modifier onlyBridge() {
                    require(msg.sender == BRIDGE, "OptimismMintableERC20: only bridge can mint and burn");
                    _;
                }
                /**
                 * @custom:semver 1.0.0
                 *
                 * @param _bridge      Address of the L2 standard bridge.
                 * @param _remoteToken Address of the corresponding L1 token.
                 * @param _name        ERC20 name.
                 * @param _symbol      ERC20 symbol.
                 */
                constructor(
                    address _bridge,
                    address _remoteToken,
                    string memory _name,
                    string memory _symbol
                ) ERC20(_name, _symbol) Semver(1, 0, 0) {
                    REMOTE_TOKEN = _remoteToken;
                    BRIDGE = _bridge;
                }
                /**
                 * @notice Allows the StandardBridge on this network to mint tokens.
                 *
                 * @param _to     Address to mint tokens to.
                 * @param _amount Amount of tokens to mint.
                 */
                function mint(address _to, uint256 _amount)
                    external
                    virtual
                    override(IOptimismMintableERC20, ILegacyMintableERC20)
                    onlyBridge
                {
                    _mint(_to, _amount);
                    emit Mint(_to, _amount);
                }
                /**
                 * @notice Allows the StandardBridge on this network to burn tokens.
                 *
                 * @param _from   Address to burn tokens from.
                 * @param _amount Amount of tokens to burn.
                 */
                function burn(address _from, uint256 _amount)
                    external
                    virtual
                    override(IOptimismMintableERC20, ILegacyMintableERC20)
                    onlyBridge
                {
                    _burn(_from, _amount);
                    emit Burn(_from, _amount);
                }
                /**
                 * @notice ERC165 interface check function.
                 *
                 * @param _interfaceId Interface ID to check.
                 *
                 * @return Whether or not the interface is supported by this contract.
                 */
                function supportsInterface(bytes4 _interfaceId) external pure returns (bool) {
                    bytes4 iface1 = type(IERC165).interfaceId;
                    // Interface corresponding to the legacy L2StandardERC20.
                    bytes4 iface2 = type(ILegacyMintableERC20).interfaceId;
                    // Interface corresponding to the updated OptimismMintableERC20 (this contract).
                    bytes4 iface3 = type(IOptimismMintableERC20).interfaceId;
                    return _interfaceId == iface1 || _interfaceId == iface2 || _interfaceId == iface3;
                }
                /**
                 * @custom:legacy
                 * @notice Legacy getter for the remote token. Use REMOTE_TOKEN going forward.
                 */
                function l1Token() public view returns (address) {
                    return REMOTE_TOKEN;
                }
                /**
                 * @custom:legacy
                 * @notice Legacy getter for the bridge. Use BRIDGE going forward.
                 */
                function l2Bridge() public view returns (address) {
                    return BRIDGE;
                }
                /**
                 * @custom:legacy
                 * @notice Legacy getter for REMOTE_TOKEN.
                 */
                function remoteToken() public view returns (address) {
                    return REMOTE_TOKEN;
                }
                /**
                 * @custom:legacy
                 * @notice Legacy getter for BRIDGE.
                 */
                function bridge() public view returns (address) {
                    return BRIDGE;
                }
            }
            // SPDX-License-Identifier: MIT
            pragma solidity ^0.8.0;
            import { Strings } from "@openzeppelin/contracts/utils/Strings.sol";
            /**
             * @title Semver
             * @notice Semver is a simple contract for managing contract versions.
             */
            contract Semver {
                /**
                 * @notice Contract version number (major).
                 */
                uint256 private immutable MAJOR_VERSION;
                /**
                 * @notice Contract version number (minor).
                 */
                uint256 private immutable MINOR_VERSION;
                /**
                 * @notice Contract version number (patch).
                 */
                uint256 private immutable PATCH_VERSION;
                /**
                 * @param _major Version number (major).
                 * @param _minor Version number (minor).
                 * @param _patch Version number (patch).
                 */
                constructor(
                    uint256 _major,
                    uint256 _minor,
                    uint256 _patch
                ) {
                    MAJOR_VERSION = _major;
                    MINOR_VERSION = _minor;
                    PATCH_VERSION = _patch;
                }
                /**
                 * @notice Returns the full semver contract version.
                 *
                 * @return Semver contract version as a string.
                 */
                function version() public view returns (string memory) {
                    return
                        string(
                            abi.encodePacked(
                                Strings.toString(MAJOR_VERSION),
                                ".",
                                Strings.toString(MINOR_VERSION),
                                ".",
                                Strings.toString(PATCH_VERSION)
                            )
                        );
                }
            }
            // SPDX-License-Identifier: MIT
            pragma solidity 0.8.15;
            import { IERC20 } from "@openzeppelin/contracts/token/ERC20/IERC20.sol";
            import { ERC165Checker } from "@openzeppelin/contracts/utils/introspection/ERC165Checker.sol";
            import { Address } from "@openzeppelin/contracts/utils/Address.sol";
            import { SafeERC20 } from "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol";
            import { SafeCall } from "../libraries/SafeCall.sol";
            import { IOptimismMintableERC20, ILegacyMintableERC20 } from "./IOptimismMintableERC20.sol";
            import { CrossDomainMessenger } from "./CrossDomainMessenger.sol";
            import { OptimismMintableERC20 } from "./OptimismMintableERC20.sol";
            /**
             * @custom:upgradeable
             * @title StandardBridge
             * @notice StandardBridge is a base contract for the L1 and L2 standard ERC20 bridges. It handles
             *         the core bridging logic, including escrowing tokens that are native to the local chain
             *         and minting/burning tokens that are native to the remote chain.
             */
            abstract contract StandardBridge {
                using SafeERC20 for IERC20;
                /**
                 * @notice The L2 gas limit set when eth is depoisited using the receive() function.
                 */
                uint32 internal constant RECEIVE_DEFAULT_GAS_LIMIT = 200_000;
                /**
                 * @notice Messenger contract on this domain.
                 */
                CrossDomainMessenger public immutable MESSENGER;
                /**
                 * @notice Corresponding bridge on the other domain.
                 */
                StandardBridge public immutable OTHER_BRIDGE;
                /**
                 * @custom:legacy
                 * @custom:spacer messenger
                 * @notice Spacer for backwards compatibility.
                 */
                address private spacer_0_0_20;
                /**
                 * @custom:legacy
                 * @custom:spacer l2TokenBridge
                 * @notice Spacer for backwards compatibility.
                 */
                address private spacer_1_0_20;
                /**
                 * @notice Mapping that stores deposits for a given pair of local and remote tokens.
                 */
                mapping(address => mapping(address => uint256)) public deposits;
                /**
                 * @notice Reserve extra slots (to a total of 50) in the storage layout for future upgrades.
                 *         A gap size of 47 was chosen here, so that the first slot used in a child contract
                 *         would be a multiple of 50.
                 */
                uint256[47] private __gap;
                /**
                 * @notice Emitted when an ETH bridge is initiated to the other chain.
                 *
                 * @param from      Address of the sender.
                 * @param to        Address of the receiver.
                 * @param amount    Amount of ETH sent.
                 * @param extraData Extra data sent with the transaction.
                 */
                event ETHBridgeInitiated(
                    address indexed from,
                    address indexed to,
                    uint256 amount,
                    bytes extraData
                );
                /**
                 * @notice Emitted when an ETH bridge is finalized on this chain.
                 *
                 * @param from      Address of the sender.
                 * @param to        Address of the receiver.
                 * @param amount    Amount of ETH sent.
                 * @param extraData Extra data sent with the transaction.
                 */
                event ETHBridgeFinalized(
                    address indexed from,
                    address indexed to,
                    uint256 amount,
                    bytes extraData
                );
                /**
                 * @notice Emitted when an ERC20 bridge is initiated to the other chain.
                 *
                 * @param localToken  Address of the ERC20 on this chain.
                 * @param remoteToken Address of the ERC20 on the remote chain.
                 * @param from        Address of the sender.
                 * @param to          Address of the receiver.
                 * @param amount      Amount of the ERC20 sent.
                 * @param extraData   Extra data sent with the transaction.
                 */
                event ERC20BridgeInitiated(
                    address indexed localToken,
                    address indexed remoteToken,
                    address indexed from,
                    address to,
                    uint256 amount,
                    bytes extraData
                );
                /**
                 * @notice Emitted when an ERC20 bridge is finalized on this chain.
                 *
                 * @param localToken  Address of the ERC20 on this chain.
                 * @param remoteToken Address of the ERC20 on the remote chain.
                 * @param from        Address of the sender.
                 * @param to          Address of the receiver.
                 * @param amount      Amount of the ERC20 sent.
                 * @param extraData   Extra data sent with the transaction.
                 */
                event ERC20BridgeFinalized(
                    address indexed localToken,
                    address indexed remoteToken,
                    address indexed from,
                    address to,
                    uint256 amount,
                    bytes extraData
                );
                /**
                 * @notice Only allow EOAs to call the functions. Note that this is not safe against contracts
                 *         calling code within their constructors, but also doesn't really matter since we're
                 *         just trying to prevent users accidentally depositing with smart contract wallets.
                 */
                modifier onlyEOA() {
                    require(
                        !Address.isContract(msg.sender),
                        "StandardBridge: function can only be called from an EOA"
                    );
                    _;
                }
                /**
                 * @notice Ensures that the caller is a cross-chain message from the other bridge.
                 */
                modifier onlyOtherBridge() {
                    require(
                        msg.sender == address(MESSENGER) &&
                            MESSENGER.xDomainMessageSender() == address(OTHER_BRIDGE),
                        "StandardBridge: function can only be called from the other bridge"
                    );
                    _;
                }
                /**
                 * @param _messenger   Address of CrossDomainMessenger on this network.
                 * @param _otherBridge Address of the other StandardBridge contract.
                 */
                constructor(address payable _messenger, address payable _otherBridge) {
                    MESSENGER = CrossDomainMessenger(_messenger);
                    OTHER_BRIDGE = StandardBridge(_otherBridge);
                }
                /**
                 * @notice Allows EOAs to bridge ETH by sending directly to the bridge.
                 *         Must be implemented by contracts that inherit.
                 */
                receive() external payable virtual;
                /**
                 * @custom:legacy
                 * @notice Legacy getter for messenger contract.
                 *
                 * @return Messenger contract on this domain.
                 */
                function messenger() external view returns (CrossDomainMessenger) {
                    return MESSENGER;
                }
                /**
                 * @notice Sends ETH to the sender's address on the other chain.
                 *
                 * @param _minGasLimit Minimum amount of gas that the bridge can be relayed with.
                 * @param _extraData   Extra data to be sent with the transaction. Note that the recipient will
                 *                     not be triggered with this data, but it will be emitted and can be used
                 *                     to identify the transaction.
                 */
                function bridgeETH(uint32 _minGasLimit, bytes calldata _extraData) public payable onlyEOA {
                    _initiateBridgeETH(msg.sender, msg.sender, msg.value, _minGasLimit, _extraData);
                }
                /**
                 * @notice Sends ETH to a receiver's address on the other chain. Note that if ETH is sent to a
                 *         smart contract and the call fails, the ETH will be temporarily locked in the
                 *         StandardBridge on the other chain until the call is replayed. If the call cannot be
                 *         replayed with any amount of gas (call always reverts), then the ETH will be
                 *         permanently locked in the StandardBridge on the other chain. ETH will also
                 *         be locked if the receiver is the other bridge, because finalizeBridgeETH will revert
                 *         in that case.
                 *
                 * @param _to          Address of the receiver.
                 * @param _minGasLimit Minimum amount of gas that the bridge can be relayed with.
                 * @param _extraData   Extra data to be sent with the transaction. Note that the recipient will
                 *                     not be triggered with this data, but it will be emitted and can be used
                 *                     to identify the transaction.
                 */
                function bridgeETHTo(
                    address _to,
                    uint32 _minGasLimit,
                    bytes calldata _extraData
                ) public payable {
                    _initiateBridgeETH(msg.sender, _to, msg.value, _minGasLimit, _extraData);
                }
                /**
                 * @notice Sends ERC20 tokens to the sender's address on the other chain. Note that if the
                 *         ERC20 token on the other chain does not recognize the local token as the correct
                 *         pair token, the ERC20 bridge will fail and the tokens will be returned to sender on
                 *         this chain.
                 *
                 * @param _localToken  Address of the ERC20 on this chain.
                 * @param _remoteToken Address of the corresponding token on the remote chain.
                 * @param _amount      Amount of local tokens to deposit.
                 * @param _minGasLimit Minimum amount of gas that the bridge can be relayed with.
                 * @param _extraData   Extra data to be sent with the transaction. Note that the recipient will
                 *                     not be triggered with this data, but it will be emitted and can be used
                 *                     to identify the transaction.
                 */
                function bridgeERC20(
                    address _localToken,
                    address _remoteToken,
                    uint256 _amount,
                    uint32 _minGasLimit,
                    bytes calldata _extraData
                ) public virtual onlyEOA {
                    _initiateBridgeERC20(
                        _localToken,
                        _remoteToken,
                        msg.sender,
                        msg.sender,
                        _amount,
                        _minGasLimit,
                        _extraData
                    );
                }
                /**
                 * @notice Sends ERC20 tokens to a receiver's address on the other chain. Note that if the
                 *         ERC20 token on the other chain does not recognize the local token as the correct
                 *         pair token, the ERC20 bridge will fail and the tokens will be returned to sender on
                 *         this chain.
                 *
                 * @param _localToken  Address of the ERC20 on this chain.
                 * @param _remoteToken Address of the corresponding token on the remote chain.
                 * @param _to          Address of the receiver.
                 * @param _amount      Amount of local tokens to deposit.
                 * @param _minGasLimit Minimum amount of gas that the bridge can be relayed with.
                 * @param _extraData   Extra data to be sent with the transaction. Note that the recipient will
                 *                     not be triggered with this data, but it will be emitted and can be used
                 *                     to identify the transaction.
                 */
                function bridgeERC20To(
                    address _localToken,
                    address _remoteToken,
                    address _to,
                    uint256 _amount,
                    uint32 _minGasLimit,
                    bytes calldata _extraData
                ) public virtual {
                    _initiateBridgeERC20(
                        _localToken,
                        _remoteToken,
                        msg.sender,
                        _to,
                        _amount,
                        _minGasLimit,
                        _extraData
                    );
                }
                /**
                 * @notice Finalizes an ETH bridge on this chain. Can only be triggered by the other
                 *         StandardBridge contract on the remote chain.
                 *
                 * @param _from      Address of the sender.
                 * @param _to        Address of the receiver.
                 * @param _amount    Amount of ETH being bridged.
                 * @param _extraData Extra data to be sent with the transaction. Note that the recipient will
                 *                   not be triggered with this data, but it will be emitted and can be used
                 *                   to identify the transaction.
                 */
                function finalizeBridgeETH(
                    address _from,
                    address _to,
                    uint256 _amount,
                    bytes calldata _extraData
                ) public payable onlyOtherBridge {
                    require(msg.value == _amount, "StandardBridge: amount sent does not match amount required");
                    require(_to != address(this), "StandardBridge: cannot send to self");
                    require(_to != address(MESSENGER), "StandardBridge: cannot send to messenger");
                    // Emit the correct events. By default this will be _amount, but child
                    // contracts may override this function in order to emit legacy events as well.
                    _emitETHBridgeFinalized(_from, _to, _amount, _extraData);
                    bool success = SafeCall.call(_to, gasleft(), _amount, hex"");
                    require(success, "StandardBridge: ETH transfer failed");
                }
                /**
                 * @notice Finalizes an ERC20 bridge on this chain. Can only be triggered by the other
                 *         StandardBridge contract on the remote chain.
                 *
                 * @param _localToken  Address of the ERC20 on this chain.
                 * @param _remoteToken Address of the corresponding token on the remote chain.
                 * @param _from        Address of the sender.
                 * @param _to          Address of the receiver.
                 * @param _amount      Amount of the ERC20 being bridged.
                 * @param _extraData   Extra data to be sent with the transaction. Note that the recipient will
                 *                     not be triggered with this data, but it will be emitted and can be used
                 *                     to identify the transaction.
                 */
                function finalizeBridgeERC20(
                    address _localToken,
                    address _remoteToken,
                    address _from,
                    address _to,
                    uint256 _amount,
                    bytes calldata _extraData
                ) public onlyOtherBridge {
                    if (_isOptimismMintableERC20(_localToken)) {
                        require(
                            _isCorrectTokenPair(_localToken, _remoteToken),
                            "StandardBridge: wrong remote token for Optimism Mintable ERC20 local token"
                        );
                        OptimismMintableERC20(_localToken).mint(_to, _amount);
                    } else {
                        deposits[_localToken][_remoteToken] = deposits[_localToken][_remoteToken] - _amount;
                        IERC20(_localToken).safeTransfer(_to, _amount);
                    }
                    // Emit the correct events. By default this will be ERC20BridgeFinalized, but child
                    // contracts may override this function in order to emit legacy events as well.
                    _emitERC20BridgeFinalized(_localToken, _remoteToken, _from, _to, _amount, _extraData);
                }
                /**
                 * @notice Initiates a bridge of ETH through the CrossDomainMessenger.
                 *
                 * @param _from        Address of the sender.
                 * @param _to          Address of the receiver.
                 * @param _amount      Amount of ETH being bridged.
                 * @param _minGasLimit Minimum amount of gas that the bridge can be relayed with.
                 * @param _extraData   Extra data to be sent with the transaction. Note that the recipient will
                 *                     not be triggered with this data, but it will be emitted and can be used
                 *                     to identify the transaction.
                 */
                function _initiateBridgeETH(
                    address _from,
                    address _to,
                    uint256 _amount,
                    uint32 _minGasLimit,
                    bytes memory _extraData
                ) internal {
                    require(
                        msg.value == _amount,
                        "StandardBridge: bridging ETH must include sufficient ETH value"
                    );
                    // Emit the correct events. By default this will be _amount, but child
                    // contracts may override this function in order to emit legacy events as well.
                    _emitETHBridgeInitiated(_from, _to, _amount, _extraData);
                    MESSENGER.sendMessage{ value: _amount }(
                        address(OTHER_BRIDGE),
                        abi.encodeWithSelector(
                            this.finalizeBridgeETH.selector,
                            _from,
                            _to,
                            _amount,
                            _extraData
                        ),
                        _minGasLimit
                    );
                }
                /**
                 * @notice Sends ERC20 tokens to a receiver's address on the other chain.
                 *
                 * @param _localToken  Address of the ERC20 on this chain.
                 * @param _remoteToken Address of the corresponding token on the remote chain.
                 * @param _to          Address of the receiver.
                 * @param _amount      Amount of local tokens to deposit.
                 * @param _minGasLimit Minimum amount of gas that the bridge can be relayed with.
                 * @param _extraData   Extra data to be sent with the transaction. Note that the recipient will
                 *                     not be triggered with this data, but it will be emitted and can be used
                 *                     to identify the transaction.
                 */
                function _initiateBridgeERC20(
                    address _localToken,
                    address _remoteToken,
                    address _from,
                    address _to,
                    uint256 _amount,
                    uint32 _minGasLimit,
                    bytes memory _extraData
                ) internal {
                    if (_isOptimismMintableERC20(_localToken)) {
                        require(
                            _isCorrectTokenPair(_localToken, _remoteToken),
                            "StandardBridge: wrong remote token for Optimism Mintable ERC20 local token"
                        );
                        OptimismMintableERC20(_localToken).burn(_from, _amount);
                    } else {
                        IERC20(_localToken).safeTransferFrom(_from, address(this), _amount);
                        deposits[_localToken][_remoteToken] = deposits[_localToken][_remoteToken] + _amount;
                    }
                    // Emit the correct events. By default this will be ERC20BridgeInitiated, but child
                    // contracts may override this function in order to emit legacy events as well.
                    _emitERC20BridgeInitiated(_localToken, _remoteToken, _from, _to, _amount, _extraData);
                    MESSENGER.sendMessage(
                        address(OTHER_BRIDGE),
                        abi.encodeWithSelector(
                            this.finalizeBridgeERC20.selector,
                            // Because this call will be executed on the remote chain, we reverse the order of
                            // the remote and local token addresses relative to their order in the
                            // finalizeBridgeERC20 function.
                            _remoteToken,
                            _localToken,
                            _from,
                            _to,
                            _amount,
                            _extraData
                        ),
                        _minGasLimit
                    );
                }
                /**
                 * @notice Checks if a given address is an OptimismMintableERC20. Not perfect, but good enough.
                 *         Just the way we like it.
                 *
                 * @param _token Address of the token to check.
                 *
                 * @return True if the token is an OptimismMintableERC20.
                 */
                function _isOptimismMintableERC20(address _token) internal view returns (bool) {
                    return
                        ERC165Checker.supportsInterface(_token, type(ILegacyMintableERC20).interfaceId) ||
                        ERC165Checker.supportsInterface(_token, type(IOptimismMintableERC20).interfaceId);
                }
                /**
                 * @notice Checks if the "other token" is the correct pair token for the OptimismMintableERC20.
                 *         Calls can be saved in the future by combining this logic with
                 *         `_isOptimismMintableERC20`.
                 *
                 * @param _mintableToken OptimismMintableERC20 to check against.
                 * @param _otherToken    Pair token to check.
                 *
                 * @return True if the other token is the correct pair token for the OptimismMintableERC20.
                 */
                function _isCorrectTokenPair(address _mintableToken, address _otherToken)
                    internal
                    view
                    returns (bool)
                {
                    if (
                        ERC165Checker.supportsInterface(_mintableToken, type(ILegacyMintableERC20).interfaceId)
                    ) {
                        return _otherToken == ILegacyMintableERC20(_mintableToken).l1Token();
                    } else {
                        return _otherToken == IOptimismMintableERC20(_mintableToken).remoteToken();
                    }
                }
                /** @notice Emits the ETHBridgeInitiated event and if necessary the appropriate legacy event
                 *          when an ETH bridge is finalized on this chain.
                 *
                 * @param _from      Address of the sender.
                 * @param _to        Address of the receiver.
                 * @param _amount    Amount of ETH sent.
                 * @param _extraData Extra data sent with the transaction.
                 */
                function _emitETHBridgeInitiated(
                    address _from,
                    address _to,
                    uint256 _amount,
                    bytes memory _extraData
                ) internal virtual {
                    emit ETHBridgeInitiated(_from, _to, _amount, _extraData);
                }
                /**
                 * @notice Emits the ETHBridgeFinalized and if necessary the appropriate legacy event when an
                 *         ETH bridge is finalized on this chain.
                 *
                 * @param _from      Address of the sender.
                 * @param _to        Address of the receiver.
                 * @param _amount    Amount of ETH sent.
                 * @param _extraData Extra data sent with the transaction.
                 */
                function _emitETHBridgeFinalized(
                    address _from,
                    address _to,
                    uint256 _amount,
                    bytes memory _extraData
                ) internal virtual {
                    emit ETHBridgeFinalized(_from, _to, _amount, _extraData);
                }
                /**
                 * @notice Emits the ERC20BridgeInitiated event and if necessary the appropriate legacy
                 *         event when an ERC20 bridge is initiated to the other chain.
                 *
                 * @param _localToken  Address of the ERC20 on this chain.
                 * @param _remoteToken Address of the ERC20 on the remote chain.
                 * @param _from        Address of the sender.
                 * @param _to          Address of the receiver.
                 * @param _amount      Amount of the ERC20 sent.
                 * @param _extraData   Extra data sent with the transaction.
                 */
                function _emitERC20BridgeInitiated(
                    address _localToken,
                    address _remoteToken,
                    address _from,
                    address _to,
                    uint256 _amount,
                    bytes memory _extraData
                ) internal virtual {
                    emit ERC20BridgeInitiated(_localToken, _remoteToken, _from, _to, _amount, _extraData);
                }
                /**
                 * @notice Emits the ERC20BridgeFinalized event and if necessary the appropriate legacy
                 *         event when an ERC20 bridge is initiated to the other chain.
                 *
                 * @param _localToken  Address of the ERC20 on this chain.
                 * @param _remoteToken Address of the ERC20 on the remote chain.
                 * @param _from        Address of the sender.
                 * @param _to          Address of the receiver.
                 * @param _amount      Amount of the ERC20 sent.
                 * @param _extraData   Extra data sent with the transaction.
                 */
                function _emitERC20BridgeFinalized(
                    address _localToken,
                    address _remoteToken,
                    address _from,
                    address _to,
                    uint256 _amount,
                    bytes memory _extraData
                ) internal virtual {
                    emit ERC20BridgeFinalized(_localToken, _remoteToken, _from, _to, _amount, _extraData);
                }
            }
            // SPDX-License-Identifier: MIT
            // OpenZeppelin Contracts (last updated v4.7.0) (proxy/utils/Initializable.sol)
            pragma solidity ^0.8.2;
            import "../../utils/Address.sol";
            /**
             * @dev This is a base contract to aid in writing upgradeable contracts, or any kind of contract that will be deployed
             * behind a proxy. Since proxied contracts do not make use of a constructor, it's common to move constructor logic to an
             * external initializer function, usually called `initialize`. It then becomes necessary to protect this initializer
             * function so it can only be called once. The {initializer} modifier provided by this contract will have this effect.
             *
             * The initialization functions use a version number. Once a version number is used, it is consumed and cannot be
             * reused. This mechanism prevents re-execution of each "step" but allows the creation of new initialization steps in
             * case an upgrade adds a module that needs to be initialized.
             *
             * For example:
             *
             * [.hljs-theme-light.nopadding]
             * ```
             * contract MyToken is ERC20Upgradeable {
             *     function initialize() initializer public {
             *         __ERC20_init("MyToken", "MTK");
             *     }
             * }
             * contract MyTokenV2 is MyToken, ERC20PermitUpgradeable {
             *     function initializeV2() reinitializer(2) public {
             *         __ERC20Permit_init("MyToken");
             *     }
             * }
             * ```
             *
             * TIP: To avoid leaving the proxy in an uninitialized state, the initializer function should be called as early as
             * possible by providing the encoded function call as the `_data` argument to {ERC1967Proxy-constructor}.
             *
             * CAUTION: When used with inheritance, manual care must be taken to not invoke a parent initializer twice, or to ensure
             * that all initializers are idempotent. This is not verified automatically as constructors are by Solidity.
             *
             * [CAUTION]
             * ====
             * Avoid leaving a contract uninitialized.
             *
             * An uninitialized contract can be taken over by an attacker. This applies to both a proxy and its implementation
             * contract, which may impact the proxy. To prevent the implementation contract from being used, you should invoke
             * the {_disableInitializers} function in the constructor to automatically lock it when it is deployed:
             *
             * [.hljs-theme-light.nopadding]
             * ```
             * /// @custom:oz-upgrades-unsafe-allow constructor
             * constructor() {
             *     _disableInitializers();
             * }
             * ```
             * ====
             */
            abstract contract Initializable {
                /**
                 * @dev Indicates that the contract has been initialized.
                 * @custom:oz-retyped-from bool
                 */
                uint8 private _initialized;
                /**
                 * @dev Indicates that the contract is in the process of being initialized.
                 */
                bool private _initializing;
                /**
                 * @dev Triggered when the contract has been initialized or reinitialized.
                 */
                event Initialized(uint8 version);
                /**
                 * @dev A modifier that defines a protected initializer function that can be invoked at most once. In its scope,
                 * `onlyInitializing` functions can be used to initialize parent contracts. Equivalent to `reinitializer(1)`.
                 */
                modifier initializer() {
                    bool isTopLevelCall = !_initializing;
                    require(
                        (isTopLevelCall && _initialized < 1) || (!Address.isContract(address(this)) && _initialized == 1),
                        "Initializable: contract is already initialized"
                    );
                    _initialized = 1;
                    if (isTopLevelCall) {
                        _initializing = true;
                    }
                    _;
                    if (isTopLevelCall) {
                        _initializing = false;
                        emit Initialized(1);
                    }
                }
                /**
                 * @dev A modifier that defines a protected reinitializer function that can be invoked at most once, and only if the
                 * contract hasn't been initialized to a greater version before. In its scope, `onlyInitializing` functions can be
                 * used to initialize parent contracts.
                 *
                 * `initializer` is equivalent to `reinitializer(1)`, so a reinitializer may be used after the original
                 * initialization step. This is essential to configure modules that are added through upgrades and that require
                 * initialization.
                 *
                 * Note that versions can jump in increments greater than 1; this implies that if multiple reinitializers coexist in
                 * a contract, executing them in the right order is up to the developer or operator.
                 */
                modifier reinitializer(uint8 version) {
                    require(!_initializing && _initialized < version, "Initializable: contract is already initialized");
                    _initialized = version;
                    _initializing = true;
                    _;
                    _initializing = false;
                    emit Initialized(version);
                }
                /**
                 * @dev Modifier to protect an initialization function so that it can only be invoked by functions with the
                 * {initializer} and {reinitializer} modifiers, directly or indirectly.
                 */
                modifier onlyInitializing() {
                    require(_initializing, "Initializable: contract is not initializing");
                    _;
                }
                /**
                 * @dev Locks the contract, preventing any future reinitialization. This cannot be part of an initializer call.
                 * Calling this in the constructor of a contract will prevent that contract from being initialized or reinitialized
                 * to any version. It is recommended to use this to lock implementation contracts that are designed to be called
                 * through proxies.
                 */
                function _disableInitializers() internal virtual {
                    require(!_initializing, "Initializable: contract is initializing");
                    if (_initialized < type(uint8).max) {
                        _initialized = type(uint8).max;
                        emit Initialized(type(uint8).max);
                    }
                }
            }
            // SPDX-License-Identifier: MIT
            // OpenZeppelin Contracts (last updated v4.7.0) (token/ERC20/ERC20.sol)
            pragma solidity ^0.8.0;
            import "./IERC20.sol";
            import "./extensions/IERC20Metadata.sol";
            import "../../utils/Context.sol";
            /**
             * @dev Implementation of the {IERC20} interface.
             *
             * This implementation is agnostic to the way tokens are created. This means
             * that a supply mechanism has to be added in a derived contract using {_mint}.
             * For a generic mechanism see {ERC20PresetMinterPauser}.
             *
             * TIP: For a detailed writeup see our guide
             * https://forum.zeppelin.solutions/t/how-to-implement-erc20-supply-mechanisms/226[How
             * to implement supply mechanisms].
             *
             * We have followed general OpenZeppelin Contracts guidelines: functions revert
             * instead returning `false` on failure. This behavior is nonetheless
             * conventional and does not conflict with the expectations of ERC20
             * applications.
             *
             * Additionally, an {Approval} event is emitted on calls to {transferFrom}.
             * This allows applications to reconstruct the allowance for all accounts just
             * by listening to said events. Other implementations of the EIP may not emit
             * these events, as it isn't required by the specification.
             *
             * Finally, the non-standard {decreaseAllowance} and {increaseAllowance}
             * functions have been added to mitigate the well-known issues around setting
             * allowances. See {IERC20-approve}.
             */
            contract ERC20 is Context, IERC20, IERC20Metadata {
                mapping(address => uint256) private _balances;
                mapping(address => mapping(address => uint256)) private _allowances;
                uint256 private _totalSupply;
                string private _name;
                string private _symbol;
                /**
                 * @dev Sets the values for {name} and {symbol}.
                 *
                 * The default value of {decimals} is 18. To select a different value for
                 * {decimals} you should overload it.
                 *
                 * All two of these values are immutable: they can only be set once during
                 * construction.
                 */
                constructor(string memory name_, string memory symbol_) {
                    _name = name_;
                    _symbol = symbol_;
                }
                /**
                 * @dev Returns the name of the token.
                 */
                function name() public view virtual override returns (string memory) {
                    return _name;
                }
                /**
                 * @dev Returns the symbol of the token, usually a shorter version of the
                 * name.
                 */
                function symbol() public view virtual override returns (string memory) {
                    return _symbol;
                }
                /**
                 * @dev Returns the number of decimals used to get its user representation.
                 * For example, if `decimals` equals `2`, a balance of `505` tokens should
                 * be displayed to a user as `5.05` (`505 / 10 ** 2`).
                 *
                 * Tokens usually opt for a value of 18, imitating the relationship between
                 * Ether and Wei. This is the value {ERC20} uses, unless this function is
                 * overridden;
                 *
                 * NOTE: This information is only used for _display_ purposes: it in
                 * no way affects any of the arithmetic of the contract, including
                 * {IERC20-balanceOf} and {IERC20-transfer}.
                 */
                function decimals() public view virtual override returns (uint8) {
                    return 18;
                }
                /**
                 * @dev See {IERC20-totalSupply}.
                 */
                function totalSupply() public view virtual override returns (uint256) {
                    return _totalSupply;
                }
                /**
                 * @dev See {IERC20-balanceOf}.
                 */
                function balanceOf(address account) public view virtual override returns (uint256) {
                    return _balances[account];
                }
                /**
                 * @dev See {IERC20-transfer}.
                 *
                 * Requirements:
                 *
                 * - `to` cannot be the zero address.
                 * - the caller must have a balance of at least `amount`.
                 */
                function transfer(address to, uint256 amount) public virtual override returns (bool) {
                    address owner = _msgSender();
                    _transfer(owner, to, amount);
                    return true;
                }
                /**
                 * @dev See {IERC20-allowance}.
                 */
                function allowance(address owner, address spender) public view virtual override returns (uint256) {
                    return _allowances[owner][spender];
                }
                /**
                 * @dev See {IERC20-approve}.
                 *
                 * NOTE: If `amount` is the maximum `uint256`, the allowance is not updated on
                 * `transferFrom`. This is semantically equivalent to an infinite approval.
                 *
                 * Requirements:
                 *
                 * - `spender` cannot be the zero address.
                 */
                function approve(address spender, uint256 amount) public virtual override returns (bool) {
                    address owner = _msgSender();
                    _approve(owner, spender, amount);
                    return true;
                }
                /**
                 * @dev See {IERC20-transferFrom}.
                 *
                 * Emits an {Approval} event indicating the updated allowance. This is not
                 * required by the EIP. See the note at the beginning of {ERC20}.
                 *
                 * NOTE: Does not update the allowance if the current allowance
                 * is the maximum `uint256`.
                 *
                 * Requirements:
                 *
                 * - `from` and `to` cannot be the zero address.
                 * - `from` must have a balance of at least `amount`.
                 * - the caller must have allowance for ``from``'s tokens of at least
                 * `amount`.
                 */
                function transferFrom(
                    address from,
                    address to,
                    uint256 amount
                ) public virtual override returns (bool) {
                    address spender = _msgSender();
                    _spendAllowance(from, spender, amount);
                    _transfer(from, to, amount);
                    return true;
                }
                /**
                 * @dev Atomically increases the allowance granted to `spender` by the caller.
                 *
                 * This is an alternative to {approve} that can be used as a mitigation for
                 * problems described in {IERC20-approve}.
                 *
                 * Emits an {Approval} event indicating the updated allowance.
                 *
                 * Requirements:
                 *
                 * - `spender` cannot be the zero address.
                 */
                function increaseAllowance(address spender, uint256 addedValue) public virtual returns (bool) {
                    address owner = _msgSender();
                    _approve(owner, spender, allowance(owner, spender) + addedValue);
                    return true;
                }
                /**
                 * @dev Atomically decreases the allowance granted to `spender` by the caller.
                 *
                 * This is an alternative to {approve} that can be used as a mitigation for
                 * problems described in {IERC20-approve}.
                 *
                 * Emits an {Approval} event indicating the updated allowance.
                 *
                 * Requirements:
                 *
                 * - `spender` cannot be the zero address.
                 * - `spender` must have allowance for the caller of at least
                 * `subtractedValue`.
                 */
                function decreaseAllowance(address spender, uint256 subtractedValue) public virtual returns (bool) {
                    address owner = _msgSender();
                    uint256 currentAllowance = allowance(owner, spender);
                    require(currentAllowance >= subtractedValue, "ERC20: decreased allowance below zero");
                    unchecked {
                        _approve(owner, spender, currentAllowance - subtractedValue);
                    }
                    return true;
                }
                /**
                 * @dev Moves `amount` of tokens from `from` to `to`.
                 *
                 * This internal function is equivalent to {transfer}, and can be used to
                 * e.g. implement automatic token fees, slashing mechanisms, etc.
                 *
                 * Emits a {Transfer} event.
                 *
                 * Requirements:
                 *
                 * - `from` cannot be the zero address.
                 * - `to` cannot be the zero address.
                 * - `from` must have a balance of at least `amount`.
                 */
                function _transfer(
                    address from,
                    address to,
                    uint256 amount
                ) internal virtual {
                    require(from != address(0), "ERC20: transfer from the zero address");
                    require(to != address(0), "ERC20: transfer to the zero address");
                    _beforeTokenTransfer(from, to, amount);
                    uint256 fromBalance = _balances[from];
                    require(fromBalance >= amount, "ERC20: transfer amount exceeds balance");
                    unchecked {
                        _balances[from] = fromBalance - amount;
                    }
                    _balances[to] += amount;
                    emit Transfer(from, to, amount);
                    _afterTokenTransfer(from, to, amount);
                }
                /** @dev Creates `amount` tokens and assigns them to `account`, increasing
                 * the total supply.
                 *
                 * Emits a {Transfer} event with `from` set to the zero address.
                 *
                 * Requirements:
                 *
                 * - `account` cannot be the zero address.
                 */
                function _mint(address account, uint256 amount) internal virtual {
                    require(account != address(0), "ERC20: mint to the zero address");
                    _beforeTokenTransfer(address(0), account, amount);
                    _totalSupply += amount;
                    _balances[account] += amount;
                    emit Transfer(address(0), account, amount);
                    _afterTokenTransfer(address(0), account, amount);
                }
                /**
                 * @dev Destroys `amount` tokens from `account`, reducing the
                 * total supply.
                 *
                 * Emits a {Transfer} event with `to` set to the zero address.
                 *
                 * Requirements:
                 *
                 * - `account` cannot be the zero address.
                 * - `account` must have at least `amount` tokens.
                 */
                function _burn(address account, uint256 amount) internal virtual {
                    require(account != address(0), "ERC20: burn from the zero address");
                    _beforeTokenTransfer(account, address(0), amount);
                    uint256 accountBalance = _balances[account];
                    require(accountBalance >= amount, "ERC20: burn amount exceeds balance");
                    unchecked {
                        _balances[account] = accountBalance - amount;
                    }
                    _totalSupply -= amount;
                    emit Transfer(account, address(0), amount);
                    _afterTokenTransfer(account, address(0), amount);
                }
                /**
                 * @dev Sets `amount` as the allowance of `spender` over the `owner` s tokens.
                 *
                 * This internal function is equivalent to `approve`, and can be used to
                 * e.g. set automatic allowances for certain subsystems, etc.
                 *
                 * Emits an {Approval} event.
                 *
                 * Requirements:
                 *
                 * - `owner` cannot be the zero address.
                 * - `spender` cannot be the zero address.
                 */
                function _approve(
                    address owner,
                    address spender,
                    uint256 amount
                ) internal virtual {
                    require(owner != address(0), "ERC20: approve from the zero address");
                    require(spender != address(0), "ERC20: approve to the zero address");
                    _allowances[owner][spender] = amount;
                    emit Approval(owner, spender, amount);
                }
                /**
                 * @dev Updates `owner` s allowance for `spender` based on spent `amount`.
                 *
                 * Does not update the allowance amount in case of infinite allowance.
                 * Revert if not enough allowance is available.
                 *
                 * Might emit an {Approval} event.
                 */
                function _spendAllowance(
                    address owner,
                    address spender,
                    uint256 amount
                ) internal virtual {
                    uint256 currentAllowance = allowance(owner, spender);
                    if (currentAllowance != type(uint256).max) {
                        require(currentAllowance >= amount, "ERC20: insufficient allowance");
                        unchecked {
                            _approve(owner, spender, currentAllowance - amount);
                        }
                    }
                }
                /**
                 * @dev Hook that is called before any transfer of tokens. This includes
                 * minting and burning.
                 *
                 * Calling conditions:
                 *
                 * - when `from` and `to` are both non-zero, `amount` of ``from``'s tokens
                 * will be transferred to `to`.
                 * - when `from` is zero, `amount` tokens will be minted for `to`.
                 * - when `to` is zero, `amount` of ``from``'s tokens will be burned.
                 * - `from` and `to` are never both zero.
                 *
                 * To learn more about hooks, head to xref:ROOT:extending-contracts.adoc#using-hooks[Using Hooks].
                 */
                function _beforeTokenTransfer(
                    address from,
                    address to,
                    uint256 amount
                ) internal virtual {}
                /**
                 * @dev Hook that is called after any transfer of tokens. This includes
                 * minting and burning.
                 *
                 * Calling conditions:
                 *
                 * - when `from` and `to` are both non-zero, `amount` of ``from``'s tokens
                 * has been transferred to `to`.
                 * - when `from` is zero, `amount` tokens have been minted for `to`.
                 * - when `to` is zero, `amount` of ``from``'s tokens have been burned.
                 * - `from` and `to` are never both zero.
                 *
                 * To learn more about hooks, head to xref:ROOT:extending-contracts.adoc#using-hooks[Using Hooks].
                 */
                function _afterTokenTransfer(
                    address from,
                    address to,
                    uint256 amount
                ) internal virtual {}
            }
            // SPDX-License-Identifier: MIT
            // OpenZeppelin Contracts (last updated v4.6.0) (token/ERC20/IERC20.sol)
            pragma solidity ^0.8.0;
            /**
             * @dev Interface of the ERC20 standard as defined in the EIP.
             */
            interface IERC20 {
                /**
                 * @dev Emitted when `value` tokens are moved from one account (`from`) to
                 * another (`to`).
                 *
                 * Note that `value` may be zero.
                 */
                event Transfer(address indexed from, address indexed to, uint256 value);
                /**
                 * @dev Emitted when the allowance of a `spender` for an `owner` is set by
                 * a call to {approve}. `value` is the new allowance.
                 */
                event Approval(address indexed owner, address indexed spender, uint256 value);
                /**
                 * @dev Returns the amount of tokens in existence.
                 */
                function totalSupply() external view returns (uint256);
                /**
                 * @dev Returns the amount of tokens owned by `account`.
                 */
                function balanceOf(address account) external view returns (uint256);
                /**
                 * @dev Moves `amount` tokens from the caller's account to `to`.
                 *
                 * Returns a boolean value indicating whether the operation succeeded.
                 *
                 * Emits a {Transfer} event.
                 */
                function transfer(address to, uint256 amount) external returns (bool);
                /**
                 * @dev Returns the remaining number of tokens that `spender` will be
                 * allowed to spend on behalf of `owner` through {transferFrom}. This is
                 * zero by default.
                 *
                 * This value changes when {approve} or {transferFrom} are called.
                 */
                function allowance(address owner, address spender) external view returns (uint256);
                /**
                 * @dev Sets `amount` as the allowance of `spender` over the caller's tokens.
                 *
                 * Returns a boolean value indicating whether the operation succeeded.
                 *
                 * IMPORTANT: Beware that changing an allowance with this method brings the risk
                 * that someone may use both the old and the new allowance by unfortunate
                 * transaction ordering. One possible solution to mitigate this race
                 * condition is to first reduce the spender's allowance to 0 and set the
                 * desired value afterwards:
                 * https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729
                 *
                 * Emits an {Approval} event.
                 */
                function approve(address spender, uint256 amount) external returns (bool);
                /**
                 * @dev Moves `amount` tokens from `from` to `to` using the
                 * allowance mechanism. `amount` is then deducted from the caller's
                 * allowance.
                 *
                 * Returns a boolean value indicating whether the operation succeeded.
                 *
                 * Emits a {Transfer} event.
                 */
                function transferFrom(
                    address from,
                    address to,
                    uint256 amount
                ) external returns (bool);
            }
            // SPDX-License-Identifier: MIT
            // OpenZeppelin Contracts v4.4.1 (token/ERC20/extensions/IERC20Metadata.sol)
            pragma solidity ^0.8.0;
            import "../IERC20.sol";
            /**
             * @dev Interface for the optional metadata functions from the ERC20 standard.
             *
             * _Available since v4.1._
             */
            interface IERC20Metadata is IERC20 {
                /**
                 * @dev Returns the name of the token.
                 */
                function name() external view returns (string memory);
                /**
                 * @dev Returns the symbol of the token.
                 */
                function symbol() external view returns (string memory);
                /**
                 * @dev Returns the decimals places of the token.
                 */
                function decimals() external view returns (uint8);
            }
            // SPDX-License-Identifier: MIT
            // OpenZeppelin Contracts v4.4.1 (token/ERC20/extensions/draft-IERC20Permit.sol)
            pragma solidity ^0.8.0;
            /**
             * @dev Interface of the ERC20 Permit extension allowing approvals to be made via signatures, as defined in
             * https://eips.ethereum.org/EIPS/eip-2612[EIP-2612].
             *
             * Adds the {permit} method, which can be used to change an account's ERC20 allowance (see {IERC20-allowance}) by
             * presenting a message signed by the account. By not relying on {IERC20-approve}, the token holder account doesn't
             * need to send a transaction, and thus is not required to hold Ether at all.
             */
            interface IERC20Permit {
                /**
                 * @dev Sets `value` as the allowance of `spender` over ``owner``'s tokens,
                 * given ``owner``'s signed approval.
                 *
                 * IMPORTANT: The same issues {IERC20-approve} has related to transaction
                 * ordering also apply here.
                 *
                 * Emits an {Approval} event.
                 *
                 * Requirements:
                 *
                 * - `spender` cannot be the zero address.
                 * - `deadline` must be a timestamp in the future.
                 * - `v`, `r` and `s` must be a valid `secp256k1` signature from `owner`
                 * over the EIP712-formatted function arguments.
                 * - the signature must use ``owner``'s current nonce (see {nonces}).
                 *
                 * For more information on the signature format, see the
                 * https://eips.ethereum.org/EIPS/eip-2612#specification[relevant EIP
                 * section].
                 */
                function permit(
                    address owner,
                    address spender,
                    uint256 value,
                    uint256 deadline,
                    uint8 v,
                    bytes32 r,
                    bytes32 s
                ) external;
                /**
                 * @dev Returns the current nonce for `owner`. This value must be
                 * included whenever a signature is generated for {permit}.
                 *
                 * Every successful call to {permit} increases ``owner``'s nonce by one. This
                 * prevents a signature from being used multiple times.
                 */
                function nonces(address owner) external view returns (uint256);
                /**
                 * @dev Returns the domain separator used in the encoding of the signature for {permit}, as defined by {EIP712}.
                 */
                // solhint-disable-next-line func-name-mixedcase
                function DOMAIN_SEPARATOR() external view returns (bytes32);
            }
            // SPDX-License-Identifier: MIT
            // OpenZeppelin Contracts (last updated v4.7.0) (token/ERC20/utils/SafeERC20.sol)
            pragma solidity ^0.8.0;
            import "../IERC20.sol";
            import "../extensions/draft-IERC20Permit.sol";
            import "../../../utils/Address.sol";
            /**
             * @title SafeERC20
             * @dev Wrappers around ERC20 operations that throw on failure (when the token
             * contract returns false). Tokens that return no value (and instead revert or
             * throw on failure) are also supported, non-reverting calls are assumed to be
             * successful.
             * To use this library you can add a `using SafeERC20 for IERC20;` statement to your contract,
             * which allows you to call the safe operations as `token.safeTransfer(...)`, etc.
             */
            library SafeERC20 {
                using Address for address;
                function safeTransfer(
                    IERC20 token,
                    address to,
                    uint256 value
                ) internal {
                    _callOptionalReturn(token, abi.encodeWithSelector(token.transfer.selector, to, value));
                }
                function safeTransferFrom(
                    IERC20 token,
                    address from,
                    address to,
                    uint256 value
                ) internal {
                    _callOptionalReturn(token, abi.encodeWithSelector(token.transferFrom.selector, from, to, value));
                }
                /**
                 * @dev Deprecated. This function has issues similar to the ones found in
                 * {IERC20-approve}, and its usage is discouraged.
                 *
                 * Whenever possible, use {safeIncreaseAllowance} and
                 * {safeDecreaseAllowance} instead.
                 */
                function safeApprove(
                    IERC20 token,
                    address spender,
                    uint256 value
                ) internal {
                    // safeApprove should only be called when setting an initial allowance,
                    // or when resetting it to zero. To increase and decrease it, use
                    // 'safeIncreaseAllowance' and 'safeDecreaseAllowance'
                    require(
                        (value == 0) || (token.allowance(address(this), spender) == 0),
                        "SafeERC20: approve from non-zero to non-zero allowance"
                    );
                    _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, value));
                }
                function safeIncreaseAllowance(
                    IERC20 token,
                    address spender,
                    uint256 value
                ) internal {
                    uint256 newAllowance = token.allowance(address(this), spender) + value;
                    _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, newAllowance));
                }
                function safeDecreaseAllowance(
                    IERC20 token,
                    address spender,
                    uint256 value
                ) internal {
                    unchecked {
                        uint256 oldAllowance = token.allowance(address(this), spender);
                        require(oldAllowance >= value, "SafeERC20: decreased allowance below zero");
                        uint256 newAllowance = oldAllowance - value;
                        _callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, newAllowance));
                    }
                }
                function safePermit(
                    IERC20Permit token,
                    address owner,
                    address spender,
                    uint256 value,
                    uint256 deadline,
                    uint8 v,
                    bytes32 r,
                    bytes32 s
                ) internal {
                    uint256 nonceBefore = token.nonces(owner);
                    token.permit(owner, spender, value, deadline, v, r, s);
                    uint256 nonceAfter = token.nonces(owner);
                    require(nonceAfter == nonceBefore + 1, "SafeERC20: permit did not succeed");
                }
                /**
                 * @dev Imitates a Solidity high-level call (i.e. a regular function call to a contract), relaxing the requirement
                 * on the return value: the return value is optional (but if data is returned, it must not be false).
                 * @param token The token targeted by the call.
                 * @param data The call data (encoded using abi.encode or one of its variants).
                 */
                function _callOptionalReturn(IERC20 token, bytes memory data) private {
                    // We need to perform a low level call here, to bypass Solidity's return data size checking mechanism, since
                    // we're implementing it ourselves. We use {Address.functionCall} to perform this call, which verifies that
                    // the target address contains contract code and also asserts for success in the low-level call.
                    bytes memory returndata = address(token).functionCall(data, "SafeERC20: low-level call failed");
                    if (returndata.length > 0) {
                        // Return data is optional
                        require(abi.decode(returndata, (bool)), "SafeERC20: ERC20 operation did not succeed");
                    }
                }
            }
            // SPDX-License-Identifier: MIT
            // OpenZeppelin Contracts (last updated v4.7.0) (utils/Address.sol)
            pragma solidity ^0.8.1;
            /**
             * @dev Collection of functions related to the address type
             */
            library Address {
                /**
                 * @dev Returns true if `account` is a contract.
                 *
                 * [IMPORTANT]
                 * ====
                 * It is unsafe to assume that an address for which this function returns
                 * false is an externally-owned account (EOA) and not a contract.
                 *
                 * Among others, `isContract` will return false for the following
                 * types of addresses:
                 *
                 *  - an externally-owned account
                 *  - a contract in construction
                 *  - an address where a contract will be created
                 *  - an address where a contract lived, but was destroyed
                 * ====
                 *
                 * [IMPORTANT]
                 * ====
                 * You shouldn't rely on `isContract` to protect against flash loan attacks!
                 *
                 * Preventing calls from contracts is highly discouraged. It breaks composability, breaks support for smart wallets
                 * like Gnosis Safe, and does not provide security since it can be circumvented by calling from a contract
                 * constructor.
                 * ====
                 */
                function isContract(address account) internal view returns (bool) {
                    // This method relies on extcodesize/address.code.length, which returns 0
                    // for contracts in construction, since the code is only stored at the end
                    // of the constructor execution.
                    return account.code.length > 0;
                }
                /**
                 * @dev Replacement for Solidity's `transfer`: sends `amount` wei to
                 * `recipient`, forwarding all available gas and reverting on errors.
                 *
                 * https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost
                 * of certain opcodes, possibly making contracts go over the 2300 gas limit
                 * imposed by `transfer`, making them unable to receive funds via
                 * `transfer`. {sendValue} removes this limitation.
                 *
                 * https://diligence.consensys.net/posts/2019/09/stop-using-soliditys-transfer-now/[Learn more].
                 *
                 * IMPORTANT: because control is transferred to `recipient`, care must be
                 * taken to not create reentrancy vulnerabilities. Consider using
                 * {ReentrancyGuard} or the
                 * https://solidity.readthedocs.io/en/v0.5.11/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern].
                 */
                function sendValue(address payable recipient, uint256 amount) internal {
                    require(address(this).balance >= amount, "Address: insufficient balance");
                    (bool success, ) = recipient.call{value: amount}("");
                    require(success, "Address: unable to send value, recipient may have reverted");
                }
                /**
                 * @dev Performs a Solidity function call using a low level `call`. A
                 * plain `call` is an unsafe replacement for a function call: use this
                 * function instead.
                 *
                 * If `target` reverts with a revert reason, it is bubbled up by this
                 * function (like regular Solidity function calls).
                 *
                 * Returns the raw returned data. To convert to the expected return value,
                 * use https://solidity.readthedocs.io/en/latest/units-and-global-variables.html?highlight=abi.decode#abi-encoding-and-decoding-functions[`abi.decode`].
                 *
                 * Requirements:
                 *
                 * - `target` must be a contract.
                 * - calling `target` with `data` must not revert.
                 *
                 * _Available since v3.1._
                 */
                function functionCall(address target, bytes memory data) internal returns (bytes memory) {
                    return functionCall(target, data, "Address: low-level call failed");
                }
                /**
                 * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], but with
                 * `errorMessage` as a fallback revert reason when `target` reverts.
                 *
                 * _Available since v3.1._
                 */
                function functionCall(
                    address target,
                    bytes memory data,
                    string memory errorMessage
                ) internal returns (bytes memory) {
                    return functionCallWithValue(target, data, 0, errorMessage);
                }
                /**
                 * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
                 * but also transferring `value` wei to `target`.
                 *
                 * Requirements:
                 *
                 * - the calling contract must have an ETH balance of at least `value`.
                 * - the called Solidity function must be `payable`.
                 *
                 * _Available since v3.1._
                 */
                function functionCallWithValue(
                    address target,
                    bytes memory data,
                    uint256 value
                ) internal returns (bytes memory) {
                    return functionCallWithValue(target, data, value, "Address: low-level call with value failed");
                }
                /**
                 * @dev Same as {xref-Address-functionCallWithValue-address-bytes-uint256-}[`functionCallWithValue`], but
                 * with `errorMessage` as a fallback revert reason when `target` reverts.
                 *
                 * _Available since v3.1._
                 */
                function functionCallWithValue(
                    address target,
                    bytes memory data,
                    uint256 value,
                    string memory errorMessage
                ) internal returns (bytes memory) {
                    require(address(this).balance >= value, "Address: insufficient balance for call");
                    require(isContract(target), "Address: call to non-contract");
                    (bool success, bytes memory returndata) = target.call{value: value}(data);
                    return verifyCallResult(success, returndata, errorMessage);
                }
                /**
                 * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
                 * but performing a static call.
                 *
                 * _Available since v3.3._
                 */
                function functionStaticCall(address target, bytes memory data) internal view returns (bytes memory) {
                    return functionStaticCall(target, data, "Address: low-level static call failed");
                }
                /**
                 * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],
                 * but performing a static call.
                 *
                 * _Available since v3.3._
                 */
                function functionStaticCall(
                    address target,
                    bytes memory data,
                    string memory errorMessage
                ) internal view returns (bytes memory) {
                    require(isContract(target), "Address: static call to non-contract");
                    (bool success, bytes memory returndata) = target.staticcall(data);
                    return verifyCallResult(success, returndata, errorMessage);
                }
                /**
                 * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
                 * but performing a delegate call.
                 *
                 * _Available since v3.4._
                 */
                function functionDelegateCall(address target, bytes memory data) internal returns (bytes memory) {
                    return functionDelegateCall(target, data, "Address: low-level delegate call failed");
                }
                /**
                 * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],
                 * but performing a delegate call.
                 *
                 * _Available since v3.4._
                 */
                function functionDelegateCall(
                    address target,
                    bytes memory data,
                    string memory errorMessage
                ) internal returns (bytes memory) {
                    require(isContract(target), "Address: delegate call to non-contract");
                    (bool success, bytes memory returndata) = target.delegatecall(data);
                    return verifyCallResult(success, returndata, errorMessage);
                }
                /**
                 * @dev Tool to verifies that a low level call was successful, and revert if it wasn't, either by bubbling the
                 * revert reason using the provided one.
                 *
                 * _Available since v4.3._
                 */
                function verifyCallResult(
                    bool success,
                    bytes memory returndata,
                    string memory errorMessage
                ) internal pure returns (bytes memory) {
                    if (success) {
                        return returndata;
                    } else {
                        // Look for revert reason and bubble it up if present
                        if (returndata.length > 0) {
                            // The easiest way to bubble the revert reason is using memory via assembly
                            /// @solidity memory-safe-assembly
                            assembly {
                                let returndata_size := mload(returndata)
                                revert(add(32, returndata), returndata_size)
                            }
                        } else {
                            revert(errorMessage);
                        }
                    }
                }
            }
            // SPDX-License-Identifier: MIT
            // OpenZeppelin Contracts v4.4.1 (utils/Context.sol)
            pragma solidity ^0.8.0;
            /**
             * @dev Provides information about the current execution context, including the
             * sender of the transaction and its data. While these are generally available
             * via msg.sender and msg.data, they should not be accessed in such a direct
             * manner, since when dealing with meta-transactions the account sending and
             * paying for execution may not be the actual sender (as far as an application
             * is concerned).
             *
             * This contract is only required for intermediate, library-like contracts.
             */
            abstract contract Context {
                function _msgSender() internal view virtual returns (address) {
                    return msg.sender;
                }
                function _msgData() internal view virtual returns (bytes calldata) {
                    return msg.data;
                }
            }
            // SPDX-License-Identifier: MIT
            // OpenZeppelin Contracts (last updated v4.7.0) (utils/Strings.sol)
            pragma solidity ^0.8.0;
            /**
             * @dev String operations.
             */
            library Strings {
                bytes16 private constant _HEX_SYMBOLS = "0123456789abcdef";
                uint8 private constant _ADDRESS_LENGTH = 20;
                /**
                 * @dev Converts a `uint256` to its ASCII `string` decimal representation.
                 */
                function toString(uint256 value) internal pure returns (string memory) {
                    // Inspired by OraclizeAPI's implementation - MIT licence
                    // https://github.com/oraclize/ethereum-api/blob/b42146b063c7d6ee1358846c198246239e9360e8/oraclizeAPI_0.4.25.sol
                    if (value == 0) {
                        return "0";
                    }
                    uint256 temp = value;
                    uint256 digits;
                    while (temp != 0) {
                        digits++;
                        temp /= 10;
                    }
                    bytes memory buffer = new bytes(digits);
                    while (value != 0) {
                        digits -= 1;
                        buffer[digits] = bytes1(uint8(48 + uint256(value % 10)));
                        value /= 10;
                    }
                    return string(buffer);
                }
                /**
                 * @dev Converts a `uint256` to its ASCII `string` hexadecimal representation.
                 */
                function toHexString(uint256 value) internal pure returns (string memory) {
                    if (value == 0) {
                        return "0x00";
                    }
                    uint256 temp = value;
                    uint256 length = 0;
                    while (temp != 0) {
                        length++;
                        temp >>= 8;
                    }
                    return toHexString(value, length);
                }
                /**
                 * @dev Converts a `uint256` to its ASCII `string` hexadecimal representation with fixed length.
                 */
                function toHexString(uint256 value, uint256 length) internal pure returns (string memory) {
                    bytes memory buffer = new bytes(2 * length + 2);
                    buffer[0] = "0";
                    buffer[1] = "x";
                    for (uint256 i = 2 * length + 1; i > 1; --i) {
                        buffer[i] = _HEX_SYMBOLS[value & 0xf];
                        value >>= 4;
                    }
                    require(value == 0, "Strings: hex length insufficient");
                    return string(buffer);
                }
                /**
                 * @dev Converts an `address` with fixed length of 20 bytes to its not checksummed ASCII `string` hexadecimal representation.
                 */
                function toHexString(address addr) internal pure returns (string memory) {
                    return toHexString(uint256(uint160(addr)), _ADDRESS_LENGTH);
                }
            }
            // SPDX-License-Identifier: MIT
            // OpenZeppelin Contracts (last updated v4.7.2) (utils/introspection/ERC165Checker.sol)
            pragma solidity ^0.8.0;
            import "./IERC165.sol";
            /**
             * @dev Library used to query support of an interface declared via {IERC165}.
             *
             * Note that these functions return the actual result of the query: they do not
             * `revert` if an interface is not supported. It is up to the caller to decide
             * what to do in these cases.
             */
            library ERC165Checker {
                // As per the EIP-165 spec, no interface should ever match 0xffffffff
                bytes4 private constant _INTERFACE_ID_INVALID = 0xffffffff;
                /**
                 * @dev Returns true if `account` supports the {IERC165} interface,
                 */
                function supportsERC165(address account) internal view returns (bool) {
                    // Any contract that implements ERC165 must explicitly indicate support of
                    // InterfaceId_ERC165 and explicitly indicate non-support of InterfaceId_Invalid
                    return
                        _supportsERC165Interface(account, type(IERC165).interfaceId) &&
                        !_supportsERC165Interface(account, _INTERFACE_ID_INVALID);
                }
                /**
                 * @dev Returns true if `account` supports the interface defined by
                 * `interfaceId`. Support for {IERC165} itself is queried automatically.
                 *
                 * See {IERC165-supportsInterface}.
                 */
                function supportsInterface(address account, bytes4 interfaceId) internal view returns (bool) {
                    // query support of both ERC165 as per the spec and support of _interfaceId
                    return supportsERC165(account) && _supportsERC165Interface(account, interfaceId);
                }
                /**
                 * @dev Returns a boolean array where each value corresponds to the
                 * interfaces passed in and whether they're supported or not. This allows
                 * you to batch check interfaces for a contract where your expectation
                 * is that some interfaces may not be supported.
                 *
                 * See {IERC165-supportsInterface}.
                 *
                 * _Available since v3.4._
                 */
                function getSupportedInterfaces(address account, bytes4[] memory interfaceIds)
                    internal
                    view
                    returns (bool[] memory)
                {
                    // an array of booleans corresponding to interfaceIds and whether they're supported or not
                    bool[] memory interfaceIdsSupported = new bool[](interfaceIds.length);
                    // query support of ERC165 itself
                    if (supportsERC165(account)) {
                        // query support of each interface in interfaceIds
                        for (uint256 i = 0; i < interfaceIds.length; i++) {
                            interfaceIdsSupported[i] = _supportsERC165Interface(account, interfaceIds[i]);
                        }
                    }
                    return interfaceIdsSupported;
                }
                /**
                 * @dev Returns true if `account` supports all the interfaces defined in
                 * `interfaceIds`. Support for {IERC165} itself is queried automatically.
                 *
                 * Batch-querying can lead to gas savings by skipping repeated checks for
                 * {IERC165} support.
                 *
                 * See {IERC165-supportsInterface}.
                 */
                function supportsAllInterfaces(address account, bytes4[] memory interfaceIds) internal view returns (bool) {
                    // query support of ERC165 itself
                    if (!supportsERC165(account)) {
                        return false;
                    }
                    // query support of each interface in _interfaceIds
                    for (uint256 i = 0; i < interfaceIds.length; i++) {
                        if (!_supportsERC165Interface(account, interfaceIds[i])) {
                            return false;
                        }
                    }
                    // all interfaces supported
                    return true;
                }
                /**
                 * @notice Query if a contract implements an interface, does not check ERC165 support
                 * @param account The address of the contract to query for support of an interface
                 * @param interfaceId The interface identifier, as specified in ERC-165
                 * @return true if the contract at account indicates support of the interface with
                 * identifier interfaceId, false otherwise
                 * @dev Assumes that account contains a contract that supports ERC165, otherwise
                 * the behavior of this method is undefined. This precondition can be checked
                 * with {supportsERC165}.
                 * Interface identification is specified in ERC-165.
                 */
                function _supportsERC165Interface(address account, bytes4 interfaceId) private view returns (bool) {
                    // prepare call
                    bytes memory encodedParams = abi.encodeWithSelector(IERC165.supportsInterface.selector, interfaceId);
                    // perform static call
                    bool success;
                    uint256 returnSize;
                    uint256 returnValue;
                    assembly {
                        success := staticcall(30000, account, add(encodedParams, 0x20), mload(encodedParams), 0x00, 0x20)
                        returnSize := returndatasize()
                        returnValue := mload(0x00)
                    }
                    return success && returnSize >= 0x20 && returnValue > 0;
                }
            }
            // SPDX-License-Identifier: MIT
            // OpenZeppelin Contracts v4.4.1 (utils/introspection/IERC165.sol)
            pragma solidity ^0.8.0;
            /**
             * @dev Interface of the ERC165 standard, as defined in the
             * https://eips.ethereum.org/EIPS/eip-165[EIP].
             *
             * Implementers can declare support of contract interfaces, which can then be
             * queried by others ({ERC165Checker}).
             *
             * For an implementation, see {ERC165}.
             */
            interface IERC165 {
                /**
                 * @dev Returns true if this contract implements the interface defined by
                 * `interfaceId`. See the corresponding
                 * https://eips.ethereum.org/EIPS/eip-165#how-interfaces-are-identified[EIP section]
                 * to learn more about how these ids are created.
                 *
                 * This function call must use less than 30 000 gas.
                 */
                function supportsInterface(bytes4 interfaceId) external view returns (bool);
            }
            // SPDX-License-Identifier: MIT
            // OpenZeppelin Contracts (last updated v4.7.0) (utils/math/Math.sol)
            pragma solidity ^0.8.0;
            /**
             * @dev Standard math utilities missing in the Solidity language.
             */
            library Math {
                enum Rounding {
                    Down, // Toward negative infinity
                    Up, // Toward infinity
                    Zero // Toward zero
                }
                /**
                 * @dev Returns the largest of two numbers.
                 */
                function max(uint256 a, uint256 b) internal pure returns (uint256) {
                    return a >= b ? a : b;
                }
                /**
                 * @dev Returns the smallest of two numbers.
                 */
                function min(uint256 a, uint256 b) internal pure returns (uint256) {
                    return a < b ? a : b;
                }
                /**
                 * @dev Returns the average of two numbers. The result is rounded towards
                 * zero.
                 */
                function average(uint256 a, uint256 b) internal pure returns (uint256) {
                    // (a + b) / 2 can overflow.
                    return (a & b) + (a ^ b) / 2;
                }
                /**
                 * @dev Returns the ceiling of the division of two numbers.
                 *
                 * This differs from standard division with `/` in that it rounds up instead
                 * of rounding down.
                 */
                function ceilDiv(uint256 a, uint256 b) internal pure returns (uint256) {
                    // (a + b - 1) / b can overflow on addition, so we distribute.
                    return a == 0 ? 0 : (a - 1) / b + 1;
                }
                /**
                 * @notice Calculates floor(x * y / denominator) with full precision. Throws if result overflows a uint256 or denominator == 0
                 * @dev Original credit to Remco Bloemen under MIT license (https://xn--2-umb.com/21/muldiv)
                 * with further edits by Uniswap Labs also under MIT license.
                 */
                function mulDiv(
                    uint256 x,
                    uint256 y,
                    uint256 denominator
                ) internal pure returns (uint256 result) {
                    unchecked {
                        // 512-bit multiply [prod1 prod0] = x * y. Compute the product mod 2^256 and mod 2^256 - 1, then use
                        // use the Chinese Remainder Theorem to reconstruct the 512 bit result. The result is stored in two 256
                        // variables such that product = prod1 * 2^256 + prod0.
                        uint256 prod0; // Least significant 256 bits of the product
                        uint256 prod1; // Most significant 256 bits of the product
                        assembly {
                            let mm := mulmod(x, y, not(0))
                            prod0 := mul(x, y)
                            prod1 := sub(sub(mm, prod0), lt(mm, prod0))
                        }
                        // Handle non-overflow cases, 256 by 256 division.
                        if (prod1 == 0) {
                            return prod0 / denominator;
                        }
                        // Make sure the result is less than 2^256. Also prevents denominator == 0.
                        require(denominator > prod1);
                        ///////////////////////////////////////////////
                        // 512 by 256 division.
                        ///////////////////////////////////////////////
                        // Make division exact by subtracting the remainder from [prod1 prod0].
                        uint256 remainder;
                        assembly {
                            // Compute remainder using mulmod.
                            remainder := mulmod(x, y, denominator)
                            // Subtract 256 bit number from 512 bit number.
                            prod1 := sub(prod1, gt(remainder, prod0))
                            prod0 := sub(prod0, remainder)
                        }
                        // Factor powers of two out of denominator and compute largest power of two divisor of denominator. Always >= 1.
                        // See https://cs.stackexchange.com/q/138556/92363.
                        // Does not overflow because the denominator cannot be zero at this stage in the function.
                        uint256 twos = denominator & (~denominator + 1);
                        assembly {
                            // Divide denominator by twos.
                            denominator := div(denominator, twos)
                            // Divide [prod1 prod0] by twos.
                            prod0 := div(prod0, twos)
                            // Flip twos such that it is 2^256 / twos. If twos is zero, then it becomes one.
                            twos := add(div(sub(0, twos), twos), 1)
                        }
                        // Shift in bits from prod1 into prod0.
                        prod0 |= prod1 * twos;
                        // Invert denominator mod 2^256. Now that denominator is an odd number, it has an inverse modulo 2^256 such
                        // that denominator * inv = 1 mod 2^256. Compute the inverse by starting with a seed that is correct for
                        // four bits. That is, denominator * inv = 1 mod 2^4.
                        uint256 inverse = (3 * denominator) ^ 2;
                        // Use the Newton-Raphson iteration to improve the precision. Thanks to Hensel's lifting lemma, this also works
                        // in modular arithmetic, doubling the correct bits in each step.
                        inverse *= 2 - denominator * inverse; // inverse mod 2^8
                        inverse *= 2 - denominator * inverse; // inverse mod 2^16
                        inverse *= 2 - denominator * inverse; // inverse mod 2^32
                        inverse *= 2 - denominator * inverse; // inverse mod 2^64
                        inverse *= 2 - denominator * inverse; // inverse mod 2^128
                        inverse *= 2 - denominator * inverse; // inverse mod 2^256
                        // Because the division is now exact we can divide by multiplying with the modular inverse of denominator.
                        // This will give us the correct result modulo 2^256. Since the preconditions guarantee that the outcome is
                        // less than 2^256, this is the final result. We don't need to compute the high bits of the result and prod1
                        // is no longer required.
                        result = prod0 * inverse;
                        return result;
                    }
                }
                /**
                 * @notice Calculates x * y / denominator with full precision, following the selected rounding direction.
                 */
                function mulDiv(
                    uint256 x,
                    uint256 y,
                    uint256 denominator,
                    Rounding rounding
                ) internal pure returns (uint256) {
                    uint256 result = mulDiv(x, y, denominator);
                    if (rounding == Rounding.Up && mulmod(x, y, denominator) > 0) {
                        result += 1;
                    }
                    return result;
                }
                /**
                 * @dev Returns the square root of a number. It the number is not a perfect square, the value is rounded down.
                 *
                 * Inspired by Henry S. Warren, Jr.'s "Hacker's Delight" (Chapter 11).
                 */
                function sqrt(uint256 a) internal pure returns (uint256) {
                    if (a == 0) {
                        return 0;
                    }
                    // For our first guess, we get the biggest power of 2 which is smaller than the square root of the target.
                    // We know that the "msb" (most significant bit) of our target number `a` is a power of 2 such that we have
                    // `msb(a) <= a < 2*msb(a)`.
                    // We also know that `k`, the position of the most significant bit, is such that `msb(a) = 2**k`.
                    // This gives `2**k < a <= 2**(k+1)` → `2**(k/2) <= sqrt(a) < 2 ** (k/2+1)`.
                    // Using an algorithm similar to the msb conmputation, we are able to compute `result = 2**(k/2)` which is a
                    // good first aproximation of `sqrt(a)` with at least 1 correct bit.
                    uint256 result = 1;
                    uint256 x = a;
                    if (x >> 128 > 0) {
                        x >>= 128;
                        result <<= 64;
                    }
                    if (x >> 64 > 0) {
                        x >>= 64;
                        result <<= 32;
                    }
                    if (x >> 32 > 0) {
                        x >>= 32;
                        result <<= 16;
                    }
                    if (x >> 16 > 0) {
                        x >>= 16;
                        result <<= 8;
                    }
                    if (x >> 8 > 0) {
                        x >>= 8;
                        result <<= 4;
                    }
                    if (x >> 4 > 0) {
                        x >>= 4;
                        result <<= 2;
                    }
                    if (x >> 2 > 0) {
                        result <<= 1;
                    }
                    // At this point `result` is an estimation with one bit of precision. We know the true value is a uint128,
                    // since it is the square root of a uint256. Newton's method converges quadratically (precision doubles at
                    // every iteration). We thus need at most 7 iteration to turn our partial result with one bit of precision
                    // into the expected uint128 result.
                    unchecked {
                        result = (result + a / result) >> 1;
                        result = (result + a / result) >> 1;
                        result = (result + a / result) >> 1;
                        result = (result + a / result) >> 1;
                        result = (result + a / result) >> 1;
                        result = (result + a / result) >> 1;
                        result = (result + a / result) >> 1;
                        return min(result, a / result);
                    }
                }
                /**
                 * @notice Calculates sqrt(a), following the selected rounding direction.
                 */
                function sqrt(uint256 a, Rounding rounding) internal pure returns (uint256) {
                    uint256 result = sqrt(a);
                    if (rounding == Rounding.Up && result * result < a) {
                        result += 1;
                    }
                    return result;
                }
            }
            // SPDX-License-Identifier: MIT
            // OpenZeppelin Contracts (last updated v4.5.0) (utils/math/SignedMath.sol)
            pragma solidity ^0.8.0;
            /**
             * @dev Standard signed math utilities missing in the Solidity language.
             */
            library SignedMath {
                /**
                 * @dev Returns the largest of two signed numbers.
                 */
                function max(int256 a, int256 b) internal pure returns (int256) {
                    return a >= b ? a : b;
                }
                /**
                 * @dev Returns the smallest of two signed numbers.
                 */
                function min(int256 a, int256 b) internal pure returns (int256) {
                    return a < b ? a : b;
                }
                /**
                 * @dev Returns the average of two signed numbers without overflow.
                 * The result is rounded towards zero.
                 */
                function average(int256 a, int256 b) internal pure returns (int256) {
                    // Formula from the book "Hacker's Delight"
                    int256 x = (a & b) + ((a ^ b) >> 1);
                    return x + (int256(uint256(x) >> 255) & (a ^ b));
                }
                /**
                 * @dev Returns the absolute unsigned value of a signed value.
                 */
                function abs(int256 n) internal pure returns (uint256) {
                    unchecked {
                        // must be unchecked in order to support `n = type(int256).min`
                        return uint256(n >= 0 ? n : -n);
                    }
                }
            }
            // SPDX-License-Identifier: MIT
            // OpenZeppelin Contracts (last updated v4.7.0) (proxy/utils/Initializable.sol)
            pragma solidity ^0.8.2;
            import "../../utils/AddressUpgradeable.sol";
            /**
             * @dev This is a base contract to aid in writing upgradeable contracts, or any kind of contract that will be deployed
             * behind a proxy. Since proxied contracts do not make use of a constructor, it's common to move constructor logic to an
             * external initializer function, usually called `initialize`. It then becomes necessary to protect this initializer
             * function so it can only be called once. The {initializer} modifier provided by this contract will have this effect.
             *
             * The initialization functions use a version number. Once a version number is used, it is consumed and cannot be
             * reused. This mechanism prevents re-execution of each "step" but allows the creation of new initialization steps in
             * case an upgrade adds a module that needs to be initialized.
             *
             * For example:
             *
             * [.hljs-theme-light.nopadding]
             * ```
             * contract MyToken is ERC20Upgradeable {
             *     function initialize() initializer public {
             *         __ERC20_init("MyToken", "MTK");
             *     }
             * }
             * contract MyTokenV2 is MyToken, ERC20PermitUpgradeable {
             *     function initializeV2() reinitializer(2) public {
             *         __ERC20Permit_init("MyToken");
             *     }
             * }
             * ```
             *
             * TIP: To avoid leaving the proxy in an uninitialized state, the initializer function should be called as early as
             * possible by providing the encoded function call as the `_data` argument to {ERC1967Proxy-constructor}.
             *
             * CAUTION: When used with inheritance, manual care must be taken to not invoke a parent initializer twice, or to ensure
             * that all initializers are idempotent. This is not verified automatically as constructors are by Solidity.
             *
             * [CAUTION]
             * ====
             * Avoid leaving a contract uninitialized.
             *
             * An uninitialized contract can be taken over by an attacker. This applies to both a proxy and its implementation
             * contract, which may impact the proxy. To prevent the implementation contract from being used, you should invoke
             * the {_disableInitializers} function in the constructor to automatically lock it when it is deployed:
             *
             * [.hljs-theme-light.nopadding]
             * ```
             * /// @custom:oz-upgrades-unsafe-allow constructor
             * constructor() {
             *     _disableInitializers();
             * }
             * ```
             * ====
             */
            abstract contract Initializable {
                /**
                 * @dev Indicates that the contract has been initialized.
                 * @custom:oz-retyped-from bool
                 */
                uint8 private _initialized;
                /**
                 * @dev Indicates that the contract is in the process of being initialized.
                 */
                bool private _initializing;
                /**
                 * @dev Triggered when the contract has been initialized or reinitialized.
                 */
                event Initialized(uint8 version);
                /**
                 * @dev A modifier that defines a protected initializer function that can be invoked at most once. In its scope,
                 * `onlyInitializing` functions can be used to initialize parent contracts. Equivalent to `reinitializer(1)`.
                 */
                modifier initializer() {
                    bool isTopLevelCall = !_initializing;
                    require(
                        (isTopLevelCall && _initialized < 1) || (!AddressUpgradeable.isContract(address(this)) && _initialized == 1),
                        "Initializable: contract is already initialized"
                    );
                    _initialized = 1;
                    if (isTopLevelCall) {
                        _initializing = true;
                    }
                    _;
                    if (isTopLevelCall) {
                        _initializing = false;
                        emit Initialized(1);
                    }
                }
                /**
                 * @dev A modifier that defines a protected reinitializer function that can be invoked at most once, and only if the
                 * contract hasn't been initialized to a greater version before. In its scope, `onlyInitializing` functions can be
                 * used to initialize parent contracts.
                 *
                 * `initializer` is equivalent to `reinitializer(1)`, so a reinitializer may be used after the original
                 * initialization step. This is essential to configure modules that are added through upgrades and that require
                 * initialization.
                 *
                 * Note that versions can jump in increments greater than 1; this implies that if multiple reinitializers coexist in
                 * a contract, executing them in the right order is up to the developer or operator.
                 */
                modifier reinitializer(uint8 version) {
                    require(!_initializing && _initialized < version, "Initializable: contract is already initialized");
                    _initialized = version;
                    _initializing = true;
                    _;
                    _initializing = false;
                    emit Initialized(version);
                }
                /**
                 * @dev Modifier to protect an initialization function so that it can only be invoked by functions with the
                 * {initializer} and {reinitializer} modifiers, directly or indirectly.
                 */
                modifier onlyInitializing() {
                    require(_initializing, "Initializable: contract is not initializing");
                    _;
                }
                /**
                 * @dev Locks the contract, preventing any future reinitialization. This cannot be part of an initializer call.
                 * Calling this in the constructor of a contract will prevent that contract from being initialized or reinitialized
                 * to any version. It is recommended to use this to lock implementation contracts that are designed to be called
                 * through proxies.
                 */
                function _disableInitializers() internal virtual {
                    require(!_initializing, "Initializable: contract is initializing");
                    if (_initialized < type(uint8).max) {
                        _initialized = type(uint8).max;
                        emit Initialized(type(uint8).max);
                    }
                }
            }
            // SPDX-License-Identifier: MIT
            // OpenZeppelin Contracts (last updated v4.7.0) (utils/Address.sol)
            pragma solidity ^0.8.1;
            /**
             * @dev Collection of functions related to the address type
             */
            library AddressUpgradeable {
                /**
                 * @dev Returns true if `account` is a contract.
                 *
                 * [IMPORTANT]
                 * ====
                 * It is unsafe to assume that an address for which this function returns
                 * false is an externally-owned account (EOA) and not a contract.
                 *
                 * Among others, `isContract` will return false for the following
                 * types of addresses:
                 *
                 *  - an externally-owned account
                 *  - a contract in construction
                 *  - an address where a contract will be created
                 *  - an address where a contract lived, but was destroyed
                 * ====
                 *
                 * [IMPORTANT]
                 * ====
                 * You shouldn't rely on `isContract` to protect against flash loan attacks!
                 *
                 * Preventing calls from contracts is highly discouraged. It breaks composability, breaks support for smart wallets
                 * like Gnosis Safe, and does not provide security since it can be circumvented by calling from a contract
                 * constructor.
                 * ====
                 */
                function isContract(address account) internal view returns (bool) {
                    // This method relies on extcodesize/address.code.length, which returns 0
                    // for contracts in construction, since the code is only stored at the end
                    // of the constructor execution.
                    return account.code.length > 0;
                }
                /**
                 * @dev Replacement for Solidity's `transfer`: sends `amount` wei to
                 * `recipient`, forwarding all available gas and reverting on errors.
                 *
                 * https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost
                 * of certain opcodes, possibly making contracts go over the 2300 gas limit
                 * imposed by `transfer`, making them unable to receive funds via
                 * `transfer`. {sendValue} removes this limitation.
                 *
                 * https://diligence.consensys.net/posts/2019/09/stop-using-soliditys-transfer-now/[Learn more].
                 *
                 * IMPORTANT: because control is transferred to `recipient`, care must be
                 * taken to not create reentrancy vulnerabilities. Consider using
                 * {ReentrancyGuard} or the
                 * https://solidity.readthedocs.io/en/v0.5.11/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern].
                 */
                function sendValue(address payable recipient, uint256 amount) internal {
                    require(address(this).balance >= amount, "Address: insufficient balance");
                    (bool success, ) = recipient.call{value: amount}("");
                    require(success, "Address: unable to send value, recipient may have reverted");
                }
                /**
                 * @dev Performs a Solidity function call using a low level `call`. A
                 * plain `call` is an unsafe replacement for a function call: use this
                 * function instead.
                 *
                 * If `target` reverts with a revert reason, it is bubbled up by this
                 * function (like regular Solidity function calls).
                 *
                 * Returns the raw returned data. To convert to the expected return value,
                 * use https://solidity.readthedocs.io/en/latest/units-and-global-variables.html?highlight=abi.decode#abi-encoding-and-decoding-functions[`abi.decode`].
                 *
                 * Requirements:
                 *
                 * - `target` must be a contract.
                 * - calling `target` with `data` must not revert.
                 *
                 * _Available since v3.1._
                 */
                function functionCall(address target, bytes memory data) internal returns (bytes memory) {
                    return functionCall(target, data, "Address: low-level call failed");
                }
                /**
                 * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], but with
                 * `errorMessage` as a fallback revert reason when `target` reverts.
                 *
                 * _Available since v3.1._
                 */
                function functionCall(
                    address target,
                    bytes memory data,
                    string memory errorMessage
                ) internal returns (bytes memory) {
                    return functionCallWithValue(target, data, 0, errorMessage);
                }
                /**
                 * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
                 * but also transferring `value` wei to `target`.
                 *
                 * Requirements:
                 *
                 * - the calling contract must have an ETH balance of at least `value`.
                 * - the called Solidity function must be `payable`.
                 *
                 * _Available since v3.1._
                 */
                function functionCallWithValue(
                    address target,
                    bytes memory data,
                    uint256 value
                ) internal returns (bytes memory) {
                    return functionCallWithValue(target, data, value, "Address: low-level call with value failed");
                }
                /**
                 * @dev Same as {xref-Address-functionCallWithValue-address-bytes-uint256-}[`functionCallWithValue`], but
                 * with `errorMessage` as a fallback revert reason when `target` reverts.
                 *
                 * _Available since v3.1._
                 */
                function functionCallWithValue(
                    address target,
                    bytes memory data,
                    uint256 value,
                    string memory errorMessage
                ) internal returns (bytes memory) {
                    require(address(this).balance >= value, "Address: insufficient balance for call");
                    require(isContract(target), "Address: call to non-contract");
                    (bool success, bytes memory returndata) = target.call{value: value}(data);
                    return verifyCallResult(success, returndata, errorMessage);
                }
                /**
                 * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
                 * but performing a static call.
                 *
                 * _Available since v3.3._
                 */
                function functionStaticCall(address target, bytes memory data) internal view returns (bytes memory) {
                    return functionStaticCall(target, data, "Address: low-level static call failed");
                }
                /**
                 * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],
                 * but performing a static call.
                 *
                 * _Available since v3.3._
                 */
                function functionStaticCall(
                    address target,
                    bytes memory data,
                    string memory errorMessage
                ) internal view returns (bytes memory) {
                    require(isContract(target), "Address: static call to non-contract");
                    (bool success, bytes memory returndata) = target.staticcall(data);
                    return verifyCallResult(success, returndata, errorMessage);
                }
                /**
                 * @dev Tool to verifies that a low level call was successful, and revert if it wasn't, either by bubbling the
                 * revert reason using the provided one.
                 *
                 * _Available since v4.3._
                 */
                function verifyCallResult(
                    bool success,
                    bytes memory returndata,
                    string memory errorMessage
                ) internal pure returns (bytes memory) {
                    if (success) {
                        return returndata;
                    } else {
                        // Look for revert reason and bubble it up if present
                        if (returndata.length > 0) {
                            // The easiest way to bubble the revert reason is using memory via assembly
                            /// @solidity memory-safe-assembly
                            assembly {
                                let returndata_size := mload(returndata)
                                revert(add(32, returndata), returndata_size)
                            }
                        } else {
                            revert(errorMessage);
                        }
                    }
                }
            }
            // SPDX-License-Identifier: MIT
            pragma solidity >=0.8.0;
            /// @notice Arithmetic library with operations for fixed-point numbers.
            /// @author Solmate (https://github.com/Rari-Capital/solmate/blob/main/src/utils/FixedPointMathLib.sol)
            library FixedPointMathLib {
                /*//////////////////////////////////////////////////////////////
                                SIMPLIFIED FIXED POINT OPERATIONS
                //////////////////////////////////////////////////////////////*/
                uint256 internal constant WAD = 1e18; // The scalar of ETH and most ERC20s.
                function mulWadDown(uint256 x, uint256 y) internal pure returns (uint256) {
                    return mulDivDown(x, y, WAD); // Equivalent to (x * y) / WAD rounded down.
                }
                function mulWadUp(uint256 x, uint256 y) internal pure returns (uint256) {
                    return mulDivUp(x, y, WAD); // Equivalent to (x * y) / WAD rounded up.
                }
                function divWadDown(uint256 x, uint256 y) internal pure returns (uint256) {
                    return mulDivDown(x, WAD, y); // Equivalent to (x * WAD) / y rounded down.
                }
                function divWadUp(uint256 x, uint256 y) internal pure returns (uint256) {
                    return mulDivUp(x, WAD, y); // Equivalent to (x * WAD) / y rounded up.
                }
                function powWad(int256 x, int256 y) internal pure returns (int256) {
                    // Equivalent to x to the power of y because x ** y = (e ** ln(x)) ** y = e ** (ln(x) * y)
                    return expWad((lnWad(x) * y) / int256(WAD)); // Using ln(x) means x must be greater than 0.
                }
                function expWad(int256 x) internal pure returns (int256 r) {
                    unchecked {
                        // When the result is < 0.5 we return zero. This happens when
                        // x <= floor(log(0.5e18) * 1e18) ~ -42e18
                        if (x <= -42139678854452767551) return 0;
                        // When the result is > (2**255 - 1) / 1e18 we can not represent it as an
                        // int. This happens when x >= floor(log((2**255 - 1) / 1e18) * 1e18) ~ 135.
                        if (x >= 135305999368893231589) revert("EXP_OVERFLOW");
                        // x is now in the range (-42, 136) * 1e18. Convert to (-42, 136) * 2**96
                        // for more intermediate precision and a binary basis. This base conversion
                        // is a multiplication by 1e18 / 2**96 = 5**18 / 2**78.
                        x = (x << 78) / 5**18;
                        // Reduce range of x to (-½ ln 2, ½ ln 2) * 2**96 by factoring out powers
                        // of two such that exp(x) = exp(x') * 2**k, where k is an integer.
                        // Solving this gives k = round(x / log(2)) and x' = x - k * log(2).
                        int256 k = ((x << 96) / 54916777467707473351141471128 + 2**95) >> 96;
                        x = x - k * 54916777467707473351141471128;
                        // k is in the range [-61, 195].
                        // Evaluate using a (6, 7)-term rational approximation.
                        // p is made monic, we'll multiply by a scale factor later.
                        int256 y = x + 1346386616545796478920950773328;
                        y = ((y * x) >> 96) + 57155421227552351082224309758442;
                        int256 p = y + x - 94201549194550492254356042504812;
                        p = ((p * y) >> 96) + 28719021644029726153956944680412240;
                        p = p * x + (4385272521454847904659076985693276 << 96);
                        // We leave p in 2**192 basis so we don't need to scale it back up for the division.
                        int256 q = x - 2855989394907223263936484059900;
                        q = ((q * x) >> 96) + 50020603652535783019961831881945;
                        q = ((q * x) >> 96) - 533845033583426703283633433725380;
                        q = ((q * x) >> 96) + 3604857256930695427073651918091429;
                        q = ((q * x) >> 96) - 14423608567350463180887372962807573;
                        q = ((q * x) >> 96) + 26449188498355588339934803723976023;
                        assembly {
                            // Div in assembly because solidity adds a zero check despite the unchecked.
                            // The q polynomial won't have zeros in the domain as all its roots are complex.
                            // No scaling is necessary because p is already 2**96 too large.
                            r := sdiv(p, q)
                        }
                        // r should be in the range (0.09, 0.25) * 2**96.
                        // We now need to multiply r by:
                        // * the scale factor s = ~6.031367120.
                        // * the 2**k factor from the range reduction.
                        // * the 1e18 / 2**96 factor for base conversion.
                        // We do this all at once, with an intermediate result in 2**213
                        // basis, so the final right shift is always by a positive amount.
                        r = int256((uint256(r) * 3822833074963236453042738258902158003155416615667) >> uint256(195 - k));
                    }
                }
                function lnWad(int256 x) internal pure returns (int256 r) {
                    unchecked {
                        require(x > 0, "UNDEFINED");
                        // We want to convert x from 10**18 fixed point to 2**96 fixed point.
                        // We do this by multiplying by 2**96 / 10**18. But since
                        // ln(x * C) = ln(x) + ln(C), we can simply do nothing here
                        // and add ln(2**96 / 10**18) at the end.
                        // Reduce range of x to (1, 2) * 2**96
                        // ln(2^k * x) = k * ln(2) + ln(x)
                        int256 k = int256(log2(uint256(x))) - 96;
                        x <<= uint256(159 - k);
                        x = int256(uint256(x) >> 159);
                        // Evaluate using a (8, 8)-term rational approximation.
                        // p is made monic, we will multiply by a scale factor later.
                        int256 p = x + 3273285459638523848632254066296;
                        p = ((p * x) >> 96) + 24828157081833163892658089445524;
                        p = ((p * x) >> 96) + 43456485725739037958740375743393;
                        p = ((p * x) >> 96) - 11111509109440967052023855526967;
                        p = ((p * x) >> 96) - 45023709667254063763336534515857;
                        p = ((p * x) >> 96) - 14706773417378608786704636184526;
                        p = p * x - (795164235651350426258249787498 << 96);
                        // We leave p in 2**192 basis so we don't need to scale it back up for the division.
                        // q is monic by convention.
                        int256 q = x + 5573035233440673466300451813936;
                        q = ((q * x) >> 96) + 71694874799317883764090561454958;
                        q = ((q * x) >> 96) + 283447036172924575727196451306956;
                        q = ((q * x) >> 96) + 401686690394027663651624208769553;
                        q = ((q * x) >> 96) + 204048457590392012362485061816622;
                        q = ((q * x) >> 96) + 31853899698501571402653359427138;
                        q = ((q * x) >> 96) + 909429971244387300277376558375;
                        assembly {
                            // Div in assembly because solidity adds a zero check despite the unchecked.
                            // The q polynomial is known not to have zeros in the domain.
                            // No scaling required because p is already 2**96 too large.
                            r := sdiv(p, q)
                        }
                        // r is in the range (0, 0.125) * 2**96
                        // Finalization, we need to:
                        // * multiply by the scale factor s = 5.549…
                        // * add ln(2**96 / 10**18)
                        // * add k * ln(2)
                        // * multiply by 10**18 / 2**96 = 5**18 >> 78
                        // mul s * 5e18 * 2**96, base is now 5**18 * 2**192
                        r *= 1677202110996718588342820967067443963516166;
                        // add ln(2) * k * 5e18 * 2**192
                        r += 16597577552685614221487285958193947469193820559219878177908093499208371 * k;
                        // add ln(2**96 / 10**18) * 5e18 * 2**192
                        r += 600920179829731861736702779321621459595472258049074101567377883020018308;
                        // base conversion: mul 2**18 / 2**192
                        r >>= 174;
                    }
                }
                /*//////////////////////////////////////////////////////////////
                                LOW LEVEL FIXED POINT OPERATIONS
                //////////////////////////////////////////////////////////////*/
                function mulDivDown(
                    uint256 x,
                    uint256 y,
                    uint256 denominator
                ) internal pure returns (uint256 z) {
                    assembly {
                        // Store x * y in z for now.
                        z := mul(x, y)
                        // Equivalent to require(denominator != 0 && (x == 0 || (x * y) / x == y))
                        if iszero(and(iszero(iszero(denominator)), or(iszero(x), eq(div(z, x), y)))) {
                            revert(0, 0)
                        }
                        // Divide z by the denominator.
                        z := div(z, denominator)
                    }
                }
                function mulDivUp(
                    uint256 x,
                    uint256 y,
                    uint256 denominator
                ) internal pure returns (uint256 z) {
                    assembly {
                        // Store x * y in z for now.
                        z := mul(x, y)
                        // Equivalent to require(denominator != 0 && (x == 0 || (x * y) / x == y))
                        if iszero(and(iszero(iszero(denominator)), or(iszero(x), eq(div(z, x), y)))) {
                            revert(0, 0)
                        }
                        // First, divide z - 1 by the denominator and add 1.
                        // We allow z - 1 to underflow if z is 0, because we multiply the
                        // end result by 0 if z is zero, ensuring we return 0 if z is zero.
                        z := mul(iszero(iszero(z)), add(div(sub(z, 1), denominator), 1))
                    }
                }
                function rpow(
                    uint256 x,
                    uint256 n,
                    uint256 scalar
                ) internal pure returns (uint256 z) {
                    assembly {
                        switch x
                        case 0 {
                            switch n
                            case 0 {
                                // 0 ** 0 = 1
                                z := scalar
                            }
                            default {
                                // 0 ** n = 0
                                z := 0
                            }
                        }
                        default {
                            switch mod(n, 2)
                            case 0 {
                                // If n is even, store scalar in z for now.
                                z := scalar
                            }
                            default {
                                // If n is odd, store x in z for now.
                                z := x
                            }
                            // Shifting right by 1 is like dividing by 2.
                            let half := shr(1, scalar)
                            for {
                                // Shift n right by 1 before looping to halve it.
                                n := shr(1, n)
                            } n {
                                // Shift n right by 1 each iteration to halve it.
                                n := shr(1, n)
                            } {
                                // Revert immediately if x ** 2 would overflow.
                                // Equivalent to iszero(eq(div(xx, x), x)) here.
                                if shr(128, x) {
                                    revert(0, 0)
                                }
                                // Store x squared.
                                let xx := mul(x, x)
                                // Round to the nearest number.
                                let xxRound := add(xx, half)
                                // Revert if xx + half overflowed.
                                if lt(xxRound, xx) {
                                    revert(0, 0)
                                }
                                // Set x to scaled xxRound.
                                x := div(xxRound, scalar)
                                // If n is even:
                                if mod(n, 2) {
                                    // Compute z * x.
                                    let zx := mul(z, x)
                                    // If z * x overflowed:
                                    if iszero(eq(div(zx, x), z)) {
                                        // Revert if x is non-zero.
                                        if iszero(iszero(x)) {
                                            revert(0, 0)
                                        }
                                    }
                                    // Round to the nearest number.
                                    let zxRound := add(zx, half)
                                    // Revert if zx + half overflowed.
                                    if lt(zxRound, zx) {
                                        revert(0, 0)
                                    }
                                    // Return properly scaled zxRound.
                                    z := div(zxRound, scalar)
                                }
                            }
                        }
                    }
                }
                /*//////////////////////////////////////////////////////////////
                                    GENERAL NUMBER UTILITIES
                //////////////////////////////////////////////////////////////*/
                function sqrt(uint256 x) internal pure returns (uint256 z) {
                    assembly {
                        let y := x // We start y at x, which will help us make our initial estimate.
                        z := 181 // The "correct" value is 1, but this saves a multiplication later.
                        // This segment is to get a reasonable initial estimate for the Babylonian method. With a bad
                        // start, the correct # of bits increases ~linearly each iteration instead of ~quadratically.
                        // We check y >= 2^(k + 8) but shift right by k bits
                        // each branch to ensure that if x >= 256, then y >= 256.
                        if iszero(lt(y, 0x10000000000000000000000000000000000)) {
                            y := shr(128, y)
                            z := shl(64, z)
                        }
                        if iszero(lt(y, 0x1000000000000000000)) {
                            y := shr(64, y)
                            z := shl(32, z)
                        }
                        if iszero(lt(y, 0x10000000000)) {
                            y := shr(32, y)
                            z := shl(16, z)
                        }
                        if iszero(lt(y, 0x1000000)) {
                            y := shr(16, y)
                            z := shl(8, z)
                        }
                        // Goal was to get z*z*y within a small factor of x. More iterations could
                        // get y in a tighter range. Currently, we will have y in [256, 256*2^16).
                        // We ensured y >= 256 so that the relative difference between y and y+1 is small.
                        // That's not possible if x < 256 but we can just verify those cases exhaustively.
                        // Now, z*z*y <= x < z*z*(y+1), and y <= 2^(16+8), and either y >= 256, or x < 256.
                        // Correctness can be checked exhaustively for x < 256, so we assume y >= 256.
                        // Then z*sqrt(y) is within sqrt(257)/sqrt(256) of sqrt(x), or about 20bps.
                        // For s in the range [1/256, 256], the estimate f(s) = (181/1024) * (s+1) is in the range
                        // (1/2.84 * sqrt(s), 2.84 * sqrt(s)), with largest error when s = 1 and when s = 256 or 1/256.
                        // Since y is in [256, 256*2^16), let a = y/65536, so that a is in [1/256, 256). Then we can estimate
                        // sqrt(y) using sqrt(65536) * 181/1024 * (a + 1) = 181/4 * (y + 65536)/65536 = 181 * (y + 65536)/2^18.
                        // There is no overflow risk here since y < 2^136 after the first branch above.
                        z := shr(18, mul(z, add(y, 65536))) // A mul() is saved from starting z at 181.
                        // Given the worst case multiplicative error of 2.84 above, 7 iterations should be enough.
                        z := shr(1, add(z, div(x, z)))
                        z := shr(1, add(z, div(x, z)))
                        z := shr(1, add(z, div(x, z)))
                        z := shr(1, add(z, div(x, z)))
                        z := shr(1, add(z, div(x, z)))
                        z := shr(1, add(z, div(x, z)))
                        z := shr(1, add(z, div(x, z)))
                        // If x+1 is a perfect square, the Babylonian method cycles between
                        // floor(sqrt(x)) and ceil(sqrt(x)). This statement ensures we return floor.
                        // See: https://en.wikipedia.org/wiki/Integer_square_root#Using_only_integer_division
                        // Since the ceil is rare, we save gas on the assignment and repeat division in the rare case.
                        // If you don't care whether the floor or ceil square root is returned, you can remove this statement.
                        z := sub(z, lt(div(x, z), z))
                    }
                }
                function log2(uint256 x) internal pure returns (uint256 r) {
                    require(x > 0, "UNDEFINED");
                    assembly {
                        r := shl(7, lt(0xffffffffffffffffffffffffffffffff, x))
                        r := or(r, shl(6, lt(0xffffffffffffffff, shr(r, x))))
                        r := or(r, shl(5, lt(0xffffffff, shr(r, x))))
                        r := or(r, shl(4, lt(0xffff, shr(r, x))))
                        r := or(r, shl(3, lt(0xff, shr(r, x))))
                        r := or(r, shl(2, lt(0xf, shr(r, x))))
                        r := or(r, shl(1, lt(0x3, shr(r, x))))
                        r := or(r, lt(0x1, shr(r, x)))
                    }
                }
            }
            

            File 4 of 8: ResolvedDelegateProxy
            // SPDX-License-Identifier: MIT
            pragma solidity 0.8.15;
            import { AddressManager } from "./AddressManager.sol";
            /**
             * @custom:legacy
             * @title ResolvedDelegateProxy
             * @notice ResolvedDelegateProxy is a legacy proxy contract that makes use of the AddressManager to
             *         resolve the implementation address. We're maintaining this contract for backwards
             *         compatibility so we can manage all legacy proxies where necessary.
             */
            contract ResolvedDelegateProxy {
                /**
                 * @notice Mapping used to store the implementation name that corresponds to this contract. A
                 *         mapping was originally used as a way to bypass the same issue normally solved by
                 *         storing the implementation address in a specific storage slot that does not conflict
                 *         with any other storage slot. Generally NOT a safe solution but works as long as the
                 *         implementation does not also keep a mapping in the first storage slot.
                 */
                mapping(address => string) private implementationName;
                /**
                 * @notice Mapping used to store the address of the AddressManager contract where the
                 *         implementation address will be resolved from. Same concept here as with the above
                 *         mapping. Also generally unsafe but fine if the implementation doesn't keep a mapping
                 *         in the second storage slot.
                 */
                mapping(address => AddressManager) private addressManager;
                /**
                 * @param _addressManager  Address of the AddressManager.
                 * @param _implementationName implementationName of the contract to proxy to.
                 */
                constructor(AddressManager _addressManager, string memory _implementationName) {
                    addressManager[address(this)] = _addressManager;
                    implementationName[address(this)] = _implementationName;
                }
                /**
                 * @notice Fallback, performs a delegatecall to the resolved implementation address.
                 */
                // solhint-disable-next-line no-complex-fallback
                fallback() external payable {
                    address target = addressManager[address(this)].getAddress(
                        (implementationName[address(this)])
                    );
                    require(target != address(0), "ResolvedDelegateProxy: target address must be initialized");
                    // slither-disable-next-line controlled-delegatecall
                    (bool success, bytes memory returndata) = target.delegatecall(msg.data);
                    if (success == true) {
                        assembly {
                            return(add(returndata, 0x20), mload(returndata))
                        }
                    } else {
                        assembly {
                            revert(add(returndata, 0x20), mload(returndata))
                        }
                    }
                }
            }
            // SPDX-License-Identifier: MIT
            pragma solidity 0.8.15;
            import { Ownable } from "@openzeppelin/contracts/access/Ownable.sol";
            /**
             * @custom:legacy
             * @title AddressManager
             * @notice AddressManager is a legacy contract that was used in the old version of the Optimism
             *         system to manage a registry of string names to addresses. We now use a more standard
             *         proxy system instead, but this contract is still necessary for backwards compatibility
             *         with several older contracts.
             */
            contract AddressManager is Ownable {
                /**
                 * @notice Mapping of the hashes of string names to addresses.
                 */
                mapping(bytes32 => address) private addresses;
                /**
                 * @notice Emitted when an address is modified in the registry.
                 *
                 * @param name       String name being set in the registry.
                 * @param newAddress Address set for the given name.
                 * @param oldAddress Address that was previously set for the given name.
                 */
                event AddressSet(string indexed name, address newAddress, address oldAddress);
                /**
                 * @notice Changes the address associated with a particular name.
                 *
                 * @param _name    String name to associate an address with.
                 * @param _address Address to associate with the name.
                 */
                function setAddress(string memory _name, address _address) external onlyOwner {
                    bytes32 nameHash = _getNameHash(_name);
                    address oldAddress = addresses[nameHash];
                    addresses[nameHash] = _address;
                    emit AddressSet(_name, _address, oldAddress);
                }
                /**
                 * @notice Retrieves the address associated with a given name.
                 *
                 * @param _name Name to retrieve an address for.
                 *
                 * @return Address associated with the given name.
                 */
                function getAddress(string memory _name) external view returns (address) {
                    return addresses[_getNameHash(_name)];
                }
                /**
                 * @notice Computes the hash of a name.
                 *
                 * @param _name Name to compute a hash for.
                 *
                 * @return Hash of the given name.
                 */
                function _getNameHash(string memory _name) internal pure returns (bytes32) {
                    return keccak256(abi.encodePacked(_name));
                }
            }
            // SPDX-License-Identifier: MIT
            // OpenZeppelin Contracts (last updated v4.7.0) (access/Ownable.sol)
            pragma solidity ^0.8.0;
            abstract contract Context {
                function _msgSender() internal view virtual returns (address) {
                    return msg.sender;
                }
                function _msgData() internal view virtual returns (bytes calldata) {
                    return msg.data;
                }
            }
            /**
             * @dev Contract module which provides a basic access control mechanism, where
             * there is an account (an owner) that can be granted exclusive access to
             * specific functions.
             *
             * By default, the owner account will be the one that deploys the contract. This
             * can later be changed with {transferOwnership}.
             *
             * This module is used through inheritance. It will make available the modifier
             * `onlyOwner`, which can be applied to your functions to restrict their use to
             * the owner.
             */
            abstract contract Ownable is Context {
                address private _owner;
                event OwnershipTransferred(address indexed previousOwner, address indexed newOwner);
                /**
                 * @dev Initializes the contract setting the deployer as the initial owner.
                 */
                constructor() {
                    _transferOwnership(_msgSender());
                }
                /**
                 * @dev Throws if called by any account other than the owner.
                 */
                modifier onlyOwner() {
                    _checkOwner();
                    _;
                }
                /**
                 * @dev Returns the address of the current owner.
                 */
                function owner() public view virtual returns (address) {
                    return _owner;
                }
                /**
                 * @dev Throws if the sender is not the owner.
                 */
                function _checkOwner() internal view virtual {
                    require(owner() == _msgSender(), "Ownable: caller is not the owner");
                }
                /**
                 * @dev Leaves the contract without owner. It will not be possible to call
                 * `onlyOwner` functions anymore. Can only be called by the current owner.
                 *
                 * NOTE: Renouncing ownership will leave the contract without an owner,
                 * thereby removing any functionality that is only available to the owner.
                 */
                function renounceOwnership() public virtual onlyOwner {
                    _transferOwnership(address(0));
                }
                /**
                 * @dev Transfers ownership of the contract to a new account (`newOwner`).
                 * Can only be called by the current owner.
                 */
                function transferOwnership(address newOwner) public virtual onlyOwner {
                    require(newOwner != address(0), "Ownable: new owner is the zero address");
                    _transferOwnership(newOwner);
                }
                /**
                 * @dev Transfers ownership of the contract to a new account (`newOwner`).
                 * Internal function without access restriction.
                 */
                function _transferOwnership(address newOwner) internal virtual {
                    address oldOwner = _owner;
                    _owner = newOwner;
                    emit OwnershipTransferred(oldOwner, newOwner);
                }
            }
            

            File 5 of 8: AddressManager
            // SPDX-License-Identifier: MIT
            pragma solidity 0.8.15;
            import { Ownable } from "@openzeppelin/contracts/access/Ownable.sol";
            /**
             * @custom:legacy
             * @title AddressManager
             * @notice AddressManager is a legacy contract that was used in the old version of the Optimism
             *         system to manage a registry of string names to addresses. We now use a more standard
             *         proxy system instead, but this contract is still necessary for backwards compatibility
             *         with several older contracts.
             */
            contract AddressManager is Ownable {
                /**
                 * @notice Mapping of the hashes of string names to addresses.
                 */
                mapping(bytes32 => address) private addresses;
                /**
                 * @notice Emitted when an address is modified in the registry.
                 *
                 * @param name       String name being set in the registry.
                 * @param newAddress Address set for the given name.
                 * @param oldAddress Address that was previously set for the given name.
                 */
                event AddressSet(string indexed name, address newAddress, address oldAddress);
                /**
                 * @notice Changes the address associated with a particular name.
                 *
                 * @param _name    String name to associate an address with.
                 * @param _address Address to associate with the name.
                 */
                function setAddress(string memory _name, address _address) external onlyOwner {
                    bytes32 nameHash = _getNameHash(_name);
                    address oldAddress = addresses[nameHash];
                    addresses[nameHash] = _address;
                    emit AddressSet(_name, _address, oldAddress);
                }
                /**
                 * @notice Retrieves the address associated with a given name.
                 *
                 * @param _name Name to retrieve an address for.
                 *
                 * @return Address associated with the given name.
                 */
                function getAddress(string memory _name) external view returns (address) {
                    return addresses[_getNameHash(_name)];
                }
                /**
                 * @notice Computes the hash of a name.
                 *
                 * @param _name Name to compute a hash for.
                 *
                 * @return Hash of the given name.
                 */
                function _getNameHash(string memory _name) internal pure returns (bytes32) {
                    return keccak256(abi.encodePacked(_name));
                }
            }
            // SPDX-License-Identifier: MIT
            // OpenZeppelin Contracts (last updated v4.7.0) (access/Ownable.sol)
            pragma solidity ^0.8.0;
            import "../utils/Context.sol";
            /**
             * @dev Contract module which provides a basic access control mechanism, where
             * there is an account (an owner) that can be granted exclusive access to
             * specific functions.
             *
             * By default, the owner account will be the one that deploys the contract. This
             * can later be changed with {transferOwnership}.
             *
             * This module is used through inheritance. It will make available the modifier
             * `onlyOwner`, which can be applied to your functions to restrict their use to
             * the owner.
             */
            abstract contract Ownable is Context {
                address private _owner;
                event OwnershipTransferred(address indexed previousOwner, address indexed newOwner);
                /**
                 * @dev Initializes the contract setting the deployer as the initial owner.
                 */
                constructor() {
                    _transferOwnership(_msgSender());
                }
                /**
                 * @dev Throws if called by any account other than the owner.
                 */
                modifier onlyOwner() {
                    _checkOwner();
                    _;
                }
                /**
                 * @dev Returns the address of the current owner.
                 */
                function owner() public view virtual returns (address) {
                    return _owner;
                }
                /**
                 * @dev Throws if the sender is not the owner.
                 */
                function _checkOwner() internal view virtual {
                    require(owner() == _msgSender(), "Ownable: caller is not the owner");
                }
                /**
                 * @dev Leaves the contract without owner. It will not be possible to call
                 * `onlyOwner` functions anymore. Can only be called by the current owner.
                 *
                 * NOTE: Renouncing ownership will leave the contract without an owner,
                 * thereby removing any functionality that is only available to the owner.
                 */
                function renounceOwnership() public virtual onlyOwner {
                    _transferOwnership(address(0));
                }
                /**
                 * @dev Transfers ownership of the contract to a new account (`newOwner`).
                 * Can only be called by the current owner.
                 */
                function transferOwnership(address newOwner) public virtual onlyOwner {
                    require(newOwner != address(0), "Ownable: new owner is the zero address");
                    _transferOwnership(newOwner);
                }
                /**
                 * @dev Transfers ownership of the contract to a new account (`newOwner`).
                 * Internal function without access restriction.
                 */
                function _transferOwnership(address newOwner) internal virtual {
                    address oldOwner = _owner;
                    _owner = newOwner;
                    emit OwnershipTransferred(oldOwner, newOwner);
                }
            }
            // SPDX-License-Identifier: MIT
            // OpenZeppelin Contracts v4.4.1 (utils/Context.sol)
            pragma solidity ^0.8.0;
            /**
             * @dev Provides information about the current execution context, including the
             * sender of the transaction and its data. While these are generally available
             * via msg.sender and msg.data, they should not be accessed in such a direct
             * manner, since when dealing with meta-transactions the account sending and
             * paying for execution may not be the actual sender (as far as an application
             * is concerned).
             *
             * This contract is only required for intermediate, library-like contracts.
             */
            abstract contract Context {
                function _msgSender() internal view virtual returns (address) {
                    return msg.sender;
                }
                function _msgData() internal view virtual returns (bytes calldata) {
                    return msg.data;
                }
            }
            

            File 6 of 8: L1CrossDomainMessenger
            // SPDX-License-Identifier: MIT
            pragma solidity 0.8.15;
            import { Predeploys } from "../libraries/Predeploys.sol";
            import { OptimismPortal } from "./OptimismPortal.sol";
            import { CrossDomainMessenger } from "../universal/CrossDomainMessenger.sol";
            import { Semver } from "../universal/Semver.sol";
            /**
             * @custom:proxied
             * @title L1CrossDomainMessenger
             * @notice The L1CrossDomainMessenger is a message passing interface between L1 and L2 responsible
             *         for sending and receiving data on the L1 side. Users are encouraged to use this
             *         interface instead of interacting with lower-level contracts directly.
             */
            contract L1CrossDomainMessenger is CrossDomainMessenger, Semver {
                /**
                 * @notice Address of the OptimismPortal.
                 */
                OptimismPortal public immutable PORTAL;
                /**
                 * @custom:semver 1.4.0
                 *
                 * @param _portal Address of the OptimismPortal contract on this network.
                 */
                constructor(OptimismPortal _portal)
                    Semver(1, 4, 0)
                    CrossDomainMessenger(Predeploys.L2_CROSS_DOMAIN_MESSENGER)
                {
                    PORTAL = _portal;
                    initialize();
                }
                /**
                 * @notice Initializer.
                 */
                function initialize() public initializer {
                    __CrossDomainMessenger_init();
                }
                /**
                 * @inheritdoc CrossDomainMessenger
                 */
                function _sendMessage(
                    address _to,
                    uint64 _gasLimit,
                    uint256 _value,
                    bytes memory _data
                ) internal override {
                    PORTAL.depositTransaction{ value: _value }(_to, _value, _gasLimit, false, _data);
                }
                /**
                 * @inheritdoc CrossDomainMessenger
                 */
                function _isOtherMessenger() internal view override returns (bool) {
                    return msg.sender == address(PORTAL) && PORTAL.l2Sender() == OTHER_MESSENGER;
                }
                /**
                 * @inheritdoc CrossDomainMessenger
                 */
                function _isUnsafeTarget(address _target) internal view override returns (bool) {
                    return _target == address(this) || _target == address(PORTAL);
                }
            }
            // SPDX-License-Identifier: MIT
            pragma solidity 0.8.15;
            import { Initializable } from "@openzeppelin/contracts/proxy/utils/Initializable.sol";
            import { Semver } from "../universal/Semver.sol";
            import { Types } from "../libraries/Types.sol";
            /**
             * @custom:proxied
             * @title L2OutputOracle
             * @notice The L2OutputOracle contains an array of L2 state outputs, where each output is a
             *         commitment to the state of the L2 chain. Other contracts like the OptimismPortal use
             *         these outputs to verify information about the state of L2.
             */
            contract L2OutputOracle is Initializable, Semver {
                /**
                 * @notice The interval in L2 blocks at which checkpoints must be submitted. Although this is
                 *         immutable, it can safely be modified by upgrading the implementation contract.
                 */
                uint256 public immutable SUBMISSION_INTERVAL;
                /**
                 * @notice The time between L2 blocks in seconds. Once set, this value MUST NOT be modified.
                 */
                uint256 public immutable L2_BLOCK_TIME;
                /**
                 * @notice The address of the challenger. Can be updated via upgrade.
                 */
                address public immutable CHALLENGER;
                /**
                 * @notice The address of the proposer. Can be updated via upgrade.
                 */
                address public immutable PROPOSER;
                /**
                 * @notice Minimum time (in seconds) that must elapse before a withdrawal can be finalized.
                 */
                uint256 public immutable FINALIZATION_PERIOD_SECONDS;
                /**
                 * @notice The number of the first L2 block recorded in this contract.
                 */
                uint256 public startingBlockNumber;
                /**
                 * @notice The timestamp of the first L2 block recorded in this contract.
                 */
                uint256 public startingTimestamp;
                /**
                 * @notice Array of L2 output proposals.
                 */
                Types.OutputProposal[] internal l2Outputs;
                /**
                 * @notice Emitted when an output is proposed.
                 *
                 * @param outputRoot    The output root.
                 * @param l2OutputIndex The index of the output in the l2Outputs array.
                 * @param l2BlockNumber The L2 block number of the output root.
                 * @param l1Timestamp   The L1 timestamp when proposed.
                 */
                event OutputProposed(
                    bytes32 indexed outputRoot,
                    uint256 indexed l2OutputIndex,
                    uint256 indexed l2BlockNumber,
                    uint256 l1Timestamp
                );
                /**
                 * @notice Emitted when outputs are deleted.
                 *
                 * @param prevNextOutputIndex Next L2 output index before the deletion.
                 * @param newNextOutputIndex  Next L2 output index after the deletion.
                 */
                event OutputsDeleted(uint256 indexed prevNextOutputIndex, uint256 indexed newNextOutputIndex);
                /**
                 * @custom:semver 1.3.0
                 *
                 * @param _submissionInterval  Interval in blocks at which checkpoints must be submitted.
                 * @param _l2BlockTime         The time per L2 block, in seconds.
                 * @param _startingBlockNumber The number of the first L2 block.
                 * @param _startingTimestamp   The timestamp of the first L2 block.
                 * @param _proposer            The address of the proposer.
                 * @param _challenger          The address of the challenger.
                 */
                constructor(
                    uint256 _submissionInterval,
                    uint256 _l2BlockTime,
                    uint256 _startingBlockNumber,
                    uint256 _startingTimestamp,
                    address _proposer,
                    address _challenger,
                    uint256 _finalizationPeriodSeconds
                ) Semver(1, 3, 0) {
                    require(_l2BlockTime > 0, "L2OutputOracle: L2 block time must be greater than 0");
                    require(
                        _submissionInterval > 0,
                        "L2OutputOracle: submission interval must be greater than 0"
                    );
                    SUBMISSION_INTERVAL = _submissionInterval;
                    L2_BLOCK_TIME = _l2BlockTime;
                    PROPOSER = _proposer;
                    CHALLENGER = _challenger;
                    FINALIZATION_PERIOD_SECONDS = _finalizationPeriodSeconds;
                    initialize(_startingBlockNumber, _startingTimestamp);
                }
                /**
                 * @notice Initializer.
                 *
                 * @param _startingBlockNumber Block number for the first recoded L2 block.
                 * @param _startingTimestamp   Timestamp for the first recoded L2 block.
                 */
                function initialize(uint256 _startingBlockNumber, uint256 _startingTimestamp)
                    public
                    initializer
                {
                    require(
                        _startingTimestamp <= block.timestamp,
                        "L2OutputOracle: starting L2 timestamp must be less than current time"
                    );
                    startingTimestamp = _startingTimestamp;
                    startingBlockNumber = _startingBlockNumber;
                }
                /**
                 * @notice Deletes all output proposals after and including the proposal that corresponds to
                 *         the given output index. Only the challenger address can delete outputs.
                 *
                 * @param _l2OutputIndex Index of the first L2 output to be deleted. All outputs after this
                 *                       output will also be deleted.
                 */
                // solhint-disable-next-line ordering
                function deleteL2Outputs(uint256 _l2OutputIndex) external {
                    require(
                        msg.sender == CHALLENGER,
                        "L2OutputOracle: only the challenger address can delete outputs"
                    );
                    // Make sure we're not *increasing* the length of the array.
                    require(
                        _l2OutputIndex < l2Outputs.length,
                        "L2OutputOracle: cannot delete outputs after the latest output index"
                    );
                    // Do not allow deleting any outputs that have already been finalized.
                    require(
                        block.timestamp - l2Outputs[_l2OutputIndex].timestamp < FINALIZATION_PERIOD_SECONDS,
                        "L2OutputOracle: cannot delete outputs that have already been finalized"
                    );
                    uint256 prevNextL2OutputIndex = nextOutputIndex();
                    // Use assembly to delete the array elements because Solidity doesn't allow it.
                    assembly {
                        sstore(l2Outputs.slot, _l2OutputIndex)
                    }
                    emit OutputsDeleted(prevNextL2OutputIndex, _l2OutputIndex);
                }
                /**
                 * @notice Accepts an outputRoot and the timestamp of the corresponding L2 block. The timestamp
                 *         must be equal to the current value returned by `nextTimestamp()` in order to be
                 *         accepted. This function may only be called by the Proposer.
                 *
                 * @param _outputRoot    The L2 output of the checkpoint block.
                 * @param _l2BlockNumber The L2 block number that resulted in _outputRoot.
                 * @param _l1BlockHash   A block hash which must be included in the current chain.
                 * @param _l1BlockNumber The block number with the specified block hash.
                 */
                function proposeL2Output(
                    bytes32 _outputRoot,
                    uint256 _l2BlockNumber,
                    bytes32 _l1BlockHash,
                    uint256 _l1BlockNumber
                ) external payable {
                    require(
                        msg.sender == PROPOSER,
                        "L2OutputOracle: only the proposer address can propose new outputs"
                    );
                    require(
                        _l2BlockNumber == nextBlockNumber(),
                        "L2OutputOracle: block number must be equal to next expected block number"
                    );
                    require(
                        computeL2Timestamp(_l2BlockNumber) < block.timestamp,
                        "L2OutputOracle: cannot propose L2 output in the future"
                    );
                    require(
                        _outputRoot != bytes32(0),
                        "L2OutputOracle: L2 output proposal cannot be the zero hash"
                    );
                    if (_l1BlockHash != bytes32(0)) {
                        // This check allows the proposer to propose an output based on a given L1 block,
                        // without fear that it will be reorged out.
                        // It will also revert if the blockheight provided is more than 256 blocks behind the
                        // chain tip (as the hash will return as zero). This does open the door to a griefing
                        // attack in which the proposer's submission is censored until the block is no longer
                        // retrievable, if the proposer is experiencing this attack it can simply leave out the
                        // blockhash value, and delay submission until it is confident that the L1 block is
                        // finalized.
                        require(
                            blockhash(_l1BlockNumber) == _l1BlockHash,
                            "L2OutputOracle: block hash does not match the hash at the expected height"
                        );
                    }
                    emit OutputProposed(_outputRoot, nextOutputIndex(), _l2BlockNumber, block.timestamp);
                    l2Outputs.push(
                        Types.OutputProposal({
                            outputRoot: _outputRoot,
                            timestamp: uint128(block.timestamp),
                            l2BlockNumber: uint128(_l2BlockNumber)
                        })
                    );
                }
                /**
                 * @notice Returns an output by index. Exists because Solidity's array access will return a
                 *         tuple instead of a struct.
                 *
                 * @param _l2OutputIndex Index of the output to return.
                 *
                 * @return The output at the given index.
                 */
                function getL2Output(uint256 _l2OutputIndex)
                    external
                    view
                    returns (Types.OutputProposal memory)
                {
                    return l2Outputs[_l2OutputIndex];
                }
                /**
                 * @notice Returns the index of the L2 output that checkpoints a given L2 block number. Uses a
                 *         binary search to find the first output greater than or equal to the given block.
                 *
                 * @param _l2BlockNumber L2 block number to find a checkpoint for.
                 *
                 * @return Index of the first checkpoint that commits to the given L2 block number.
                 */
                function getL2OutputIndexAfter(uint256 _l2BlockNumber) public view returns (uint256) {
                    // Make sure an output for this block number has actually been proposed.
                    require(
                        _l2BlockNumber <= latestBlockNumber(),
                        "L2OutputOracle: cannot get output for a block that has not been proposed"
                    );
                    // Make sure there's at least one output proposed.
                    require(
                        l2Outputs.length > 0,
                        "L2OutputOracle: cannot get output as no outputs have been proposed yet"
                    );
                    // Find the output via binary search, guaranteed to exist.
                    uint256 lo = 0;
                    uint256 hi = l2Outputs.length;
                    while (lo < hi) {
                        uint256 mid = (lo + hi) / 2;
                        if (l2Outputs[mid].l2BlockNumber < _l2BlockNumber) {
                            lo = mid + 1;
                        } else {
                            hi = mid;
                        }
                    }
                    return lo;
                }
                /**
                 * @notice Returns the L2 output proposal that checkpoints a given L2 block number. Uses a
                 *         binary search to find the first output greater than or equal to the given block.
                 *
                 * @param _l2BlockNumber L2 block number to find a checkpoint for.
                 *
                 * @return First checkpoint that commits to the given L2 block number.
                 */
                function getL2OutputAfter(uint256 _l2BlockNumber)
                    external
                    view
                    returns (Types.OutputProposal memory)
                {
                    return l2Outputs[getL2OutputIndexAfter(_l2BlockNumber)];
                }
                /**
                 * @notice Returns the number of outputs that have been proposed. Will revert if no outputs
                 *         have been proposed yet.
                 *
                 * @return The number of outputs that have been proposed.
                 */
                function latestOutputIndex() external view returns (uint256) {
                    return l2Outputs.length - 1;
                }
                /**
                 * @notice Returns the index of the next output to be proposed.
                 *
                 * @return The index of the next output to be proposed.
                 */
                function nextOutputIndex() public view returns (uint256) {
                    return l2Outputs.length;
                }
                /**
                 * @notice Returns the block number of the latest submitted L2 output proposal. If no proposals
                 *         been submitted yet then this function will return the starting block number.
                 *
                 * @return Latest submitted L2 block number.
                 */
                function latestBlockNumber() public view returns (uint256) {
                    return
                        l2Outputs.length == 0
                            ? startingBlockNumber
                            : l2Outputs[l2Outputs.length - 1].l2BlockNumber;
                }
                /**
                 * @notice Computes the block number of the next L2 block that needs to be checkpointed.
                 *
                 * @return Next L2 block number.
                 */
                function nextBlockNumber() public view returns (uint256) {
                    return latestBlockNumber() + SUBMISSION_INTERVAL;
                }
                /**
                 * @notice Returns the L2 timestamp corresponding to a given L2 block number.
                 *
                 * @param _l2BlockNumber The L2 block number of the target block.
                 *
                 * @return L2 timestamp of the given block.
                 */
                function computeL2Timestamp(uint256 _l2BlockNumber) public view returns (uint256) {
                    return startingTimestamp + ((_l2BlockNumber - startingBlockNumber) * L2_BLOCK_TIME);
                }
            }
            // SPDX-License-Identifier: MIT
            pragma solidity 0.8.15;
            import { Initializable } from "@openzeppelin/contracts/proxy/utils/Initializable.sol";
            import { SafeCall } from "../libraries/SafeCall.sol";
            import { L2OutputOracle } from "./L2OutputOracle.sol";
            import { SystemConfig } from "./SystemConfig.sol";
            import { Constants } from "../libraries/Constants.sol";
            import { Types } from "../libraries/Types.sol";
            import { Hashing } from "../libraries/Hashing.sol";
            import { SecureMerkleTrie } from "../libraries/trie/SecureMerkleTrie.sol";
            import { AddressAliasHelper } from "../vendor/AddressAliasHelper.sol";
            import { ResourceMetering } from "./ResourceMetering.sol";
            import { Semver } from "../universal/Semver.sol";
            /**
             * @custom:proxied
             * @title OptimismPortal
             * @notice The OptimismPortal is a low-level contract responsible for passing messages between L1
             *         and L2. Messages sent directly to the OptimismPortal have no form of replayability.
             *         Users are encouraged to use the L1CrossDomainMessenger for a higher-level interface.
             */
            contract OptimismPortal is Initializable, ResourceMetering, Semver {
                /**
                 * @notice Represents a proven withdrawal.
                 *
                 * @custom:field outputRoot    Root of the L2 output this was proven against.
                 * @custom:field timestamp     Timestamp at whcih the withdrawal was proven.
                 * @custom:field l2OutputIndex Index of the output this was proven against.
                 */
                struct ProvenWithdrawal {
                    bytes32 outputRoot;
                    uint128 timestamp;
                    uint128 l2OutputIndex;
                }
                /**
                 * @notice Version of the deposit event.
                 */
                uint256 internal constant DEPOSIT_VERSION = 0;
                /**
                 * @notice The L2 gas limit set when eth is deposited using the receive() function.
                 */
                uint64 internal constant RECEIVE_DEFAULT_GAS_LIMIT = 100_000;
                /**
                 * @notice Address of the L2OutputOracle contract.
                 */
                L2OutputOracle public immutable L2_ORACLE;
                /**
                 * @notice Address of the SystemConfig contract.
                 */
                SystemConfig public immutable SYSTEM_CONFIG;
                /**
                 * @notice Address that has the ability to pause and unpause withdrawals.
                 */
                address public immutable GUARDIAN;
                /**
                 * @notice Address of the L2 account which initiated a withdrawal in this transaction. If the
                 *         of this variable is the default L2 sender address, then we are NOT inside of a call
                 *         to finalizeWithdrawalTransaction.
                 */
                address public l2Sender;
                /**
                 * @notice A list of withdrawal hashes which have been successfully finalized.
                 */
                mapping(bytes32 => bool) public finalizedWithdrawals;
                /**
                 * @notice A mapping of withdrawal hashes to `ProvenWithdrawal` data.
                 */
                mapping(bytes32 => ProvenWithdrawal) public provenWithdrawals;
                /**
                 * @notice Determines if cross domain messaging is paused. When set to true,
                 *         withdrawals are paused. This may be removed in the future.
                 */
                bool public paused;
                /**
                 * @notice Emitted when a transaction is deposited from L1 to L2. The parameters of this event
                 *         are read by the rollup node and used to derive deposit transactions on L2.
                 *
                 * @param from       Address that triggered the deposit transaction.
                 * @param to         Address that the deposit transaction is directed to.
                 * @param version    Version of this deposit transaction event.
                 * @param opaqueData ABI encoded deposit data to be parsed off-chain.
                 */
                event TransactionDeposited(
                    address indexed from,
                    address indexed to,
                    uint256 indexed version,
                    bytes opaqueData
                );
                /**
                 * @notice Emitted when a withdrawal transaction is proven.
                 *
                 * @param withdrawalHash Hash of the withdrawal transaction.
                 */
                event WithdrawalProven(
                    bytes32 indexed withdrawalHash,
                    address indexed from,
                    address indexed to
                );
                /**
                 * @notice Emitted when a withdrawal transaction is finalized.
                 *
                 * @param withdrawalHash Hash of the withdrawal transaction.
                 * @param success        Whether the withdrawal transaction was successful.
                 */
                event WithdrawalFinalized(bytes32 indexed withdrawalHash, bool success);
                /**
                 * @notice Emitted when the pause is triggered.
                 *
                 * @param account Address of the account triggering the pause.
                 */
                event Paused(address account);
                /**
                 * @notice Emitted when the pause is lifted.
                 *
                 * @param account Address of the account triggering the unpause.
                 */
                event Unpaused(address account);
                /**
                 * @notice Reverts when paused.
                 */
                modifier whenNotPaused() {
                    require(paused == false, "OptimismPortal: paused");
                    _;
                }
                /**
                 * @custom:semver 1.6.0
                 *
                 * @param _l2Oracle                  Address of the L2OutputOracle contract.
                 * @param _guardian                  Address that can pause deposits and withdrawals.
                 * @param _paused                    Sets the contract's pausability state.
                 * @param _config                    Address of the SystemConfig contract.
                 */
                constructor(
                    L2OutputOracle _l2Oracle,
                    address _guardian,
                    bool _paused,
                    SystemConfig _config
                ) Semver(1, 6, 0) {
                    L2_ORACLE = _l2Oracle;
                    GUARDIAN = _guardian;
                    SYSTEM_CONFIG = _config;
                    initialize(_paused);
                }
                /**
                 * @notice Initializer.
                 */
                function initialize(bool _paused) public initializer {
                    l2Sender = Constants.DEFAULT_L2_SENDER;
                    paused = _paused;
                    __ResourceMetering_init();
                }
                /**
                 * @notice Pause deposits and withdrawals.
                 */
                function pause() external {
                    require(msg.sender == GUARDIAN, "OptimismPortal: only guardian can pause");
                    paused = true;
                    emit Paused(msg.sender);
                }
                /**
                 * @notice Unpause deposits and withdrawals.
                 */
                function unpause() external {
                    require(msg.sender == GUARDIAN, "OptimismPortal: only guardian can unpause");
                    paused = false;
                    emit Unpaused(msg.sender);
                }
                /**
                 * @notice Computes the minimum gas limit for a deposit. The minimum gas limit
                 *         linearly increases based on the size of the calldata. This is to prevent
                 *         users from creating L2 resource usage without paying for it. This function
                 *         can be used when interacting with the portal to ensure forwards compatibility.
                 *
                 */
                function minimumGasLimit(uint64 _byteCount) public pure returns (uint64) {
                    return _byteCount * 16 + 21000;
                }
                /**
                 * @notice Accepts value so that users can send ETH directly to this contract and have the
                 *         funds be deposited to their address on L2. This is intended as a convenience
                 *         function for EOAs. Contracts should call the depositTransaction() function directly
                 *         otherwise any deposited funds will be lost due to address aliasing.
                 */
                // solhint-disable-next-line ordering
                receive() external payable {
                    depositTransaction(msg.sender, msg.value, RECEIVE_DEFAULT_GAS_LIMIT, false, bytes(""));
                }
                /**
                 * @notice Accepts ETH value without triggering a deposit to L2. This function mainly exists
                 *         for the sake of the migration between the legacy Optimism system and Bedrock.
                 */
                function donateETH() external payable {
                    // Intentionally empty.
                }
                /**
                 * @notice Getter for the resource config. Used internally by the ResourceMetering
                 *         contract. The SystemConfig is the source of truth for the resource config.
                 *
                 * @return ResourceMetering.ResourceConfig
                 */
                function _resourceConfig()
                    internal
                    view
                    override
                    returns (ResourceMetering.ResourceConfig memory)
                {
                    return SYSTEM_CONFIG.resourceConfig();
                }
                /**
                 * @notice Proves a withdrawal transaction.
                 *
                 * @param _tx              Withdrawal transaction to finalize.
                 * @param _l2OutputIndex   L2 output index to prove against.
                 * @param _outputRootProof Inclusion proof of the L2ToL1MessagePasser contract's storage root.
                 * @param _withdrawalProof Inclusion proof of the withdrawal in L2ToL1MessagePasser contract.
                 */
                function proveWithdrawalTransaction(
                    Types.WithdrawalTransaction memory _tx,
                    uint256 _l2OutputIndex,
                    Types.OutputRootProof calldata _outputRootProof,
                    bytes[] calldata _withdrawalProof
                ) external whenNotPaused {
                    // Prevent users from creating a deposit transaction where this address is the message
                    // sender on L2. Because this is checked here, we do not need to check again in
                    // `finalizeWithdrawalTransaction`.
                    require(
                        _tx.target != address(this),
                        "OptimismPortal: you cannot send messages to the portal contract"
                    );
                    // Get the output root and load onto the stack to prevent multiple mloads. This will
                    // revert if there is no output root for the given block number.
                    bytes32 outputRoot = L2_ORACLE.getL2Output(_l2OutputIndex).outputRoot;
                    // Verify that the output root can be generated with the elements in the proof.
                    require(
                        outputRoot == Hashing.hashOutputRootProof(_outputRootProof),
                        "OptimismPortal: invalid output root proof"
                    );
                    // Load the ProvenWithdrawal into memory, using the withdrawal hash as a unique identifier.
                    bytes32 withdrawalHash = Hashing.hashWithdrawal(_tx);
                    ProvenWithdrawal memory provenWithdrawal = provenWithdrawals[withdrawalHash];
                    // We generally want to prevent users from proving the same withdrawal multiple times
                    // because each successive proof will update the timestamp. A malicious user can take
                    // advantage of this to prevent other users from finalizing their withdrawal. However,
                    // since withdrawals are proven before an output root is finalized, we need to allow users
                    // to re-prove their withdrawal only in the case that the output root for their specified
                    // output index has been updated.
                    require(
                        provenWithdrawal.timestamp == 0 ||
                            L2_ORACLE.getL2Output(provenWithdrawal.l2OutputIndex).outputRoot !=
                            provenWithdrawal.outputRoot,
                        "OptimismPortal: withdrawal hash has already been proven"
                    );
                    // Compute the storage slot of the withdrawal hash in the L2ToL1MessagePasser contract.
                    // Refer to the Solidity documentation for more information on how storage layouts are
                    // computed for mappings.
                    bytes32 storageKey = keccak256(
                        abi.encode(
                            withdrawalHash,
                            uint256(0) // The withdrawals mapping is at the first slot in the layout.
                        )
                    );
                    // Verify that the hash of this withdrawal was stored in the L2toL1MessagePasser contract
                    // on L2. If this is true, under the assumption that the SecureMerkleTrie does not have
                    // bugs, then we know that this withdrawal was actually triggered on L2 and can therefore
                    // be relayed on L1.
                    require(
                        SecureMerkleTrie.verifyInclusionProof(
                            abi.encode(storageKey),
                            hex"01",
                            _withdrawalProof,
                            _outputRootProof.messagePasserStorageRoot
                        ),
                        "OptimismPortal: invalid withdrawal inclusion proof"
                    );
                    // Designate the withdrawalHash as proven by storing the `outputRoot`, `timestamp`, and
                    // `l2BlockNumber` in the `provenWithdrawals` mapping. A `withdrawalHash` can only be
                    // proven once unless it is submitted again with a different outputRoot.
                    provenWithdrawals[withdrawalHash] = ProvenWithdrawal({
                        outputRoot: outputRoot,
                        timestamp: uint128(block.timestamp),
                        l2OutputIndex: uint128(_l2OutputIndex)
                    });
                    // Emit a `WithdrawalProven` event.
                    emit WithdrawalProven(withdrawalHash, _tx.sender, _tx.target);
                }
                /**
                 * @notice Finalizes a withdrawal transaction.
                 *
                 * @param _tx Withdrawal transaction to finalize.
                 */
                function finalizeWithdrawalTransaction(Types.WithdrawalTransaction memory _tx)
                    external
                    whenNotPaused
                {
                    // Make sure that the l2Sender has not yet been set. The l2Sender is set to a value other
                    // than the default value when a withdrawal transaction is being finalized. This check is
                    // a defacto reentrancy guard.
                    require(
                        l2Sender == Constants.DEFAULT_L2_SENDER,
                        "OptimismPortal: can only trigger one withdrawal per transaction"
                    );
                    // Grab the proven withdrawal from the `provenWithdrawals` map.
                    bytes32 withdrawalHash = Hashing.hashWithdrawal(_tx);
                    ProvenWithdrawal memory provenWithdrawal = provenWithdrawals[withdrawalHash];
                    // A withdrawal can only be finalized if it has been proven. We know that a withdrawal has
                    // been proven at least once when its timestamp is non-zero. Unproven withdrawals will have
                    // a timestamp of zero.
                    require(
                        provenWithdrawal.timestamp != 0,
                        "OptimismPortal: withdrawal has not been proven yet"
                    );
                    // As a sanity check, we make sure that the proven withdrawal's timestamp is greater than
                    // starting timestamp inside the L2OutputOracle. Not strictly necessary but extra layer of
                    // safety against weird bugs in the proving step.
                    require(
                        provenWithdrawal.timestamp >= L2_ORACLE.startingTimestamp(),
                        "OptimismPortal: withdrawal timestamp less than L2 Oracle starting timestamp"
                    );
                    // A proven withdrawal must wait at least the finalization period before it can be
                    // finalized. This waiting period can elapse in parallel with the waiting period for the
                    // output the withdrawal was proven against. In effect, this means that the minimum
                    // withdrawal time is proposal submission time + finalization period.
                    require(
                        _isFinalizationPeriodElapsed(provenWithdrawal.timestamp),
                        "OptimismPortal: proven withdrawal finalization period has not elapsed"
                    );
                    // Grab the OutputProposal from the L2OutputOracle, will revert if the output that
                    // corresponds to the given index has not been proposed yet.
                    Types.OutputProposal memory proposal = L2_ORACLE.getL2Output(
                        provenWithdrawal.l2OutputIndex
                    );
                    // Check that the output root that was used to prove the withdrawal is the same as the
                    // current output root for the given output index. An output root may change if it is
                    // deleted by the challenger address and then re-proposed.
                    require(
                        proposal.outputRoot == provenWithdrawal.outputRoot,
                        "OptimismPortal: output root proven is not the same as current output root"
                    );
                    // Check that the output proposal has also been finalized.
                    require(
                        _isFinalizationPeriodElapsed(proposal.timestamp),
                        "OptimismPortal: output proposal finalization period has not elapsed"
                    );
                    // Check that this withdrawal has not already been finalized, this is replay protection.
                    require(
                        finalizedWithdrawals[withdrawalHash] == false,
                        "OptimismPortal: withdrawal has already been finalized"
                    );
                    // Mark the withdrawal as finalized so it can't be replayed.
                    finalizedWithdrawals[withdrawalHash] = true;
                    // Set the l2Sender so contracts know who triggered this withdrawal on L2.
                    l2Sender = _tx.sender;
                    // Trigger the call to the target contract. We use a custom low level method
                    // SafeCall.callWithMinGas to ensure two key properties
                    //   1. Target contracts cannot force this call to run out of gas by returning a very large
                    //      amount of data (and this is OK because we don't care about the returndata here).
                    //   2. The amount of gas provided to the execution context of the target is at least the
                    //      gas limit specified by the user. If there is not enough gas in the current context
                    //      to accomplish this, `callWithMinGas` will revert.
                    bool success = SafeCall.callWithMinGas(_tx.target, _tx.gasLimit, _tx.value, _tx.data);
                    // Reset the l2Sender back to the default value.
                    l2Sender = Constants.DEFAULT_L2_SENDER;
                    // All withdrawals are immediately finalized. Replayability can
                    // be achieved through contracts built on top of this contract
                    emit WithdrawalFinalized(withdrawalHash, success);
                    // Reverting here is useful for determining the exact gas cost to successfully execute the
                    // sub call to the target contract if the minimum gas limit specified by the user would not
                    // be sufficient to execute the sub call.
                    if (success == false && tx.origin == Constants.ESTIMATION_ADDRESS) {
                        revert("OptimismPortal: withdrawal failed");
                    }
                }
                /**
                 * @notice Accepts deposits of ETH and data, and emits a TransactionDeposited event for use in
                 *         deriving deposit transactions. Note that if a deposit is made by a contract, its
                 *         address will be aliased when retrieved using `tx.origin` or `msg.sender`. Consider
                 *         using the CrossDomainMessenger contracts for a simpler developer experience.
                 *
                 * @param _to         Target address on L2.
                 * @param _value      ETH value to send to the recipient.
                 * @param _gasLimit   Minimum L2 gas limit (can be greater than or equal to this value).
                 * @param _isCreation Whether or not the transaction is a contract creation.
                 * @param _data       Data to trigger the recipient with.
                 */
                function depositTransaction(
                    address _to,
                    uint256 _value,
                    uint64 _gasLimit,
                    bool _isCreation,
                    bytes memory _data
                ) public payable metered(_gasLimit) {
                    // Just to be safe, make sure that people specify address(0) as the target when doing
                    // contract creations.
                    if (_isCreation) {
                        require(
                            _to == address(0),
                            "OptimismPortal: must send to address(0) when creating a contract"
                        );
                    }
                    // Prevent depositing transactions that have too small of a gas limit. Users should pay
                    // more for more resource usage.
                    require(
                        _gasLimit >= minimumGasLimit(uint64(_data.length)),
                        "OptimismPortal: gas limit too small"
                    );
                    // Prevent the creation of deposit transactions that have too much calldata. This gives an
                    // upper limit on the size of unsafe blocks over the p2p network. 120kb is chosen to ensure
                    // that the transaction can fit into the p2p network policy of 128kb even though deposit
                    // transactions are not gossipped over the p2p network.
                    require(_data.length <= 120_000, "OptimismPortal: data too large");
                    // Transform the from-address to its alias if the caller is a contract.
                    address from = msg.sender;
                    if (msg.sender != tx.origin) {
                        from = AddressAliasHelper.applyL1ToL2Alias(msg.sender);
                    }
                    // Compute the opaque data that will be emitted as part of the TransactionDeposited event.
                    // We use opaque data so that we can update the TransactionDeposited event in the future
                    // without breaking the current interface.
                    bytes memory opaqueData = abi.encodePacked(
                        msg.value,
                        _value,
                        _gasLimit,
                        _isCreation,
                        _data
                    );
                    // Emit a TransactionDeposited event so that the rollup node can derive a deposit
                    // transaction for this deposit.
                    emit TransactionDeposited(from, _to, DEPOSIT_VERSION, opaqueData);
                }
                /**
                 * @notice Determine if a given output is finalized. Reverts if the call to
                 *         L2_ORACLE.getL2Output reverts. Returns a boolean otherwise.
                 *
                 * @param _l2OutputIndex Index of the L2 output to check.
                 *
                 * @return Whether or not the output is finalized.
                 */
                function isOutputFinalized(uint256 _l2OutputIndex) external view returns (bool) {
                    return _isFinalizationPeriodElapsed(L2_ORACLE.getL2Output(_l2OutputIndex).timestamp);
                }
                /**
                 * @notice Determines whether the finalization period has elapsed w/r/t a given timestamp.
                 *
                 * @param _timestamp Timestamp to check.
                 *
                 * @return Whether or not the finalization period has elapsed.
                 */
                function _isFinalizationPeriodElapsed(uint256 _timestamp) internal view returns (bool) {
                    return block.timestamp > _timestamp + L2_ORACLE.FINALIZATION_PERIOD_SECONDS();
                }
            }
            // SPDX-License-Identifier: MIT
            pragma solidity 0.8.15;
            import { Initializable } from "@openzeppelin/contracts/proxy/utils/Initializable.sol";
            import { Math } from "@openzeppelin/contracts/utils/math/Math.sol";
            import { Burn } from "../libraries/Burn.sol";
            import { Arithmetic } from "../libraries/Arithmetic.sol";
            /**
             * @custom:upgradeable
             * @title ResourceMetering
             * @notice ResourceMetering implements an EIP-1559 style resource metering system where pricing
             *         updates automatically based on current demand.
             */
            abstract contract ResourceMetering is Initializable {
                /**
                 * @notice Represents the various parameters that control the way in which resources are
                 *         metered. Corresponds to the EIP-1559 resource metering system.
                 *
                 * @custom:field prevBaseFee   Base fee from the previous block(s).
                 * @custom:field prevBoughtGas Amount of gas bought so far in the current block.
                 * @custom:field prevBlockNum  Last block number that the base fee was updated.
                 */
                struct ResourceParams {
                    uint128 prevBaseFee;
                    uint64 prevBoughtGas;
                    uint64 prevBlockNum;
                }
                /**
                 * @notice Represents the configuration for the EIP-1559 based curve for the deposit gas
                 *         market. These values should be set with care as it is possible to set them in
                 *         a way that breaks the deposit gas market. The target resource limit is defined as
                 *         maxResourceLimit / elasticityMultiplier. This struct was designed to fit within a
                 *         single word. There is additional space for additions in the future.
                 *
                 * @custom:field maxResourceLimit             Represents the maximum amount of deposit gas that
                 *                                            can be purchased per block.
                 * @custom:field elasticityMultiplier         Determines the target resource limit along with
                 *                                            the resource limit.
                 * @custom:field baseFeeMaxChangeDenominator  Determines max change on fee per block.
                 * @custom:field minimumBaseFee               The min deposit base fee, it is clamped to this
                 *                                            value.
                 * @custom:field systemTxMaxGas               The amount of gas supplied to the system
                 *                                            transaction. This should be set to the same number
                 *                                            that the op-node sets as the gas limit for the
                 *                                            system transaction.
                 * @custom:field maximumBaseFee               The max deposit base fee, it is clamped to this
                 *                                            value.
                 */
                struct ResourceConfig {
                    uint32 maxResourceLimit;
                    uint8 elasticityMultiplier;
                    uint8 baseFeeMaxChangeDenominator;
                    uint32 minimumBaseFee;
                    uint32 systemTxMaxGas;
                    uint128 maximumBaseFee;
                }
                /**
                 * @notice EIP-1559 style gas parameters.
                 */
                ResourceParams public params;
                /**
                 * @notice Reserve extra slots (to a total of 50) in the storage layout for future upgrades.
                 */
                uint256[48] private __gap;
                /**
                 * @notice Meters access to a function based an amount of a requested resource.
                 *
                 * @param _amount Amount of the resource requested.
                 */
                modifier metered(uint64 _amount) {
                    // Record initial gas amount so we can refund for it later.
                    uint256 initialGas = gasleft();
                    // Run the underlying function.
                    _;
                    // Run the metering function.
                    _metered(_amount, initialGas);
                }
                /**
                 * @notice An internal function that holds all of the logic for metering a resource.
                 *
                 * @param _amount     Amount of the resource requested.
                 * @param _initialGas The amount of gas before any modifier execution.
                 */
                function _metered(uint64 _amount, uint256 _initialGas) internal {
                    // Update block number and base fee if necessary.
                    uint256 blockDiff = block.number - params.prevBlockNum;
                    ResourceConfig memory config = _resourceConfig();
                    int256 targetResourceLimit = int256(uint256(config.maxResourceLimit)) /
                        int256(uint256(config.elasticityMultiplier));
                    if (blockDiff > 0) {
                        // Handle updating EIP-1559 style gas parameters. We use EIP-1559 to restrict the rate
                        // at which deposits can be created and therefore limit the potential for deposits to
                        // spam the L2 system. Fee scheme is very similar to EIP-1559 with minor changes.
                        int256 gasUsedDelta = int256(uint256(params.prevBoughtGas)) - targetResourceLimit;
                        int256 baseFeeDelta = (int256(uint256(params.prevBaseFee)) * gasUsedDelta) /
                            (targetResourceLimit * int256(uint256(config.baseFeeMaxChangeDenominator)));
                        // Update base fee by adding the base fee delta and clamp the resulting value between
                        // min and max.
                        int256 newBaseFee = Arithmetic.clamp({
                            _value: int256(uint256(params.prevBaseFee)) + baseFeeDelta,
                            _min: int256(uint256(config.minimumBaseFee)),
                            _max: int256(uint256(config.maximumBaseFee))
                        });
                        // If we skipped more than one block, we also need to account for every empty block.
                        // Empty block means there was no demand for deposits in that block, so we should
                        // reflect this lack of demand in the fee.
                        if (blockDiff > 1) {
                            // Update the base fee by repeatedly applying the exponent 1-(1/change_denominator)
                            // blockDiff - 1 times. Simulates multiple empty blocks. Clamp the resulting value
                            // between min and max.
                            newBaseFee = Arithmetic.clamp({
                                _value: Arithmetic.cdexp({
                                    _coefficient: newBaseFee,
                                    _denominator: int256(uint256(config.baseFeeMaxChangeDenominator)),
                                    _exponent: int256(blockDiff - 1)
                                }),
                                _min: int256(uint256(config.minimumBaseFee)),
                                _max: int256(uint256(config.maximumBaseFee))
                            });
                        }
                        // Update new base fee, reset bought gas, and update block number.
                        params.prevBaseFee = uint128(uint256(newBaseFee));
                        params.prevBoughtGas = 0;
                        params.prevBlockNum = uint64(block.number);
                    }
                    // Make sure we can actually buy the resource amount requested by the user.
                    params.prevBoughtGas += _amount;
                    require(
                        int256(uint256(params.prevBoughtGas)) <= int256(uint256(config.maxResourceLimit)),
                        "ResourceMetering: cannot buy more gas than available gas limit"
                    );
                    // Determine the amount of ETH to be paid.
                    uint256 resourceCost = uint256(_amount) * uint256(params.prevBaseFee);
                    // We currently charge for this ETH amount as an L1 gas burn, so we convert the ETH amount
                    // into gas by dividing by the L1 base fee. We assume a minimum base fee of 1 gwei to avoid
                    // division by zero for L1s that don't support 1559 or to avoid excessive gas burns during
                    // periods of extremely low L1 demand. One-day average gas fee hasn't dipped below 1 gwei
                    // during any 1 day period in the last 5 years, so should be fine.
                    uint256 gasCost = resourceCost / Math.max(block.basefee, 1 gwei);
                    // Give the user a refund based on the amount of gas they used to do all of the work up to
                    // this point. Since we're at the end of the modifier, this should be pretty accurate. Acts
                    // effectively like a dynamic stipend (with a minimum value).
                    uint256 usedGas = _initialGas - gasleft();
                    if (gasCost > usedGas) {
                        Burn.gas(gasCost - usedGas);
                    }
                }
                /**
                 * @notice Virtual function that returns the resource config. Contracts that inherit this
                 *         contract must implement this function.
                 *
                 * @return ResourceConfig
                 */
                function _resourceConfig() internal virtual returns (ResourceConfig memory);
                /**
                 * @notice Sets initial resource parameter values. This function must either be called by the
                 *         initializer function of an upgradeable child contract.
                 */
                // solhint-disable-next-line func-name-mixedcase
                function __ResourceMetering_init() internal onlyInitializing {
                    params = ResourceParams({
                        prevBaseFee: 1 gwei,
                        prevBoughtGas: 0,
                        prevBlockNum: uint64(block.number)
                    });
                }
            }
            // SPDX-License-Identifier: MIT
            pragma solidity 0.8.15;
            import {
                OwnableUpgradeable
            } from "@openzeppelin/contracts-upgradeable/access/OwnableUpgradeable.sol";
            import { Semver } from "../universal/Semver.sol";
            import { ResourceMetering } from "./ResourceMetering.sol";
            /**
             * @title SystemConfig
             * @notice The SystemConfig contract is used to manage configuration of an Optimism network. All
             *         configuration is stored on L1 and picked up by L2 as part of the derviation of the L2
             *         chain.
             */
            contract SystemConfig is OwnableUpgradeable, Semver {
                /**
                 * @notice Enum representing different types of updates.
                 *
                 * @custom:value BATCHER              Represents an update to the batcher hash.
                 * @custom:value GAS_CONFIG           Represents an update to txn fee config on L2.
                 * @custom:value GAS_LIMIT            Represents an update to gas limit on L2.
                 * @custom:value UNSAFE_BLOCK_SIGNER  Represents an update to the signer key for unsafe
                 *                                    block distrubution.
                 */
                enum UpdateType {
                    BATCHER,
                    GAS_CONFIG,
                    GAS_LIMIT,
                    UNSAFE_BLOCK_SIGNER
                }
                /**
                 * @notice Version identifier, used for upgrades.
                 */
                uint256 public constant VERSION = 0;
                /**
                 * @notice Storage slot that the unsafe block signer is stored at. Storing it at this
                 *         deterministic storage slot allows for decoupling the storage layout from the way
                 *         that `solc` lays out storage. The `op-node` uses a storage proof to fetch this value.
                 */
                bytes32 public constant UNSAFE_BLOCK_SIGNER_SLOT = keccak256("systemconfig.unsafeblocksigner");
                /**
                 * @notice Fixed L2 gas overhead. Used as part of the L2 fee calculation.
                 */
                uint256 public overhead;
                /**
                 * @notice Dynamic L2 gas overhead. Used as part of the L2 fee calculation.
                 */
                uint256 public scalar;
                /**
                 * @notice Identifier for the batcher. For version 1 of this configuration, this is represented
                 *         as an address left-padded with zeros to 32 bytes.
                 */
                bytes32 public batcherHash;
                /**
                 * @notice L2 block gas limit.
                 */
                uint64 public gasLimit;
                /**
                 * @notice The configuration for the deposit fee market. Used by the OptimismPortal
                 *         to meter the cost of buying L2 gas on L1. Set as internal and wrapped with a getter
                 *         so that the struct is returned instead of a tuple.
                 */
                ResourceMetering.ResourceConfig internal _resourceConfig;
                /**
                 * @notice Emitted when configuration is updated
                 *
                 * @param version    SystemConfig version.
                 * @param updateType Type of update.
                 * @param data       Encoded update data.
                 */
                event ConfigUpdate(uint256 indexed version, UpdateType indexed updateType, bytes data);
                /**
                 * @custom:semver 1.3.0
                 *
                 * @param _owner             Initial owner of the contract.
                 * @param _overhead          Initial overhead value.
                 * @param _scalar            Initial scalar value.
                 * @param _batcherHash       Initial batcher hash.
                 * @param _gasLimit          Initial gas limit.
                 * @param _unsafeBlockSigner Initial unsafe block signer address.
                 * @param _config            Initial resource config.
                 */
                constructor(
                    address _owner,
                    uint256 _overhead,
                    uint256 _scalar,
                    bytes32 _batcherHash,
                    uint64 _gasLimit,
                    address _unsafeBlockSigner,
                    ResourceMetering.ResourceConfig memory _config
                ) Semver(1, 3, 0) {
                    initialize({
                        _owner: _owner,
                        _overhead: _overhead,
                        _scalar: _scalar,
                        _batcherHash: _batcherHash,
                        _gasLimit: _gasLimit,
                        _unsafeBlockSigner: _unsafeBlockSigner,
                        _config: _config
                    });
                }
                /**
                 * @notice Initializer. The resource config must be set before the
                 *         require check.
                 *
                 * @param _owner             Initial owner of the contract.
                 * @param _overhead          Initial overhead value.
                 * @param _scalar            Initial scalar value.
                 * @param _batcherHash       Initial batcher hash.
                 * @param _gasLimit          Initial gas limit.
                 * @param _unsafeBlockSigner Initial unsafe block signer address.
                 * @param _config            Initial ResourceConfig.
                 */
                function initialize(
                    address _owner,
                    uint256 _overhead,
                    uint256 _scalar,
                    bytes32 _batcherHash,
                    uint64 _gasLimit,
                    address _unsafeBlockSigner,
                    ResourceMetering.ResourceConfig memory _config
                ) public initializer {
                    __Ownable_init();
                    transferOwnership(_owner);
                    overhead = _overhead;
                    scalar = _scalar;
                    batcherHash = _batcherHash;
                    gasLimit = _gasLimit;
                    _setUnsafeBlockSigner(_unsafeBlockSigner);
                    _setResourceConfig(_config);
                    require(_gasLimit >= minimumGasLimit(), "SystemConfig: gas limit too low");
                }
                /**
                 * @notice Returns the minimum L2 gas limit that can be safely set for the system to
                 *         operate. The L2 gas limit must be larger than or equal to the amount of
                 *         gas that is allocated for deposits per block plus the amount of gas that
                 *         is allocated for the system transaction.
                 *         This function is used to determine if changes to parameters are safe.
                 *
                 * @return uint64
                 */
                function minimumGasLimit() public view returns (uint64) {
                    return uint64(_resourceConfig.maxResourceLimit) + uint64(_resourceConfig.systemTxMaxGas);
                }
                /**
                 * @notice High level getter for the unsafe block signer address. Unsafe blocks can be
                 *         propagated across the p2p network if they are signed by the key corresponding to
                 *         this address.
                 *
                 * @return Address of the unsafe block signer.
                 */
                // solhint-disable-next-line ordering
                function unsafeBlockSigner() external view returns (address) {
                    address addr;
                    bytes32 slot = UNSAFE_BLOCK_SIGNER_SLOT;
                    assembly {
                        addr := sload(slot)
                    }
                    return addr;
                }
                /**
                 * @notice Updates the unsafe block signer address.
                 *
                 * @param _unsafeBlockSigner New unsafe block signer address.
                 */
                function setUnsafeBlockSigner(address _unsafeBlockSigner) external onlyOwner {
                    _setUnsafeBlockSigner(_unsafeBlockSigner);
                    bytes memory data = abi.encode(_unsafeBlockSigner);
                    emit ConfigUpdate(VERSION, UpdateType.UNSAFE_BLOCK_SIGNER, data);
                }
                /**
                 * @notice Updates the batcher hash.
                 *
                 * @param _batcherHash New batcher hash.
                 */
                function setBatcherHash(bytes32 _batcherHash) external onlyOwner {
                    batcherHash = _batcherHash;
                    bytes memory data = abi.encode(_batcherHash);
                    emit ConfigUpdate(VERSION, UpdateType.BATCHER, data);
                }
                /**
                 * @notice Updates gas config.
                 *
                 * @param _overhead New overhead value.
                 * @param _scalar   New scalar value.
                 */
                function setGasConfig(uint256 _overhead, uint256 _scalar) external onlyOwner {
                    overhead = _overhead;
                    scalar = _scalar;
                    bytes memory data = abi.encode(_overhead, _scalar);
                    emit ConfigUpdate(VERSION, UpdateType.GAS_CONFIG, data);
                }
                /**
                 * @notice Updates the L2 gas limit.
                 *
                 * @param _gasLimit New gas limit.
                 */
                function setGasLimit(uint64 _gasLimit) external onlyOwner {
                    require(_gasLimit >= minimumGasLimit(), "SystemConfig: gas limit too low");
                    gasLimit = _gasLimit;
                    bytes memory data = abi.encode(_gasLimit);
                    emit ConfigUpdate(VERSION, UpdateType.GAS_LIMIT, data);
                }
                /**
                 * @notice Low level setter for the unsafe block signer address. This function exists to
                 *         deduplicate code around storing the unsafeBlockSigner address in storage.
                 *
                 * @param _unsafeBlockSigner New unsafeBlockSigner value.
                 */
                function _setUnsafeBlockSigner(address _unsafeBlockSigner) internal {
                    bytes32 slot = UNSAFE_BLOCK_SIGNER_SLOT;
                    assembly {
                        sstore(slot, _unsafeBlockSigner)
                    }
                }
                /**
                 * @notice A getter for the resource config. Ensures that the struct is
                 *         returned instead of a tuple.
                 *
                 * @return ResourceConfig
                 */
                function resourceConfig() external view returns (ResourceMetering.ResourceConfig memory) {
                    return _resourceConfig;
                }
                /**
                 * @notice An external setter for the resource config. In the future, this
                 *         method may emit an event that the `op-node` picks up for when the
                 *         resource config is changed.
                 *
                 * @param _config The new resource config values.
                 */
                function setResourceConfig(ResourceMetering.ResourceConfig memory _config) external onlyOwner {
                    _setResourceConfig(_config);
                }
                /**
                 * @notice An internal setter for the resource config. Ensures that the
                 *         config is sane before storing it by checking for invariants.
                 *
                 * @param _config The new resource config.
                 */
                function _setResourceConfig(ResourceMetering.ResourceConfig memory _config) internal {
                    // Min base fee must be less than or equal to max base fee.
                    require(
                        _config.minimumBaseFee <= _config.maximumBaseFee,
                        "SystemConfig: min base fee must be less than max base"
                    );
                    // Base fee change denominator must be greater than 1.
                    require(
                        _config.baseFeeMaxChangeDenominator > 1,
                        "SystemConfig: denominator must be larger than 1"
                    );
                    // Max resource limit plus system tx gas must be less than or equal to the L2 gas limit.
                    // The gas limit must be increased before these values can be increased.
                    require(
                        _config.maxResourceLimit + _config.systemTxMaxGas <= gasLimit,
                        "SystemConfig: gas limit too low"
                    );
                    // Elasticity multiplier must be greater than 0.
                    require(
                        _config.elasticityMultiplier > 0,
                        "SystemConfig: elasticity multiplier cannot be 0"
                    );
                    // No precision loss when computing target resource limit.
                    require(
                        ((_config.maxResourceLimit / _config.elasticityMultiplier) *
                            _config.elasticityMultiplier) == _config.maxResourceLimit,
                        "SystemConfig: precision loss with target resource limit"
                    );
                    _resourceConfig = _config;
                }
            }
            // SPDX-License-Identifier: MIT
            pragma solidity 0.8.15;
            import { SignedMath } from "@openzeppelin/contracts/utils/math/SignedMath.sol";
            import { FixedPointMathLib } from "@rari-capital/solmate/src/utils/FixedPointMathLib.sol";
            /**
             * @title Arithmetic
             * @notice Even more math than before.
             */
            library Arithmetic {
                /**
                 * @notice Clamps a value between a minimum and maximum.
                 *
                 * @param _value The value to clamp.
                 * @param _min   The minimum value.
                 * @param _max   The maximum value.
                 *
                 * @return The clamped value.
                 */
                function clamp(
                    int256 _value,
                    int256 _min,
                    int256 _max
                ) internal pure returns (int256) {
                    return SignedMath.min(SignedMath.max(_value, _min), _max);
                }
                /**
                 * @notice (c)oefficient (d)enominator (exp)onentiation function.
                 *         Returns the result of: c * (1 - 1/d)^exp.
                 *
                 * @param _coefficient Coefficient of the function.
                 * @param _denominator Fractional denominator.
                 * @param _exponent    Power function exponent.
                 *
                 * @return Result of c * (1 - 1/d)^exp.
                 */
                function cdexp(
                    int256 _coefficient,
                    int256 _denominator,
                    int256 _exponent
                ) internal pure returns (int256) {
                    return
                        (_coefficient *
                            (FixedPointMathLib.powWad(1e18 - (1e18 / _denominator), _exponent * 1e18))) / 1e18;
                }
            }
            // SPDX-License-Identifier: MIT
            pragma solidity 0.8.15;
            /**
             * @title Burn
             * @notice Utilities for burning stuff.
             */
            library Burn {
                /**
                 * Burns a given amount of ETH.
                 *
                 * @param _amount Amount of ETH to burn.
                 */
                function eth(uint256 _amount) internal {
                    new Burner{ value: _amount }();
                }
                /**
                 * Burns a given amount of gas.
                 *
                 * @param _amount Amount of gas to burn.
                 */
                function gas(uint256 _amount) internal view {
                    uint256 i = 0;
                    uint256 initialGas = gasleft();
                    while (initialGas - gasleft() < _amount) {
                        ++i;
                    }
                }
            }
            /**
             * @title Burner
             * @notice Burner self-destructs on creation and sends all ETH to itself, removing all ETH given to
             *         the contract from the circulating supply. Self-destructing is the only way to remove ETH
             *         from the circulating supply.
             */
            contract Burner {
                constructor() payable {
                    selfdestruct(payable(address(this)));
                }
            }
            // SPDX-License-Identifier: MIT
            pragma solidity ^0.8.0;
            /**
             * @title Bytes
             * @notice Bytes is a library for manipulating byte arrays.
             */
            library Bytes {
                /**
                 * @custom:attribution https://github.com/GNSPS/solidity-bytes-utils
                 * @notice Slices a byte array with a given starting index and length. Returns a new byte array
                 *         as opposed to a pointer to the original array. Will throw if trying to slice more
                 *         bytes than exist in the array.
                 *
                 * @param _bytes Byte array to slice.
                 * @param _start Starting index of the slice.
                 * @param _length Length of the slice.
                 *
                 * @return Slice of the input byte array.
                 */
                function slice(
                    bytes memory _bytes,
                    uint256 _start,
                    uint256 _length
                ) internal pure returns (bytes memory) {
                    unchecked {
                        require(_length + 31 >= _length, "slice_overflow");
                        require(_start + _length >= _start, "slice_overflow");
                        require(_bytes.length >= _start + _length, "slice_outOfBounds");
                    }
                    bytes memory tempBytes;
                    assembly {
                        switch iszero(_length)
                        case 0 {
                            // Get a location of some free memory and store it in tempBytes as
                            // Solidity does for memory variables.
                            tempBytes := mload(0x40)
                            // The first word of the slice result is potentially a partial
                            // word read from the original array. To read it, we calculate
                            // the length of that partial word and start copying that many
                            // bytes into the array. The first word we copy will start with
                            // data we don't care about, but the last `lengthmod` bytes will
                            // land at the beginning of the contents of the new array. When
                            // we're done copying, we overwrite the full first word with
                            // the actual length of the slice.
                            let lengthmod := and(_length, 31)
                            // The multiplication in the next line is necessary
                            // because when slicing multiples of 32 bytes (lengthmod == 0)
                            // the following copy loop was copying the origin's length
                            // and then ending prematurely not copying everything it should.
                            let mc := add(add(tempBytes, lengthmod), mul(0x20, iszero(lengthmod)))
                            let end := add(mc, _length)
                            for {
                                // The multiplication in the next line has the same exact purpose
                                // as the one above.
                                let cc := add(add(add(_bytes, lengthmod), mul(0x20, iszero(lengthmod))), _start)
                            } lt(mc, end) {
                                mc := add(mc, 0x20)
                                cc := add(cc, 0x20)
                            } {
                                mstore(mc, mload(cc))
                            }
                            mstore(tempBytes, _length)
                            //update free-memory pointer
                            //allocating the array padded to 32 bytes like the compiler does now
                            mstore(0x40, and(add(mc, 31), not(31)))
                        }
                        //if we want a zero-length slice let's just return a zero-length array
                        default {
                            tempBytes := mload(0x40)
                            //zero out the 32 bytes slice we are about to return
                            //we need to do it because Solidity does not garbage collect
                            mstore(tempBytes, 0)
                            mstore(0x40, add(tempBytes, 0x20))
                        }
                    }
                    return tempBytes;
                }
                /**
                 * @notice Slices a byte array with a given starting index up to the end of the original byte
                 *         array. Returns a new array rathern than a pointer to the original.
                 *
                 * @param _bytes Byte array to slice.
                 * @param _start Starting index of the slice.
                 *
                 * @return Slice of the input byte array.
                 */
                function slice(bytes memory _bytes, uint256 _start) internal pure returns (bytes memory) {
                    if (_start >= _bytes.length) {
                        return bytes("");
                    }
                    return slice(_bytes, _start, _bytes.length - _start);
                }
                /**
                 * @notice Converts a byte array into a nibble array by splitting each byte into two nibbles.
                 *         Resulting nibble array will be exactly twice as long as the input byte array.
                 *
                 * @param _bytes Input byte array to convert.
                 *
                 * @return Resulting nibble array.
                 */
                function toNibbles(bytes memory _bytes) internal pure returns (bytes memory) {
                    uint256 bytesLength = _bytes.length;
                    bytes memory nibbles = new bytes(bytesLength * 2);
                    bytes1 b;
                    for (uint256 i = 0; i < bytesLength; ) {
                        b = _bytes[i];
                        nibbles[i * 2] = b >> 4;
                        nibbles[i * 2 + 1] = b & 0x0f;
                        unchecked {
                            ++i;
                        }
                    }
                    return nibbles;
                }
                /**
                 * @notice Compares two byte arrays by comparing their keccak256 hashes.
                 *
                 * @param _bytes First byte array to compare.
                 * @param _other Second byte array to compare.
                 *
                 * @return True if the two byte arrays are equal, false otherwise.
                 */
                function equal(bytes memory _bytes, bytes memory _other) internal pure returns (bool) {
                    return keccak256(_bytes) == keccak256(_other);
                }
            }
            // SPDX-License-Identifier: MIT
            pragma solidity ^0.8.0;
            import { ResourceMetering } from "../L1/ResourceMetering.sol";
            /**
             * @title Constants
             * @notice Constants is a library for storing constants. Simple! Don't put everything in here, just
             *         the stuff used in multiple contracts. Constants that only apply to a single contract
             *         should be defined in that contract instead.
             */
            library Constants {
                /**
                 * @notice Special address to be used as the tx origin for gas estimation calls in the
                 *         OptimismPortal and CrossDomainMessenger calls. You only need to use this address if
                 *         the minimum gas limit specified by the user is not actually enough to execute the
                 *         given message and you're attempting to estimate the actual necessary gas limit. We
                 *         use address(1) because it's the ecrecover precompile and therefore guaranteed to
                 *         never have any code on any EVM chain.
                 */
                address internal constant ESTIMATION_ADDRESS = address(1);
                /**
                 * @notice Value used for the L2 sender storage slot in both the OptimismPortal and the
                 *         CrossDomainMessenger contracts before an actual sender is set. This value is
                 *         non-zero to reduce the gas cost of message passing transactions.
                 */
                address internal constant DEFAULT_L2_SENDER = 0x000000000000000000000000000000000000dEaD;
                /**
                 * @notice Returns the default values for the ResourceConfig. These are the recommended values
                 *         for a production network.
                 */
                function DEFAULT_RESOURCE_CONFIG()
                    internal
                    pure
                    returns (ResourceMetering.ResourceConfig memory)
                {
                    ResourceMetering.ResourceConfig memory config = ResourceMetering.ResourceConfig({
                        maxResourceLimit: 20_000_000,
                        elasticityMultiplier: 10,
                        baseFeeMaxChangeDenominator: 8,
                        minimumBaseFee: 1 gwei,
                        systemTxMaxGas: 1_000_000,
                        maximumBaseFee: type(uint128).max
                    });
                    return config;
                }
            }
            // SPDX-License-Identifier: MIT
            pragma solidity ^0.8.0;
            import { Types } from "./Types.sol";
            import { Hashing } from "./Hashing.sol";
            import { RLPWriter } from "./rlp/RLPWriter.sol";
            /**
             * @title Encoding
             * @notice Encoding handles Optimism's various different encoding schemes.
             */
            library Encoding {
                /**
                 * @notice RLP encodes the L2 transaction that would be generated when a given deposit is sent
                 *         to the L2 system. Useful for searching for a deposit in the L2 system. The
                 *         transaction is prefixed with 0x7e to identify its EIP-2718 type.
                 *
                 * @param _tx User deposit transaction to encode.
                 *
                 * @return RLP encoded L2 deposit transaction.
                 */
                function encodeDepositTransaction(Types.UserDepositTransaction memory _tx)
                    internal
                    pure
                    returns (bytes memory)
                {
                    bytes32 source = Hashing.hashDepositSource(_tx.l1BlockHash, _tx.logIndex);
                    bytes[] memory raw = new bytes[](8);
                    raw[0] = RLPWriter.writeBytes(abi.encodePacked(source));
                    raw[1] = RLPWriter.writeAddress(_tx.from);
                    raw[2] = _tx.isCreation ? RLPWriter.writeBytes("") : RLPWriter.writeAddress(_tx.to);
                    raw[3] = RLPWriter.writeUint(_tx.mint);
                    raw[4] = RLPWriter.writeUint(_tx.value);
                    raw[5] = RLPWriter.writeUint(uint256(_tx.gasLimit));
                    raw[6] = RLPWriter.writeBool(false);
                    raw[7] = RLPWriter.writeBytes(_tx.data);
                    return abi.encodePacked(uint8(0x7e), RLPWriter.writeList(raw));
                }
                /**
                 * @notice Encodes the cross domain message based on the version that is encoded into the
                 *         message nonce.
                 *
                 * @param _nonce    Message nonce with version encoded into the first two bytes.
                 * @param _sender   Address of the sender of the message.
                 * @param _target   Address of the target of the message.
                 * @param _value    ETH value to send to the target.
                 * @param _gasLimit Gas limit to use for the message.
                 * @param _data     Data to send with the message.
                 *
                 * @return Encoded cross domain message.
                 */
                function encodeCrossDomainMessage(
                    uint256 _nonce,
                    address _sender,
                    address _target,
                    uint256 _value,
                    uint256 _gasLimit,
                    bytes memory _data
                ) internal pure returns (bytes memory) {
                    (, uint16 version) = decodeVersionedNonce(_nonce);
                    if (version == 0) {
                        return encodeCrossDomainMessageV0(_target, _sender, _data, _nonce);
                    } else if (version == 1) {
                        return encodeCrossDomainMessageV1(_nonce, _sender, _target, _value, _gasLimit, _data);
                    } else {
                        revert("Encoding: unknown cross domain message version");
                    }
                }
                /**
                 * @notice Encodes a cross domain message based on the V0 (legacy) encoding.
                 *
                 * @param _target Address of the target of the message.
                 * @param _sender Address of the sender of the message.
                 * @param _data   Data to send with the message.
                 * @param _nonce  Message nonce.
                 *
                 * @return Encoded cross domain message.
                 */
                function encodeCrossDomainMessageV0(
                    address _target,
                    address _sender,
                    bytes memory _data,
                    uint256 _nonce
                ) internal pure returns (bytes memory) {
                    return
                        abi.encodeWithSignature(
                            "relayMessage(address,address,bytes,uint256)",
                            _target,
                            _sender,
                            _data,
                            _nonce
                        );
                }
                /**
                 * @notice Encodes a cross domain message based on the V1 (current) encoding.
                 *
                 * @param _nonce    Message nonce.
                 * @param _sender   Address of the sender of the message.
                 * @param _target   Address of the target of the message.
                 * @param _value    ETH value to send to the target.
                 * @param _gasLimit Gas limit to use for the message.
                 * @param _data     Data to send with the message.
                 *
                 * @return Encoded cross domain message.
                 */
                function encodeCrossDomainMessageV1(
                    uint256 _nonce,
                    address _sender,
                    address _target,
                    uint256 _value,
                    uint256 _gasLimit,
                    bytes memory _data
                ) internal pure returns (bytes memory) {
                    return
                        abi.encodeWithSignature(
                            "relayMessage(uint256,address,address,uint256,uint256,bytes)",
                            _nonce,
                            _sender,
                            _target,
                            _value,
                            _gasLimit,
                            _data
                        );
                }
                /**
                 * @notice Adds a version number into the first two bytes of a message nonce.
                 *
                 * @param _nonce   Message nonce to encode into.
                 * @param _version Version number to encode into the message nonce.
                 *
                 * @return Message nonce with version encoded into the first two bytes.
                 */
                function encodeVersionedNonce(uint240 _nonce, uint16 _version) internal pure returns (uint256) {
                    uint256 nonce;
                    assembly {
                        nonce := or(shl(240, _version), _nonce)
                    }
                    return nonce;
                }
                /**
                 * @notice Pulls the version out of a version-encoded nonce.
                 *
                 * @param _nonce Message nonce with version encoded into the first two bytes.
                 *
                 * @return Nonce without encoded version.
                 * @return Version of the message.
                 */
                function decodeVersionedNonce(uint256 _nonce) internal pure returns (uint240, uint16) {
                    uint240 nonce;
                    uint16 version;
                    assembly {
                        nonce := and(_nonce, 0x0000ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff)
                        version := shr(240, _nonce)
                    }
                    return (nonce, version);
                }
            }
            // SPDX-License-Identifier: MIT
            pragma solidity ^0.8.0;
            import { Types } from "./Types.sol";
            import { Encoding } from "./Encoding.sol";
            /**
             * @title Hashing
             * @notice Hashing handles Optimism's various different hashing schemes.
             */
            library Hashing {
                /**
                 * @notice Computes the hash of the RLP encoded L2 transaction that would be generated when a
                 *         given deposit is sent to the L2 system. Useful for searching for a deposit in the L2
                 *         system.
                 *
                 * @param _tx User deposit transaction to hash.
                 *
                 * @return Hash of the RLP encoded L2 deposit transaction.
                 */
                function hashDepositTransaction(Types.UserDepositTransaction memory _tx)
                    internal
                    pure
                    returns (bytes32)
                {
                    return keccak256(Encoding.encodeDepositTransaction(_tx));
                }
                /**
                 * @notice Computes the deposit transaction's "source hash", a value that guarantees the hash
                 *         of the L2 transaction that corresponds to a deposit is unique and is
                 *         deterministically generated from L1 transaction data.
                 *
                 * @param _l1BlockHash Hash of the L1 block where the deposit was included.
                 * @param _logIndex    The index of the log that created the deposit transaction.
                 *
                 * @return Hash of the deposit transaction's "source hash".
                 */
                function hashDepositSource(bytes32 _l1BlockHash, uint256 _logIndex)
                    internal
                    pure
                    returns (bytes32)
                {
                    bytes32 depositId = keccak256(abi.encode(_l1BlockHash, _logIndex));
                    return keccak256(abi.encode(bytes32(0), depositId));
                }
                /**
                 * @notice Hashes the cross domain message based on the version that is encoded into the
                 *         message nonce.
                 *
                 * @param _nonce    Message nonce with version encoded into the first two bytes.
                 * @param _sender   Address of the sender of the message.
                 * @param _target   Address of the target of the message.
                 * @param _value    ETH value to send to the target.
                 * @param _gasLimit Gas limit to use for the message.
                 * @param _data     Data to send with the message.
                 *
                 * @return Hashed cross domain message.
                 */
                function hashCrossDomainMessage(
                    uint256 _nonce,
                    address _sender,
                    address _target,
                    uint256 _value,
                    uint256 _gasLimit,
                    bytes memory _data
                ) internal pure returns (bytes32) {
                    (, uint16 version) = Encoding.decodeVersionedNonce(_nonce);
                    if (version == 0) {
                        return hashCrossDomainMessageV0(_target, _sender, _data, _nonce);
                    } else if (version == 1) {
                        return hashCrossDomainMessageV1(_nonce, _sender, _target, _value, _gasLimit, _data);
                    } else {
                        revert("Hashing: unknown cross domain message version");
                    }
                }
                /**
                 * @notice Hashes a cross domain message based on the V0 (legacy) encoding.
                 *
                 * @param _target Address of the target of the message.
                 * @param _sender Address of the sender of the message.
                 * @param _data   Data to send with the message.
                 * @param _nonce  Message nonce.
                 *
                 * @return Hashed cross domain message.
                 */
                function hashCrossDomainMessageV0(
                    address _target,
                    address _sender,
                    bytes memory _data,
                    uint256 _nonce
                ) internal pure returns (bytes32) {
                    return keccak256(Encoding.encodeCrossDomainMessageV0(_target, _sender, _data, _nonce));
                }
                /**
                 * @notice Hashes a cross domain message based on the V1 (current) encoding.
                 *
                 * @param _nonce    Message nonce.
                 * @param _sender   Address of the sender of the message.
                 * @param _target   Address of the target of the message.
                 * @param _value    ETH value to send to the target.
                 * @param _gasLimit Gas limit to use for the message.
                 * @param _data     Data to send with the message.
                 *
                 * @return Hashed cross domain message.
                 */
                function hashCrossDomainMessageV1(
                    uint256 _nonce,
                    address _sender,
                    address _target,
                    uint256 _value,
                    uint256 _gasLimit,
                    bytes memory _data
                ) internal pure returns (bytes32) {
                    return
                        keccak256(
                            Encoding.encodeCrossDomainMessageV1(
                                _nonce,
                                _sender,
                                _target,
                                _value,
                                _gasLimit,
                                _data
                            )
                        );
                }
                /**
                 * @notice Derives the withdrawal hash according to the encoding in the L2 Withdrawer contract
                 *
                 * @param _tx Withdrawal transaction to hash.
                 *
                 * @return Hashed withdrawal transaction.
                 */
                function hashWithdrawal(Types.WithdrawalTransaction memory _tx)
                    internal
                    pure
                    returns (bytes32)
                {
                    return
                        keccak256(
                            abi.encode(_tx.nonce, _tx.sender, _tx.target, _tx.value, _tx.gasLimit, _tx.data)
                        );
                }
                /**
                 * @notice Hashes the various elements of an output root proof into an output root hash which
                 *         can be used to check if the proof is valid.
                 *
                 * @param _outputRootProof Output root proof which should hash to an output root.
                 *
                 * @return Hashed output root proof.
                 */
                function hashOutputRootProof(Types.OutputRootProof memory _outputRootProof)
                    internal
                    pure
                    returns (bytes32)
                {
                    return
                        keccak256(
                            abi.encode(
                                _outputRootProof.version,
                                _outputRootProof.stateRoot,
                                _outputRootProof.messagePasserStorageRoot,
                                _outputRootProof.latestBlockhash
                            )
                        );
                }
            }
            // SPDX-License-Identifier: MIT
            pragma solidity ^0.8.0;
            /**
             * @title Predeploys
             * @notice Contains constant addresses for contracts that are pre-deployed to the L2 system.
             */
            library Predeploys {
                /**
                 * @notice Address of the L2ToL1MessagePasser predeploy.
                 */
                address internal constant L2_TO_L1_MESSAGE_PASSER = 0x4200000000000000000000000000000000000016;
                /**
                 * @notice Address of the L2CrossDomainMessenger predeploy.
                 */
                address internal constant L2_CROSS_DOMAIN_MESSENGER =
                    0x4200000000000000000000000000000000000007;
                /**
                 * @notice Address of the L2StandardBridge predeploy.
                 */
                address internal constant L2_STANDARD_BRIDGE = 0x4200000000000000000000000000000000000010;
                /**
                 * @notice Address of the L2ERC721Bridge predeploy.
                 */
                address internal constant L2_ERC721_BRIDGE = 0x4200000000000000000000000000000000000014;
                /**
                 * @notice Address of the SequencerFeeWallet predeploy.
                 */
                address internal constant SEQUENCER_FEE_WALLET = 0x4200000000000000000000000000000000000011;
                /**
                 * @notice Address of the OptimismMintableERC20Factory predeploy.
                 */
                address internal constant OPTIMISM_MINTABLE_ERC20_FACTORY =
                    0x4200000000000000000000000000000000000012;
                /**
                 * @notice Address of the OptimismMintableERC721Factory predeploy.
                 */
                address internal constant OPTIMISM_MINTABLE_ERC721_FACTORY =
                    0x4200000000000000000000000000000000000017;
                /**
                 * @notice Address of the L1Block predeploy.
                 */
                address internal constant L1_BLOCK_ATTRIBUTES = 0x4200000000000000000000000000000000000015;
                /**
                 * @notice Address of the GasPriceOracle predeploy. Includes fee information
                 *         and helpers for computing the L1 portion of the transaction fee.
                 */
                address internal constant GAS_PRICE_ORACLE = 0x420000000000000000000000000000000000000F;
                /**
                 * @custom:legacy
                 * @notice Address of the L1MessageSender predeploy. Deprecated. Use L2CrossDomainMessenger
                 *         or access tx.origin (or msg.sender) in a L1 to L2 transaction instead.
                 */
                address internal constant L1_MESSAGE_SENDER = 0x4200000000000000000000000000000000000001;
                /**
                 * @custom:legacy
                 * @notice Address of the DeployerWhitelist predeploy. No longer active.
                 */
                address internal constant DEPLOYER_WHITELIST = 0x4200000000000000000000000000000000000002;
                /**
                 * @custom:legacy
                 * @notice Address of the LegacyERC20ETH predeploy. Deprecated. Balances are migrated to the
                 *         state trie as of the Bedrock upgrade. Contract has been locked and write functions
                 *         can no longer be accessed.
                 */
                address internal constant LEGACY_ERC20_ETH = 0xDeadDeAddeAddEAddeadDEaDDEAdDeaDDeAD0000;
                /**
                 * @custom:legacy
                 * @notice Address of the L1BlockNumber predeploy. Deprecated. Use the L1Block predeploy
                 *         instead, which exposes more information about the L1 state.
                 */
                address internal constant L1_BLOCK_NUMBER = 0x4200000000000000000000000000000000000013;
                /**
                 * @custom:legacy
                 * @notice Address of the LegacyMessagePasser predeploy. Deprecate. Use the updated
                 *         L2ToL1MessagePasser contract instead.
                 */
                address internal constant LEGACY_MESSAGE_PASSER = 0x4200000000000000000000000000000000000000;
                /**
                 * @notice Address of the ProxyAdmin predeploy.
                 */
                address internal constant PROXY_ADMIN = 0x4200000000000000000000000000000000000018;
                /**
                 * @notice Address of the BaseFeeVault predeploy.
                 */
                address internal constant BASE_FEE_VAULT = 0x4200000000000000000000000000000000000019;
                /**
                 * @notice Address of the L1FeeVault predeploy.
                 */
                address internal constant L1_FEE_VAULT = 0x420000000000000000000000000000000000001A;
                /**
                 * @notice Address of the GovernanceToken predeploy.
                 */
                address internal constant GOVERNANCE_TOKEN = 0x4200000000000000000000000000000000000042;
            }
            // SPDX-License-Identifier: MIT
            pragma solidity 0.8.15;
            /**
             * @title SafeCall
             * @notice Perform low level safe calls
             */
            library SafeCall {
                /**
                 * @notice Performs a low level call without copying any returndata.
                 * @dev Passes no calldata to the call context.
                 *
                 * @param _target   Address to call
                 * @param _gas      Amount of gas to pass to the call
                 * @param _value    Amount of value to pass to the call
                 */
                function send(
                    address _target,
                    uint256 _gas,
                    uint256 _value
                ) internal returns (bool) {
                    bool _success;
                    assembly {
                        _success := call(
                            _gas, // gas
                            _target, // recipient
                            _value, // ether value
                            0, // inloc
                            0, // inlen
                            0, // outloc
                            0 // outlen
                        )
                    }
                    return _success;
                }
                /**
                 * @notice Perform a low level call without copying any returndata
                 *
                 * @param _target   Address to call
                 * @param _gas      Amount of gas to pass to the call
                 * @param _value    Amount of value to pass to the call
                 * @param _calldata Calldata to pass to the call
                 */
                function call(
                    address _target,
                    uint256 _gas,
                    uint256 _value,
                    bytes memory _calldata
                ) internal returns (bool) {
                    bool _success;
                    assembly {
                        _success := call(
                            _gas, // gas
                            _target, // recipient
                            _value, // ether value
                            add(_calldata, 32), // inloc
                            mload(_calldata), // inlen
                            0, // outloc
                            0 // outlen
                        )
                    }
                    return _success;
                }
                /**
                 * @notice Helper function to determine if there is sufficient gas remaining within the context
                 *         to guarantee that the minimum gas requirement for a call will be met as well as
                 *         optionally reserving a specified amount of gas for after the call has concluded.
                 * @param _minGas      The minimum amount of gas that may be passed to the target context.
                 * @param _reservedGas Optional amount of gas to reserve for the caller after the execution
                 *                     of the target context.
                 * @return `true` if there is enough gas remaining to safely supply `_minGas` to the target
                 *         context as well as reserve `_reservedGas` for the caller after the execution of
                 *         the target context.
                 * @dev !!!!! FOOTGUN ALERT !!!!!
                 *      1.) The 40_000 base buffer is to account for the worst case of the dynamic cost of the
                 *          `CALL` opcode's `address_access_cost`, `positive_value_cost`, and
                 *          `value_to_empty_account_cost` factors with an added buffer of 5,700 gas. It is
                 *          still possible to self-rekt by initiating a withdrawal with a minimum gas limit
                 *          that does not account for the `memory_expansion_cost` & `code_execution_cost`
                 *          factors of the dynamic cost of the `CALL` opcode.
                 *      2.) This function should *directly* precede the external call if possible. There is an
                 *          added buffer to account for gas consumed between this check and the call, but it
                 *          is only 5,700 gas.
                 *      3.) Because EIP-150 ensures that a maximum of 63/64ths of the remaining gas in the call
                 *          frame may be passed to a subcontext, we need to ensure that the gas will not be
                 *          truncated.
                 *      4.) Use wisely. This function is not a silver bullet.
                 */
                function hasMinGas(uint256 _minGas, uint256 _reservedGas) internal view returns (bool) {
                    bool _hasMinGas;
                    assembly {
                        // Equation: gas × 63 ≥ minGas × 64 + 63(40_000 + reservedGas)
                        _hasMinGas := iszero(
                            lt(mul(gas(), 63), add(mul(_minGas, 64), mul(add(40000, _reservedGas), 63)))
                        )
                    }
                    return _hasMinGas;
                }
                /**
                 * @notice Perform a low level call without copying any returndata. This function
                 *         will revert if the call cannot be performed with the specified minimum
                 *         gas.
                 *
                 * @param _target   Address to call
                 * @param _minGas   The minimum amount of gas that may be passed to the call
                 * @param _value    Amount of value to pass to the call
                 * @param _calldata Calldata to pass to the call
                 */
                function callWithMinGas(
                    address _target,
                    uint256 _minGas,
                    uint256 _value,
                    bytes memory _calldata
                ) internal returns (bool) {
                    bool _success;
                    bool _hasMinGas = hasMinGas(_minGas, 0);
                    assembly {
                        // Assertion: gasleft() >= (_minGas * 64) / 63 + 40_000
                        if iszero(_hasMinGas) {
                            // Store the "Error(string)" selector in scratch space.
                            mstore(0, 0x08c379a0)
                            // Store the pointer to the string length in scratch space.
                            mstore(32, 32)
                            // Store the string.
                            //
                            // SAFETY:
                            // - We pad the beginning of the string with two zero bytes as well as the
                            // length (24) to ensure that we override the free memory pointer at offset
                            // 0x40. This is necessary because the free memory pointer is likely to
                            // be greater than 1 byte when this function is called, but it is incredibly
                            // unlikely that it will be greater than 3 bytes. As for the data within
                            // 0x60, it is ensured that it is 0 due to 0x60 being the zero offset.
                            // - It's fine to clobber the free memory pointer, we're reverting.
                            mstore(88, 0x0000185361666543616c6c3a204e6f7420656e6f75676820676173)
                            // Revert with 'Error("SafeCall: Not enough gas")'
                            revert(28, 100)
                        }
                        // The call will be supplied at least ((_minGas * 64) / 63) gas due to the
                        // above assertion. This ensures that, in all circumstances (except for when the
                        // `_minGas` does not account for the `memory_expansion_cost` and `code_execution_cost`
                        // factors of the dynamic cost of the `CALL` opcode), the call will receive at least
                        // the minimum amount of gas specified.
                        _success := call(
                            gas(), // gas
                            _target, // recipient
                            _value, // ether value
                            add(_calldata, 32), // inloc
                            mload(_calldata), // inlen
                            0x00, // outloc
                            0x00 // outlen
                        )
                    }
                    return _success;
                }
            }
            // SPDX-License-Identifier: MIT
            pragma solidity ^0.8.0;
            /**
             * @title Types
             * @notice Contains various types used throughout the Optimism contract system.
             */
            library Types {
                /**
                 * @notice OutputProposal represents a commitment to the L2 state. The timestamp is the L1
                 *         timestamp that the output root is posted. This timestamp is used to verify that the
                 *         finalization period has passed since the output root was submitted.
                 *
                 * @custom:field outputRoot    Hash of the L2 output.
                 * @custom:field timestamp     Timestamp of the L1 block that the output root was submitted in.
                 * @custom:field l2BlockNumber L2 block number that the output corresponds to.
                 */
                struct OutputProposal {
                    bytes32 outputRoot;
                    uint128 timestamp;
                    uint128 l2BlockNumber;
                }
                /**
                 * @notice Struct representing the elements that are hashed together to generate an output root
                 *         which itself represents a snapshot of the L2 state.
                 *
                 * @custom:field version                  Version of the output root.
                 * @custom:field stateRoot                Root of the state trie at the block of this output.
                 * @custom:field messagePasserStorageRoot Root of the message passer storage trie.
                 * @custom:field latestBlockhash          Hash of the block this output was generated from.
                 */
                struct OutputRootProof {
                    bytes32 version;
                    bytes32 stateRoot;
                    bytes32 messagePasserStorageRoot;
                    bytes32 latestBlockhash;
                }
                /**
                 * @notice Struct representing a deposit transaction (L1 => L2 transaction) created by an end
                 *         user (as opposed to a system deposit transaction generated by the system).
                 *
                 * @custom:field from        Address of the sender of the transaction.
                 * @custom:field to          Address of the recipient of the transaction.
                 * @custom:field isCreation  True if the transaction is a contract creation.
                 * @custom:field value       Value to send to the recipient.
                 * @custom:field mint        Amount of ETH to mint.
                 * @custom:field gasLimit    Gas limit of the transaction.
                 * @custom:field data        Data of the transaction.
                 * @custom:field l1BlockHash Hash of the block the transaction was submitted in.
                 * @custom:field logIndex    Index of the log in the block the transaction was submitted in.
                 */
                struct UserDepositTransaction {
                    address from;
                    address to;
                    bool isCreation;
                    uint256 value;
                    uint256 mint;
                    uint64 gasLimit;
                    bytes data;
                    bytes32 l1BlockHash;
                    uint256 logIndex;
                }
                /**
                 * @notice Struct representing a withdrawal transaction.
                 *
                 * @custom:field nonce    Nonce of the withdrawal transaction
                 * @custom:field sender   Address of the sender of the transaction.
                 * @custom:field target   Address of the recipient of the transaction.
                 * @custom:field value    Value to send to the recipient.
                 * @custom:field gasLimit Gas limit of the transaction.
                 * @custom:field data     Data of the transaction.
                 */
                struct WithdrawalTransaction {
                    uint256 nonce;
                    address sender;
                    address target;
                    uint256 value;
                    uint256 gasLimit;
                    bytes data;
                }
            }
            // SPDX-License-Identifier: MIT
            pragma solidity ^0.8.8;
            /**
             * @custom:attribution https://github.com/hamdiallam/Solidity-RLP
             * @title RLPReader
             * @notice RLPReader is a library for parsing RLP-encoded byte arrays into Solidity types. Adapted
             *         from Solidity-RLP (https://github.com/hamdiallam/Solidity-RLP) by Hamdi Allam with
             *         various tweaks to improve readability.
             */
            library RLPReader {
                /**
                 * Custom pointer type to avoid confusion between pointers and uint256s.
                 */
                type MemoryPointer is uint256;
                /**
                 * @notice RLP item types.
                 *
                 * @custom:value DATA_ITEM Represents an RLP data item (NOT a list).
                 * @custom:value LIST_ITEM Represents an RLP list item.
                 */
                enum RLPItemType {
                    DATA_ITEM,
                    LIST_ITEM
                }
                /**
                 * @notice Struct representing an RLP item.
                 *
                 * @custom:field length Length of the RLP item.
                 * @custom:field ptr    Pointer to the RLP item in memory.
                 */
                struct RLPItem {
                    uint256 length;
                    MemoryPointer ptr;
                }
                /**
                 * @notice Max list length that this library will accept.
                 */
                uint256 internal constant MAX_LIST_LENGTH = 32;
                /**
                 * @notice Converts bytes to a reference to memory position and length.
                 *
                 * @param _in Input bytes to convert.
                 *
                 * @return Output memory reference.
                 */
                function toRLPItem(bytes memory _in) internal pure returns (RLPItem memory) {
                    // Empty arrays are not RLP items.
                    require(
                        _in.length > 0,
                        "RLPReader: length of an RLP item must be greater than zero to be decodable"
                    );
                    MemoryPointer ptr;
                    assembly {
                        ptr := add(_in, 32)
                    }
                    return RLPItem({ length: _in.length, ptr: ptr });
                }
                /**
                 * @notice Reads an RLP list value into a list of RLP items.
                 *
                 * @param _in RLP list value.
                 *
                 * @return Decoded RLP list items.
                 */
                function readList(RLPItem memory _in) internal pure returns (RLPItem[] memory) {
                    (uint256 listOffset, uint256 listLength, RLPItemType itemType) = _decodeLength(_in);
                    require(
                        itemType == RLPItemType.LIST_ITEM,
                        "RLPReader: decoded item type for list is not a list item"
                    );
                    require(
                        listOffset + listLength == _in.length,
                        "RLPReader: list item has an invalid data remainder"
                    );
                    // Solidity in-memory arrays can't be increased in size, but *can* be decreased in size by
                    // writing to the length. Since we can't know the number of RLP items without looping over
                    // the entire input, we'd have to loop twice to accurately size this array. It's easier to
                    // simply set a reasonable maximum list length and decrease the size before we finish.
                    RLPItem[] memory out = new RLPItem[](MAX_LIST_LENGTH);
                    uint256 itemCount = 0;
                    uint256 offset = listOffset;
                    while (offset < _in.length) {
                        (uint256 itemOffset, uint256 itemLength, ) = _decodeLength(
                            RLPItem({
                                length: _in.length - offset,
                                ptr: MemoryPointer.wrap(MemoryPointer.unwrap(_in.ptr) + offset)
                            })
                        );
                        // We don't need to check itemCount < out.length explicitly because Solidity already
                        // handles this check on our behalf, we'd just be wasting gas.
                        out[itemCount] = RLPItem({
                            length: itemLength + itemOffset,
                            ptr: MemoryPointer.wrap(MemoryPointer.unwrap(_in.ptr) + offset)
                        });
                        itemCount += 1;
                        offset += itemOffset + itemLength;
                    }
                    // Decrease the array size to match the actual item count.
                    assembly {
                        mstore(out, itemCount)
                    }
                    return out;
                }
                /**
                 * @notice Reads an RLP list value into a list of RLP items.
                 *
                 * @param _in RLP list value.
                 *
                 * @return Decoded RLP list items.
                 */
                function readList(bytes memory _in) internal pure returns (RLPItem[] memory) {
                    return readList(toRLPItem(_in));
                }
                /**
                 * @notice Reads an RLP bytes value into bytes.
                 *
                 * @param _in RLP bytes value.
                 *
                 * @return Decoded bytes.
                 */
                function readBytes(RLPItem memory _in) internal pure returns (bytes memory) {
                    (uint256 itemOffset, uint256 itemLength, RLPItemType itemType) = _decodeLength(_in);
                    require(
                        itemType == RLPItemType.DATA_ITEM,
                        "RLPReader: decoded item type for bytes is not a data item"
                    );
                    require(
                        _in.length == itemOffset + itemLength,
                        "RLPReader: bytes value contains an invalid remainder"
                    );
                    return _copy(_in.ptr, itemOffset, itemLength);
                }
                /**
                 * @notice Reads an RLP bytes value into bytes.
                 *
                 * @param _in RLP bytes value.
                 *
                 * @return Decoded bytes.
                 */
                function readBytes(bytes memory _in) internal pure returns (bytes memory) {
                    return readBytes(toRLPItem(_in));
                }
                /**
                 * @notice Reads the raw bytes of an RLP item.
                 *
                 * @param _in RLP item to read.
                 *
                 * @return Raw RLP bytes.
                 */
                function readRawBytes(RLPItem memory _in) internal pure returns (bytes memory) {
                    return _copy(_in.ptr, 0, _in.length);
                }
                /**
                 * @notice Decodes the length of an RLP item.
                 *
                 * @param _in RLP item to decode.
                 *
                 * @return Offset of the encoded data.
                 * @return Length of the encoded data.
                 * @return RLP item type (LIST_ITEM or DATA_ITEM).
                 */
                function _decodeLength(RLPItem memory _in)
                    private
                    pure
                    returns (
                        uint256,
                        uint256,
                        RLPItemType
                    )
                {
                    // Short-circuit if there's nothing to decode, note that we perform this check when
                    // the user creates an RLP item via toRLPItem, but it's always possible for them to bypass
                    // that function and create an RLP item directly. So we need to check this anyway.
                    require(
                        _in.length > 0,
                        "RLPReader: length of an RLP item must be greater than zero to be decodable"
                    );
                    MemoryPointer ptr = _in.ptr;
                    uint256 prefix;
                    assembly {
                        prefix := byte(0, mload(ptr))
                    }
                    if (prefix <= 0x7f) {
                        // Single byte.
                        return (0, 1, RLPItemType.DATA_ITEM);
                    } else if (prefix <= 0xb7) {
                        // Short string.
                        // slither-disable-next-line variable-scope
                        uint256 strLen = prefix - 0x80;
                        require(
                            _in.length > strLen,
                            "RLPReader: length of content must be greater than string length (short string)"
                        );
                        bytes1 firstByteOfContent;
                        assembly {
                            firstByteOfContent := and(mload(add(ptr, 1)), shl(248, 0xff))
                        }
                        require(
                            strLen != 1 || firstByteOfContent >= 0x80,
                            "RLPReader: invalid prefix, single byte < 0x80 are not prefixed (short string)"
                        );
                        return (1, strLen, RLPItemType.DATA_ITEM);
                    } else if (prefix <= 0xbf) {
                        // Long string.
                        uint256 lenOfStrLen = prefix - 0xb7;
                        require(
                            _in.length > lenOfStrLen,
                            "RLPReader: length of content must be > than length of string length (long string)"
                        );
                        bytes1 firstByteOfContent;
                        assembly {
                            firstByteOfContent := and(mload(add(ptr, 1)), shl(248, 0xff))
                        }
                        require(
                            firstByteOfContent != 0x00,
                            "RLPReader: length of content must not have any leading zeros (long string)"
                        );
                        uint256 strLen;
                        assembly {
                            strLen := shr(sub(256, mul(8, lenOfStrLen)), mload(add(ptr, 1)))
                        }
                        require(
                            strLen > 55,
                            "RLPReader: length of content must be greater than 55 bytes (long string)"
                        );
                        require(
                            _in.length > lenOfStrLen + strLen,
                            "RLPReader: length of content must be greater than total length (long string)"
                        );
                        return (1 + lenOfStrLen, strLen, RLPItemType.DATA_ITEM);
                    } else if (prefix <= 0xf7) {
                        // Short list.
                        // slither-disable-next-line variable-scope
                        uint256 listLen = prefix - 0xc0;
                        require(
                            _in.length > listLen,
                            "RLPReader: length of content must be greater than list length (short list)"
                        );
                        return (1, listLen, RLPItemType.LIST_ITEM);
                    } else {
                        // Long list.
                        uint256 lenOfListLen = prefix - 0xf7;
                        require(
                            _in.length > lenOfListLen,
                            "RLPReader: length of content must be > than length of list length (long list)"
                        );
                        bytes1 firstByteOfContent;
                        assembly {
                            firstByteOfContent := and(mload(add(ptr, 1)), shl(248, 0xff))
                        }
                        require(
                            firstByteOfContent != 0x00,
                            "RLPReader: length of content must not have any leading zeros (long list)"
                        );
                        uint256 listLen;
                        assembly {
                            listLen := shr(sub(256, mul(8, lenOfListLen)), mload(add(ptr, 1)))
                        }
                        require(
                            listLen > 55,
                            "RLPReader: length of content must be greater than 55 bytes (long list)"
                        );
                        require(
                            _in.length > lenOfListLen + listLen,
                            "RLPReader: length of content must be greater than total length (long list)"
                        );
                        return (1 + lenOfListLen, listLen, RLPItemType.LIST_ITEM);
                    }
                }
                /**
                 * @notice Copies the bytes from a memory location.
                 *
                 * @param _src    Pointer to the location to read from.
                 * @param _offset Offset to start reading from.
                 * @param _length Number of bytes to read.
                 *
                 * @return Copied bytes.
                 */
                function _copy(
                    MemoryPointer _src,
                    uint256 _offset,
                    uint256 _length
                ) private pure returns (bytes memory) {
                    bytes memory out = new bytes(_length);
                    if (_length == 0) {
                        return out;
                    }
                    // Mostly based on Solidity's copy_memory_to_memory:
                    // solhint-disable max-line-length
                    // https://github.com/ethereum/solidity/blob/34dd30d71b4da730488be72ff6af7083cf2a91f6/libsolidity/codegen/YulUtilFunctions.cpp#L102-L114
                    uint256 src = MemoryPointer.unwrap(_src) + _offset;
                    assembly {
                        let dest := add(out, 32)
                        let i := 0
                        for {
                        } lt(i, _length) {
                            i := add(i, 32)
                        } {
                            mstore(add(dest, i), mload(add(src, i)))
                        }
                        if gt(i, _length) {
                            mstore(add(dest, _length), 0)
                        }
                    }
                    return out;
                }
            }
            // SPDX-License-Identifier: MIT
            pragma solidity ^0.8.0;
            /**
             * @custom:attribution https://github.com/bakaoh/solidity-rlp-encode
             * @title RLPWriter
             * @author RLPWriter is a library for encoding Solidity types to RLP bytes. Adapted from Bakaoh's
             *         RLPEncode library (https://github.com/bakaoh/solidity-rlp-encode) with minor
             *         modifications to improve legibility.
             */
            library RLPWriter {
                /**
                 * @notice RLP encodes a byte string.
                 *
                 * @param _in The byte string to encode.
                 *
                 * @return The RLP encoded string in bytes.
                 */
                function writeBytes(bytes memory _in) internal pure returns (bytes memory) {
                    bytes memory encoded;
                    if (_in.length == 1 && uint8(_in[0]) < 128) {
                        encoded = _in;
                    } else {
                        encoded = abi.encodePacked(_writeLength(_in.length, 128), _in);
                    }
                    return encoded;
                }
                /**
                 * @notice RLP encodes a list of RLP encoded byte byte strings.
                 *
                 * @param _in The list of RLP encoded byte strings.
                 *
                 * @return The RLP encoded list of items in bytes.
                 */
                function writeList(bytes[] memory _in) internal pure returns (bytes memory) {
                    bytes memory list = _flatten(_in);
                    return abi.encodePacked(_writeLength(list.length, 192), list);
                }
                /**
                 * @notice RLP encodes a string.
                 *
                 * @param _in The string to encode.
                 *
                 * @return The RLP encoded string in bytes.
                 */
                function writeString(string memory _in) internal pure returns (bytes memory) {
                    return writeBytes(bytes(_in));
                }
                /**
                 * @notice RLP encodes an address.
                 *
                 * @param _in The address to encode.
                 *
                 * @return The RLP encoded address in bytes.
                 */
                function writeAddress(address _in) internal pure returns (bytes memory) {
                    return writeBytes(abi.encodePacked(_in));
                }
                /**
                 * @notice RLP encodes a uint.
                 *
                 * @param _in The uint256 to encode.
                 *
                 * @return The RLP encoded uint256 in bytes.
                 */
                function writeUint(uint256 _in) internal pure returns (bytes memory) {
                    return writeBytes(_toBinary(_in));
                }
                /**
                 * @notice RLP encodes a bool.
                 *
                 * @param _in The bool to encode.
                 *
                 * @return The RLP encoded bool in bytes.
                 */
                function writeBool(bool _in) internal pure returns (bytes memory) {
                    bytes memory encoded = new bytes(1);
                    encoded[0] = (_in ? bytes1(0x01) : bytes1(0x80));
                    return encoded;
                }
                /**
                 * @notice Encode the first byte and then the `len` in binary form if `length` is more than 55.
                 *
                 * @param _len    The length of the string or the payload.
                 * @param _offset 128 if item is string, 192 if item is list.
                 *
                 * @return RLP encoded bytes.
                 */
                function _writeLength(uint256 _len, uint256 _offset) private pure returns (bytes memory) {
                    bytes memory encoded;
                    if (_len < 56) {
                        encoded = new bytes(1);
                        encoded[0] = bytes1(uint8(_len) + uint8(_offset));
                    } else {
                        uint256 lenLen;
                        uint256 i = 1;
                        while (_len / i != 0) {
                            lenLen++;
                            i *= 256;
                        }
                        encoded = new bytes(lenLen + 1);
                        encoded[0] = bytes1(uint8(lenLen) + uint8(_offset) + 55);
                        for (i = 1; i <= lenLen; i++) {
                            encoded[i] = bytes1(uint8((_len / (256**(lenLen - i))) % 256));
                        }
                    }
                    return encoded;
                }
                /**
                 * @notice Encode integer in big endian binary form with no leading zeroes.
                 *
                 * @param _x The integer to encode.
                 *
                 * @return RLP encoded bytes.
                 */
                function _toBinary(uint256 _x) private pure returns (bytes memory) {
                    bytes memory b = abi.encodePacked(_x);
                    uint256 i = 0;
                    for (; i < 32; i++) {
                        if (b[i] != 0) {
                            break;
                        }
                    }
                    bytes memory res = new bytes(32 - i);
                    for (uint256 j = 0; j < res.length; j++) {
                        res[j] = b[i++];
                    }
                    return res;
                }
                /**
                 * @custom:attribution https://github.com/Arachnid/solidity-stringutils
                 * @notice Copies a piece of memory to another location.
                 *
                 * @param _dest Destination location.
                 * @param _src  Source location.
                 * @param _len  Length of memory to copy.
                 */
                function _memcpy(
                    uint256 _dest,
                    uint256 _src,
                    uint256 _len
                ) private pure {
                    uint256 dest = _dest;
                    uint256 src = _src;
                    uint256 len = _len;
                    for (; len >= 32; len -= 32) {
                        assembly {
                            mstore(dest, mload(src))
                        }
                        dest += 32;
                        src += 32;
                    }
                    uint256 mask;
                    unchecked {
                        mask = 256**(32 - len) - 1;
                    }
                    assembly {
                        let srcpart := and(mload(src), not(mask))
                        let destpart := and(mload(dest), mask)
                        mstore(dest, or(destpart, srcpart))
                    }
                }
                /**
                 * @custom:attribution https://github.com/sammayo/solidity-rlp-encoder
                 * @notice Flattens a list of byte strings into one byte string.
                 *
                 * @param _list List of byte strings to flatten.
                 *
                 * @return The flattened byte string.
                 */
                function _flatten(bytes[] memory _list) private pure returns (bytes memory) {
                    if (_list.length == 0) {
                        return new bytes(0);
                    }
                    uint256 len;
                    uint256 i = 0;
                    for (; i < _list.length; i++) {
                        len += _list[i].length;
                    }
                    bytes memory flattened = new bytes(len);
                    uint256 flattenedPtr;
                    assembly {
                        flattenedPtr := add(flattened, 0x20)
                    }
                    for (i = 0; i < _list.length; i++) {
                        bytes memory item = _list[i];
                        uint256 listPtr;
                        assembly {
                            listPtr := add(item, 0x20)
                        }
                        _memcpy(flattenedPtr, listPtr, item.length);
                        flattenedPtr += _list[i].length;
                    }
                    return flattened;
                }
            }
            // SPDX-License-Identifier: MIT
            pragma solidity ^0.8.0;
            import { Bytes } from "../Bytes.sol";
            import { RLPReader } from "../rlp/RLPReader.sol";
            /**
             * @title MerkleTrie
             * @notice MerkleTrie is a small library for verifying standard Ethereum Merkle-Patricia trie
             *         inclusion proofs. By default, this library assumes a hexary trie. One can change the
             *         trie radix constant to support other trie radixes.
             */
            library MerkleTrie {
                /**
                 * @notice Struct representing a node in the trie.
                 *
                 * @custom:field encoded The RLP-encoded node.
                 * @custom:field decoded The RLP-decoded node.
                 */
                struct TrieNode {
                    bytes encoded;
                    RLPReader.RLPItem[] decoded;
                }
                /**
                 * @notice Determines the number of elements per branch node.
                 */
                uint256 internal constant TREE_RADIX = 16;
                /**
                 * @notice Branch nodes have TREE_RADIX elements and one value element.
                 */
                uint256 internal constant BRANCH_NODE_LENGTH = TREE_RADIX + 1;
                /**
                 * @notice Leaf nodes and extension nodes have two elements, a `path` and a `value`.
                 */
                uint256 internal constant LEAF_OR_EXTENSION_NODE_LENGTH = 2;
                /**
                 * @notice Prefix for even-nibbled extension node paths.
                 */
                uint8 internal constant PREFIX_EXTENSION_EVEN = 0;
                /**
                 * @notice Prefix for odd-nibbled extension node paths.
                 */
                uint8 internal constant PREFIX_EXTENSION_ODD = 1;
                /**
                 * @notice Prefix for even-nibbled leaf node paths.
                 */
                uint8 internal constant PREFIX_LEAF_EVEN = 2;
                /**
                 * @notice Prefix for odd-nibbled leaf node paths.
                 */
                uint8 internal constant PREFIX_LEAF_ODD = 3;
                /**
                 * @notice Verifies a proof that a given key/value pair is present in the trie.
                 *
                 * @param _key   Key of the node to search for, as a hex string.
                 * @param _value Value of the node to search for, as a hex string.
                 * @param _proof Merkle trie inclusion proof for the desired node. Unlike traditional Merkle
                 *               trees, this proof is executed top-down and consists of a list of RLP-encoded
                 *               nodes that make a path down to the target node.
                 * @param _root  Known root of the Merkle trie. Used to verify that the included proof is
                 *               correctly constructed.
                 *
                 * @return Whether or not the proof is valid.
                 */
                function verifyInclusionProof(
                    bytes memory _key,
                    bytes memory _value,
                    bytes[] memory _proof,
                    bytes32 _root
                ) internal pure returns (bool) {
                    return Bytes.equal(_value, get(_key, _proof, _root));
                }
                /**
                 * @notice Retrieves the value associated with a given key.
                 *
                 * @param _key   Key to search for, as hex bytes.
                 * @param _proof Merkle trie inclusion proof for the key.
                 * @param _root  Known root of the Merkle trie.
                 *
                 * @return Value of the key if it exists.
                 */
                function get(
                    bytes memory _key,
                    bytes[] memory _proof,
                    bytes32 _root
                ) internal pure returns (bytes memory) {
                    require(_key.length > 0, "MerkleTrie: empty key");
                    TrieNode[] memory proof = _parseProof(_proof);
                    bytes memory key = Bytes.toNibbles(_key);
                    bytes memory currentNodeID = abi.encodePacked(_root);
                    uint256 currentKeyIndex = 0;
                    // Proof is top-down, so we start at the first element (root).
                    for (uint256 i = 0; i < proof.length; i++) {
                        TrieNode memory currentNode = proof[i];
                        // Key index should never exceed total key length or we'll be out of bounds.
                        require(
                            currentKeyIndex <= key.length,
                            "MerkleTrie: key index exceeds total key length"
                        );
                        if (currentKeyIndex == 0) {
                            // First proof element is always the root node.
                            require(
                                Bytes.equal(abi.encodePacked(keccak256(currentNode.encoded)), currentNodeID),
                                "MerkleTrie: invalid root hash"
                            );
                        } else if (currentNode.encoded.length >= 32) {
                            // Nodes 32 bytes or larger are hashed inside branch nodes.
                            require(
                                Bytes.equal(abi.encodePacked(keccak256(currentNode.encoded)), currentNodeID),
                                "MerkleTrie: invalid large internal hash"
                            );
                        } else {
                            // Nodes smaller than 32 bytes aren't hashed.
                            require(
                                Bytes.equal(currentNode.encoded, currentNodeID),
                                "MerkleTrie: invalid internal node hash"
                            );
                        }
                        if (currentNode.decoded.length == BRANCH_NODE_LENGTH) {
                            if (currentKeyIndex == key.length) {
                                // Value is the last element of the decoded list (for branch nodes). There's
                                // some ambiguity in the Merkle trie specification because bytes(0) is a
                                // valid value to place into the trie, but for branch nodes bytes(0) can exist
                                // even when the value wasn't explicitly placed there. Geth treats a value of
                                // bytes(0) as "key does not exist" and so we do the same.
                                bytes memory value = RLPReader.readBytes(currentNode.decoded[TREE_RADIX]);
                                require(
                                    value.length > 0,
                                    "MerkleTrie: value length must be greater than zero (branch)"
                                );
                                // Extra proof elements are not allowed.
                                require(
                                    i == proof.length - 1,
                                    "MerkleTrie: value node must be last node in proof (branch)"
                                );
                                return value;
                            } else {
                                // We're not at the end of the key yet.
                                // Figure out what the next node ID should be and continue.
                                uint8 branchKey = uint8(key[currentKeyIndex]);
                                RLPReader.RLPItem memory nextNode = currentNode.decoded[branchKey];
                                currentNodeID = _getNodeID(nextNode);
                                currentKeyIndex += 1;
                            }
                        } else if (currentNode.decoded.length == LEAF_OR_EXTENSION_NODE_LENGTH) {
                            bytes memory path = _getNodePath(currentNode);
                            uint8 prefix = uint8(path[0]);
                            uint8 offset = 2 - (prefix % 2);
                            bytes memory pathRemainder = Bytes.slice(path, offset);
                            bytes memory keyRemainder = Bytes.slice(key, currentKeyIndex);
                            uint256 sharedNibbleLength = _getSharedNibbleLength(pathRemainder, keyRemainder);
                            // Whether this is a leaf node or an extension node, the path remainder MUST be a
                            // prefix of the key remainder (or be equal to the key remainder) or the proof is
                            // considered invalid.
                            require(
                                pathRemainder.length == sharedNibbleLength,
                                "MerkleTrie: path remainder must share all nibbles with key"
                            );
                            if (prefix == PREFIX_LEAF_EVEN || prefix == PREFIX_LEAF_ODD) {
                                // Prefix of 2 or 3 means this is a leaf node. For the leaf node to be valid,
                                // the key remainder must be exactly equal to the path remainder. We already
                                // did the necessary byte comparison, so it's more efficient here to check that
                                // the key remainder length equals the shared nibble length, which implies
                                // equality with the path remainder (since we already did the same check with
                                // the path remainder and the shared nibble length).
                                require(
                                    keyRemainder.length == sharedNibbleLength,
                                    "MerkleTrie: key remainder must be identical to path remainder"
                                );
                                // Our Merkle Trie is designed specifically for the purposes of the Ethereum
                                // state trie. Empty values are not allowed in the state trie, so we can safely
                                // say that if the value is empty, the key should not exist and the proof is
                                // invalid.
                                bytes memory value = RLPReader.readBytes(currentNode.decoded[1]);
                                require(
                                    value.length > 0,
                                    "MerkleTrie: value length must be greater than zero (leaf)"
                                );
                                // Extra proof elements are not allowed.
                                require(
                                    i == proof.length - 1,
                                    "MerkleTrie: value node must be last node in proof (leaf)"
                                );
                                return value;
                            } else if (prefix == PREFIX_EXTENSION_EVEN || prefix == PREFIX_EXTENSION_ODD) {
                                // Prefix of 0 or 1 means this is an extension node. We move onto the next node
                                // in the proof and increment the key index by the length of the path remainder
                                // which is equal to the shared nibble length.
                                currentNodeID = _getNodeID(currentNode.decoded[1]);
                                currentKeyIndex += sharedNibbleLength;
                            } else {
                                revert("MerkleTrie: received a node with an unknown prefix");
                            }
                        } else {
                            revert("MerkleTrie: received an unparseable node");
                        }
                    }
                    revert("MerkleTrie: ran out of proof elements");
                }
                /**
                 * @notice Parses an array of proof elements into a new array that contains both the original
                 *         encoded element and the RLP-decoded element.
                 *
                 * @param _proof Array of proof elements to parse.
                 *
                 * @return Proof parsed into easily accessible structs.
                 */
                function _parseProof(bytes[] memory _proof) private pure returns (TrieNode[] memory) {
                    uint256 length = _proof.length;
                    TrieNode[] memory proof = new TrieNode[](length);
                    for (uint256 i = 0; i < length; ) {
                        proof[i] = TrieNode({ encoded: _proof[i], decoded: RLPReader.readList(_proof[i]) });
                        unchecked {
                            ++i;
                        }
                    }
                    return proof;
                }
                /**
                 * @notice Picks out the ID for a node. Node ID is referred to as the "hash" within the
                 *         specification, but nodes < 32 bytes are not actually hashed.
                 *
                 * @param _node Node to pull an ID for.
                 *
                 * @return ID for the node, depending on the size of its contents.
                 */
                function _getNodeID(RLPReader.RLPItem memory _node) private pure returns (bytes memory) {
                    return _node.length < 32 ? RLPReader.readRawBytes(_node) : RLPReader.readBytes(_node);
                }
                /**
                 * @notice Gets the path for a leaf or extension node.
                 *
                 * @param _node Node to get a path for.
                 *
                 * @return Node path, converted to an array of nibbles.
                 */
                function _getNodePath(TrieNode memory _node) private pure returns (bytes memory) {
                    return Bytes.toNibbles(RLPReader.readBytes(_node.decoded[0]));
                }
                /**
                 * @notice Utility; determines the number of nibbles shared between two nibble arrays.
                 *
                 * @param _a First nibble array.
                 * @param _b Second nibble array.
                 *
                 * @return Number of shared nibbles.
                 */
                function _getSharedNibbleLength(bytes memory _a, bytes memory _b)
                    private
                    pure
                    returns (uint256)
                {
                    uint256 shared;
                    uint256 max = (_a.length < _b.length) ? _a.length : _b.length;
                    for (; shared < max && _a[shared] == _b[shared]; ) {
                        unchecked {
                            ++shared;
                        }
                    }
                    return shared;
                }
            }
            // SPDX-License-Identifier: MIT
            pragma solidity ^0.8.0;
            /* Library Imports */
            import { MerkleTrie } from "./MerkleTrie.sol";
            /**
             * @title SecureMerkleTrie
             * @notice SecureMerkleTrie is a thin wrapper around the MerkleTrie library that hashes the input
             *         keys. Ethereum's state trie hashes input keys before storing them.
             */
            library SecureMerkleTrie {
                /**
                 * @notice Verifies a proof that a given key/value pair is present in the Merkle trie.
                 *
                 * @param _key   Key of the node to search for, as a hex string.
                 * @param _value Value of the node to search for, as a hex string.
                 * @param _proof Merkle trie inclusion proof for the desired node. Unlike traditional Merkle
                 *               trees, this proof is executed top-down and consists of a list of RLP-encoded
                 *               nodes that make a path down to the target node.
                 * @param _root  Known root of the Merkle trie. Used to verify that the included proof is
                 *               correctly constructed.
                 *
                 * @return Whether or not the proof is valid.
                 */
                function verifyInclusionProof(
                    bytes memory _key,
                    bytes memory _value,
                    bytes[] memory _proof,
                    bytes32 _root
                ) internal pure returns (bool) {
                    bytes memory key = _getSecureKey(_key);
                    return MerkleTrie.verifyInclusionProof(key, _value, _proof, _root);
                }
                /**
                 * @notice Retrieves the value associated with a given key.
                 *
                 * @param _key   Key to search for, as hex bytes.
                 * @param _proof Merkle trie inclusion proof for the key.
                 * @param _root  Known root of the Merkle trie.
                 *
                 * @return Value of the key if it exists.
                 */
                function get(
                    bytes memory _key,
                    bytes[] memory _proof,
                    bytes32 _root
                ) internal pure returns (bytes memory) {
                    bytes memory key = _getSecureKey(_key);
                    return MerkleTrie.get(key, _proof, _root);
                }
                /**
                 * @notice Computes the hashed version of the input key.
                 *
                 * @param _key Key to hash.
                 *
                 * @return Hashed version of the key.
                 */
                function _getSecureKey(bytes memory _key) private pure returns (bytes memory) {
                    return abi.encodePacked(keccak256(_key));
                }
            }
            // SPDX-License-Identifier: MIT
            pragma solidity 0.8.15;
            import { Initializable } from "@openzeppelin/contracts-upgradeable/proxy/utils/Initializable.sol";
            import { SafeCall } from "../libraries/SafeCall.sol";
            import { Hashing } from "../libraries/Hashing.sol";
            import { Encoding } from "../libraries/Encoding.sol";
            import { Constants } from "../libraries/Constants.sol";
            /**
             * @custom:legacy
             * @title CrossDomainMessengerLegacySpacer0
             * @notice Contract only exists to add a spacer to the CrossDomainMessenger where the
             *         libAddressManager variable used to exist. Must be the first contract in the inheritance
             *         tree of the CrossDomainMessenger.
             */
            contract CrossDomainMessengerLegacySpacer0 {
                /**
                 * @custom:legacy
                 * @custom:spacer libAddressManager
                 * @notice Spacer for backwards compatibility.
                 */
                address private spacer_0_0_20;
            }
            /**
             * @custom:legacy
             * @title CrossDomainMessengerLegacySpacer1
             * @notice Contract only exists to add a spacer to the CrossDomainMessenger where the
             *         PausableUpgradable and OwnableUpgradeable variables used to exist. Must be
             *         the third contract in the inheritance tree of the CrossDomainMessenger.
             */
            contract CrossDomainMessengerLegacySpacer1 {
                /**
                 * @custom:legacy
                 * @custom:spacer ContextUpgradable's __gap
                 * @notice Spacer for backwards compatibility. Comes from OpenZeppelin
                 *         ContextUpgradable.
                 *
                 */
                uint256[50] private spacer_1_0_1600;
                /**
                 * @custom:legacy
                 * @custom:spacer OwnableUpgradeable's _owner
                 * @notice Spacer for backwards compatibility.
                 *         Come from OpenZeppelin OwnableUpgradeable.
                 */
                address private spacer_51_0_20;
                /**
                 * @custom:legacy
                 * @custom:spacer OwnableUpgradeable's __gap
                 * @notice Spacer for backwards compatibility. Comes from OpenZeppelin
                 *         OwnableUpgradeable.
                 */
                uint256[49] private spacer_52_0_1568;
                /**
                 * @custom:legacy
                 * @custom:spacer PausableUpgradable's _paused
                 * @notice Spacer for backwards compatibility. Comes from OpenZeppelin
                 *         PausableUpgradable.
                 */
                bool private spacer_101_0_1;
                /**
                 * @custom:legacy
                 * @custom:spacer PausableUpgradable's __gap
                 * @notice Spacer for backwards compatibility. Comes from OpenZeppelin
                 *         PausableUpgradable.
                 */
                uint256[49] private spacer_102_0_1568;
                /**
                 * @custom:legacy
                 * @custom:spacer ReentrancyGuardUpgradeable's `_status` field.
                 * @notice Spacer for backwards compatibility.
                 */
                uint256 private spacer_151_0_32;
                /**
                 * @custom:legacy
                 * @custom:spacer ReentrancyGuardUpgradeable's __gap
                 * @notice Spacer for backwards compatibility.
                 */
                uint256[49] private spacer_152_0_1568;
                /**
                 * @custom:legacy
                 * @custom:spacer blockedMessages
                 * @notice Spacer for backwards compatibility.
                 */
                mapping(bytes32 => bool) private spacer_201_0_32;
                /**
                 * @custom:legacy
                 * @custom:spacer relayedMessages
                 * @notice Spacer for backwards compatibility.
                 */
                mapping(bytes32 => bool) private spacer_202_0_32;
            }
            /**
             * @custom:upgradeable
             * @title CrossDomainMessenger
             * @notice CrossDomainMessenger is a base contract that provides the core logic for the L1 and L2
             *         cross-chain messenger contracts. It's designed to be a universal interface that only
             *         needs to be extended slightly to provide low-level message passing functionality on each
             *         chain it's deployed on. Currently only designed for message passing between two paired
             *         chains and does not support one-to-many interactions.
             *
             *         Any changes to this contract MUST result in a semver bump for contracts that inherit it.
             */
            abstract contract CrossDomainMessenger is
                CrossDomainMessengerLegacySpacer0,
                Initializable,
                CrossDomainMessengerLegacySpacer1
            {
                /**
                 * @notice Current message version identifier.
                 */
                uint16 public constant MESSAGE_VERSION = 1;
                /**
                 * @notice Constant overhead added to the base gas for a message.
                 */
                uint64 public constant RELAY_CONSTANT_OVERHEAD = 200_000;
                /**
                 * @notice Numerator for dynamic overhead added to the base gas for a message.
                 */
                uint64 public constant MIN_GAS_DYNAMIC_OVERHEAD_NUMERATOR = 64;
                /**
                 * @notice Denominator for dynamic overhead added to the base gas for a message.
                 */
                uint64 public constant MIN_GAS_DYNAMIC_OVERHEAD_DENOMINATOR = 63;
                /**
                 * @notice Extra gas added to base gas for each byte of calldata in a message.
                 */
                uint64 public constant MIN_GAS_CALLDATA_OVERHEAD = 16;
                /**
                 * @notice Gas reserved for performing the external call in `relayMessage`.
                 */
                uint64 public constant RELAY_CALL_OVERHEAD = 40_000;
                /**
                 * @notice Gas reserved for finalizing the execution of `relayMessage` after the safe call.
                 */
                uint64 public constant RELAY_RESERVED_GAS = 40_000;
                /**
                 * @notice Gas reserved for the execution between the `hasMinGas` check and the external
                 *         call in `relayMessage`.
                 */
                uint64 public constant RELAY_GAS_CHECK_BUFFER = 5_000;
                /**
                 * @notice Address of the paired CrossDomainMessenger contract on the other chain.
                 */
                address public immutable OTHER_MESSENGER;
                /**
                 * @notice Mapping of message hashes to boolean receipt values. Note that a message will only
                 *         be present in this mapping if it has successfully been relayed on this chain, and
                 *         can therefore not be relayed again.
                 */
                mapping(bytes32 => bool) public successfulMessages;
                /**
                 * @notice Address of the sender of the currently executing message on the other chain. If the
                 *         value of this variable is the default value (0x00000000...dead) then no message is
                 *         currently being executed. Use the xDomainMessageSender getter which will throw an
                 *         error if this is the case.
                 */
                address internal xDomainMsgSender;
                /**
                 * @notice Nonce for the next message to be sent, without the message version applied. Use the
                 *         messageNonce getter which will insert the message version into the nonce to give you
                 *         the actual nonce to be used for the message.
                 */
                uint240 internal msgNonce;
                /**
                 * @notice Mapping of message hashes to a boolean if and only if the message has failed to be
                 *         executed at least once. A message will not be present in this mapping if it
                 *         successfully executed on the first attempt.
                 */
                mapping(bytes32 => bool) public failedMessages;
                /**
                 * @notice Reserve extra slots in the storage layout for future upgrades.
                 *         A gap size of 41 was chosen here, so that the first slot used in a child contract
                 *         would be a multiple of 50.
                 */
                uint256[42] private __gap;
                /**
                 * @notice Emitted whenever a message is sent to the other chain.
                 *
                 * @param target       Address of the recipient of the message.
                 * @param sender       Address of the sender of the message.
                 * @param message      Message to trigger the recipient address with.
                 * @param messageNonce Unique nonce attached to the message.
                 * @param gasLimit     Minimum gas limit that the message can be executed with.
                 */
                event SentMessage(
                    address indexed target,
                    address sender,
                    bytes message,
                    uint256 messageNonce,
                    uint256 gasLimit
                );
                /**
                 * @notice Additional event data to emit, required as of Bedrock. Cannot be merged with the
                 *         SentMessage event without breaking the ABI of this contract, this is good enough.
                 *
                 * @param sender Address of the sender of the message.
                 * @param value  ETH value sent along with the message to the recipient.
                 */
                event SentMessageExtension1(address indexed sender, uint256 value);
                /**
                 * @notice Emitted whenever a message is successfully relayed on this chain.
                 *
                 * @param msgHash Hash of the message that was relayed.
                 */
                event RelayedMessage(bytes32 indexed msgHash);
                /**
                 * @notice Emitted whenever a message fails to be relayed on this chain.
                 *
                 * @param msgHash Hash of the message that failed to be relayed.
                 */
                event FailedRelayedMessage(bytes32 indexed msgHash);
                /**
                 * @param _otherMessenger Address of the messenger on the paired chain.
                 */
                constructor(address _otherMessenger) {
                    OTHER_MESSENGER = _otherMessenger;
                }
                /**
                 * @notice Sends a message to some target address on the other chain. Note that if the call
                 *         always reverts, then the message will be unrelayable, and any ETH sent will be
                 *         permanently locked. The same will occur if the target on the other chain is
                 *         considered unsafe (see the _isUnsafeTarget() function).
                 *
                 * @param _target      Target contract or wallet address.
                 * @param _message     Message to trigger the target address with.
                 * @param _minGasLimit Minimum gas limit that the message can be executed with.
                 */
                function sendMessage(
                    address _target,
                    bytes calldata _message,
                    uint32 _minGasLimit
                ) external payable {
                    // Triggers a message to the other messenger. Note that the amount of gas provided to the
                    // message is the amount of gas requested by the user PLUS the base gas value. We want to
                    // guarantee the property that the call to the target contract will always have at least
                    // the minimum gas limit specified by the user.
                    _sendMessage(
                        OTHER_MESSENGER,
                        baseGas(_message, _minGasLimit),
                        msg.value,
                        abi.encodeWithSelector(
                            this.relayMessage.selector,
                            messageNonce(),
                            msg.sender,
                            _target,
                            msg.value,
                            _minGasLimit,
                            _message
                        )
                    );
                    emit SentMessage(_target, msg.sender, _message, messageNonce(), _minGasLimit);
                    emit SentMessageExtension1(msg.sender, msg.value);
                    unchecked {
                        ++msgNonce;
                    }
                }
                /**
                 * @notice Relays a message that was sent by the other CrossDomainMessenger contract. Can only
                 *         be executed via cross-chain call from the other messenger OR if the message was
                 *         already received once and is currently being replayed.
                 *
                 * @param _nonce       Nonce of the message being relayed.
                 * @param _sender      Address of the user who sent the message.
                 * @param _target      Address that the message is targeted at.
                 * @param _value       ETH value to send with the message.
                 * @param _minGasLimit Minimum amount of gas that the message can be executed with.
                 * @param _message     Message to send to the target.
                 */
                function relayMessage(
                    uint256 _nonce,
                    address _sender,
                    address _target,
                    uint256 _value,
                    uint256 _minGasLimit,
                    bytes calldata _message
                ) external payable {
                    (, uint16 version) = Encoding.decodeVersionedNonce(_nonce);
                    require(
                        version < 2,
                        "CrossDomainMessenger: only version 0 or 1 messages are supported at this time"
                    );
                    // If the message is version 0, then it's a migrated legacy withdrawal. We therefore need
                    // to check that the legacy version of the message has not already been relayed.
                    if (version == 0) {
                        bytes32 oldHash = Hashing.hashCrossDomainMessageV0(_target, _sender, _message, _nonce);
                        require(
                            successfulMessages[oldHash] == false,
                            "CrossDomainMessenger: legacy withdrawal already relayed"
                        );
                    }
                    // We use the v1 message hash as the unique identifier for the message because it commits
                    // to the value and minimum gas limit of the message.
                    bytes32 versionedHash = Hashing.hashCrossDomainMessageV1(
                        _nonce,
                        _sender,
                        _target,
                        _value,
                        _minGasLimit,
                        _message
                    );
                    if (_isOtherMessenger()) {
                        // These properties should always hold when the message is first submitted (as
                        // opposed to being replayed).
                        assert(msg.value == _value);
                        assert(!failedMessages[versionedHash]);
                    } else {
                        require(
                            msg.value == 0,
                            "CrossDomainMessenger: value must be zero unless message is from a system address"
                        );
                        require(
                            failedMessages[versionedHash],
                            "CrossDomainMessenger: message cannot be replayed"
                        );
                    }
                    require(
                        _isUnsafeTarget(_target) == false,
                        "CrossDomainMessenger: cannot send message to blocked system address"
                    );
                    require(
                        successfulMessages[versionedHash] == false,
                        "CrossDomainMessenger: message has already been relayed"
                    );
                    // If there is not enough gas left to perform the external call and finish the execution,
                    // return early and assign the message to the failedMessages mapping.
                    // We are asserting that we have enough gas to:
                    // 1. Call the target contract (_minGasLimit + RELAY_CALL_OVERHEAD + RELAY_GAS_CHECK_BUFFER)
                    //   1.a. The RELAY_CALL_OVERHEAD is included in `hasMinGas`.
                    // 2. Finish the execution after the external call (RELAY_RESERVED_GAS).
                    //
                    // If `xDomainMsgSender` is not the default L2 sender, this function
                    // is being re-entered. This marks the message as failed to allow it to be replayed.
                    if (
                        !SafeCall.hasMinGas(_minGasLimit, RELAY_RESERVED_GAS + RELAY_GAS_CHECK_BUFFER) ||
                        xDomainMsgSender != Constants.DEFAULT_L2_SENDER
                    ) {
                        failedMessages[versionedHash] = true;
                        emit FailedRelayedMessage(versionedHash);
                        // Revert in this case if the transaction was triggered by the estimation address. This
                        // should only be possible during gas estimation or we have bigger problems. Reverting
                        // here will make the behavior of gas estimation change such that the gas limit
                        // computed will be the amount required to relay the message, even if that amount is
                        // greater than the minimum gas limit specified by the user.
                        if (tx.origin == Constants.ESTIMATION_ADDRESS) {
                            revert("CrossDomainMessenger: failed to relay message");
                        }
                        return;
                    }
                    xDomainMsgSender = _sender;
                    bool success = SafeCall.call(_target, gasleft() - RELAY_RESERVED_GAS, _value, _message);
                    xDomainMsgSender = Constants.DEFAULT_L2_SENDER;
                    if (success) {
                        successfulMessages[versionedHash] = true;
                        emit RelayedMessage(versionedHash);
                    } else {
                        failedMessages[versionedHash] = true;
                        emit FailedRelayedMessage(versionedHash);
                        // Revert in this case if the transaction was triggered by the estimation address. This
                        // should only be possible during gas estimation or we have bigger problems. Reverting
                        // here will make the behavior of gas estimation change such that the gas limit
                        // computed will be the amount required to relay the message, even if that amount is
                        // greater than the minimum gas limit specified by the user.
                        if (tx.origin == Constants.ESTIMATION_ADDRESS) {
                            revert("CrossDomainMessenger: failed to relay message");
                        }
                    }
                }
                /**
                 * @notice Retrieves the address of the contract or wallet that initiated the currently
                 *         executing message on the other chain. Will throw an error if there is no message
                 *         currently being executed. Allows the recipient of a call to see who triggered it.
                 *
                 * @return Address of the sender of the currently executing message on the other chain.
                 */
                function xDomainMessageSender() external view returns (address) {
                    require(
                        xDomainMsgSender != Constants.DEFAULT_L2_SENDER,
                        "CrossDomainMessenger: xDomainMessageSender is not set"
                    );
                    return xDomainMsgSender;
                }
                /**
                 * @notice Retrieves the next message nonce. Message version will be added to the upper two
                 *         bytes of the message nonce. Message version allows us to treat messages as having
                 *         different structures.
                 *
                 * @return Nonce of the next message to be sent, with added message version.
                 */
                function messageNonce() public view returns (uint256) {
                    return Encoding.encodeVersionedNonce(msgNonce, MESSAGE_VERSION);
                }
                /**
                 * @notice Computes the amount of gas required to guarantee that a given message will be
                 *         received on the other chain without running out of gas. Guaranteeing that a message
                 *         will not run out of gas is important because this ensures that a message can always
                 *         be replayed on the other chain if it fails to execute completely.
                 *
                 * @param _message     Message to compute the amount of required gas for.
                 * @param _minGasLimit Minimum desired gas limit when message goes to target.
                 *
                 * @return Amount of gas required to guarantee message receipt.
                 */
                function baseGas(bytes calldata _message, uint32 _minGasLimit) public pure returns (uint64) {
                    return
                        // Constant overhead
                        RELAY_CONSTANT_OVERHEAD +
                        // Calldata overhead
                        (uint64(_message.length) * MIN_GAS_CALLDATA_OVERHEAD) +
                        // Dynamic overhead (EIP-150)
                        ((_minGasLimit * MIN_GAS_DYNAMIC_OVERHEAD_NUMERATOR) /
                            MIN_GAS_DYNAMIC_OVERHEAD_DENOMINATOR) +
                        // Gas reserved for the worst-case cost of 3/5 of the `CALL` opcode's dynamic gas
                        // factors. (Conservative)
                        RELAY_CALL_OVERHEAD +
                        // Relay reserved gas (to ensure execution of `relayMessage` completes after the
                        // subcontext finishes executing) (Conservative)
                        RELAY_RESERVED_GAS +
                        // Gas reserved for the execution between the `hasMinGas` check and the `CALL`
                        // opcode. (Conservative)
                        RELAY_GAS_CHECK_BUFFER;
                }
                /**
                 * @notice Intializer.
                 */
                // solhint-disable-next-line func-name-mixedcase
                function __CrossDomainMessenger_init() internal onlyInitializing {
                    xDomainMsgSender = Constants.DEFAULT_L2_SENDER;
                }
                /**
                 * @notice Sends a low-level message to the other messenger. Needs to be implemented by child
                 *         contracts because the logic for this depends on the network where the messenger is
                 *         being deployed.
                 *
                 * @param _to       Recipient of the message on the other chain.
                 * @param _gasLimit Minimum gas limit the message can be executed with.
                 * @param _value    Amount of ETH to send with the message.
                 * @param _data     Message data.
                 */
                function _sendMessage(
                    address _to,
                    uint64 _gasLimit,
                    uint256 _value,
                    bytes memory _data
                ) internal virtual;
                /**
                 * @notice Checks whether the message is coming from the other messenger. Implemented by child
                 *         contracts because the logic for this depends on the network where the messenger is
                 *         being deployed.
                 *
                 * @return Whether the message is coming from the other messenger.
                 */
                function _isOtherMessenger() internal view virtual returns (bool);
                /**
                 * @notice Checks whether a given call target is a system address that could cause the
                 *         messenger to peform an unsafe action. This is NOT a mechanism for blocking user
                 *         addresses. This is ONLY used to prevent the execution of messages to specific
                 *         system addresses that could cause security issues, e.g., having the
                 *         CrossDomainMessenger send messages to itself.
                 *
                 * @param _target Address of the contract to check.
                 *
                 * @return Whether or not the address is an unsafe system address.
                 */
                function _isUnsafeTarget(address _target) internal view virtual returns (bool);
            }
            // SPDX-License-Identifier: MIT
            pragma solidity ^0.8.0;
            import { Strings } from "@openzeppelin/contracts/utils/Strings.sol";
            /**
             * @title Semver
             * @notice Semver is a simple contract for managing contract versions.
             */
            contract Semver {
                /**
                 * @notice Contract version number (major).
                 */
                uint256 private immutable MAJOR_VERSION;
                /**
                 * @notice Contract version number (minor).
                 */
                uint256 private immutable MINOR_VERSION;
                /**
                 * @notice Contract version number (patch).
                 */
                uint256 private immutable PATCH_VERSION;
                /**
                 * @param _major Version number (major).
                 * @param _minor Version number (minor).
                 * @param _patch Version number (patch).
                 */
                constructor(
                    uint256 _major,
                    uint256 _minor,
                    uint256 _patch
                ) {
                    MAJOR_VERSION = _major;
                    MINOR_VERSION = _minor;
                    PATCH_VERSION = _patch;
                }
                /**
                 * @notice Returns the full semver contract version.
                 *
                 * @return Semver contract version as a string.
                 */
                function version() public view returns (string memory) {
                    return
                        string(
                            abi.encodePacked(
                                Strings.toString(MAJOR_VERSION),
                                ".",
                                Strings.toString(MINOR_VERSION),
                                ".",
                                Strings.toString(PATCH_VERSION)
                            )
                        );
                }
            }
            // SPDX-License-Identifier: Apache-2.0
            /*
             * Copyright 2019-2021, Offchain Labs, Inc.
             *
             * Licensed under the Apache License, Version 2.0 (the "License");
             * you may not use this file except in compliance with the License.
             * You may obtain a copy of the License at
             *
             *    http://www.apache.org/licenses/LICENSE-2.0
             *
             * Unless required by applicable law or agreed to in writing, software
             * distributed under the License is distributed on an "AS IS" BASIS,
             * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
             * See the License for the specific language governing permissions and
             * limitations under the License.
             */
            pragma solidity ^0.8.0;
            library AddressAliasHelper {
                uint160 constant offset = uint160(0x1111000000000000000000000000000000001111);
                /// @notice Utility function that converts the address in the L1 that submitted a tx to
                /// the inbox to the msg.sender viewed in the L2
                /// @param l1Address the address in the L1 that triggered the tx to L2
                /// @return l2Address L2 address as viewed in msg.sender
                function applyL1ToL2Alias(address l1Address) internal pure returns (address l2Address) {
                    unchecked {
                        l2Address = address(uint160(l1Address) + offset);
                    }
                }
                /// @notice Utility function that converts the msg.sender viewed in the L2 to the
                /// address in the L1 that submitted a tx to the inbox
                /// @param l2Address L2 address as viewed in msg.sender
                /// @return l1Address the address in the L1 that triggered the tx to L2
                function undoL1ToL2Alias(address l2Address) internal pure returns (address l1Address) {
                    unchecked {
                        l1Address = address(uint160(l2Address) - offset);
                    }
                }
            }
            // SPDX-License-Identifier: MIT
            // OpenZeppelin Contracts (last updated v4.7.0) (proxy/utils/Initializable.sol)
            pragma solidity ^0.8.2;
            import "../../utils/Address.sol";
            /**
             * @dev This is a base contract to aid in writing upgradeable contracts, or any kind of contract that will be deployed
             * behind a proxy. Since proxied contracts do not make use of a constructor, it's common to move constructor logic to an
             * external initializer function, usually called `initialize`. It then becomes necessary to protect this initializer
             * function so it can only be called once. The {initializer} modifier provided by this contract will have this effect.
             *
             * The initialization functions use a version number. Once a version number is used, it is consumed and cannot be
             * reused. This mechanism prevents re-execution of each "step" but allows the creation of new initialization steps in
             * case an upgrade adds a module that needs to be initialized.
             *
             * For example:
             *
             * [.hljs-theme-light.nopadding]
             * ```
             * contract MyToken is ERC20Upgradeable {
             *     function initialize() initializer public {
             *         __ERC20_init("MyToken", "MTK");
             *     }
             * }
             * contract MyTokenV2 is MyToken, ERC20PermitUpgradeable {
             *     function initializeV2() reinitializer(2) public {
             *         __ERC20Permit_init("MyToken");
             *     }
             * }
             * ```
             *
             * TIP: To avoid leaving the proxy in an uninitialized state, the initializer function should be called as early as
             * possible by providing the encoded function call as the `_data` argument to {ERC1967Proxy-constructor}.
             *
             * CAUTION: When used with inheritance, manual care must be taken to not invoke a parent initializer twice, or to ensure
             * that all initializers are idempotent. This is not verified automatically as constructors are by Solidity.
             *
             * [CAUTION]
             * ====
             * Avoid leaving a contract uninitialized.
             *
             * An uninitialized contract can be taken over by an attacker. This applies to both a proxy and its implementation
             * contract, which may impact the proxy. To prevent the implementation contract from being used, you should invoke
             * the {_disableInitializers} function in the constructor to automatically lock it when it is deployed:
             *
             * [.hljs-theme-light.nopadding]
             * ```
             * /// @custom:oz-upgrades-unsafe-allow constructor
             * constructor() {
             *     _disableInitializers();
             * }
             * ```
             * ====
             */
            abstract contract Initializable {
                /**
                 * @dev Indicates that the contract has been initialized.
                 * @custom:oz-retyped-from bool
                 */
                uint8 private _initialized;
                /**
                 * @dev Indicates that the contract is in the process of being initialized.
                 */
                bool private _initializing;
                /**
                 * @dev Triggered when the contract has been initialized or reinitialized.
                 */
                event Initialized(uint8 version);
                /**
                 * @dev A modifier that defines a protected initializer function that can be invoked at most once. In its scope,
                 * `onlyInitializing` functions can be used to initialize parent contracts. Equivalent to `reinitializer(1)`.
                 */
                modifier initializer() {
                    bool isTopLevelCall = !_initializing;
                    require(
                        (isTopLevelCall && _initialized < 1) || (!Address.isContract(address(this)) && _initialized == 1),
                        "Initializable: contract is already initialized"
                    );
                    _initialized = 1;
                    if (isTopLevelCall) {
                        _initializing = true;
                    }
                    _;
                    if (isTopLevelCall) {
                        _initializing = false;
                        emit Initialized(1);
                    }
                }
                /**
                 * @dev A modifier that defines a protected reinitializer function that can be invoked at most once, and only if the
                 * contract hasn't been initialized to a greater version before. In its scope, `onlyInitializing` functions can be
                 * used to initialize parent contracts.
                 *
                 * `initializer` is equivalent to `reinitializer(1)`, so a reinitializer may be used after the original
                 * initialization step. This is essential to configure modules that are added through upgrades and that require
                 * initialization.
                 *
                 * Note that versions can jump in increments greater than 1; this implies that if multiple reinitializers coexist in
                 * a contract, executing them in the right order is up to the developer or operator.
                 */
                modifier reinitializer(uint8 version) {
                    require(!_initializing && _initialized < version, "Initializable: contract is already initialized");
                    _initialized = version;
                    _initializing = true;
                    _;
                    _initializing = false;
                    emit Initialized(version);
                }
                /**
                 * @dev Modifier to protect an initialization function so that it can only be invoked by functions with the
                 * {initializer} and {reinitializer} modifiers, directly or indirectly.
                 */
                modifier onlyInitializing() {
                    require(_initializing, "Initializable: contract is not initializing");
                    _;
                }
                /**
                 * @dev Locks the contract, preventing any future reinitialization. This cannot be part of an initializer call.
                 * Calling this in the constructor of a contract will prevent that contract from being initialized or reinitialized
                 * to any version. It is recommended to use this to lock implementation contracts that are designed to be called
                 * through proxies.
                 */
                function _disableInitializers() internal virtual {
                    require(!_initializing, "Initializable: contract is initializing");
                    if (_initialized < type(uint8).max) {
                        _initialized = type(uint8).max;
                        emit Initialized(type(uint8).max);
                    }
                }
            }
            // SPDX-License-Identifier: MIT
            // OpenZeppelin Contracts (last updated v4.7.0) (utils/Address.sol)
            pragma solidity ^0.8.1;
            /**
             * @dev Collection of functions related to the address type
             */
            library Address {
                /**
                 * @dev Returns true if `account` is a contract.
                 *
                 * [IMPORTANT]
                 * ====
                 * It is unsafe to assume that an address for which this function returns
                 * false is an externally-owned account (EOA) and not a contract.
                 *
                 * Among others, `isContract` will return false for the following
                 * types of addresses:
                 *
                 *  - an externally-owned account
                 *  - a contract in construction
                 *  - an address where a contract will be created
                 *  - an address where a contract lived, but was destroyed
                 * ====
                 *
                 * [IMPORTANT]
                 * ====
                 * You shouldn't rely on `isContract` to protect against flash loan attacks!
                 *
                 * Preventing calls from contracts is highly discouraged. It breaks composability, breaks support for smart wallets
                 * like Gnosis Safe, and does not provide security since it can be circumvented by calling from a contract
                 * constructor.
                 * ====
                 */
                function isContract(address account) internal view returns (bool) {
                    // This method relies on extcodesize/address.code.length, which returns 0
                    // for contracts in construction, since the code is only stored at the end
                    // of the constructor execution.
                    return account.code.length > 0;
                }
                /**
                 * @dev Replacement for Solidity's `transfer`: sends `amount` wei to
                 * `recipient`, forwarding all available gas and reverting on errors.
                 *
                 * https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost
                 * of certain opcodes, possibly making contracts go over the 2300 gas limit
                 * imposed by `transfer`, making them unable to receive funds via
                 * `transfer`. {sendValue} removes this limitation.
                 *
                 * https://diligence.consensys.net/posts/2019/09/stop-using-soliditys-transfer-now/[Learn more].
                 *
                 * IMPORTANT: because control is transferred to `recipient`, care must be
                 * taken to not create reentrancy vulnerabilities. Consider using
                 * {ReentrancyGuard} or the
                 * https://solidity.readthedocs.io/en/v0.5.11/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern].
                 */
                function sendValue(address payable recipient, uint256 amount) internal {
                    require(address(this).balance >= amount, "Address: insufficient balance");
                    (bool success, ) = recipient.call{value: amount}("");
                    require(success, "Address: unable to send value, recipient may have reverted");
                }
                /**
                 * @dev Performs a Solidity function call using a low level `call`. A
                 * plain `call` is an unsafe replacement for a function call: use this
                 * function instead.
                 *
                 * If `target` reverts with a revert reason, it is bubbled up by this
                 * function (like regular Solidity function calls).
                 *
                 * Returns the raw returned data. To convert to the expected return value,
                 * use https://solidity.readthedocs.io/en/latest/units-and-global-variables.html?highlight=abi.decode#abi-encoding-and-decoding-functions[`abi.decode`].
                 *
                 * Requirements:
                 *
                 * - `target` must be a contract.
                 * - calling `target` with `data` must not revert.
                 *
                 * _Available since v3.1._
                 */
                function functionCall(address target, bytes memory data) internal returns (bytes memory) {
                    return functionCall(target, data, "Address: low-level call failed");
                }
                /**
                 * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], but with
                 * `errorMessage` as a fallback revert reason when `target` reverts.
                 *
                 * _Available since v3.1._
                 */
                function functionCall(
                    address target,
                    bytes memory data,
                    string memory errorMessage
                ) internal returns (bytes memory) {
                    return functionCallWithValue(target, data, 0, errorMessage);
                }
                /**
                 * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
                 * but also transferring `value` wei to `target`.
                 *
                 * Requirements:
                 *
                 * - the calling contract must have an ETH balance of at least `value`.
                 * - the called Solidity function must be `payable`.
                 *
                 * _Available since v3.1._
                 */
                function functionCallWithValue(
                    address target,
                    bytes memory data,
                    uint256 value
                ) internal returns (bytes memory) {
                    return functionCallWithValue(target, data, value, "Address: low-level call with value failed");
                }
                /**
                 * @dev Same as {xref-Address-functionCallWithValue-address-bytes-uint256-}[`functionCallWithValue`], but
                 * with `errorMessage` as a fallback revert reason when `target` reverts.
                 *
                 * _Available since v3.1._
                 */
                function functionCallWithValue(
                    address target,
                    bytes memory data,
                    uint256 value,
                    string memory errorMessage
                ) internal returns (bytes memory) {
                    require(address(this).balance >= value, "Address: insufficient balance for call");
                    require(isContract(target), "Address: call to non-contract");
                    (bool success, bytes memory returndata) = target.call{value: value}(data);
                    return verifyCallResult(success, returndata, errorMessage);
                }
                /**
                 * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
                 * but performing a static call.
                 *
                 * _Available since v3.3._
                 */
                function functionStaticCall(address target, bytes memory data) internal view returns (bytes memory) {
                    return functionStaticCall(target, data, "Address: low-level static call failed");
                }
                /**
                 * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],
                 * but performing a static call.
                 *
                 * _Available since v3.3._
                 */
                function functionStaticCall(
                    address target,
                    bytes memory data,
                    string memory errorMessage
                ) internal view returns (bytes memory) {
                    require(isContract(target), "Address: static call to non-contract");
                    (bool success, bytes memory returndata) = target.staticcall(data);
                    return verifyCallResult(success, returndata, errorMessage);
                }
                /**
                 * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
                 * but performing a delegate call.
                 *
                 * _Available since v3.4._
                 */
                function functionDelegateCall(address target, bytes memory data) internal returns (bytes memory) {
                    return functionDelegateCall(target, data, "Address: low-level delegate call failed");
                }
                /**
                 * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],
                 * but performing a delegate call.
                 *
                 * _Available since v3.4._
                 */
                function functionDelegateCall(
                    address target,
                    bytes memory data,
                    string memory errorMessage
                ) internal returns (bytes memory) {
                    require(isContract(target), "Address: delegate call to non-contract");
                    (bool success, bytes memory returndata) = target.delegatecall(data);
                    return verifyCallResult(success, returndata, errorMessage);
                }
                /**
                 * @dev Tool to verifies that a low level call was successful, and revert if it wasn't, either by bubbling the
                 * revert reason using the provided one.
                 *
                 * _Available since v4.3._
                 */
                function verifyCallResult(
                    bool success,
                    bytes memory returndata,
                    string memory errorMessage
                ) internal pure returns (bytes memory) {
                    if (success) {
                        return returndata;
                    } else {
                        // Look for revert reason and bubble it up if present
                        if (returndata.length > 0) {
                            // The easiest way to bubble the revert reason is using memory via assembly
                            /// @solidity memory-safe-assembly
                            assembly {
                                let returndata_size := mload(returndata)
                                revert(add(32, returndata), returndata_size)
                            }
                        } else {
                            revert(errorMessage);
                        }
                    }
                }
            }
            // SPDX-License-Identifier: MIT
            // OpenZeppelin Contracts (last updated v4.7.0) (utils/Strings.sol)
            pragma solidity ^0.8.0;
            /**
             * @dev String operations.
             */
            library Strings {
                bytes16 private constant _HEX_SYMBOLS = "0123456789abcdef";
                uint8 private constant _ADDRESS_LENGTH = 20;
                /**
                 * @dev Converts a `uint256` to its ASCII `string` decimal representation.
                 */
                function toString(uint256 value) internal pure returns (string memory) {
                    // Inspired by OraclizeAPI's implementation - MIT licence
                    // https://github.com/oraclize/ethereum-api/blob/b42146b063c7d6ee1358846c198246239e9360e8/oraclizeAPI_0.4.25.sol
                    if (value == 0) {
                        return "0";
                    }
                    uint256 temp = value;
                    uint256 digits;
                    while (temp != 0) {
                        digits++;
                        temp /= 10;
                    }
                    bytes memory buffer = new bytes(digits);
                    while (value != 0) {
                        digits -= 1;
                        buffer[digits] = bytes1(uint8(48 + uint256(value % 10)));
                        value /= 10;
                    }
                    return string(buffer);
                }
                /**
                 * @dev Converts a `uint256` to its ASCII `string` hexadecimal representation.
                 */
                function toHexString(uint256 value) internal pure returns (string memory) {
                    if (value == 0) {
                        return "0x00";
                    }
                    uint256 temp = value;
                    uint256 length = 0;
                    while (temp != 0) {
                        length++;
                        temp >>= 8;
                    }
                    return toHexString(value, length);
                }
                /**
                 * @dev Converts a `uint256` to its ASCII `string` hexadecimal representation with fixed length.
                 */
                function toHexString(uint256 value, uint256 length) internal pure returns (string memory) {
                    bytes memory buffer = new bytes(2 * length + 2);
                    buffer[0] = "0";
                    buffer[1] = "x";
                    for (uint256 i = 2 * length + 1; i > 1; --i) {
                        buffer[i] = _HEX_SYMBOLS[value & 0xf];
                        value >>= 4;
                    }
                    require(value == 0, "Strings: hex length insufficient");
                    return string(buffer);
                }
                /**
                 * @dev Converts an `address` with fixed length of 20 bytes to its not checksummed ASCII `string` hexadecimal representation.
                 */
                function toHexString(address addr) internal pure returns (string memory) {
                    return toHexString(uint256(uint160(addr)), _ADDRESS_LENGTH);
                }
            }
            // SPDX-License-Identifier: MIT
            // OpenZeppelin Contracts (last updated v4.7.0) (utils/math/Math.sol)
            pragma solidity ^0.8.0;
            /**
             * @dev Standard math utilities missing in the Solidity language.
             */
            library Math {
                enum Rounding {
                    Down, // Toward negative infinity
                    Up, // Toward infinity
                    Zero // Toward zero
                }
                /**
                 * @dev Returns the largest of two numbers.
                 */
                function max(uint256 a, uint256 b) internal pure returns (uint256) {
                    return a >= b ? a : b;
                }
                /**
                 * @dev Returns the smallest of two numbers.
                 */
                function min(uint256 a, uint256 b) internal pure returns (uint256) {
                    return a < b ? a : b;
                }
                /**
                 * @dev Returns the average of two numbers. The result is rounded towards
                 * zero.
                 */
                function average(uint256 a, uint256 b) internal pure returns (uint256) {
                    // (a + b) / 2 can overflow.
                    return (a & b) + (a ^ b) / 2;
                }
                /**
                 * @dev Returns the ceiling of the division of two numbers.
                 *
                 * This differs from standard division with `/` in that it rounds up instead
                 * of rounding down.
                 */
                function ceilDiv(uint256 a, uint256 b) internal pure returns (uint256) {
                    // (a + b - 1) / b can overflow on addition, so we distribute.
                    return a == 0 ? 0 : (a - 1) / b + 1;
                }
                /**
                 * @notice Calculates floor(x * y / denominator) with full precision. Throws if result overflows a uint256 or denominator == 0
                 * @dev Original credit to Remco Bloemen under MIT license (https://xn--2-umb.com/21/muldiv)
                 * with further edits by Uniswap Labs also under MIT license.
                 */
                function mulDiv(
                    uint256 x,
                    uint256 y,
                    uint256 denominator
                ) internal pure returns (uint256 result) {
                    unchecked {
                        // 512-bit multiply [prod1 prod0] = x * y. Compute the product mod 2^256 and mod 2^256 - 1, then use
                        // use the Chinese Remainder Theorem to reconstruct the 512 bit result. The result is stored in two 256
                        // variables such that product = prod1 * 2^256 + prod0.
                        uint256 prod0; // Least significant 256 bits of the product
                        uint256 prod1; // Most significant 256 bits of the product
                        assembly {
                            let mm := mulmod(x, y, not(0))
                            prod0 := mul(x, y)
                            prod1 := sub(sub(mm, prod0), lt(mm, prod0))
                        }
                        // Handle non-overflow cases, 256 by 256 division.
                        if (prod1 == 0) {
                            return prod0 / denominator;
                        }
                        // Make sure the result is less than 2^256. Also prevents denominator == 0.
                        require(denominator > prod1);
                        ///////////////////////////////////////////////
                        // 512 by 256 division.
                        ///////////////////////////////////////////////
                        // Make division exact by subtracting the remainder from [prod1 prod0].
                        uint256 remainder;
                        assembly {
                            // Compute remainder using mulmod.
                            remainder := mulmod(x, y, denominator)
                            // Subtract 256 bit number from 512 bit number.
                            prod1 := sub(prod1, gt(remainder, prod0))
                            prod0 := sub(prod0, remainder)
                        }
                        // Factor powers of two out of denominator and compute largest power of two divisor of denominator. Always >= 1.
                        // See https://cs.stackexchange.com/q/138556/92363.
                        // Does not overflow because the denominator cannot be zero at this stage in the function.
                        uint256 twos = denominator & (~denominator + 1);
                        assembly {
                            // Divide denominator by twos.
                            denominator := div(denominator, twos)
                            // Divide [prod1 prod0] by twos.
                            prod0 := div(prod0, twos)
                            // Flip twos such that it is 2^256 / twos. If twos is zero, then it becomes one.
                            twos := add(div(sub(0, twos), twos), 1)
                        }
                        // Shift in bits from prod1 into prod0.
                        prod0 |= prod1 * twos;
                        // Invert denominator mod 2^256. Now that denominator is an odd number, it has an inverse modulo 2^256 such
                        // that denominator * inv = 1 mod 2^256. Compute the inverse by starting with a seed that is correct for
                        // four bits. That is, denominator * inv = 1 mod 2^4.
                        uint256 inverse = (3 * denominator) ^ 2;
                        // Use the Newton-Raphson iteration to improve the precision. Thanks to Hensel's lifting lemma, this also works
                        // in modular arithmetic, doubling the correct bits in each step.
                        inverse *= 2 - denominator * inverse; // inverse mod 2^8
                        inverse *= 2 - denominator * inverse; // inverse mod 2^16
                        inverse *= 2 - denominator * inverse; // inverse mod 2^32
                        inverse *= 2 - denominator * inverse; // inverse mod 2^64
                        inverse *= 2 - denominator * inverse; // inverse mod 2^128
                        inverse *= 2 - denominator * inverse; // inverse mod 2^256
                        // Because the division is now exact we can divide by multiplying with the modular inverse of denominator.
                        // This will give us the correct result modulo 2^256. Since the preconditions guarantee that the outcome is
                        // less than 2^256, this is the final result. We don't need to compute the high bits of the result and prod1
                        // is no longer required.
                        result = prod0 * inverse;
                        return result;
                    }
                }
                /**
                 * @notice Calculates x * y / denominator with full precision, following the selected rounding direction.
                 */
                function mulDiv(
                    uint256 x,
                    uint256 y,
                    uint256 denominator,
                    Rounding rounding
                ) internal pure returns (uint256) {
                    uint256 result = mulDiv(x, y, denominator);
                    if (rounding == Rounding.Up && mulmod(x, y, denominator) > 0) {
                        result += 1;
                    }
                    return result;
                }
                /**
                 * @dev Returns the square root of a number. It the number is not a perfect square, the value is rounded down.
                 *
                 * Inspired by Henry S. Warren, Jr.'s "Hacker's Delight" (Chapter 11).
                 */
                function sqrt(uint256 a) internal pure returns (uint256) {
                    if (a == 0) {
                        return 0;
                    }
                    // For our first guess, we get the biggest power of 2 which is smaller than the square root of the target.
                    // We know that the "msb" (most significant bit) of our target number `a` is a power of 2 such that we have
                    // `msb(a) <= a < 2*msb(a)`.
                    // We also know that `k`, the position of the most significant bit, is such that `msb(a) = 2**k`.
                    // This gives `2**k < a <= 2**(k+1)` → `2**(k/2) <= sqrt(a) < 2 ** (k/2+1)`.
                    // Using an algorithm similar to the msb conmputation, we are able to compute `result = 2**(k/2)` which is a
                    // good first aproximation of `sqrt(a)` with at least 1 correct bit.
                    uint256 result = 1;
                    uint256 x = a;
                    if (x >> 128 > 0) {
                        x >>= 128;
                        result <<= 64;
                    }
                    if (x >> 64 > 0) {
                        x >>= 64;
                        result <<= 32;
                    }
                    if (x >> 32 > 0) {
                        x >>= 32;
                        result <<= 16;
                    }
                    if (x >> 16 > 0) {
                        x >>= 16;
                        result <<= 8;
                    }
                    if (x >> 8 > 0) {
                        x >>= 8;
                        result <<= 4;
                    }
                    if (x >> 4 > 0) {
                        x >>= 4;
                        result <<= 2;
                    }
                    if (x >> 2 > 0) {
                        result <<= 1;
                    }
                    // At this point `result` is an estimation with one bit of precision. We know the true value is a uint128,
                    // since it is the square root of a uint256. Newton's method converges quadratically (precision doubles at
                    // every iteration). We thus need at most 7 iteration to turn our partial result with one bit of precision
                    // into the expected uint128 result.
                    unchecked {
                        result = (result + a / result) >> 1;
                        result = (result + a / result) >> 1;
                        result = (result + a / result) >> 1;
                        result = (result + a / result) >> 1;
                        result = (result + a / result) >> 1;
                        result = (result + a / result) >> 1;
                        result = (result + a / result) >> 1;
                        return min(result, a / result);
                    }
                }
                /**
                 * @notice Calculates sqrt(a), following the selected rounding direction.
                 */
                function sqrt(uint256 a, Rounding rounding) internal pure returns (uint256) {
                    uint256 result = sqrt(a);
                    if (rounding == Rounding.Up && result * result < a) {
                        result += 1;
                    }
                    return result;
                }
            }
            // SPDX-License-Identifier: MIT
            // OpenZeppelin Contracts (last updated v4.5.0) (utils/math/SignedMath.sol)
            pragma solidity ^0.8.0;
            /**
             * @dev Standard signed math utilities missing in the Solidity language.
             */
            library SignedMath {
                /**
                 * @dev Returns the largest of two signed numbers.
                 */
                function max(int256 a, int256 b) internal pure returns (int256) {
                    return a >= b ? a : b;
                }
                /**
                 * @dev Returns the smallest of two signed numbers.
                 */
                function min(int256 a, int256 b) internal pure returns (int256) {
                    return a < b ? a : b;
                }
                /**
                 * @dev Returns the average of two signed numbers without overflow.
                 * The result is rounded towards zero.
                 */
                function average(int256 a, int256 b) internal pure returns (int256) {
                    // Formula from the book "Hacker's Delight"
                    int256 x = (a & b) + ((a ^ b) >> 1);
                    return x + (int256(uint256(x) >> 255) & (a ^ b));
                }
                /**
                 * @dev Returns the absolute unsigned value of a signed value.
                 */
                function abs(int256 n) internal pure returns (uint256) {
                    unchecked {
                        // must be unchecked in order to support `n = type(int256).min`
                        return uint256(n >= 0 ? n : -n);
                    }
                }
            }
            // SPDX-License-Identifier: MIT
            // OpenZeppelin Contracts (last updated v4.7.0) (access/Ownable.sol)
            pragma solidity ^0.8.0;
            import "../utils/ContextUpgradeable.sol";
            import "../proxy/utils/Initializable.sol";
            /**
             * @dev Contract module which provides a basic access control mechanism, where
             * there is an account (an owner) that can be granted exclusive access to
             * specific functions.
             *
             * By default, the owner account will be the one that deploys the contract. This
             * can later be changed with {transferOwnership}.
             *
             * This module is used through inheritance. It will make available the modifier
             * `onlyOwner`, which can be applied to your functions to restrict their use to
             * the owner.
             */
            abstract contract OwnableUpgradeable is Initializable, ContextUpgradeable {
                address private _owner;
                event OwnershipTransferred(address indexed previousOwner, address indexed newOwner);
                /**
                 * @dev Initializes the contract setting the deployer as the initial owner.
                 */
                function __Ownable_init() internal onlyInitializing {
                    __Ownable_init_unchained();
                }
                function __Ownable_init_unchained() internal onlyInitializing {
                    _transferOwnership(_msgSender());
                }
                /**
                 * @dev Throws if called by any account other than the owner.
                 */
                modifier onlyOwner() {
                    _checkOwner();
                    _;
                }
                /**
                 * @dev Returns the address of the current owner.
                 */
                function owner() public view virtual returns (address) {
                    return _owner;
                }
                /**
                 * @dev Throws if the sender is not the owner.
                 */
                function _checkOwner() internal view virtual {
                    require(owner() == _msgSender(), "Ownable: caller is not the owner");
                }
                /**
                 * @dev Leaves the contract without owner. It will not be possible to call
                 * `onlyOwner` functions anymore. Can only be called by the current owner.
                 *
                 * NOTE: Renouncing ownership will leave the contract without an owner,
                 * thereby removing any functionality that is only available to the owner.
                 */
                function renounceOwnership() public virtual onlyOwner {
                    _transferOwnership(address(0));
                }
                /**
                 * @dev Transfers ownership of the contract to a new account (`newOwner`).
                 * Can only be called by the current owner.
                 */
                function transferOwnership(address newOwner) public virtual onlyOwner {
                    require(newOwner != address(0), "Ownable: new owner is the zero address");
                    _transferOwnership(newOwner);
                }
                /**
                 * @dev Transfers ownership of the contract to a new account (`newOwner`).
                 * Internal function without access restriction.
                 */
                function _transferOwnership(address newOwner) internal virtual {
                    address oldOwner = _owner;
                    _owner = newOwner;
                    emit OwnershipTransferred(oldOwner, newOwner);
                }
                /**
                 * @dev This empty reserved space is put in place to allow future versions to add new
                 * variables without shifting down storage in the inheritance chain.
                 * See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps
                 */
                uint256[49] private __gap;
            }
            // SPDX-License-Identifier: MIT
            // OpenZeppelin Contracts (last updated v4.7.0) (proxy/utils/Initializable.sol)
            pragma solidity ^0.8.2;
            import "../../utils/AddressUpgradeable.sol";
            /**
             * @dev This is a base contract to aid in writing upgradeable contracts, or any kind of contract that will be deployed
             * behind a proxy. Since proxied contracts do not make use of a constructor, it's common to move constructor logic to an
             * external initializer function, usually called `initialize`. It then becomes necessary to protect this initializer
             * function so it can only be called once. The {initializer} modifier provided by this contract will have this effect.
             *
             * The initialization functions use a version number. Once a version number is used, it is consumed and cannot be
             * reused. This mechanism prevents re-execution of each "step" but allows the creation of new initialization steps in
             * case an upgrade adds a module that needs to be initialized.
             *
             * For example:
             *
             * [.hljs-theme-light.nopadding]
             * ```
             * contract MyToken is ERC20Upgradeable {
             *     function initialize() initializer public {
             *         __ERC20_init("MyToken", "MTK");
             *     }
             * }
             * contract MyTokenV2 is MyToken, ERC20PermitUpgradeable {
             *     function initializeV2() reinitializer(2) public {
             *         __ERC20Permit_init("MyToken");
             *     }
             * }
             * ```
             *
             * TIP: To avoid leaving the proxy in an uninitialized state, the initializer function should be called as early as
             * possible by providing the encoded function call as the `_data` argument to {ERC1967Proxy-constructor}.
             *
             * CAUTION: When used with inheritance, manual care must be taken to not invoke a parent initializer twice, or to ensure
             * that all initializers are idempotent. This is not verified automatically as constructors are by Solidity.
             *
             * [CAUTION]
             * ====
             * Avoid leaving a contract uninitialized.
             *
             * An uninitialized contract can be taken over by an attacker. This applies to both a proxy and its implementation
             * contract, which may impact the proxy. To prevent the implementation contract from being used, you should invoke
             * the {_disableInitializers} function in the constructor to automatically lock it when it is deployed:
             *
             * [.hljs-theme-light.nopadding]
             * ```
             * /// @custom:oz-upgrades-unsafe-allow constructor
             * constructor() {
             *     _disableInitializers();
             * }
             * ```
             * ====
             */
            abstract contract Initializable {
                /**
                 * @dev Indicates that the contract has been initialized.
                 * @custom:oz-retyped-from bool
                 */
                uint8 private _initialized;
                /**
                 * @dev Indicates that the contract is in the process of being initialized.
                 */
                bool private _initializing;
                /**
                 * @dev Triggered when the contract has been initialized or reinitialized.
                 */
                event Initialized(uint8 version);
                /**
                 * @dev A modifier that defines a protected initializer function that can be invoked at most once. In its scope,
                 * `onlyInitializing` functions can be used to initialize parent contracts. Equivalent to `reinitializer(1)`.
                 */
                modifier initializer() {
                    bool isTopLevelCall = !_initializing;
                    require(
                        (isTopLevelCall && _initialized < 1) || (!AddressUpgradeable.isContract(address(this)) && _initialized == 1),
                        "Initializable: contract is already initialized"
                    );
                    _initialized = 1;
                    if (isTopLevelCall) {
                        _initializing = true;
                    }
                    _;
                    if (isTopLevelCall) {
                        _initializing = false;
                        emit Initialized(1);
                    }
                }
                /**
                 * @dev A modifier that defines a protected reinitializer function that can be invoked at most once, and only if the
                 * contract hasn't been initialized to a greater version before. In its scope, `onlyInitializing` functions can be
                 * used to initialize parent contracts.
                 *
                 * `initializer` is equivalent to `reinitializer(1)`, so a reinitializer may be used after the original
                 * initialization step. This is essential to configure modules that are added through upgrades and that require
                 * initialization.
                 *
                 * Note that versions can jump in increments greater than 1; this implies that if multiple reinitializers coexist in
                 * a contract, executing them in the right order is up to the developer or operator.
                 */
                modifier reinitializer(uint8 version) {
                    require(!_initializing && _initialized < version, "Initializable: contract is already initialized");
                    _initialized = version;
                    _initializing = true;
                    _;
                    _initializing = false;
                    emit Initialized(version);
                }
                /**
                 * @dev Modifier to protect an initialization function so that it can only be invoked by functions with the
                 * {initializer} and {reinitializer} modifiers, directly or indirectly.
                 */
                modifier onlyInitializing() {
                    require(_initializing, "Initializable: contract is not initializing");
                    _;
                }
                /**
                 * @dev Locks the contract, preventing any future reinitialization. This cannot be part of an initializer call.
                 * Calling this in the constructor of a contract will prevent that contract from being initialized or reinitialized
                 * to any version. It is recommended to use this to lock implementation contracts that are designed to be called
                 * through proxies.
                 */
                function _disableInitializers() internal virtual {
                    require(!_initializing, "Initializable: contract is initializing");
                    if (_initialized < type(uint8).max) {
                        _initialized = type(uint8).max;
                        emit Initialized(type(uint8).max);
                    }
                }
            }
            // SPDX-License-Identifier: MIT
            // OpenZeppelin Contracts (last updated v4.7.0) (utils/Address.sol)
            pragma solidity ^0.8.1;
            /**
             * @dev Collection of functions related to the address type
             */
            library AddressUpgradeable {
                /**
                 * @dev Returns true if `account` is a contract.
                 *
                 * [IMPORTANT]
                 * ====
                 * It is unsafe to assume that an address for which this function returns
                 * false is an externally-owned account (EOA) and not a contract.
                 *
                 * Among others, `isContract` will return false for the following
                 * types of addresses:
                 *
                 *  - an externally-owned account
                 *  - a contract in construction
                 *  - an address where a contract will be created
                 *  - an address where a contract lived, but was destroyed
                 * ====
                 *
                 * [IMPORTANT]
                 * ====
                 * You shouldn't rely on `isContract` to protect against flash loan attacks!
                 *
                 * Preventing calls from contracts is highly discouraged. It breaks composability, breaks support for smart wallets
                 * like Gnosis Safe, and does not provide security since it can be circumvented by calling from a contract
                 * constructor.
                 * ====
                 */
                function isContract(address account) internal view returns (bool) {
                    // This method relies on extcodesize/address.code.length, which returns 0
                    // for contracts in construction, since the code is only stored at the end
                    // of the constructor execution.
                    return account.code.length > 0;
                }
                /**
                 * @dev Replacement for Solidity's `transfer`: sends `amount` wei to
                 * `recipient`, forwarding all available gas and reverting on errors.
                 *
                 * https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost
                 * of certain opcodes, possibly making contracts go over the 2300 gas limit
                 * imposed by `transfer`, making them unable to receive funds via
                 * `transfer`. {sendValue} removes this limitation.
                 *
                 * https://diligence.consensys.net/posts/2019/09/stop-using-soliditys-transfer-now/[Learn more].
                 *
                 * IMPORTANT: because control is transferred to `recipient`, care must be
                 * taken to not create reentrancy vulnerabilities. Consider using
                 * {ReentrancyGuard} or the
                 * https://solidity.readthedocs.io/en/v0.5.11/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern].
                 */
                function sendValue(address payable recipient, uint256 amount) internal {
                    require(address(this).balance >= amount, "Address: insufficient balance");
                    (bool success, ) = recipient.call{value: amount}("");
                    require(success, "Address: unable to send value, recipient may have reverted");
                }
                /**
                 * @dev Performs a Solidity function call using a low level `call`. A
                 * plain `call` is an unsafe replacement for a function call: use this
                 * function instead.
                 *
                 * If `target` reverts with a revert reason, it is bubbled up by this
                 * function (like regular Solidity function calls).
                 *
                 * Returns the raw returned data. To convert to the expected return value,
                 * use https://solidity.readthedocs.io/en/latest/units-and-global-variables.html?highlight=abi.decode#abi-encoding-and-decoding-functions[`abi.decode`].
                 *
                 * Requirements:
                 *
                 * - `target` must be a contract.
                 * - calling `target` with `data` must not revert.
                 *
                 * _Available since v3.1._
                 */
                function functionCall(address target, bytes memory data) internal returns (bytes memory) {
                    return functionCall(target, data, "Address: low-level call failed");
                }
                /**
                 * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], but with
                 * `errorMessage` as a fallback revert reason when `target` reverts.
                 *
                 * _Available since v3.1._
                 */
                function functionCall(
                    address target,
                    bytes memory data,
                    string memory errorMessage
                ) internal returns (bytes memory) {
                    return functionCallWithValue(target, data, 0, errorMessage);
                }
                /**
                 * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
                 * but also transferring `value` wei to `target`.
                 *
                 * Requirements:
                 *
                 * - the calling contract must have an ETH balance of at least `value`.
                 * - the called Solidity function must be `payable`.
                 *
                 * _Available since v3.1._
                 */
                function functionCallWithValue(
                    address target,
                    bytes memory data,
                    uint256 value
                ) internal returns (bytes memory) {
                    return functionCallWithValue(target, data, value, "Address: low-level call with value failed");
                }
                /**
                 * @dev Same as {xref-Address-functionCallWithValue-address-bytes-uint256-}[`functionCallWithValue`], but
                 * with `errorMessage` as a fallback revert reason when `target` reverts.
                 *
                 * _Available since v3.1._
                 */
                function functionCallWithValue(
                    address target,
                    bytes memory data,
                    uint256 value,
                    string memory errorMessage
                ) internal returns (bytes memory) {
                    require(address(this).balance >= value, "Address: insufficient balance for call");
                    require(isContract(target), "Address: call to non-contract");
                    (bool success, bytes memory returndata) = target.call{value: value}(data);
                    return verifyCallResult(success, returndata, errorMessage);
                }
                /**
                 * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
                 * but performing a static call.
                 *
                 * _Available since v3.3._
                 */
                function functionStaticCall(address target, bytes memory data) internal view returns (bytes memory) {
                    return functionStaticCall(target, data, "Address: low-level static call failed");
                }
                /**
                 * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],
                 * but performing a static call.
                 *
                 * _Available since v3.3._
                 */
                function functionStaticCall(
                    address target,
                    bytes memory data,
                    string memory errorMessage
                ) internal view returns (bytes memory) {
                    require(isContract(target), "Address: static call to non-contract");
                    (bool success, bytes memory returndata) = target.staticcall(data);
                    return verifyCallResult(success, returndata, errorMessage);
                }
                /**
                 * @dev Tool to verifies that a low level call was successful, and revert if it wasn't, either by bubbling the
                 * revert reason using the provided one.
                 *
                 * _Available since v4.3._
                 */
                function verifyCallResult(
                    bool success,
                    bytes memory returndata,
                    string memory errorMessage
                ) internal pure returns (bytes memory) {
                    if (success) {
                        return returndata;
                    } else {
                        // Look for revert reason and bubble it up if present
                        if (returndata.length > 0) {
                            // The easiest way to bubble the revert reason is using memory via assembly
                            /// @solidity memory-safe-assembly
                            assembly {
                                let returndata_size := mload(returndata)
                                revert(add(32, returndata), returndata_size)
                            }
                        } else {
                            revert(errorMessage);
                        }
                    }
                }
            }
            // SPDX-License-Identifier: MIT
            // OpenZeppelin Contracts v4.4.1 (utils/Context.sol)
            pragma solidity ^0.8.0;
            import "../proxy/utils/Initializable.sol";
            /**
             * @dev Provides information about the current execution context, including the
             * sender of the transaction and its data. While these are generally available
             * via msg.sender and msg.data, they should not be accessed in such a direct
             * manner, since when dealing with meta-transactions the account sending and
             * paying for execution may not be the actual sender (as far as an application
             * is concerned).
             *
             * This contract is only required for intermediate, library-like contracts.
             */
            abstract contract ContextUpgradeable is Initializable {
                function __Context_init() internal onlyInitializing {
                }
                function __Context_init_unchained() internal onlyInitializing {
                }
                function _msgSender() internal view virtual returns (address) {
                    return msg.sender;
                }
                function _msgData() internal view virtual returns (bytes calldata) {
                    return msg.data;
                }
                /**
                 * @dev This empty reserved space is put in place to allow future versions to add new
                 * variables without shifting down storage in the inheritance chain.
                 * See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps
                 */
                uint256[50] private __gap;
            }
            // SPDX-License-Identifier: MIT
            pragma solidity >=0.8.0;
            /// @notice Arithmetic library with operations for fixed-point numbers.
            /// @author Solmate (https://github.com/Rari-Capital/solmate/blob/main/src/utils/FixedPointMathLib.sol)
            library FixedPointMathLib {
                /*//////////////////////////////////////////////////////////////
                                SIMPLIFIED FIXED POINT OPERATIONS
                //////////////////////////////////////////////////////////////*/
                uint256 internal constant WAD = 1e18; // The scalar of ETH and most ERC20s.
                function mulWadDown(uint256 x, uint256 y) internal pure returns (uint256) {
                    return mulDivDown(x, y, WAD); // Equivalent to (x * y) / WAD rounded down.
                }
                function mulWadUp(uint256 x, uint256 y) internal pure returns (uint256) {
                    return mulDivUp(x, y, WAD); // Equivalent to (x * y) / WAD rounded up.
                }
                function divWadDown(uint256 x, uint256 y) internal pure returns (uint256) {
                    return mulDivDown(x, WAD, y); // Equivalent to (x * WAD) / y rounded down.
                }
                function divWadUp(uint256 x, uint256 y) internal pure returns (uint256) {
                    return mulDivUp(x, WAD, y); // Equivalent to (x * WAD) / y rounded up.
                }
                function powWad(int256 x, int256 y) internal pure returns (int256) {
                    // Equivalent to x to the power of y because x ** y = (e ** ln(x)) ** y = e ** (ln(x) * y)
                    return expWad((lnWad(x) * y) / int256(WAD)); // Using ln(x) means x must be greater than 0.
                }
                function expWad(int256 x) internal pure returns (int256 r) {
                    unchecked {
                        // When the result is < 0.5 we return zero. This happens when
                        // x <= floor(log(0.5e18) * 1e18) ~ -42e18
                        if (x <= -42139678854452767551) return 0;
                        // When the result is > (2**255 - 1) / 1e18 we can not represent it as an
                        // int. This happens when x >= floor(log((2**255 - 1) / 1e18) * 1e18) ~ 135.
                        if (x >= 135305999368893231589) revert("EXP_OVERFLOW");
                        // x is now in the range (-42, 136) * 1e18. Convert to (-42, 136) * 2**96
                        // for more intermediate precision and a binary basis. This base conversion
                        // is a multiplication by 1e18 / 2**96 = 5**18 / 2**78.
                        x = (x << 78) / 5**18;
                        // Reduce range of x to (-½ ln 2, ½ ln 2) * 2**96 by factoring out powers
                        // of two such that exp(x) = exp(x') * 2**k, where k is an integer.
                        // Solving this gives k = round(x / log(2)) and x' = x - k * log(2).
                        int256 k = ((x << 96) / 54916777467707473351141471128 + 2**95) >> 96;
                        x = x - k * 54916777467707473351141471128;
                        // k is in the range [-61, 195].
                        // Evaluate using a (6, 7)-term rational approximation.
                        // p is made monic, we'll multiply by a scale factor later.
                        int256 y = x + 1346386616545796478920950773328;
                        y = ((y * x) >> 96) + 57155421227552351082224309758442;
                        int256 p = y + x - 94201549194550492254356042504812;
                        p = ((p * y) >> 96) + 28719021644029726153956944680412240;
                        p = p * x + (4385272521454847904659076985693276 << 96);
                        // We leave p in 2**192 basis so we don't need to scale it back up for the division.
                        int256 q = x - 2855989394907223263936484059900;
                        q = ((q * x) >> 96) + 50020603652535783019961831881945;
                        q = ((q * x) >> 96) - 533845033583426703283633433725380;
                        q = ((q * x) >> 96) + 3604857256930695427073651918091429;
                        q = ((q * x) >> 96) - 14423608567350463180887372962807573;
                        q = ((q * x) >> 96) + 26449188498355588339934803723976023;
                        assembly {
                            // Div in assembly because solidity adds a zero check despite the unchecked.
                            // The q polynomial won't have zeros in the domain as all its roots are complex.
                            // No scaling is necessary because p is already 2**96 too large.
                            r := sdiv(p, q)
                        }
                        // r should be in the range (0.09, 0.25) * 2**96.
                        // We now need to multiply r by:
                        // * the scale factor s = ~6.031367120.
                        // * the 2**k factor from the range reduction.
                        // * the 1e18 / 2**96 factor for base conversion.
                        // We do this all at once, with an intermediate result in 2**213
                        // basis, so the final right shift is always by a positive amount.
                        r = int256((uint256(r) * 3822833074963236453042738258902158003155416615667) >> uint256(195 - k));
                    }
                }
                function lnWad(int256 x) internal pure returns (int256 r) {
                    unchecked {
                        require(x > 0, "UNDEFINED");
                        // We want to convert x from 10**18 fixed point to 2**96 fixed point.
                        // We do this by multiplying by 2**96 / 10**18. But since
                        // ln(x * C) = ln(x) + ln(C), we can simply do nothing here
                        // and add ln(2**96 / 10**18) at the end.
                        // Reduce range of x to (1, 2) * 2**96
                        // ln(2^k * x) = k * ln(2) + ln(x)
                        int256 k = int256(log2(uint256(x))) - 96;
                        x <<= uint256(159 - k);
                        x = int256(uint256(x) >> 159);
                        // Evaluate using a (8, 8)-term rational approximation.
                        // p is made monic, we will multiply by a scale factor later.
                        int256 p = x + 3273285459638523848632254066296;
                        p = ((p * x) >> 96) + 24828157081833163892658089445524;
                        p = ((p * x) >> 96) + 43456485725739037958740375743393;
                        p = ((p * x) >> 96) - 11111509109440967052023855526967;
                        p = ((p * x) >> 96) - 45023709667254063763336534515857;
                        p = ((p * x) >> 96) - 14706773417378608786704636184526;
                        p = p * x - (795164235651350426258249787498 << 96);
                        // We leave p in 2**192 basis so we don't need to scale it back up for the division.
                        // q is monic by convention.
                        int256 q = x + 5573035233440673466300451813936;
                        q = ((q * x) >> 96) + 71694874799317883764090561454958;
                        q = ((q * x) >> 96) + 283447036172924575727196451306956;
                        q = ((q * x) >> 96) + 401686690394027663651624208769553;
                        q = ((q * x) >> 96) + 204048457590392012362485061816622;
                        q = ((q * x) >> 96) + 31853899698501571402653359427138;
                        q = ((q * x) >> 96) + 909429971244387300277376558375;
                        assembly {
                            // Div in assembly because solidity adds a zero check despite the unchecked.
                            // The q polynomial is known not to have zeros in the domain.
                            // No scaling required because p is already 2**96 too large.
                            r := sdiv(p, q)
                        }
                        // r is in the range (0, 0.125) * 2**96
                        // Finalization, we need to:
                        // * multiply by the scale factor s = 5.549…
                        // * add ln(2**96 / 10**18)
                        // * add k * ln(2)
                        // * multiply by 10**18 / 2**96 = 5**18 >> 78
                        // mul s * 5e18 * 2**96, base is now 5**18 * 2**192
                        r *= 1677202110996718588342820967067443963516166;
                        // add ln(2) * k * 5e18 * 2**192
                        r += 16597577552685614221487285958193947469193820559219878177908093499208371 * k;
                        // add ln(2**96 / 10**18) * 5e18 * 2**192
                        r += 600920179829731861736702779321621459595472258049074101567377883020018308;
                        // base conversion: mul 2**18 / 2**192
                        r >>= 174;
                    }
                }
                /*//////////////////////////////////////////////////////////////
                                LOW LEVEL FIXED POINT OPERATIONS
                //////////////////////////////////////////////////////////////*/
                function mulDivDown(
                    uint256 x,
                    uint256 y,
                    uint256 denominator
                ) internal pure returns (uint256 z) {
                    assembly {
                        // Store x * y in z for now.
                        z := mul(x, y)
                        // Equivalent to require(denominator != 0 && (x == 0 || (x * y) / x == y))
                        if iszero(and(iszero(iszero(denominator)), or(iszero(x), eq(div(z, x), y)))) {
                            revert(0, 0)
                        }
                        // Divide z by the denominator.
                        z := div(z, denominator)
                    }
                }
                function mulDivUp(
                    uint256 x,
                    uint256 y,
                    uint256 denominator
                ) internal pure returns (uint256 z) {
                    assembly {
                        // Store x * y in z for now.
                        z := mul(x, y)
                        // Equivalent to require(denominator != 0 && (x == 0 || (x * y) / x == y))
                        if iszero(and(iszero(iszero(denominator)), or(iszero(x), eq(div(z, x), y)))) {
                            revert(0, 0)
                        }
                        // First, divide z - 1 by the denominator and add 1.
                        // We allow z - 1 to underflow if z is 0, because we multiply the
                        // end result by 0 if z is zero, ensuring we return 0 if z is zero.
                        z := mul(iszero(iszero(z)), add(div(sub(z, 1), denominator), 1))
                    }
                }
                function rpow(
                    uint256 x,
                    uint256 n,
                    uint256 scalar
                ) internal pure returns (uint256 z) {
                    assembly {
                        switch x
                        case 0 {
                            switch n
                            case 0 {
                                // 0 ** 0 = 1
                                z := scalar
                            }
                            default {
                                // 0 ** n = 0
                                z := 0
                            }
                        }
                        default {
                            switch mod(n, 2)
                            case 0 {
                                // If n is even, store scalar in z for now.
                                z := scalar
                            }
                            default {
                                // If n is odd, store x in z for now.
                                z := x
                            }
                            // Shifting right by 1 is like dividing by 2.
                            let half := shr(1, scalar)
                            for {
                                // Shift n right by 1 before looping to halve it.
                                n := shr(1, n)
                            } n {
                                // Shift n right by 1 each iteration to halve it.
                                n := shr(1, n)
                            } {
                                // Revert immediately if x ** 2 would overflow.
                                // Equivalent to iszero(eq(div(xx, x), x)) here.
                                if shr(128, x) {
                                    revert(0, 0)
                                }
                                // Store x squared.
                                let xx := mul(x, x)
                                // Round to the nearest number.
                                let xxRound := add(xx, half)
                                // Revert if xx + half overflowed.
                                if lt(xxRound, xx) {
                                    revert(0, 0)
                                }
                                // Set x to scaled xxRound.
                                x := div(xxRound, scalar)
                                // If n is even:
                                if mod(n, 2) {
                                    // Compute z * x.
                                    let zx := mul(z, x)
                                    // If z * x overflowed:
                                    if iszero(eq(div(zx, x), z)) {
                                        // Revert if x is non-zero.
                                        if iszero(iszero(x)) {
                                            revert(0, 0)
                                        }
                                    }
                                    // Round to the nearest number.
                                    let zxRound := add(zx, half)
                                    // Revert if zx + half overflowed.
                                    if lt(zxRound, zx) {
                                        revert(0, 0)
                                    }
                                    // Return properly scaled zxRound.
                                    z := div(zxRound, scalar)
                                }
                            }
                        }
                    }
                }
                /*//////////////////////////////////////////////////////////////
                                    GENERAL NUMBER UTILITIES
                //////////////////////////////////////////////////////////////*/
                function sqrt(uint256 x) internal pure returns (uint256 z) {
                    assembly {
                        let y := x // We start y at x, which will help us make our initial estimate.
                        z := 181 // The "correct" value is 1, but this saves a multiplication later.
                        // This segment is to get a reasonable initial estimate for the Babylonian method. With a bad
                        // start, the correct # of bits increases ~linearly each iteration instead of ~quadratically.
                        // We check y >= 2^(k + 8) but shift right by k bits
                        // each branch to ensure that if x >= 256, then y >= 256.
                        if iszero(lt(y, 0x10000000000000000000000000000000000)) {
                            y := shr(128, y)
                            z := shl(64, z)
                        }
                        if iszero(lt(y, 0x1000000000000000000)) {
                            y := shr(64, y)
                            z := shl(32, z)
                        }
                        if iszero(lt(y, 0x10000000000)) {
                            y := shr(32, y)
                            z := shl(16, z)
                        }
                        if iszero(lt(y, 0x1000000)) {
                            y := shr(16, y)
                            z := shl(8, z)
                        }
                        // Goal was to get z*z*y within a small factor of x. More iterations could
                        // get y in a tighter range. Currently, we will have y in [256, 256*2^16).
                        // We ensured y >= 256 so that the relative difference between y and y+1 is small.
                        // That's not possible if x < 256 but we can just verify those cases exhaustively.
                        // Now, z*z*y <= x < z*z*(y+1), and y <= 2^(16+8), and either y >= 256, or x < 256.
                        // Correctness can be checked exhaustively for x < 256, so we assume y >= 256.
                        // Then z*sqrt(y) is within sqrt(257)/sqrt(256) of sqrt(x), or about 20bps.
                        // For s in the range [1/256, 256], the estimate f(s) = (181/1024) * (s+1) is in the range
                        // (1/2.84 * sqrt(s), 2.84 * sqrt(s)), with largest error when s = 1 and when s = 256 or 1/256.
                        // Since y is in [256, 256*2^16), let a = y/65536, so that a is in [1/256, 256). Then we can estimate
                        // sqrt(y) using sqrt(65536) * 181/1024 * (a + 1) = 181/4 * (y + 65536)/65536 = 181 * (y + 65536)/2^18.
                        // There is no overflow risk here since y < 2^136 after the first branch above.
                        z := shr(18, mul(z, add(y, 65536))) // A mul() is saved from starting z at 181.
                        // Given the worst case multiplicative error of 2.84 above, 7 iterations should be enough.
                        z := shr(1, add(z, div(x, z)))
                        z := shr(1, add(z, div(x, z)))
                        z := shr(1, add(z, div(x, z)))
                        z := shr(1, add(z, div(x, z)))
                        z := shr(1, add(z, div(x, z)))
                        z := shr(1, add(z, div(x, z)))
                        z := shr(1, add(z, div(x, z)))
                        // If x+1 is a perfect square, the Babylonian method cycles between
                        // floor(sqrt(x)) and ceil(sqrt(x)). This statement ensures we return floor.
                        // See: https://en.wikipedia.org/wiki/Integer_square_root#Using_only_integer_division
                        // Since the ceil is rare, we save gas on the assignment and repeat division in the rare case.
                        // If you don't care whether the floor or ceil square root is returned, you can remove this statement.
                        z := sub(z, lt(div(x, z), z))
                    }
                }
                function log2(uint256 x) internal pure returns (uint256 r) {
                    require(x > 0, "UNDEFINED");
                    assembly {
                        r := shl(7, lt(0xffffffffffffffffffffffffffffffff, x))
                        r := or(r, shl(6, lt(0xffffffffffffffff, shr(r, x))))
                        r := or(r, shl(5, lt(0xffffffff, shr(r, x))))
                        r := or(r, shl(4, lt(0xffff, shr(r, x))))
                        r := or(r, shl(3, lt(0xff, shr(r, x))))
                        r := or(r, shl(2, lt(0xf, shr(r, x))))
                        r := or(r, shl(1, lt(0x3, shr(r, x))))
                        r := or(r, lt(0x1, shr(r, x)))
                    }
                }
            }
            

            File 7 of 8: Proxy
            // SPDX-License-Identifier: MIT
            pragma solidity 0.8.15;
            /**
             * @title Proxy
             * @notice Proxy is a transparent proxy that passes through the call if the caller is the owner or
             *         if the caller is address(0), meaning that the call originated from an off-chain
             *         simulation.
             */
            contract Proxy {
                /**
                 * @notice The storage slot that holds the address of the implementation.
                 *         bytes32(uint256(keccak256('eip1967.proxy.implementation')) - 1)
                 */
                bytes32 internal constant IMPLEMENTATION_KEY =
                    0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc;
                /**
                 * @notice The storage slot that holds the address of the owner.
                 *         bytes32(uint256(keccak256('eip1967.proxy.admin')) - 1)
                 */
                bytes32 internal constant OWNER_KEY =
                    0xb53127684a568b3173ae13b9f8a6016e243e63b6e8ee1178d6a717850b5d6103;
                /**
                 * @notice An event that is emitted each time the implementation is changed. This event is part
                 *         of the EIP-1967 specification.
                 *
                 * @param implementation The address of the implementation contract
                 */
                event Upgraded(address indexed implementation);
                /**
                 * @notice An event that is emitted each time the owner is upgraded. This event is part of the
                 *         EIP-1967 specification.
                 *
                 * @param previousAdmin The previous owner of the contract
                 * @param newAdmin      The new owner of the contract
                 */
                event AdminChanged(address previousAdmin, address newAdmin);
                /**
                 * @notice A modifier that reverts if not called by the owner or by address(0) to allow
                 *         eth_call to interact with this proxy without needing to use low-level storage
                 *         inspection. We assume that nobody is able to trigger calls from address(0) during
                 *         normal EVM execution.
                 */
                modifier proxyCallIfNotAdmin() {
                    if (msg.sender == _getAdmin() || msg.sender == address(0)) {
                        _;
                    } else {
                        // This WILL halt the call frame on completion.
                        _doProxyCall();
                    }
                }
                /**
                 * @notice Sets the initial admin during contract deployment. Admin address is stored at the
                 *         EIP-1967 admin storage slot so that accidental storage collision with the
                 *         implementation is not possible.
                 *
                 * @param _admin Address of the initial contract admin. Admin as the ability to access the
                 *               transparent proxy interface.
                 */
                constructor(address _admin) {
                    _changeAdmin(_admin);
                }
                // slither-disable-next-line locked-ether
                receive() external payable {
                    // Proxy call by default.
                    _doProxyCall();
                }
                // slither-disable-next-line locked-ether
                fallback() external payable {
                    // Proxy call by default.
                    _doProxyCall();
                }
                /**
                 * @notice Set the implementation contract address. The code at the given address will execute
                 *         when this contract is called.
                 *
                 * @param _implementation Address of the implementation contract.
                 */
                function upgradeTo(address _implementation) public virtual proxyCallIfNotAdmin {
                    _setImplementation(_implementation);
                }
                /**
                 * @notice Set the implementation and call a function in a single transaction. Useful to ensure
                 *         atomic execution of initialization-based upgrades.
                 *
                 * @param _implementation Address of the implementation contract.
                 * @param _data           Calldata to delegatecall the new implementation with.
                 */
                function upgradeToAndCall(address _implementation, bytes calldata _data)
                    public
                    payable
                    virtual
                    proxyCallIfNotAdmin
                    returns (bytes memory)
                {
                    _setImplementation(_implementation);
                    (bool success, bytes memory returndata) = _implementation.delegatecall(_data);
                    require(success, "Proxy: delegatecall to new implementation contract failed");
                    return returndata;
                }
                /**
                 * @notice Changes the owner of the proxy contract. Only callable by the owner.
                 *
                 * @param _admin New owner of the proxy contract.
                 */
                function changeAdmin(address _admin) public virtual proxyCallIfNotAdmin {
                    _changeAdmin(_admin);
                }
                /**
                 * @notice Gets the owner of the proxy contract.
                 *
                 * @return Owner address.
                 */
                function admin() public virtual proxyCallIfNotAdmin returns (address) {
                    return _getAdmin();
                }
                /**
                 * @notice Queries the implementation address.
                 *
                 * @return Implementation address.
                 */
                function implementation() public virtual proxyCallIfNotAdmin returns (address) {
                    return _getImplementation();
                }
                /**
                 * @notice Sets the implementation address.
                 *
                 * @param _implementation New implementation address.
                 */
                function _setImplementation(address _implementation) internal {
                    assembly {
                        sstore(IMPLEMENTATION_KEY, _implementation)
                    }
                    emit Upgraded(_implementation);
                }
                /**
                 * @notice Changes the owner of the proxy contract.
                 *
                 * @param _admin New owner of the proxy contract.
                 */
                function _changeAdmin(address _admin) internal {
                    address previous = _getAdmin();
                    assembly {
                        sstore(OWNER_KEY, _admin)
                    }
                    emit AdminChanged(previous, _admin);
                }
                /**
                 * @notice Performs the proxy call via a delegatecall.
                 */
                function _doProxyCall() internal {
                    address impl = _getImplementation();
                    require(impl != address(0), "Proxy: implementation not initialized");
                    assembly {
                        // Copy calldata into memory at 0x0....calldatasize.
                        calldatacopy(0x0, 0x0, calldatasize())
                        // Perform the delegatecall, make sure to pass all available gas.
                        let success := delegatecall(gas(), impl, 0x0, calldatasize(), 0x0, 0x0)
                        // Copy returndata into memory at 0x0....returndatasize. Note that this *will*
                        // overwrite the calldata that we just copied into memory but that doesn't really
                        // matter because we'll be returning in a second anyway.
                        returndatacopy(0x0, 0x0, returndatasize())
                        // Success == 0 means a revert. We'll revert too and pass the data up.
                        if iszero(success) {
                            revert(0x0, returndatasize())
                        }
                        // Otherwise we'll just return and pass the data up.
                        return(0x0, returndatasize())
                    }
                }
                /**
                 * @notice Queries the implementation address.
                 *
                 * @return Implementation address.
                 */
                function _getImplementation() internal view returns (address) {
                    address impl;
                    assembly {
                        impl := sload(IMPLEMENTATION_KEY)
                    }
                    return impl;
                }
                /**
                 * @notice Queries the owner of the proxy contract.
                 *
                 * @return Owner address.
                 */
                function _getAdmin() internal view returns (address) {
                    address owner;
                    assembly {
                        owner := sload(OWNER_KEY)
                    }
                    return owner;
                }
            }
            

            File 8 of 8: OptimismPortal
            // SPDX-License-Identifier: MIT
            pragma solidity 0.8.15;
            import { Initializable } from "@openzeppelin/contracts/proxy/utils/Initializable.sol";
            import { SafeCall } from "../libraries/SafeCall.sol";
            import { L2OutputOracle } from "./L2OutputOracle.sol";
            import { SystemConfig } from "./SystemConfig.sol";
            import { Constants } from "../libraries/Constants.sol";
            import { Types } from "../libraries/Types.sol";
            import { Hashing } from "../libraries/Hashing.sol";
            import { SecureMerkleTrie } from "../libraries/trie/SecureMerkleTrie.sol";
            import { AddressAliasHelper } from "../vendor/AddressAliasHelper.sol";
            import { ResourceMetering } from "./ResourceMetering.sol";
            import { Semver } from "../universal/Semver.sol";
            /// @custom:proxied
            /// @title OptimismPortal
            /// @notice The OptimismPortal is a low-level contract responsible for passing messages between L1
            ///         and L2. Messages sent directly to the OptimismPortal have no form of replayability.
            ///         Users are encouraged to use the L1CrossDomainMessenger for a higher-level interface.
            contract OptimismPortal is Initializable, ResourceMetering, Semver {
                /// @notice Represents a proven withdrawal.
                /// @custom:field outputRoot    Root of the L2 output this was proven against.
                /// @custom:field timestamp     Timestamp at whcih the withdrawal was proven.
                /// @custom:field l2OutputIndex Index of the output this was proven against.
                struct ProvenWithdrawal {
                    bytes32 outputRoot;
                    uint128 timestamp;
                    uint128 l2OutputIndex;
                }
                /// @notice Version of the deposit event.
                uint256 internal constant DEPOSIT_VERSION = 0;
                /// @notice The L2 gas limit set when eth is deposited using the receive() function.
                uint64 internal constant RECEIVE_DEFAULT_GAS_LIMIT = 100_000;
                /// @notice Address of the L2OutputOracle contract.
                L2OutputOracle public immutable L2_ORACLE;
                /// @notice Address of the SystemConfig contract.
                SystemConfig public immutable SYSTEM_CONFIG;
                /// @notice Address that has the ability to pause and unpause withdrawals.
                address public immutable GUARDIAN;
                /// @notice Address of the L2 account which initiated a withdrawal in this transaction.
                ///         If the of this variable is the default L2 sender address, then we are NOT inside of
                ///         a call to finalizeWithdrawalTransaction.
                address public l2Sender;
                /// @notice A list of withdrawal hashes which have been successfully finalized.
                mapping(bytes32 => bool) public finalizedWithdrawals;
                /// @notice A mapping of withdrawal hashes to `ProvenWithdrawal` data.
                mapping(bytes32 => ProvenWithdrawal) public provenWithdrawals;
                /// @notice Determines if cross domain messaging is paused.
                ///         When set to true, withdrawals are paused.
                ///         This may be removed in the future.
                bool public paused;
                /// @notice Emitted when a transaction is deposited from L1 to L2.
                ///         The parameters of this event are read by the rollup node and used to derive deposit
                ///         transactions on L2.
                /// @param from       Address that triggered the deposit transaction.
                /// @param to         Address that the deposit transaction is directed to.
                /// @param version    Version of this deposit transaction event.
                /// @param opaqueData ABI encoded deposit data to be parsed off-chain.
                event TransactionDeposited(
                    address indexed from,
                    address indexed to,
                    uint256 indexed version,
                    bytes opaqueData
                );
                /// @notice Emitted when a withdrawal transaction is proven.
                /// @param withdrawalHash Hash of the withdrawal transaction.
                /// @param from           Address that triggered the withdrawal transaction.
                /// @param to             Address that the withdrawal transaction is directed to.
                event WithdrawalProven(
                    bytes32 indexed withdrawalHash,
                    address indexed from,
                    address indexed to
                );
                /// @notice Emitted when a withdrawal transaction is finalized.
                /// @param withdrawalHash Hash of the withdrawal transaction.
                /// @param success        Whether the withdrawal transaction was successful.
                event WithdrawalFinalized(bytes32 indexed withdrawalHash, bool success);
                /// @notice Emitted when the pause is triggered.
                /// @param account Address of the account triggering the pause.
                event Paused(address account);
                /// @notice Emitted when the pause is lifted.
                /// @param account Address of the account triggering the unpause.
                event Unpaused(address account);
                /// @notice Reverts when paused.
                modifier whenNotPaused() {
                    require(paused == false, "OptimismPortal: paused");
                    _;
                }
                /// @custom:semver 1.7.2
                /// @notice Constructs the OptimismPortal contract.
                /// @param _l2Oracle Address of the L2OutputOracle contract.
                /// @param _guardian Address that can pause withdrawals.
                /// @param _paused Sets the contract's pausability state.
                /// @param _config Address of the SystemConfig contract.
                constructor(
                    L2OutputOracle _l2Oracle,
                    address _guardian,
                    bool _paused,
                    SystemConfig _config
                ) Semver(1, 7, 2) {
                    L2_ORACLE = _l2Oracle;
                    GUARDIAN = _guardian;
                    SYSTEM_CONFIG = _config;
                    initialize(_paused);
                }
                /// @notice Initializer.
                function initialize(bool _paused) public initializer {
                    l2Sender = Constants.DEFAULT_L2_SENDER;
                    paused = _paused;
                    __ResourceMetering_init();
                }
                /// @notice Pauses withdrawals.
                function pause() external {
                    require(msg.sender == GUARDIAN, "OptimismPortal: only guardian can pause");
                    paused = true;
                    emit Paused(msg.sender);
                }
                /// @notice Unpauses withdrawals.
                function unpause() external {
                    require(msg.sender == GUARDIAN, "OptimismPortal: only guardian can unpause");
                    paused = false;
                    emit Unpaused(msg.sender);
                }
                /// @notice Computes the minimum gas limit for a deposit.
                ///         The minimum gas limit linearly increases based on the size of the calldata.
                ///         This is to prevent users from creating L2 resource usage without paying for it.
                ///         This function can be used when interacting with the portal to ensure forwards
                ///         compatibility.
                /// @param _byteCount Number of bytes in the calldata.
                /// @return The minimum gas limit for a deposit.
                function minimumGasLimit(uint64 _byteCount) public pure returns (uint64) {
                    return _byteCount * 16 + 21000;
                }
                /// @notice Accepts value so that users can send ETH directly to this contract and have the
                ///         funds be deposited to their address on L2. This is intended as a convenience
                ///         function for EOAs. Contracts should call the depositTransaction() function directly
                ///         otherwise any deposited funds will be lost due to address aliasing.
                // solhint-disable-next-line ordering
                receive() external payable {
                    depositTransaction(msg.sender, msg.value, RECEIVE_DEFAULT_GAS_LIMIT, false, bytes(""));
                }
                /// @notice Accepts ETH value without triggering a deposit to L2.
                ///         This function mainly exists for the sake of the migration between the legacy
                ///         Optimism system and Bedrock.
                function donateETH() external payable {
                    // Intentionally empty.
                }
                /// @notice Getter for the resource config.
                ///         Used internally by the ResourceMetering contract.
                ///         The SystemConfig is the source of truth for the resource config.
                /// @return ResourceMetering ResourceConfig
                function _resourceConfig()
                    internal
                    view
                    override
                    returns (ResourceMetering.ResourceConfig memory)
                {
                    return SYSTEM_CONFIG.resourceConfig();
                }
                /// @notice Proves a withdrawal transaction.
                /// @param _tx              Withdrawal transaction to finalize.
                /// @param _l2OutputIndex   L2 output index to prove against.
                /// @param _outputRootProof Inclusion proof of the L2ToL1MessagePasser contract's storage root.
                /// @param _withdrawalProof Inclusion proof of the withdrawal in L2ToL1MessagePasser contract.
                function proveWithdrawalTransaction(
                    Types.WithdrawalTransaction memory _tx,
                    uint256 _l2OutputIndex,
                    Types.OutputRootProof calldata _outputRootProof,
                    bytes[] calldata _withdrawalProof
                ) external whenNotPaused {
                    // Prevent users from creating a deposit transaction where this address is the message
                    // sender on L2. Because this is checked here, we do not need to check again in
                    // `finalizeWithdrawalTransaction`.
                    require(
                        _tx.target != address(this),
                        "OptimismPortal: you cannot send messages to the portal contract"
                    );
                    // Get the output root and load onto the stack to prevent multiple mloads. This will
                    // revert if there is no output root for the given block number.
                    bytes32 outputRoot = L2_ORACLE.getL2Output(_l2OutputIndex).outputRoot;
                    // Verify that the output root can be generated with the elements in the proof.
                    require(
                        outputRoot == Hashing.hashOutputRootProof(_outputRootProof),
                        "OptimismPortal: invalid output root proof"
                    );
                    // Load the ProvenWithdrawal into memory, using the withdrawal hash as a unique identifier.
                    bytes32 withdrawalHash = Hashing.hashWithdrawal(_tx);
                    ProvenWithdrawal memory provenWithdrawal = provenWithdrawals[withdrawalHash];
                    // We generally want to prevent users from proving the same withdrawal multiple times
                    // because each successive proof will update the timestamp. A malicious user can take
                    // advantage of this to prevent other users from finalizing their withdrawal. However,
                    // since withdrawals are proven before an output root is finalized, we need to allow users
                    // to re-prove their withdrawal only in the case that the output root for their specified
                    // output index has been updated.
                    require(
                        provenWithdrawal.timestamp == 0 ||
                            L2_ORACLE.getL2Output(provenWithdrawal.l2OutputIndex).outputRoot !=
                            provenWithdrawal.outputRoot,
                        "OptimismPortal: withdrawal hash has already been proven"
                    );
                    // Compute the storage slot of the withdrawal hash in the L2ToL1MessagePasser contract.
                    // Refer to the Solidity documentation for more information on how storage layouts are
                    // computed for mappings.
                    bytes32 storageKey = keccak256(
                        abi.encode(
                            withdrawalHash,
                            uint256(0) // The withdrawals mapping is at the first slot in the layout.
                        )
                    );
                    // Verify that the hash of this withdrawal was stored in the L2toL1MessagePasser contract
                    // on L2. If this is true, under the assumption that the SecureMerkleTrie does not have
                    // bugs, then we know that this withdrawal was actually triggered on L2 and can therefore
                    // be relayed on L1.
                    require(
                        SecureMerkleTrie.verifyInclusionProof(
                            abi.encode(storageKey),
                            hex"01",
                            _withdrawalProof,
                            _outputRootProof.messagePasserStorageRoot
                        ),
                        "OptimismPortal: invalid withdrawal inclusion proof"
                    );
                    // Designate the withdrawalHash as proven by storing the `outputRoot`, `timestamp`, and
                    // `l2BlockNumber` in the `provenWithdrawals` mapping. A `withdrawalHash` can only be
                    // proven once unless it is submitted again with a different outputRoot.
                    provenWithdrawals[withdrawalHash] = ProvenWithdrawal({
                        outputRoot: outputRoot,
                        timestamp: uint128(block.timestamp),
                        l2OutputIndex: uint128(_l2OutputIndex)
                    });
                    // Emit a `WithdrawalProven` event.
                    emit WithdrawalProven(withdrawalHash, _tx.sender, _tx.target);
                }
                /// @notice Finalizes a withdrawal transaction.
                /// @param _tx Withdrawal transaction to finalize.
                function finalizeWithdrawalTransaction(Types.WithdrawalTransaction memory _tx)
                    external
                    whenNotPaused
                {
                    // Make sure that the l2Sender has not yet been set. The l2Sender is set to a value other
                    // than the default value when a withdrawal transaction is being finalized. This check is
                    // a defacto reentrancy guard.
                    require(
                        l2Sender == Constants.DEFAULT_L2_SENDER,
                        "OptimismPortal: can only trigger one withdrawal per transaction"
                    );
                    // Grab the proven withdrawal from the `provenWithdrawals` map.
                    bytes32 withdrawalHash = Hashing.hashWithdrawal(_tx);
                    ProvenWithdrawal memory provenWithdrawal = provenWithdrawals[withdrawalHash];
                    // A withdrawal can only be finalized if it has been proven. We know that a withdrawal has
                    // been proven at least once when its timestamp is non-zero. Unproven withdrawals will have
                    // a timestamp of zero.
                    require(
                        provenWithdrawal.timestamp != 0,
                        "OptimismPortal: withdrawal has not been proven yet"
                    );
                    // As a sanity check, we make sure that the proven withdrawal's timestamp is greater than
                    // starting timestamp inside the L2OutputOracle. Not strictly necessary but extra layer of
                    // safety against weird bugs in the proving step.
                    require(
                        provenWithdrawal.timestamp >= L2_ORACLE.startingTimestamp(),
                        "OptimismPortal: withdrawal timestamp less than L2 Oracle starting timestamp"
                    );
                    // A proven withdrawal must wait at least the finalization period before it can be
                    // finalized. This waiting period can elapse in parallel with the waiting period for the
                    // output the withdrawal was proven against. In effect, this means that the minimum
                    // withdrawal time is proposal submission time + finalization period.
                    require(
                        _isFinalizationPeriodElapsed(provenWithdrawal.timestamp),
                        "OptimismPortal: proven withdrawal finalization period has not elapsed"
                    );
                    // Grab the OutputProposal from the L2OutputOracle, will revert if the output that
                    // corresponds to the given index has not been proposed yet.
                    Types.OutputProposal memory proposal = L2_ORACLE.getL2Output(
                        provenWithdrawal.l2OutputIndex
                    );
                    // Check that the output root that was used to prove the withdrawal is the same as the
                    // current output root for the given output index. An output root may change if it is
                    // deleted by the challenger address and then re-proposed.
                    require(
                        proposal.outputRoot == provenWithdrawal.outputRoot,
                        "OptimismPortal: output root proven is not the same as current output root"
                    );
                    // Check that the output proposal has also been finalized.
                    require(
                        _isFinalizationPeriodElapsed(proposal.timestamp),
                        "OptimismPortal: output proposal finalization period has not elapsed"
                    );
                    // Check that this withdrawal has not already been finalized, this is replay protection.
                    require(
                        finalizedWithdrawals[withdrawalHash] == false,
                        "OptimismPortal: withdrawal has already been finalized"
                    );
                    // Mark the withdrawal as finalized so it can't be replayed.
                    finalizedWithdrawals[withdrawalHash] = true;
                    // Set the l2Sender so contracts know who triggered this withdrawal on L2.
                    l2Sender = _tx.sender;
                    // Trigger the call to the target contract. We use a custom low level method
                    // SafeCall.callWithMinGas to ensure two key properties
                    //   1. Target contracts cannot force this call to run out of gas by returning a very large
                    //      amount of data (and this is OK because we don't care about the returndata here).
                    //   2. The amount of gas provided to the execution context of the target is at least the
                    //      gas limit specified by the user. If there is not enough gas in the current context
                    //      to accomplish this, `callWithMinGas` will revert.
                    bool success = SafeCall.callWithMinGas(_tx.target, _tx.gasLimit, _tx.value, _tx.data);
                    // Reset the l2Sender back to the default value.
                    l2Sender = Constants.DEFAULT_L2_SENDER;
                    // All withdrawals are immediately finalized. Replayability can
                    // be achieved through contracts built on top of this contract
                    emit WithdrawalFinalized(withdrawalHash, success);
                    // Reverting here is useful for determining the exact gas cost to successfully execute the
                    // sub call to the target contract if the minimum gas limit specified by the user would not
                    // be sufficient to execute the sub call.
                    if (success == false && tx.origin == Constants.ESTIMATION_ADDRESS) {
                        revert("OptimismPortal: withdrawal failed");
                    }
                }
                /// @notice Accepts deposits of ETH and data, and emits a TransactionDeposited event for use in
                ///         deriving deposit transactions. Note that if a deposit is made by a contract, its
                ///         address will be aliased when retrieved using `tx.origin` or `msg.sender`. Consider
                ///         using the CrossDomainMessenger contracts for a simpler developer experience.
                /// @param _to         Target address on L2.
                /// @param _value      ETH value to send to the recipient.
                /// @param _gasLimit   Amount of L2 gas to purchase by burning gas on L1.
                /// @param _isCreation Whether or not the transaction is a contract creation.
                /// @param _data       Data to trigger the recipient with.
                function depositTransaction(
                    address _to,
                    uint256 _value,
                    uint64 _gasLimit,
                    bool _isCreation,
                    bytes memory _data
                ) public payable metered(_gasLimit) {
                    // Just to be safe, make sure that people specify address(0) as the target when doing
                    // contract creations.
                    if (_isCreation) {
                        require(
                            _to == address(0),
                            "OptimismPortal: must send to address(0) when creating a contract"
                        );
                    }
                    // Prevent depositing transactions that have too small of a gas limit. Users should pay
                    // more for more resource usage.
                    require(
                        _gasLimit >= minimumGasLimit(uint64(_data.length)),
                        "OptimismPortal: gas limit too small"
                    );
                    // Prevent the creation of deposit transactions that have too much calldata. This gives an
                    // upper limit on the size of unsafe blocks over the p2p network. 120kb is chosen to ensure
                    // that the transaction can fit into the p2p network policy of 128kb even though deposit
                    // transactions are not gossipped over the p2p network.
                    require(_data.length <= 120_000, "OptimismPortal: data too large");
                    // Transform the from-address to its alias if the caller is a contract.
                    address from = msg.sender;
                    if (msg.sender != tx.origin) {
                        from = AddressAliasHelper.applyL1ToL2Alias(msg.sender);
                    }
                    // Compute the opaque data that will be emitted as part of the TransactionDeposited event.
                    // We use opaque data so that we can update the TransactionDeposited event in the future
                    // without breaking the current interface.
                    bytes memory opaqueData = abi.encodePacked(
                        msg.value,
                        _value,
                        _gasLimit,
                        _isCreation,
                        _data
                    );
                    // Emit a TransactionDeposited event so that the rollup node can derive a deposit
                    // transaction for this deposit.
                    emit TransactionDeposited(from, _to, DEPOSIT_VERSION, opaqueData);
                }
                /// @notice Determine if a given output is finalized.
                ///         Reverts if the call to L2_ORACLE.getL2Output reverts.
                ///         Returns a boolean otherwise.
                /// @param _l2OutputIndex Index of the L2 output to check.
                /// @return Whether or not the output is finalized.
                function isOutputFinalized(uint256 _l2OutputIndex) external view returns (bool) {
                    return _isFinalizationPeriodElapsed(L2_ORACLE.getL2Output(_l2OutputIndex).timestamp);
                }
                /// @notice Determines whether the finalization period has elapsed with respect to
                ///         the provided block timestamp.
                /// @param _timestamp Timestamp to check.
                /// @return Whether or not the finalization period has elapsed.
                function _isFinalizationPeriodElapsed(uint256 _timestamp) internal view returns (bool) {
                    return block.timestamp > _timestamp + L2_ORACLE.FINALIZATION_PERIOD_SECONDS();
                }
            }
            // SPDX-License-Identifier: MIT
            // OpenZeppelin Contracts (last updated v4.7.0) (proxy/utils/Initializable.sol)
            pragma solidity ^0.8.2;
            import "../../utils/Address.sol";
            /**
             * @dev This is a base contract to aid in writing upgradeable contracts, or any kind of contract that will be deployed
             * behind a proxy. Since proxied contracts do not make use of a constructor, it's common to move constructor logic to an
             * external initializer function, usually called `initialize`. It then becomes necessary to protect this initializer
             * function so it can only be called once. The {initializer} modifier provided by this contract will have this effect.
             *
             * The initialization functions use a version number. Once a version number is used, it is consumed and cannot be
             * reused. This mechanism prevents re-execution of each "step" but allows the creation of new initialization steps in
             * case an upgrade adds a module that needs to be initialized.
             *
             * For example:
             *
             * [.hljs-theme-light.nopadding]
             * ```
             * contract MyToken is ERC20Upgradeable {
             *     function initialize() initializer public {
             *         __ERC20_init("MyToken", "MTK");
             *     }
             * }
             * contract MyTokenV2 is MyToken, ERC20PermitUpgradeable {
             *     function initializeV2() reinitializer(2) public {
             *         __ERC20Permit_init("MyToken");
             *     }
             * }
             * ```
             *
             * TIP: To avoid leaving the proxy in an uninitialized state, the initializer function should be called as early as
             * possible by providing the encoded function call as the `_data` argument to {ERC1967Proxy-constructor}.
             *
             * CAUTION: When used with inheritance, manual care must be taken to not invoke a parent initializer twice, or to ensure
             * that all initializers are idempotent. This is not verified automatically as constructors are by Solidity.
             *
             * [CAUTION]
             * ====
             * Avoid leaving a contract uninitialized.
             *
             * An uninitialized contract can be taken over by an attacker. This applies to both a proxy and its implementation
             * contract, which may impact the proxy. To prevent the implementation contract from being used, you should invoke
             * the {_disableInitializers} function in the constructor to automatically lock it when it is deployed:
             *
             * [.hljs-theme-light.nopadding]
             * ```
             * /// @custom:oz-upgrades-unsafe-allow constructor
             * constructor() {
             *     _disableInitializers();
             * }
             * ```
             * ====
             */
            abstract contract Initializable {
                /**
                 * @dev Indicates that the contract has been initialized.
                 * @custom:oz-retyped-from bool
                 */
                uint8 private _initialized;
                /**
                 * @dev Indicates that the contract is in the process of being initialized.
                 */
                bool private _initializing;
                /**
                 * @dev Triggered when the contract has been initialized or reinitialized.
                 */
                event Initialized(uint8 version);
                /**
                 * @dev A modifier that defines a protected initializer function that can be invoked at most once. In its scope,
                 * `onlyInitializing` functions can be used to initialize parent contracts. Equivalent to `reinitializer(1)`.
                 */
                modifier initializer() {
                    bool isTopLevelCall = !_initializing;
                    require(
                        (isTopLevelCall && _initialized < 1) || (!Address.isContract(address(this)) && _initialized == 1),
                        "Initializable: contract is already initialized"
                    );
                    _initialized = 1;
                    if (isTopLevelCall) {
                        _initializing = true;
                    }
                    _;
                    if (isTopLevelCall) {
                        _initializing = false;
                        emit Initialized(1);
                    }
                }
                /**
                 * @dev A modifier that defines a protected reinitializer function that can be invoked at most once, and only if the
                 * contract hasn't been initialized to a greater version before. In its scope, `onlyInitializing` functions can be
                 * used to initialize parent contracts.
                 *
                 * `initializer` is equivalent to `reinitializer(1)`, so a reinitializer may be used after the original
                 * initialization step. This is essential to configure modules that are added through upgrades and that require
                 * initialization.
                 *
                 * Note that versions can jump in increments greater than 1; this implies that if multiple reinitializers coexist in
                 * a contract, executing them in the right order is up to the developer or operator.
                 */
                modifier reinitializer(uint8 version) {
                    require(!_initializing && _initialized < version, "Initializable: contract is already initialized");
                    _initialized = version;
                    _initializing = true;
                    _;
                    _initializing = false;
                    emit Initialized(version);
                }
                /**
                 * @dev Modifier to protect an initialization function so that it can only be invoked by functions with the
                 * {initializer} and {reinitializer} modifiers, directly or indirectly.
                 */
                modifier onlyInitializing() {
                    require(_initializing, "Initializable: contract is not initializing");
                    _;
                }
                /**
                 * @dev Locks the contract, preventing any future reinitialization. This cannot be part of an initializer call.
                 * Calling this in the constructor of a contract will prevent that contract from being initialized or reinitialized
                 * to any version. It is recommended to use this to lock implementation contracts that are designed to be called
                 * through proxies.
                 */
                function _disableInitializers() internal virtual {
                    require(!_initializing, "Initializable: contract is initializing");
                    if (_initialized < type(uint8).max) {
                        _initialized = type(uint8).max;
                        emit Initialized(type(uint8).max);
                    }
                }
            }
            // SPDX-License-Identifier: MIT
            pragma solidity 0.8.15;
            /// @title SafeCall
            /// @notice Perform low level safe calls
            library SafeCall {
                /// @notice Performs a low level call without copying any returndata.
                /// @dev Passes no calldata to the call context.
                /// @param _target   Address to call
                /// @param _gas      Amount of gas to pass to the call
                /// @param _value    Amount of value to pass to the call
                function send(
                    address _target,
                    uint256 _gas,
                    uint256 _value
                ) internal returns (bool) {
                    bool _success;
                    assembly {
                        _success := call(
                            _gas, // gas
                            _target, // recipient
                            _value, // ether value
                            0, // inloc
                            0, // inlen
                            0, // outloc
                            0 // outlen
                        )
                    }
                    return _success;
                }
                /// @notice Perform a low level call without copying any returndata
                /// @param _target   Address to call
                /// @param _gas      Amount of gas to pass to the call
                /// @param _value    Amount of value to pass to the call
                /// @param _calldata Calldata to pass to the call
                function call(
                    address _target,
                    uint256 _gas,
                    uint256 _value,
                    bytes memory _calldata
                ) internal returns (bool) {
                    bool _success;
                    assembly {
                        _success := call(
                            _gas, // gas
                            _target, // recipient
                            _value, // ether value
                            add(_calldata, 32), // inloc
                            mload(_calldata), // inlen
                            0, // outloc
                            0 // outlen
                        )
                    }
                    return _success;
                }
                /// @notice Helper function to determine if there is sufficient gas remaining within the context
                ///         to guarantee that the minimum gas requirement for a call will be met as well as
                ///         optionally reserving a specified amount of gas for after the call has concluded.
                /// @param _minGas      The minimum amount of gas that may be passed to the target context.
                /// @param _reservedGas Optional amount of gas to reserve for the caller after the execution
                ///                     of the target context.
                /// @return `true` if there is enough gas remaining to safely supply `_minGas` to the target
                ///         context as well as reserve `_reservedGas` for the caller after the execution of
                ///         the target context.
                /// @dev !!!!! FOOTGUN ALERT !!!!!
                ///      1.) The 40_000 base buffer is to account for the worst case of the dynamic cost of the
                ///          `CALL` opcode's `address_access_cost`, `positive_value_cost`, and
                ///          `value_to_empty_account_cost` factors with an added buffer of 5,700 gas. It is
                ///          still possible to self-rekt by initiating a withdrawal with a minimum gas limit
                ///          that does not account for the `memory_expansion_cost` & `code_execution_cost`
                ///          factors of the dynamic cost of the `CALL` opcode.
                ///      2.) This function should *directly* precede the external call if possible. There is an
                ///          added buffer to account for gas consumed between this check and the call, but it
                ///          is only 5,700 gas.
                ///      3.) Because EIP-150 ensures that a maximum of 63/64ths of the remaining gas in the call
                ///          frame may be passed to a subcontext, we need to ensure that the gas will not be
                ///          truncated.
                ///      4.) Use wisely. This function is not a silver bullet.
                function hasMinGas(uint256 _minGas, uint256 _reservedGas) internal view returns (bool) {
                    bool _hasMinGas;
                    assembly {
                        // Equation: gas × 63 ≥ minGas × 64 + 63(40_000 + reservedGas)
                        _hasMinGas := iszero(
                            lt(mul(gas(), 63), add(mul(_minGas, 64), mul(add(40000, _reservedGas), 63)))
                        )
                    }
                    return _hasMinGas;
                }
                /// @notice Perform a low level call without copying any returndata. This function
                ///         will revert if the call cannot be performed with the specified minimum
                ///         gas.
                /// @param _target   Address to call
                /// @param _minGas   The minimum amount of gas that may be passed to the call
                /// @param _value    Amount of value to pass to the call
                /// @param _calldata Calldata to pass to the call
                function callWithMinGas(
                    address _target,
                    uint256 _minGas,
                    uint256 _value,
                    bytes memory _calldata
                ) internal returns (bool) {
                    bool _success;
                    bool _hasMinGas = hasMinGas(_minGas, 0);
                    assembly {
                        // Assertion: gasleft() >= (_minGas * 64) / 63 + 40_000
                        if iszero(_hasMinGas) {
                            // Store the "Error(string)" selector in scratch space.
                            mstore(0, 0x08c379a0)
                            // Store the pointer to the string length in scratch space.
                            mstore(32, 32)
                            // Store the string.
                            //
                            // SAFETY:
                            // - We pad the beginning of the string with two zero bytes as well as the
                            // length (24) to ensure that we override the free memory pointer at offset
                            // 0x40. This is necessary because the free memory pointer is likely to
                            // be greater than 1 byte when this function is called, but it is incredibly
                            // unlikely that it will be greater than 3 bytes. As for the data within
                            // 0x60, it is ensured that it is 0 due to 0x60 being the zero offset.
                            // - It's fine to clobber the free memory pointer, we're reverting.
                            mstore(88, 0x0000185361666543616c6c3a204e6f7420656e6f75676820676173)
                            // Revert with 'Error("SafeCall: Not enough gas")'
                            revert(28, 100)
                        }
                        // The call will be supplied at least ((_minGas * 64) / 63) gas due to the
                        // above assertion. This ensures that, in all circumstances (except for when the
                        // `_minGas` does not account for the `memory_expansion_cost` and `code_execution_cost`
                        // factors of the dynamic cost of the `CALL` opcode), the call will receive at least
                        // the minimum amount of gas specified.
                        _success := call(
                            gas(), // gas
                            _target, // recipient
                            _value, // ether value
                            add(_calldata, 32), // inloc
                            mload(_calldata), // inlen
                            0x00, // outloc
                            0x00 // outlen
                        )
                    }
                    return _success;
                }
            }
            // SPDX-License-Identifier: MIT
            pragma solidity 0.8.15;
            import { Initializable } from "@openzeppelin/contracts/proxy/utils/Initializable.sol";
            import { Semver } from "../universal/Semver.sol";
            import { Types } from "../libraries/Types.sol";
            /// @custom:proxied
            /// @title L2OutputOracle
            /// @notice The L2OutputOracle contains an array of L2 state outputs, where each output is a
            ///         commitment to the state of the L2 chain. Other contracts like the OptimismPortal use
            ///         these outputs to verify information about the state of L2.
            contract L2OutputOracle is Initializable, Semver {
                /// @notice The interval in L2 blocks at which checkpoints must be submitted.
                ///         Although this is immutable, it can safely be modified by upgrading the
                ///         implementation contract.
                uint256 public immutable SUBMISSION_INTERVAL;
                /// @notice The time between L2 blocks in seconds. Once set, this value MUST NOT be modified.
                uint256 public immutable L2_BLOCK_TIME;
                /// @notice The address of the challenger. Can be updated via upgrade.
                address public immutable CHALLENGER;
                /// @notice The address of the proposer. Can be updated via upgrade.
                address public immutable PROPOSER;
                /// @notice The minimum time (in seconds) that must elapse before a withdrawal can be finalized.
                uint256 public immutable FINALIZATION_PERIOD_SECONDS;
                /// @notice The number of the first L2 block recorded in this contract.
                uint256 public startingBlockNumber;
                /// @notice The timestamp of the first L2 block recorded in this contract.
                uint256 public startingTimestamp;
                /// @notice An array of L2 output proposals.
                Types.OutputProposal[] internal l2Outputs;
                /// @notice Emitted when an output is proposed.
                /// @param outputRoot    The output root.
                /// @param l2OutputIndex The index of the output in the l2Outputs array.
                /// @param l2BlockNumber The L2 block number of the output root.
                /// @param l1Timestamp   The L1 timestamp when proposed.
                event OutputProposed(
                    bytes32 indexed outputRoot,
                    uint256 indexed l2OutputIndex,
                    uint256 indexed l2BlockNumber,
                    uint256 l1Timestamp
                );
                /// @notice Emitted when outputs are deleted.
                /// @param prevNextOutputIndex Next L2 output index before the deletion.
                /// @param newNextOutputIndex  Next L2 output index after the deletion.
                event OutputsDeleted(uint256 indexed prevNextOutputIndex, uint256 indexed newNextOutputIndex);
                /// @custom:semver 1.3.1
                /// @notice Constructs the L2OutputOracle contract.
                /// @param _submissionInterval  Interval in blocks at which checkpoints must be submitted.
                /// @param _l2BlockTime         The time per L2 block, in seconds.
                /// @param _startingBlockNumber The number of the first L2 block.
                /// @param _startingTimestamp   The timestamp of the first L2 block.
                /// @param _proposer            The address of the proposer.
                /// @param _challenger          The address of the challenger.
                constructor(
                    uint256 _submissionInterval,
                    uint256 _l2BlockTime,
                    uint256 _startingBlockNumber,
                    uint256 _startingTimestamp,
                    address _proposer,
                    address _challenger,
                    uint256 _finalizationPeriodSeconds
                ) Semver(1, 3, 1) {
                    require(_l2BlockTime > 0, "L2OutputOracle: L2 block time must be greater than 0");
                    require(
                        _submissionInterval > 0,
                        "L2OutputOracle: submission interval must be greater than 0"
                    );
                    SUBMISSION_INTERVAL = _submissionInterval;
                    L2_BLOCK_TIME = _l2BlockTime;
                    PROPOSER = _proposer;
                    CHALLENGER = _challenger;
                    FINALIZATION_PERIOD_SECONDS = _finalizationPeriodSeconds;
                    initialize(_startingBlockNumber, _startingTimestamp);
                }
                /// @notice Initializer.
                /// @param _startingBlockNumber Block number for the first recoded L2 block.
                /// @param _startingTimestamp   Timestamp for the first recoded L2 block.
                function initialize(uint256 _startingBlockNumber, uint256 _startingTimestamp)
                    public
                    initializer
                {
                    require(
                        _startingTimestamp <= block.timestamp,
                        "L2OutputOracle: starting L2 timestamp must be less than current time"
                    );
                    startingTimestamp = _startingTimestamp;
                    startingBlockNumber = _startingBlockNumber;
                }
                /// @notice Deletes all output proposals after and including the proposal that corresponds to
                ///         the given output index. Only the challenger address can delete outputs.
                /// @param _l2OutputIndex Index of the first L2 output to be deleted.
                ///                       All outputs after this output will also be deleted.
                // solhint-disable-next-line ordering
                function deleteL2Outputs(uint256 _l2OutputIndex) external {
                    require(
                        msg.sender == CHALLENGER,
                        "L2OutputOracle: only the challenger address can delete outputs"
                    );
                    // Make sure we're not *increasing* the length of the array.
                    require(
                        _l2OutputIndex < l2Outputs.length,
                        "L2OutputOracle: cannot delete outputs after the latest output index"
                    );
                    // Do not allow deleting any outputs that have already been finalized.
                    require(
                        block.timestamp - l2Outputs[_l2OutputIndex].timestamp < FINALIZATION_PERIOD_SECONDS,
                        "L2OutputOracle: cannot delete outputs that have already been finalized"
                    );
                    uint256 prevNextL2OutputIndex = nextOutputIndex();
                    // Use assembly to delete the array elements because Solidity doesn't allow it.
                    assembly {
                        sstore(l2Outputs.slot, _l2OutputIndex)
                    }
                    emit OutputsDeleted(prevNextL2OutputIndex, _l2OutputIndex);
                }
                /// @notice Accepts an outputRoot and the timestamp of the corresponding L2 block.
                ///         The timestamp must be equal to the current value returned by `nextTimestamp()` in
                ///         order to be accepted. This function may only be called by the Proposer.
                /// @param _outputRoot    The L2 output of the checkpoint block.
                /// @param _l2BlockNumber The L2 block number that resulted in _outputRoot.
                /// @param _l1BlockHash   A block hash which must be included in the current chain.
                /// @param _l1BlockNumber The block number with the specified block hash.
                function proposeL2Output(
                    bytes32 _outputRoot,
                    uint256 _l2BlockNumber,
                    bytes32 _l1BlockHash,
                    uint256 _l1BlockNumber
                ) external payable {
                    require(
                        msg.sender == PROPOSER,
                        "L2OutputOracle: only the proposer address can propose new outputs"
                    );
                    require(
                        _l2BlockNumber == nextBlockNumber(),
                        "L2OutputOracle: block number must be equal to next expected block number"
                    );
                    require(
                        computeL2Timestamp(_l2BlockNumber) < block.timestamp,
                        "L2OutputOracle: cannot propose L2 output in the future"
                    );
                    require(
                        _outputRoot != bytes32(0),
                        "L2OutputOracle: L2 output proposal cannot be the zero hash"
                    );
                    if (_l1BlockHash != bytes32(0)) {
                        // This check allows the proposer to propose an output based on a given L1 block,
                        // without fear that it will be reorged out.
                        // It will also revert if the blockheight provided is more than 256 blocks behind the
                        // chain tip (as the hash will return as zero). This does open the door to a griefing
                        // attack in which the proposer's submission is censored until the block is no longer
                        // retrievable, if the proposer is experiencing this attack it can simply leave out the
                        // blockhash value, and delay submission until it is confident that the L1 block is
                        // finalized.
                        require(
                            blockhash(_l1BlockNumber) == _l1BlockHash,
                            "L2OutputOracle: block hash does not match the hash at the expected height"
                        );
                    }
                    emit OutputProposed(_outputRoot, nextOutputIndex(), _l2BlockNumber, block.timestamp);
                    l2Outputs.push(
                        Types.OutputProposal({
                            outputRoot: _outputRoot,
                            timestamp: uint128(block.timestamp),
                            l2BlockNumber: uint128(_l2BlockNumber)
                        })
                    );
                }
                /// @notice Returns an output by index. Needed to return a struct instead of a tuple.
                /// @param _l2OutputIndex Index of the output to return.
                /// @return The output at the given index.
                function getL2Output(uint256 _l2OutputIndex)
                    external
                    view
                    returns (Types.OutputProposal memory)
                {
                    return l2Outputs[_l2OutputIndex];
                }
                /// @notice Returns the index of the L2 output that checkpoints a given L2 block number.
                ///         Uses a binary search to find the first output greater than or equal to the given
                ///         block.
                /// @param _l2BlockNumber L2 block number to find a checkpoint for.
                /// @return Index of the first checkpoint that commits to the given L2 block number.
                function getL2OutputIndexAfter(uint256 _l2BlockNumber) public view returns (uint256) {
                    // Make sure an output for this block number has actually been proposed.
                    require(
                        _l2BlockNumber <= latestBlockNumber(),
                        "L2OutputOracle: cannot get output for a block that has not been proposed"
                    );
                    // Make sure there's at least one output proposed.
                    require(
                        l2Outputs.length > 0,
                        "L2OutputOracle: cannot get output as no outputs have been proposed yet"
                    );
                    // Find the output via binary search, guaranteed to exist.
                    uint256 lo = 0;
                    uint256 hi = l2Outputs.length;
                    while (lo < hi) {
                        uint256 mid = (lo + hi) / 2;
                        if (l2Outputs[mid].l2BlockNumber < _l2BlockNumber) {
                            lo = mid + 1;
                        } else {
                            hi = mid;
                        }
                    }
                    return lo;
                }
                /// @notice Returns the L2 output proposal that checkpoints a given L2 block number.
                ///         Uses a binary search to find the first output greater than or equal to the given
                ///         block.
                /// @param _l2BlockNumber L2 block number to find a checkpoint for.
                /// @return First checkpoint that commits to the given L2 block number.
                function getL2OutputAfter(uint256 _l2BlockNumber)
                    external
                    view
                    returns (Types.OutputProposal memory)
                {
                    return l2Outputs[getL2OutputIndexAfter(_l2BlockNumber)];
                }
                /// @notice Returns the number of outputs that have been proposed.
                ///         Will revert if no outputs have been proposed yet.
                /// @return The number of outputs that have been proposed.
                function latestOutputIndex() external view returns (uint256) {
                    return l2Outputs.length - 1;
                }
                /// @notice Returns the index of the next output to be proposed.
                /// @return The index of the next output to be proposed.
                function nextOutputIndex() public view returns (uint256) {
                    return l2Outputs.length;
                }
                /// @notice Returns the block number of the latest submitted L2 output proposal.
                ///         If no proposals been submitted yet then this function will return the starting
                ///         block number.
                /// @return Latest submitted L2 block number.
                function latestBlockNumber() public view returns (uint256) {
                    return
                        l2Outputs.length == 0
                            ? startingBlockNumber
                            : l2Outputs[l2Outputs.length - 1].l2BlockNumber;
                }
                /// @notice Computes the block number of the next L2 block that needs to be checkpointed.
                /// @return Next L2 block number.
                function nextBlockNumber() public view returns (uint256) {
                    return latestBlockNumber() + SUBMISSION_INTERVAL;
                }
                /// @notice Returns the L2 timestamp corresponding to a given L2 block number.
                /// @param _l2BlockNumber The L2 block number of the target block.
                /// @return L2 timestamp of the given block.
                function computeL2Timestamp(uint256 _l2BlockNumber) public view returns (uint256) {
                    return startingTimestamp + ((_l2BlockNumber - startingBlockNumber) * L2_BLOCK_TIME);
                }
            }
            // SPDX-License-Identifier: MIT
            pragma solidity 0.8.15;
            import {
                OwnableUpgradeable
            } from "@openzeppelin/contracts-upgradeable/access/OwnableUpgradeable.sol";
            import { Semver } from "../universal/Semver.sol";
            import { ResourceMetering } from "./ResourceMetering.sol";
            /// @title SystemConfig
            /// @notice The SystemConfig contract is used to manage configuration of an Optimism network.
            ///         All configuration is stored on L1 and picked up by L2 as part of the derviation of
            ///         the L2 chain.
            contract SystemConfig is OwnableUpgradeable, Semver {
                /// @notice Enum representing different types of updates.
                /// @custom:value BATCHER              Represents an update to the batcher hash.
                /// @custom:value GAS_CONFIG           Represents an update to txn fee config on L2.
                /// @custom:value GAS_LIMIT            Represents an update to gas limit on L2.
                /// @custom:value UNSAFE_BLOCK_SIGNER  Represents an update to the signer key for unsafe
                ///                                    block distrubution.
                enum UpdateType {
                    BATCHER,
                    GAS_CONFIG,
                    GAS_LIMIT,
                    UNSAFE_BLOCK_SIGNER
                }
                /// @notice Version identifier, used for upgrades.
                uint256 public constant VERSION = 0;
                /// @notice Storage slot that the unsafe block signer is stored at.
                ///         Storing it at this deterministic storage slot allows for decoupling the storage
                ///         layout from the way that `solc` lays out storage. The `op-node` uses a storage
                ///         proof to fetch this value.
                bytes32 public constant UNSAFE_BLOCK_SIGNER_SLOT = keccak256("systemconfig.unsafeblocksigner");
                /// @notice Fixed L2 gas overhead. Used as part of the L2 fee calculation.
                uint256 public overhead;
                /// @notice Dynamic L2 gas overhead. Used as part of the L2 fee calculation.
                uint256 public scalar;
                /// @notice Identifier for the batcher.
                ///         For version 1 of this configuration, this is represented as an address left-padded
                ///         with zeros to 32 bytes.
                bytes32 public batcherHash;
                /// @notice L2 block gas limit.
                uint64 public gasLimit;
                /// @notice The configuration for the deposit fee market.
                ///         Used by the OptimismPortal to meter the cost of buying L2 gas on L1.
                ///         Set as internal with a getter so that the struct is returned instead of a tuple.
                ResourceMetering.ResourceConfig internal _resourceConfig;
                /// @notice Emitted when configuration is updated.
                /// @param version    SystemConfig version.
                /// @param updateType Type of update.
                /// @param data       Encoded update data.
                event ConfigUpdate(uint256 indexed version, UpdateType indexed updateType, bytes data);
                /// @custom:semver 1.3.1
                /// @notice Constructs the SystemConfig contract.
                /// @param _owner             Initial owner of the contract.
                /// @param _overhead          Initial overhead value.
                /// @param _scalar            Initial scalar value.
                /// @param _batcherHash       Initial batcher hash.
                /// @param _gasLimit          Initial gas limit.
                /// @param _unsafeBlockSigner Initial unsafe block signer address.
                /// @param _config            Initial resource config.
                constructor(
                    address _owner,
                    uint256 _overhead,
                    uint256 _scalar,
                    bytes32 _batcherHash,
                    uint64 _gasLimit,
                    address _unsafeBlockSigner,
                    ResourceMetering.ResourceConfig memory _config
                ) Semver(1, 3, 1) {
                    initialize({
                        _owner: _owner,
                        _overhead: _overhead,
                        _scalar: _scalar,
                        _batcherHash: _batcherHash,
                        _gasLimit: _gasLimit,
                        _unsafeBlockSigner: _unsafeBlockSigner,
                        _config: _config
                    });
                }
                /// @notice Initializer.
                ///         The resource config must be set before the require check.
                /// @param _owner             Initial owner of the contract.
                /// @param _overhead          Initial overhead value.
                /// @param _scalar            Initial scalar value.
                /// @param _batcherHash       Initial batcher hash.
                /// @param _gasLimit          Initial gas limit.
                /// @param _unsafeBlockSigner Initial unsafe block signer address.
                /// @param _config            Initial ResourceConfig.
                function initialize(
                    address _owner,
                    uint256 _overhead,
                    uint256 _scalar,
                    bytes32 _batcherHash,
                    uint64 _gasLimit,
                    address _unsafeBlockSigner,
                    ResourceMetering.ResourceConfig memory _config
                ) public initializer {
                    __Ownable_init();
                    transferOwnership(_owner);
                    overhead = _overhead;
                    scalar = _scalar;
                    batcherHash = _batcherHash;
                    gasLimit = _gasLimit;
                    _setUnsafeBlockSigner(_unsafeBlockSigner);
                    _setResourceConfig(_config);
                    require(_gasLimit >= minimumGasLimit(), "SystemConfig: gas limit too low");
                }
                /// @notice Returns the minimum L2 gas limit that can be safely set for the system to
                ///         operate. The L2 gas limit must be larger than or equal to the amount of
                ///         gas that is allocated for deposits per block plus the amount of gas that
                ///         is allocated for the system transaction.
                ///         This function is used to determine if changes to parameters are safe.
                /// @return uint64 Minimum gas limit.
                function minimumGasLimit() public view returns (uint64) {
                    return uint64(_resourceConfig.maxResourceLimit) + uint64(_resourceConfig.systemTxMaxGas);
                }
                /// @notice High level getter for the unsafe block signer address.
                ///         Unsafe blocks can be propagated across the p2p network if they are signed by the
                ///         key corresponding to this address.
                /// @return Address of the unsafe block signer.
                // solhint-disable-next-line ordering
                function unsafeBlockSigner() external view returns (address) {
                    address addr;
                    bytes32 slot = UNSAFE_BLOCK_SIGNER_SLOT;
                    assembly {
                        addr := sload(slot)
                    }
                    return addr;
                }
                /// @notice Updates the unsafe block signer address.
                /// @param _unsafeBlockSigner New unsafe block signer address.
                function setUnsafeBlockSigner(address _unsafeBlockSigner) external onlyOwner {
                    _setUnsafeBlockSigner(_unsafeBlockSigner);
                    bytes memory data = abi.encode(_unsafeBlockSigner);
                    emit ConfigUpdate(VERSION, UpdateType.UNSAFE_BLOCK_SIGNER, data);
                }
                /// @notice Updates the batcher hash.
                /// @param _batcherHash New batcher hash.
                function setBatcherHash(bytes32 _batcherHash) external onlyOwner {
                    batcherHash = _batcherHash;
                    bytes memory data = abi.encode(_batcherHash);
                    emit ConfigUpdate(VERSION, UpdateType.BATCHER, data);
                }
                /// @notice Updates gas config.
                /// @param _overhead New overhead value.
                /// @param _scalar   New scalar value.
                function setGasConfig(uint256 _overhead, uint256 _scalar) external onlyOwner {
                    overhead = _overhead;
                    scalar = _scalar;
                    bytes memory data = abi.encode(_overhead, _scalar);
                    emit ConfigUpdate(VERSION, UpdateType.GAS_CONFIG, data);
                }
                /// @notice Updates the L2 gas limit.
                /// @param _gasLimit New gas limit.
                function setGasLimit(uint64 _gasLimit) external onlyOwner {
                    require(_gasLimit >= minimumGasLimit(), "SystemConfig: gas limit too low");
                    gasLimit = _gasLimit;
                    bytes memory data = abi.encode(_gasLimit);
                    emit ConfigUpdate(VERSION, UpdateType.GAS_LIMIT, data);
                }
                /// @notice Low level setter for the unsafe block signer address.
                ///         This function exists to deduplicate code around storing the unsafeBlockSigner
                ///         address in storage.
                /// @param _unsafeBlockSigner New unsafeBlockSigner value.
                function _setUnsafeBlockSigner(address _unsafeBlockSigner) internal {
                    bytes32 slot = UNSAFE_BLOCK_SIGNER_SLOT;
                    assembly {
                        sstore(slot, _unsafeBlockSigner)
                    }
                }
                /// @notice A getter for the resource config.
                ///         Ensures that the struct is returned instead of a tuple.
                /// @return ResourceConfig
                function resourceConfig() external view returns (ResourceMetering.ResourceConfig memory) {
                    return _resourceConfig;
                }
                /// @notice An external setter for the resource config.
                ///         In the future, this method may emit an event that the `op-node` picks up
                ///         for when the resource config is changed.
                /// @param _config The new resource config values.
                function setResourceConfig(ResourceMetering.ResourceConfig memory _config) external onlyOwner {
                    _setResourceConfig(_config);
                }
                /// @notice An internal setter for the resource config.
                ///         Ensures that the config is sane before storing it by checking for invariants.
                /// @param _config The new resource config.
                function _setResourceConfig(ResourceMetering.ResourceConfig memory _config) internal {
                    // Min base fee must be less than or equal to max base fee.
                    require(
                        _config.minimumBaseFee <= _config.maximumBaseFee,
                        "SystemConfig: min base fee must be less than max base"
                    );
                    // Base fee change denominator must be greater than 1.
                    require(
                        _config.baseFeeMaxChangeDenominator > 1,
                        "SystemConfig: denominator must be larger than 1"
                    );
                    // Max resource limit plus system tx gas must be less than or equal to the L2 gas limit.
                    // The gas limit must be increased before these values can be increased.
                    require(
                        _config.maxResourceLimit + _config.systemTxMaxGas <= gasLimit,
                        "SystemConfig: gas limit too low"
                    );
                    // Elasticity multiplier must be greater than 0.
                    require(
                        _config.elasticityMultiplier > 0,
                        "SystemConfig: elasticity multiplier cannot be 0"
                    );
                    // No precision loss when computing target resource limit.
                    require(
                        ((_config.maxResourceLimit / _config.elasticityMultiplier) *
                            _config.elasticityMultiplier) == _config.maxResourceLimit,
                        "SystemConfig: precision loss with target resource limit"
                    );
                    _resourceConfig = _config;
                }
            }
            // SPDX-License-Identifier: MIT
            pragma solidity ^0.8.0;
            import { ResourceMetering } from "../L1/ResourceMetering.sol";
            /// @title Constants
            /// @notice Constants is a library for storing constants. Simple! Don't put everything in here, just
            ///         the stuff used in multiple contracts. Constants that only apply to a single contract
            ///         should be defined in that contract instead.
            library Constants {
                /// @notice Special address to be used as the tx origin for gas estimation calls in the
                ///         OptimismPortal and CrossDomainMessenger calls. You only need to use this address if
                ///         the minimum gas limit specified by the user is not actually enough to execute the
                ///         given message and you're attempting to estimate the actual necessary gas limit. We
                ///         use address(1) because it's the ecrecover precompile and therefore guaranteed to
                ///         never have any code on any EVM chain.
                address internal constant ESTIMATION_ADDRESS = address(1);
                /// @notice Value used for the L2 sender storage slot in both the OptimismPortal and the
                ///         CrossDomainMessenger contracts before an actual sender is set. This value is
                ///         non-zero to reduce the gas cost of message passing transactions.
                address internal constant DEFAULT_L2_SENDER = 0x000000000000000000000000000000000000dEaD;
                /// @notice Returns the default values for the ResourceConfig. These are the recommended values
                ///         for a production network.
                function DEFAULT_RESOURCE_CONFIG()
                    internal
                    pure
                    returns (ResourceMetering.ResourceConfig memory)
                {
                    ResourceMetering.ResourceConfig memory config = ResourceMetering.ResourceConfig({
                        maxResourceLimit: 20_000_000,
                        elasticityMultiplier: 10,
                        baseFeeMaxChangeDenominator: 8,
                        minimumBaseFee: 1 gwei,
                        systemTxMaxGas: 1_000_000,
                        maximumBaseFee: type(uint128).max
                    });
                    return config;
                }
            }
            // SPDX-License-Identifier: MIT
            pragma solidity ^0.8.0;
            /// @title Types
            /// @notice Contains various types used throughout the Optimism contract system.
            library Types {
                /// @notice OutputProposal represents a commitment to the L2 state. The timestamp is the L1
                ///         timestamp that the output root is posted. This timestamp is used to verify that the
                ///         finalization period has passed since the output root was submitted.
                /// @custom:field outputRoot    Hash of the L2 output.
                /// @custom:field timestamp     Timestamp of the L1 block that the output root was submitted in.
                /// @custom:field l2BlockNumber L2 block number that the output corresponds to.
                struct OutputProposal {
                    bytes32 outputRoot;
                    uint128 timestamp;
                    uint128 l2BlockNumber;
                }
                /// @notice Struct representing the elements that are hashed together to generate an output root
                ///         which itself represents a snapshot of the L2 state.
                /// @custom:field version                  Version of the output root.
                /// @custom:field stateRoot                Root of the state trie at the block of this output.
                /// @custom:field messagePasserStorageRoot Root of the message passer storage trie.
                /// @custom:field latestBlockhash          Hash of the block this output was generated from.
                struct OutputRootProof {
                    bytes32 version;
                    bytes32 stateRoot;
                    bytes32 messagePasserStorageRoot;
                    bytes32 latestBlockhash;
                }
                /// @notice Struct representing a deposit transaction (L1 => L2 transaction) created by an end
                ///         user (as opposed to a system deposit transaction generated by the system).
                /// @custom:field from        Address of the sender of the transaction.
                /// @custom:field to          Address of the recipient of the transaction.
                /// @custom:field isCreation  True if the transaction is a contract creation.
                /// @custom:field value       Value to send to the recipient.
                /// @custom:field mint        Amount of ETH to mint.
                /// @custom:field gasLimit    Gas limit of the transaction.
                /// @custom:field data        Data of the transaction.
                /// @custom:field l1BlockHash Hash of the block the transaction was submitted in.
                /// @custom:field logIndex    Index of the log in the block the transaction was submitted in.
                struct UserDepositTransaction {
                    address from;
                    address to;
                    bool isCreation;
                    uint256 value;
                    uint256 mint;
                    uint64 gasLimit;
                    bytes data;
                    bytes32 l1BlockHash;
                    uint256 logIndex;
                }
                /// @notice Struct representing a withdrawal transaction.
                /// @custom:field nonce    Nonce of the withdrawal transaction
                /// @custom:field sender   Address of the sender of the transaction.
                /// @custom:field target   Address of the recipient of the transaction.
                /// @custom:field value    Value to send to the recipient.
                /// @custom:field gasLimit Gas limit of the transaction.
                /// @custom:field data     Data of the transaction.
                struct WithdrawalTransaction {
                    uint256 nonce;
                    address sender;
                    address target;
                    uint256 value;
                    uint256 gasLimit;
                    bytes data;
                }
            }
            // SPDX-License-Identifier: MIT
            pragma solidity ^0.8.0;
            import { Types } from "./Types.sol";
            import { Encoding } from "./Encoding.sol";
            /// @title Hashing
            /// @notice Hashing handles Optimism's various different hashing schemes.
            library Hashing {
                /// @notice Computes the hash of the RLP encoded L2 transaction that would be generated when a
                ///         given deposit is sent to the L2 system. Useful for searching for a deposit in the L2
                ///         system.
                /// @param _tx User deposit transaction to hash.
                /// @return Hash of the RLP encoded L2 deposit transaction.
                function hashDepositTransaction(Types.UserDepositTransaction memory _tx)
                    internal
                    pure
                    returns (bytes32)
                {
                    return keccak256(Encoding.encodeDepositTransaction(_tx));
                }
                /// @notice Computes the deposit transaction's "source hash", a value that guarantees the hash
                ///         of the L2 transaction that corresponds to a deposit is unique and is
                ///         deterministically generated from L1 transaction data.
                /// @param _l1BlockHash Hash of the L1 block where the deposit was included.
                /// @param _logIndex    The index of the log that created the deposit transaction.
                /// @return Hash of the deposit transaction's "source hash".
                function hashDepositSource(bytes32 _l1BlockHash, uint256 _logIndex)
                    internal
                    pure
                    returns (bytes32)
                {
                    bytes32 depositId = keccak256(abi.encode(_l1BlockHash, _logIndex));
                    return keccak256(abi.encode(bytes32(0), depositId));
                }
                /// @notice Hashes the cross domain message based on the version that is encoded into the
                ///         message nonce.
                /// @param _nonce    Message nonce with version encoded into the first two bytes.
                /// @param _sender   Address of the sender of the message.
                /// @param _target   Address of the target of the message.
                /// @param _value    ETH value to send to the target.
                /// @param _gasLimit Gas limit to use for the message.
                /// @param _data     Data to send with the message.
                /// @return Hashed cross domain message.
                function hashCrossDomainMessage(
                    uint256 _nonce,
                    address _sender,
                    address _target,
                    uint256 _value,
                    uint256 _gasLimit,
                    bytes memory _data
                ) internal pure returns (bytes32) {
                    (, uint16 version) = Encoding.decodeVersionedNonce(_nonce);
                    if (version == 0) {
                        return hashCrossDomainMessageV0(_target, _sender, _data, _nonce);
                    } else if (version == 1) {
                        return hashCrossDomainMessageV1(_nonce, _sender, _target, _value, _gasLimit, _data);
                    } else {
                        revert("Hashing: unknown cross domain message version");
                    }
                }
                /// @notice Hashes a cross domain message based on the V0 (legacy) encoding.
                /// @param _target Address of the target of the message.
                /// @param _sender Address of the sender of the message.
                /// @param _data   Data to send with the message.
                /// @param _nonce  Message nonce.
                /// @return Hashed cross domain message.
                function hashCrossDomainMessageV0(
                    address _target,
                    address _sender,
                    bytes memory _data,
                    uint256 _nonce
                ) internal pure returns (bytes32) {
                    return keccak256(Encoding.encodeCrossDomainMessageV0(_target, _sender, _data, _nonce));
                }
                /// @notice Hashes a cross domain message based on the V1 (current) encoding.
                /// @param _nonce    Message nonce.
                /// @param _sender   Address of the sender of the message.
                /// @param _target   Address of the target of the message.
                /// @param _value    ETH value to send to the target.
                /// @param _gasLimit Gas limit to use for the message.
                /// @param _data     Data to send with the message.
                /// @return Hashed cross domain message.
                function hashCrossDomainMessageV1(
                    uint256 _nonce,
                    address _sender,
                    address _target,
                    uint256 _value,
                    uint256 _gasLimit,
                    bytes memory _data
                ) internal pure returns (bytes32) {
                    return
                        keccak256(
                            Encoding.encodeCrossDomainMessageV1(
                                _nonce,
                                _sender,
                                _target,
                                _value,
                                _gasLimit,
                                _data
                            )
                        );
                }
                /// @notice Derives the withdrawal hash according to the encoding in the L2 Withdrawer contract
                /// @param _tx Withdrawal transaction to hash.
                /// @return Hashed withdrawal transaction.
                function hashWithdrawal(Types.WithdrawalTransaction memory _tx)
                    internal
                    pure
                    returns (bytes32)
                {
                    return
                        keccak256(
                            abi.encode(_tx.nonce, _tx.sender, _tx.target, _tx.value, _tx.gasLimit, _tx.data)
                        );
                }
                /// @notice Hashes the various elements of an output root proof into an output root hash which
                ///         can be used to check if the proof is valid.
                /// @param _outputRootProof Output root proof which should hash to an output root.
                /// @return Hashed output root proof.
                function hashOutputRootProof(Types.OutputRootProof memory _outputRootProof)
                    internal
                    pure
                    returns (bytes32)
                {
                    return
                        keccak256(
                            abi.encode(
                                _outputRootProof.version,
                                _outputRootProof.stateRoot,
                                _outputRootProof.messagePasserStorageRoot,
                                _outputRootProof.latestBlockhash
                            )
                        );
                }
            }
            // SPDX-License-Identifier: MIT
            pragma solidity ^0.8.0;
            /* Library Imports */
            import { MerkleTrie } from "./MerkleTrie.sol";
            /**
             * @title SecureMerkleTrie
             * @notice SecureMerkleTrie is a thin wrapper around the MerkleTrie library that hashes the input
             *         keys. Ethereum's state trie hashes input keys before storing them.
             */
            library SecureMerkleTrie {
                /**
                 * @notice Verifies a proof that a given key/value pair is present in the Merkle trie.
                 *
                 * @param _key   Key of the node to search for, as a hex string.
                 * @param _value Value of the node to search for, as a hex string.
                 * @param _proof Merkle trie inclusion proof for the desired node. Unlike traditional Merkle
                 *               trees, this proof is executed top-down and consists of a list of RLP-encoded
                 *               nodes that make a path down to the target node.
                 * @param _root  Known root of the Merkle trie. Used to verify that the included proof is
                 *               correctly constructed.
                 *
                 * @return Whether or not the proof is valid.
                 */
                function verifyInclusionProof(
                    bytes memory _key,
                    bytes memory _value,
                    bytes[] memory _proof,
                    bytes32 _root
                ) internal pure returns (bool) {
                    bytes memory key = _getSecureKey(_key);
                    return MerkleTrie.verifyInclusionProof(key, _value, _proof, _root);
                }
                /**
                 * @notice Retrieves the value associated with a given key.
                 *
                 * @param _key   Key to search for, as hex bytes.
                 * @param _proof Merkle trie inclusion proof for the key.
                 * @param _root  Known root of the Merkle trie.
                 *
                 * @return Value of the key if it exists.
                 */
                function get(
                    bytes memory _key,
                    bytes[] memory _proof,
                    bytes32 _root
                ) internal pure returns (bytes memory) {
                    bytes memory key = _getSecureKey(_key);
                    return MerkleTrie.get(key, _proof, _root);
                }
                /**
                 * @notice Computes the hashed version of the input key.
                 *
                 * @param _key Key to hash.
                 *
                 * @return Hashed version of the key.
                 */
                function _getSecureKey(bytes memory _key) private pure returns (bytes memory) {
                    return abi.encodePacked(keccak256(_key));
                }
            }
            // SPDX-License-Identifier: Apache-2.0
            /*
             * Copyright 2019-2021, Offchain Labs, Inc.
             *
             * Licensed under the Apache License, Version 2.0 (the "License");
             * you may not use this file except in compliance with the License.
             * You may obtain a copy of the License at
             *
             *    http://www.apache.org/licenses/LICENSE-2.0
             *
             * Unless required by applicable law or agreed to in writing, software
             * distributed under the License is distributed on an "AS IS" BASIS,
             * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
             * See the License for the specific language governing permissions and
             * limitations under the License.
             */
            pragma solidity ^0.8.0;
            library AddressAliasHelper {
                uint160 constant offset = uint160(0x1111000000000000000000000000000000001111);
                /// @notice Utility function that converts the address in the L1 that submitted a tx to
                /// the inbox to the msg.sender viewed in the L2
                /// @param l1Address the address in the L1 that triggered the tx to L2
                /// @return l2Address L2 address as viewed in msg.sender
                function applyL1ToL2Alias(address l1Address) internal pure returns (address l2Address) {
                    unchecked {
                        l2Address = address(uint160(l1Address) + offset);
                    }
                }
                /// @notice Utility function that converts the msg.sender viewed in the L2 to the
                /// address in the L1 that submitted a tx to the inbox
                /// @param l2Address L2 address as viewed in msg.sender
                /// @return l1Address the address in the L1 that triggered the tx to L2
                function undoL1ToL2Alias(address l2Address) internal pure returns (address l1Address) {
                    unchecked {
                        l1Address = address(uint160(l2Address) - offset);
                    }
                }
            }
            // SPDX-License-Identifier: MIT
            pragma solidity 0.8.15;
            import { Initializable } from "@openzeppelin/contracts/proxy/utils/Initializable.sol";
            import { Math } from "@openzeppelin/contracts/utils/math/Math.sol";
            import { Burn } from "../libraries/Burn.sol";
            import { Arithmetic } from "../libraries/Arithmetic.sol";
            /// @custom:upgradeable
            /// @title ResourceMetering
            /// @notice ResourceMetering implements an EIP-1559 style resource metering system where pricing
            ///         updates automatically based on current demand.
            abstract contract ResourceMetering is Initializable {
                /// @notice Represents the various parameters that control the way in which resources are
                ///         metered. Corresponds to the EIP-1559 resource metering system.
                /// @custom:field prevBaseFee   Base fee from the previous block(s).
                /// @custom:field prevBoughtGas Amount of gas bought so far in the current block.
                /// @custom:field prevBlockNum  Last block number that the base fee was updated.
                struct ResourceParams {
                    uint128 prevBaseFee;
                    uint64 prevBoughtGas;
                    uint64 prevBlockNum;
                }
                /// @notice Represents the configuration for the EIP-1559 based curve for the deposit gas
                ///         market. These values should be set with care as it is possible to set them in
                ///         a way that breaks the deposit gas market. The target resource limit is defined as
                ///         maxResourceLimit / elasticityMultiplier. This struct was designed to fit within a
                ///         single word. There is additional space for additions in the future.
                /// @custom:field maxResourceLimit             Represents the maximum amount of deposit gas that
                ///                                            can be purchased per block.
                /// @custom:field elasticityMultiplier         Determines the target resource limit along with
                ///                                            the resource limit.
                /// @custom:field baseFeeMaxChangeDenominator  Determines max change on fee per block.
                /// @custom:field minimumBaseFee               The min deposit base fee, it is clamped to this
                ///                                            value.
                /// @custom:field systemTxMaxGas               The amount of gas supplied to the system
                ///                                            transaction. This should be set to the same
                ///                                            number that the op-node sets as the gas limit
                ///                                            for the system transaction.
                /// @custom:field maximumBaseFee               The max deposit base fee, it is clamped to this
                ///                                            value.
                struct ResourceConfig {
                    uint32 maxResourceLimit;
                    uint8 elasticityMultiplier;
                    uint8 baseFeeMaxChangeDenominator;
                    uint32 minimumBaseFee;
                    uint32 systemTxMaxGas;
                    uint128 maximumBaseFee;
                }
                /// @notice EIP-1559 style gas parameters.
                ResourceParams public params;
                /// @notice Reserve extra slots (to a total of 50) in the storage layout for future upgrades.
                uint256[48] private __gap;
                /// @notice Meters access to a function based an amount of a requested resource.
                /// @param _amount Amount of the resource requested.
                modifier metered(uint64 _amount) {
                    // Record initial gas amount so we can refund for it later.
                    uint256 initialGas = gasleft();
                    // Run the underlying function.
                    _;
                    // Run the metering function.
                    _metered(_amount, initialGas);
                }
                /// @notice An internal function that holds all of the logic for metering a resource.
                /// @param _amount     Amount of the resource requested.
                /// @param _initialGas The amount of gas before any modifier execution.
                function _metered(uint64 _amount, uint256 _initialGas) internal {
                    // Update block number and base fee if necessary.
                    uint256 blockDiff = block.number - params.prevBlockNum;
                    ResourceConfig memory config = _resourceConfig();
                    int256 targetResourceLimit = int256(uint256(config.maxResourceLimit)) /
                        int256(uint256(config.elasticityMultiplier));
                    if (blockDiff > 0) {
                        // Handle updating EIP-1559 style gas parameters. We use EIP-1559 to restrict the rate
                        // at which deposits can be created and therefore limit the potential for deposits to
                        // spam the L2 system. Fee scheme is very similar to EIP-1559 with minor changes.
                        int256 gasUsedDelta = int256(uint256(params.prevBoughtGas)) - targetResourceLimit;
                        int256 baseFeeDelta = (int256(uint256(params.prevBaseFee)) * gasUsedDelta) /
                            (targetResourceLimit * int256(uint256(config.baseFeeMaxChangeDenominator)));
                        // Update base fee by adding the base fee delta and clamp the resulting value between
                        // min and max.
                        int256 newBaseFee = Arithmetic.clamp({
                            _value: int256(uint256(params.prevBaseFee)) + baseFeeDelta,
                            _min: int256(uint256(config.minimumBaseFee)),
                            _max: int256(uint256(config.maximumBaseFee))
                        });
                        // If we skipped more than one block, we also need to account for every empty block.
                        // Empty block means there was no demand for deposits in that block, so we should
                        // reflect this lack of demand in the fee.
                        if (blockDiff > 1) {
                            // Update the base fee by repeatedly applying the exponent 1-(1/change_denominator)
                            // blockDiff - 1 times. Simulates multiple empty blocks. Clamp the resulting value
                            // between min and max.
                            newBaseFee = Arithmetic.clamp({
                                _value: Arithmetic.cdexp({
                                    _coefficient: newBaseFee,
                                    _denominator: int256(uint256(config.baseFeeMaxChangeDenominator)),
                                    _exponent: int256(blockDiff - 1)
                                }),
                                _min: int256(uint256(config.minimumBaseFee)),
                                _max: int256(uint256(config.maximumBaseFee))
                            });
                        }
                        // Update new base fee, reset bought gas, and update block number.
                        params.prevBaseFee = uint128(uint256(newBaseFee));
                        params.prevBoughtGas = 0;
                        params.prevBlockNum = uint64(block.number);
                    }
                    // Make sure we can actually buy the resource amount requested by the user.
                    params.prevBoughtGas += _amount;
                    require(
                        int256(uint256(params.prevBoughtGas)) <= int256(uint256(config.maxResourceLimit)),
                        "ResourceMetering: cannot buy more gas than available gas limit"
                    );
                    // Determine the amount of ETH to be paid.
                    uint256 resourceCost = uint256(_amount) * uint256(params.prevBaseFee);
                    // We currently charge for this ETH amount as an L1 gas burn, so we convert the ETH amount
                    // into gas by dividing by the L1 base fee. We assume a minimum base fee of 1 gwei to avoid
                    // division by zero for L1s that don't support 1559 or to avoid excessive gas burns during
                    // periods of extremely low L1 demand. One-day average gas fee hasn't dipped below 1 gwei
                    // during any 1 day period in the last 5 years, so should be fine.
                    uint256 gasCost = resourceCost / Math.max(block.basefee, 1 gwei);
                    // Give the user a refund based on the amount of gas they used to do all of the work up to
                    // this point. Since we're at the end of the modifier, this should be pretty accurate. Acts
                    // effectively like a dynamic stipend (with a minimum value).
                    uint256 usedGas = _initialGas - gasleft();
                    if (gasCost > usedGas) {
                        Burn.gas(gasCost - usedGas);
                    }
                }
                /// @notice Virtual function that returns the resource config.
                ///         Contracts that inherit this contract must implement this function.
                /// @return ResourceConfig
                function _resourceConfig() internal virtual returns (ResourceConfig memory);
                /// @notice Sets initial resource parameter values.
                ///         This function must either be called by the initializer function of an upgradeable
                ///         child contract.
                // solhint-disable-next-line func-name-mixedcase
                function __ResourceMetering_init() internal onlyInitializing {
                    params = ResourceParams({
                        prevBaseFee: 1 gwei,
                        prevBoughtGas: 0,
                        prevBlockNum: uint64(block.number)
                    });
                }
            }
            // SPDX-License-Identifier: MIT
            pragma solidity ^0.8.0;
            import { Strings } from "@openzeppelin/contracts/utils/Strings.sol";
            /// @title Semver
            /// @notice Semver is a simple contract for managing contract versions.
            contract Semver {
                /// @notice Contract version number (major).
                uint256 private immutable MAJOR_VERSION;
                /// @notice Contract version number (minor).
                uint256 private immutable MINOR_VERSION;
                /// @notice Contract version number (patch).
                uint256 private immutable PATCH_VERSION;
                /// @param _major Version number (major).
                /// @param _minor Version number (minor).
                /// @param _patch Version number (patch).
                constructor(
                    uint256 _major,
                    uint256 _minor,
                    uint256 _patch
                ) {
                    MAJOR_VERSION = _major;
                    MINOR_VERSION = _minor;
                    PATCH_VERSION = _patch;
                }
                /// @notice Returns the full semver contract version.
                /// @return Semver contract version as a string.
                function version() public view returns (string memory) {
                    return
                        string(
                            abi.encodePacked(
                                Strings.toString(MAJOR_VERSION),
                                ".",
                                Strings.toString(MINOR_VERSION),
                                ".",
                                Strings.toString(PATCH_VERSION)
                            )
                        );
                }
            }
            // SPDX-License-Identifier: MIT
            // OpenZeppelin Contracts (last updated v4.7.0) (utils/Address.sol)
            pragma solidity ^0.8.1;
            /**
             * @dev Collection of functions related to the address type
             */
            library Address {
                /**
                 * @dev Returns true if `account` is a contract.
                 *
                 * [IMPORTANT]
                 * ====
                 * It is unsafe to assume that an address for which this function returns
                 * false is an externally-owned account (EOA) and not a contract.
                 *
                 * Among others, `isContract` will return false for the following
                 * types of addresses:
                 *
                 *  - an externally-owned account
                 *  - a contract in construction
                 *  - an address where a contract will be created
                 *  - an address where a contract lived, but was destroyed
                 * ====
                 *
                 * [IMPORTANT]
                 * ====
                 * You shouldn't rely on `isContract` to protect against flash loan attacks!
                 *
                 * Preventing calls from contracts is highly discouraged. It breaks composability, breaks support for smart wallets
                 * like Gnosis Safe, and does not provide security since it can be circumvented by calling from a contract
                 * constructor.
                 * ====
                 */
                function isContract(address account) internal view returns (bool) {
                    // This method relies on extcodesize/address.code.length, which returns 0
                    // for contracts in construction, since the code is only stored at the end
                    // of the constructor execution.
                    return account.code.length > 0;
                }
                /**
                 * @dev Replacement for Solidity's `transfer`: sends `amount` wei to
                 * `recipient`, forwarding all available gas and reverting on errors.
                 *
                 * https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost
                 * of certain opcodes, possibly making contracts go over the 2300 gas limit
                 * imposed by `transfer`, making them unable to receive funds via
                 * `transfer`. {sendValue} removes this limitation.
                 *
                 * https://diligence.consensys.net/posts/2019/09/stop-using-soliditys-transfer-now/[Learn more].
                 *
                 * IMPORTANT: because control is transferred to `recipient`, care must be
                 * taken to not create reentrancy vulnerabilities. Consider using
                 * {ReentrancyGuard} or the
                 * https://solidity.readthedocs.io/en/v0.5.11/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern].
                 */
                function sendValue(address payable recipient, uint256 amount) internal {
                    require(address(this).balance >= amount, "Address: insufficient balance");
                    (bool success, ) = recipient.call{value: amount}("");
                    require(success, "Address: unable to send value, recipient may have reverted");
                }
                /**
                 * @dev Performs a Solidity function call using a low level `call`. A
                 * plain `call` is an unsafe replacement for a function call: use this
                 * function instead.
                 *
                 * If `target` reverts with a revert reason, it is bubbled up by this
                 * function (like regular Solidity function calls).
                 *
                 * Returns the raw returned data. To convert to the expected return value,
                 * use https://solidity.readthedocs.io/en/latest/units-and-global-variables.html?highlight=abi.decode#abi-encoding-and-decoding-functions[`abi.decode`].
                 *
                 * Requirements:
                 *
                 * - `target` must be a contract.
                 * - calling `target` with `data` must not revert.
                 *
                 * _Available since v3.1._
                 */
                function functionCall(address target, bytes memory data) internal returns (bytes memory) {
                    return functionCall(target, data, "Address: low-level call failed");
                }
                /**
                 * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], but with
                 * `errorMessage` as a fallback revert reason when `target` reverts.
                 *
                 * _Available since v3.1._
                 */
                function functionCall(
                    address target,
                    bytes memory data,
                    string memory errorMessage
                ) internal returns (bytes memory) {
                    return functionCallWithValue(target, data, 0, errorMessage);
                }
                /**
                 * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
                 * but also transferring `value` wei to `target`.
                 *
                 * Requirements:
                 *
                 * - the calling contract must have an ETH balance of at least `value`.
                 * - the called Solidity function must be `payable`.
                 *
                 * _Available since v3.1._
                 */
                function functionCallWithValue(
                    address target,
                    bytes memory data,
                    uint256 value
                ) internal returns (bytes memory) {
                    return functionCallWithValue(target, data, value, "Address: low-level call with value failed");
                }
                /**
                 * @dev Same as {xref-Address-functionCallWithValue-address-bytes-uint256-}[`functionCallWithValue`], but
                 * with `errorMessage` as a fallback revert reason when `target` reverts.
                 *
                 * _Available since v3.1._
                 */
                function functionCallWithValue(
                    address target,
                    bytes memory data,
                    uint256 value,
                    string memory errorMessage
                ) internal returns (bytes memory) {
                    require(address(this).balance >= value, "Address: insufficient balance for call");
                    require(isContract(target), "Address: call to non-contract");
                    (bool success, bytes memory returndata) = target.call{value: value}(data);
                    return verifyCallResult(success, returndata, errorMessage);
                }
                /**
                 * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
                 * but performing a static call.
                 *
                 * _Available since v3.3._
                 */
                function functionStaticCall(address target, bytes memory data) internal view returns (bytes memory) {
                    return functionStaticCall(target, data, "Address: low-level static call failed");
                }
                /**
                 * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],
                 * but performing a static call.
                 *
                 * _Available since v3.3._
                 */
                function functionStaticCall(
                    address target,
                    bytes memory data,
                    string memory errorMessage
                ) internal view returns (bytes memory) {
                    require(isContract(target), "Address: static call to non-contract");
                    (bool success, bytes memory returndata) = target.staticcall(data);
                    return verifyCallResult(success, returndata, errorMessage);
                }
                /**
                 * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
                 * but performing a delegate call.
                 *
                 * _Available since v3.4._
                 */
                function functionDelegateCall(address target, bytes memory data) internal returns (bytes memory) {
                    return functionDelegateCall(target, data, "Address: low-level delegate call failed");
                }
                /**
                 * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],
                 * but performing a delegate call.
                 *
                 * _Available since v3.4._
                 */
                function functionDelegateCall(
                    address target,
                    bytes memory data,
                    string memory errorMessage
                ) internal returns (bytes memory) {
                    require(isContract(target), "Address: delegate call to non-contract");
                    (bool success, bytes memory returndata) = target.delegatecall(data);
                    return verifyCallResult(success, returndata, errorMessage);
                }
                /**
                 * @dev Tool to verifies that a low level call was successful, and revert if it wasn't, either by bubbling the
                 * revert reason using the provided one.
                 *
                 * _Available since v4.3._
                 */
                function verifyCallResult(
                    bool success,
                    bytes memory returndata,
                    string memory errorMessage
                ) internal pure returns (bytes memory) {
                    if (success) {
                        return returndata;
                    } else {
                        // Look for revert reason and bubble it up if present
                        if (returndata.length > 0) {
                            // The easiest way to bubble the revert reason is using memory via assembly
                            /// @solidity memory-safe-assembly
                            assembly {
                                let returndata_size := mload(returndata)
                                revert(add(32, returndata), returndata_size)
                            }
                        } else {
                            revert(errorMessage);
                        }
                    }
                }
            }
            // SPDX-License-Identifier: MIT
            // OpenZeppelin Contracts (last updated v4.7.0) (access/Ownable.sol)
            pragma solidity ^0.8.0;
            import "../utils/ContextUpgradeable.sol";
            import "../proxy/utils/Initializable.sol";
            /**
             * @dev Contract module which provides a basic access control mechanism, where
             * there is an account (an owner) that can be granted exclusive access to
             * specific functions.
             *
             * By default, the owner account will be the one that deploys the contract. This
             * can later be changed with {transferOwnership}.
             *
             * This module is used through inheritance. It will make available the modifier
             * `onlyOwner`, which can be applied to your functions to restrict their use to
             * the owner.
             */
            abstract contract OwnableUpgradeable is Initializable, ContextUpgradeable {
                address private _owner;
                event OwnershipTransferred(address indexed previousOwner, address indexed newOwner);
                /**
                 * @dev Initializes the contract setting the deployer as the initial owner.
                 */
                function __Ownable_init() internal onlyInitializing {
                    __Ownable_init_unchained();
                }
                function __Ownable_init_unchained() internal onlyInitializing {
                    _transferOwnership(_msgSender());
                }
                /**
                 * @dev Throws if called by any account other than the owner.
                 */
                modifier onlyOwner() {
                    _checkOwner();
                    _;
                }
                /**
                 * @dev Returns the address of the current owner.
                 */
                function owner() public view virtual returns (address) {
                    return _owner;
                }
                /**
                 * @dev Throws if the sender is not the owner.
                 */
                function _checkOwner() internal view virtual {
                    require(owner() == _msgSender(), "Ownable: caller is not the owner");
                }
                /**
                 * @dev Leaves the contract without owner. It will not be possible to call
                 * `onlyOwner` functions anymore. Can only be called by the current owner.
                 *
                 * NOTE: Renouncing ownership will leave the contract without an owner,
                 * thereby removing any functionality that is only available to the owner.
                 */
                function renounceOwnership() public virtual onlyOwner {
                    _transferOwnership(address(0));
                }
                /**
                 * @dev Transfers ownership of the contract to a new account (`newOwner`).
                 * Can only be called by the current owner.
                 */
                function transferOwnership(address newOwner) public virtual onlyOwner {
                    require(newOwner != address(0), "Ownable: new owner is the zero address");
                    _transferOwnership(newOwner);
                }
                /**
                 * @dev Transfers ownership of the contract to a new account (`newOwner`).
                 * Internal function without access restriction.
                 */
                function _transferOwnership(address newOwner) internal virtual {
                    address oldOwner = _owner;
                    _owner = newOwner;
                    emit OwnershipTransferred(oldOwner, newOwner);
                }
                /**
                 * @dev This empty reserved space is put in place to allow future versions to add new
                 * variables without shifting down storage in the inheritance chain.
                 * See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps
                 */
                uint256[49] private __gap;
            }
            // SPDX-License-Identifier: MIT
            pragma solidity ^0.8.0;
            import { Types } from "./Types.sol";
            import { Hashing } from "./Hashing.sol";
            import { RLPWriter } from "./rlp/RLPWriter.sol";
            /// @title Encoding
            /// @notice Encoding handles Optimism's various different encoding schemes.
            library Encoding {
                /// @notice RLP encodes the L2 transaction that would be generated when a given deposit is sent
                ///         to the L2 system. Useful for searching for a deposit in the L2 system. The
                ///         transaction is prefixed with 0x7e to identify its EIP-2718 type.
                /// @param _tx User deposit transaction to encode.
                /// @return RLP encoded L2 deposit transaction.
                function encodeDepositTransaction(Types.UserDepositTransaction memory _tx)
                    internal
                    pure
                    returns (bytes memory)
                {
                    bytes32 source = Hashing.hashDepositSource(_tx.l1BlockHash, _tx.logIndex);
                    bytes[] memory raw = new bytes[](8);
                    raw[0] = RLPWriter.writeBytes(abi.encodePacked(source));
                    raw[1] = RLPWriter.writeAddress(_tx.from);
                    raw[2] = _tx.isCreation ? RLPWriter.writeBytes("") : RLPWriter.writeAddress(_tx.to);
                    raw[3] = RLPWriter.writeUint(_tx.mint);
                    raw[4] = RLPWriter.writeUint(_tx.value);
                    raw[5] = RLPWriter.writeUint(uint256(_tx.gasLimit));
                    raw[6] = RLPWriter.writeBool(false);
                    raw[7] = RLPWriter.writeBytes(_tx.data);
                    return abi.encodePacked(uint8(0x7e), RLPWriter.writeList(raw));
                }
                /// @notice Encodes the cross domain message based on the version that is encoded into the
                ///         message nonce.
                /// @param _nonce    Message nonce with version encoded into the first two bytes.
                /// @param _sender   Address of the sender of the message.
                /// @param _target   Address of the target of the message.
                /// @param _value    ETH value to send to the target.
                /// @param _gasLimit Gas limit to use for the message.
                /// @param _data     Data to send with the message.
                /// @return Encoded cross domain message.
                function encodeCrossDomainMessage(
                    uint256 _nonce,
                    address _sender,
                    address _target,
                    uint256 _value,
                    uint256 _gasLimit,
                    bytes memory _data
                ) internal pure returns (bytes memory) {
                    (, uint16 version) = decodeVersionedNonce(_nonce);
                    if (version == 0) {
                        return encodeCrossDomainMessageV0(_target, _sender, _data, _nonce);
                    } else if (version == 1) {
                        return encodeCrossDomainMessageV1(_nonce, _sender, _target, _value, _gasLimit, _data);
                    } else {
                        revert("Encoding: unknown cross domain message version");
                    }
                }
                /// @notice Encodes a cross domain message based on the V0 (legacy) encoding.
                /// @param _target Address of the target of the message.
                /// @param _sender Address of the sender of the message.
                /// @param _data   Data to send with the message.
                /// @param _nonce  Message nonce.
                /// @return Encoded cross domain message.
                function encodeCrossDomainMessageV0(
                    address _target,
                    address _sender,
                    bytes memory _data,
                    uint256 _nonce
                ) internal pure returns (bytes memory) {
                    return
                        abi.encodeWithSignature(
                            "relayMessage(address,address,bytes,uint256)",
                            _target,
                            _sender,
                            _data,
                            _nonce
                        );
                }
                /// @notice Encodes a cross domain message based on the V1 (current) encoding.
                /// @param _nonce    Message nonce.
                /// @param _sender   Address of the sender of the message.
                /// @param _target   Address of the target of the message.
                /// @param _value    ETH value to send to the target.
                /// @param _gasLimit Gas limit to use for the message.
                /// @param _data     Data to send with the message.
                /// @return Encoded cross domain message.
                function encodeCrossDomainMessageV1(
                    uint256 _nonce,
                    address _sender,
                    address _target,
                    uint256 _value,
                    uint256 _gasLimit,
                    bytes memory _data
                ) internal pure returns (bytes memory) {
                    return
                        abi.encodeWithSignature(
                            "relayMessage(uint256,address,address,uint256,uint256,bytes)",
                            _nonce,
                            _sender,
                            _target,
                            _value,
                            _gasLimit,
                            _data
                        );
                }
                /// @notice Adds a version number into the first two bytes of a message nonce.
                /// @param _nonce   Message nonce to encode into.
                /// @param _version Version number to encode into the message nonce.
                /// @return Message nonce with version encoded into the first two bytes.
                function encodeVersionedNonce(uint240 _nonce, uint16 _version) internal pure returns (uint256) {
                    uint256 nonce;
                    assembly {
                        nonce := or(shl(240, _version), _nonce)
                    }
                    return nonce;
                }
                /// @notice Pulls the version out of a version-encoded nonce.
                /// @param _nonce Message nonce with version encoded into the first two bytes.
                /// @return Nonce without encoded version.
                /// @return Version of the message.
                function decodeVersionedNonce(uint256 _nonce) internal pure returns (uint240, uint16) {
                    uint240 nonce;
                    uint16 version;
                    assembly {
                        nonce := and(_nonce, 0x0000ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff)
                        version := shr(240, _nonce)
                    }
                    return (nonce, version);
                }
            }
            // SPDX-License-Identifier: MIT
            pragma solidity ^0.8.0;
            import { Bytes } from "../Bytes.sol";
            import { RLPReader } from "../rlp/RLPReader.sol";
            /**
             * @title MerkleTrie
             * @notice MerkleTrie is a small library for verifying standard Ethereum Merkle-Patricia trie
             *         inclusion proofs. By default, this library assumes a hexary trie. One can change the
             *         trie radix constant to support other trie radixes.
             */
            library MerkleTrie {
                /**
                 * @notice Struct representing a node in the trie.
                 *
                 * @custom:field encoded The RLP-encoded node.
                 * @custom:field decoded The RLP-decoded node.
                 */
                struct TrieNode {
                    bytes encoded;
                    RLPReader.RLPItem[] decoded;
                }
                /**
                 * @notice Determines the number of elements per branch node.
                 */
                uint256 internal constant TREE_RADIX = 16;
                /**
                 * @notice Branch nodes have TREE_RADIX elements and one value element.
                 */
                uint256 internal constant BRANCH_NODE_LENGTH = TREE_RADIX + 1;
                /**
                 * @notice Leaf nodes and extension nodes have two elements, a `path` and a `value`.
                 */
                uint256 internal constant LEAF_OR_EXTENSION_NODE_LENGTH = 2;
                /**
                 * @notice Prefix for even-nibbled extension node paths.
                 */
                uint8 internal constant PREFIX_EXTENSION_EVEN = 0;
                /**
                 * @notice Prefix for odd-nibbled extension node paths.
                 */
                uint8 internal constant PREFIX_EXTENSION_ODD = 1;
                /**
                 * @notice Prefix for even-nibbled leaf node paths.
                 */
                uint8 internal constant PREFIX_LEAF_EVEN = 2;
                /**
                 * @notice Prefix for odd-nibbled leaf node paths.
                 */
                uint8 internal constant PREFIX_LEAF_ODD = 3;
                /**
                 * @notice Verifies a proof that a given key/value pair is present in the trie.
                 *
                 * @param _key   Key of the node to search for, as a hex string.
                 * @param _value Value of the node to search for, as a hex string.
                 * @param _proof Merkle trie inclusion proof for the desired node. Unlike traditional Merkle
                 *               trees, this proof is executed top-down and consists of a list of RLP-encoded
                 *               nodes that make a path down to the target node.
                 * @param _root  Known root of the Merkle trie. Used to verify that the included proof is
                 *               correctly constructed.
                 *
                 * @return Whether or not the proof is valid.
                 */
                function verifyInclusionProof(
                    bytes memory _key,
                    bytes memory _value,
                    bytes[] memory _proof,
                    bytes32 _root
                ) internal pure returns (bool) {
                    return Bytes.equal(_value, get(_key, _proof, _root));
                }
                /**
                 * @notice Retrieves the value associated with a given key.
                 *
                 * @param _key   Key to search for, as hex bytes.
                 * @param _proof Merkle trie inclusion proof for the key.
                 * @param _root  Known root of the Merkle trie.
                 *
                 * @return Value of the key if it exists.
                 */
                function get(
                    bytes memory _key,
                    bytes[] memory _proof,
                    bytes32 _root
                ) internal pure returns (bytes memory) {
                    require(_key.length > 0, "MerkleTrie: empty key");
                    TrieNode[] memory proof = _parseProof(_proof);
                    bytes memory key = Bytes.toNibbles(_key);
                    bytes memory currentNodeID = abi.encodePacked(_root);
                    uint256 currentKeyIndex = 0;
                    // Proof is top-down, so we start at the first element (root).
                    for (uint256 i = 0; i < proof.length; i++) {
                        TrieNode memory currentNode = proof[i];
                        // Key index should never exceed total key length or we'll be out of bounds.
                        require(
                            currentKeyIndex <= key.length,
                            "MerkleTrie: key index exceeds total key length"
                        );
                        if (currentKeyIndex == 0) {
                            // First proof element is always the root node.
                            require(
                                Bytes.equal(abi.encodePacked(keccak256(currentNode.encoded)), currentNodeID),
                                "MerkleTrie: invalid root hash"
                            );
                        } else if (currentNode.encoded.length >= 32) {
                            // Nodes 32 bytes or larger are hashed inside branch nodes.
                            require(
                                Bytes.equal(abi.encodePacked(keccak256(currentNode.encoded)), currentNodeID),
                                "MerkleTrie: invalid large internal hash"
                            );
                        } else {
                            // Nodes smaller than 32 bytes aren't hashed.
                            require(
                                Bytes.equal(currentNode.encoded, currentNodeID),
                                "MerkleTrie: invalid internal node hash"
                            );
                        }
                        if (currentNode.decoded.length == BRANCH_NODE_LENGTH) {
                            if (currentKeyIndex == key.length) {
                                // Value is the last element of the decoded list (for branch nodes). There's
                                // some ambiguity in the Merkle trie specification because bytes(0) is a
                                // valid value to place into the trie, but for branch nodes bytes(0) can exist
                                // even when the value wasn't explicitly placed there. Geth treats a value of
                                // bytes(0) as "key does not exist" and so we do the same.
                                bytes memory value = RLPReader.readBytes(currentNode.decoded[TREE_RADIX]);
                                require(
                                    value.length > 0,
                                    "MerkleTrie: value length must be greater than zero (branch)"
                                );
                                // Extra proof elements are not allowed.
                                require(
                                    i == proof.length - 1,
                                    "MerkleTrie: value node must be last node in proof (branch)"
                                );
                                return value;
                            } else {
                                // We're not at the end of the key yet.
                                // Figure out what the next node ID should be and continue.
                                uint8 branchKey = uint8(key[currentKeyIndex]);
                                RLPReader.RLPItem memory nextNode = currentNode.decoded[branchKey];
                                currentNodeID = _getNodeID(nextNode);
                                currentKeyIndex += 1;
                            }
                        } else if (currentNode.decoded.length == LEAF_OR_EXTENSION_NODE_LENGTH) {
                            bytes memory path = _getNodePath(currentNode);
                            uint8 prefix = uint8(path[0]);
                            uint8 offset = 2 - (prefix % 2);
                            bytes memory pathRemainder = Bytes.slice(path, offset);
                            bytes memory keyRemainder = Bytes.slice(key, currentKeyIndex);
                            uint256 sharedNibbleLength = _getSharedNibbleLength(pathRemainder, keyRemainder);
                            // Whether this is a leaf node or an extension node, the path remainder MUST be a
                            // prefix of the key remainder (or be equal to the key remainder) or the proof is
                            // considered invalid.
                            require(
                                pathRemainder.length == sharedNibbleLength,
                                "MerkleTrie: path remainder must share all nibbles with key"
                            );
                            if (prefix == PREFIX_LEAF_EVEN || prefix == PREFIX_LEAF_ODD) {
                                // Prefix of 2 or 3 means this is a leaf node. For the leaf node to be valid,
                                // the key remainder must be exactly equal to the path remainder. We already
                                // did the necessary byte comparison, so it's more efficient here to check that
                                // the key remainder length equals the shared nibble length, which implies
                                // equality with the path remainder (since we already did the same check with
                                // the path remainder and the shared nibble length).
                                require(
                                    keyRemainder.length == sharedNibbleLength,
                                    "MerkleTrie: key remainder must be identical to path remainder"
                                );
                                // Our Merkle Trie is designed specifically for the purposes of the Ethereum
                                // state trie. Empty values are not allowed in the state trie, so we can safely
                                // say that if the value is empty, the key should not exist and the proof is
                                // invalid.
                                bytes memory value = RLPReader.readBytes(currentNode.decoded[1]);
                                require(
                                    value.length > 0,
                                    "MerkleTrie: value length must be greater than zero (leaf)"
                                );
                                // Extra proof elements are not allowed.
                                require(
                                    i == proof.length - 1,
                                    "MerkleTrie: value node must be last node in proof (leaf)"
                                );
                                return value;
                            } else if (prefix == PREFIX_EXTENSION_EVEN || prefix == PREFIX_EXTENSION_ODD) {
                                // Prefix of 0 or 1 means this is an extension node. We move onto the next node
                                // in the proof and increment the key index by the length of the path remainder
                                // which is equal to the shared nibble length.
                                currentNodeID = _getNodeID(currentNode.decoded[1]);
                                currentKeyIndex += sharedNibbleLength;
                            } else {
                                revert("MerkleTrie: received a node with an unknown prefix");
                            }
                        } else {
                            revert("MerkleTrie: received an unparseable node");
                        }
                    }
                    revert("MerkleTrie: ran out of proof elements");
                }
                /**
                 * @notice Parses an array of proof elements into a new array that contains both the original
                 *         encoded element and the RLP-decoded element.
                 *
                 * @param _proof Array of proof elements to parse.
                 *
                 * @return Proof parsed into easily accessible structs.
                 */
                function _parseProof(bytes[] memory _proof) private pure returns (TrieNode[] memory) {
                    uint256 length = _proof.length;
                    TrieNode[] memory proof = new TrieNode[](length);
                    for (uint256 i = 0; i < length; ) {
                        proof[i] = TrieNode({ encoded: _proof[i], decoded: RLPReader.readList(_proof[i]) });
                        unchecked {
                            ++i;
                        }
                    }
                    return proof;
                }
                /**
                 * @notice Picks out the ID for a node. Node ID is referred to as the "hash" within the
                 *         specification, but nodes < 32 bytes are not actually hashed.
                 *
                 * @param _node Node to pull an ID for.
                 *
                 * @return ID for the node, depending on the size of its contents.
                 */
                function _getNodeID(RLPReader.RLPItem memory _node) private pure returns (bytes memory) {
                    return _node.length < 32 ? RLPReader.readRawBytes(_node) : RLPReader.readBytes(_node);
                }
                /**
                 * @notice Gets the path for a leaf or extension node.
                 *
                 * @param _node Node to get a path for.
                 *
                 * @return Node path, converted to an array of nibbles.
                 */
                function _getNodePath(TrieNode memory _node) private pure returns (bytes memory) {
                    return Bytes.toNibbles(RLPReader.readBytes(_node.decoded[0]));
                }
                /**
                 * @notice Utility; determines the number of nibbles shared between two nibble arrays.
                 *
                 * @param _a First nibble array.
                 * @param _b Second nibble array.
                 *
                 * @return Number of shared nibbles.
                 */
                function _getSharedNibbleLength(bytes memory _a, bytes memory _b)
                    private
                    pure
                    returns (uint256)
                {
                    uint256 shared;
                    uint256 max = (_a.length < _b.length) ? _a.length : _b.length;
                    for (; shared < max && _a[shared] == _b[shared]; ) {
                        unchecked {
                            ++shared;
                        }
                    }
                    return shared;
                }
            }
            // SPDX-License-Identifier: MIT
            // OpenZeppelin Contracts (last updated v4.7.0) (utils/math/Math.sol)
            pragma solidity ^0.8.0;
            /**
             * @dev Standard math utilities missing in the Solidity language.
             */
            library Math {
                enum Rounding {
                    Down, // Toward negative infinity
                    Up, // Toward infinity
                    Zero // Toward zero
                }
                /**
                 * @dev Returns the largest of two numbers.
                 */
                function max(uint256 a, uint256 b) internal pure returns (uint256) {
                    return a >= b ? a : b;
                }
                /**
                 * @dev Returns the smallest of two numbers.
                 */
                function min(uint256 a, uint256 b) internal pure returns (uint256) {
                    return a < b ? a : b;
                }
                /**
                 * @dev Returns the average of two numbers. The result is rounded towards
                 * zero.
                 */
                function average(uint256 a, uint256 b) internal pure returns (uint256) {
                    // (a + b) / 2 can overflow.
                    return (a & b) + (a ^ b) / 2;
                }
                /**
                 * @dev Returns the ceiling of the division of two numbers.
                 *
                 * This differs from standard division with `/` in that it rounds up instead
                 * of rounding down.
                 */
                function ceilDiv(uint256 a, uint256 b) internal pure returns (uint256) {
                    // (a + b - 1) / b can overflow on addition, so we distribute.
                    return a == 0 ? 0 : (a - 1) / b + 1;
                }
                /**
                 * @notice Calculates floor(x * y / denominator) with full precision. Throws if result overflows a uint256 or denominator == 0
                 * @dev Original credit to Remco Bloemen under MIT license (https://xn--2-umb.com/21/muldiv)
                 * with further edits by Uniswap Labs also under MIT license.
                 */
                function mulDiv(
                    uint256 x,
                    uint256 y,
                    uint256 denominator
                ) internal pure returns (uint256 result) {
                    unchecked {
                        // 512-bit multiply [prod1 prod0] = x * y. Compute the product mod 2^256 and mod 2^256 - 1, then use
                        // use the Chinese Remainder Theorem to reconstruct the 512 bit result. The result is stored in two 256
                        // variables such that product = prod1 * 2^256 + prod0.
                        uint256 prod0; // Least significant 256 bits of the product
                        uint256 prod1; // Most significant 256 bits of the product
                        assembly {
                            let mm := mulmod(x, y, not(0))
                            prod0 := mul(x, y)
                            prod1 := sub(sub(mm, prod0), lt(mm, prod0))
                        }
                        // Handle non-overflow cases, 256 by 256 division.
                        if (prod1 == 0) {
                            return prod0 / denominator;
                        }
                        // Make sure the result is less than 2^256. Also prevents denominator == 0.
                        require(denominator > prod1);
                        ///////////////////////////////////////////////
                        // 512 by 256 division.
                        ///////////////////////////////////////////////
                        // Make division exact by subtracting the remainder from [prod1 prod0].
                        uint256 remainder;
                        assembly {
                            // Compute remainder using mulmod.
                            remainder := mulmod(x, y, denominator)
                            // Subtract 256 bit number from 512 bit number.
                            prod1 := sub(prod1, gt(remainder, prod0))
                            prod0 := sub(prod0, remainder)
                        }
                        // Factor powers of two out of denominator and compute largest power of two divisor of denominator. Always >= 1.
                        // See https://cs.stackexchange.com/q/138556/92363.
                        // Does not overflow because the denominator cannot be zero at this stage in the function.
                        uint256 twos = denominator & (~denominator + 1);
                        assembly {
                            // Divide denominator by twos.
                            denominator := div(denominator, twos)
                            // Divide [prod1 prod0] by twos.
                            prod0 := div(prod0, twos)
                            // Flip twos such that it is 2^256 / twos. If twos is zero, then it becomes one.
                            twos := add(div(sub(0, twos), twos), 1)
                        }
                        // Shift in bits from prod1 into prod0.
                        prod0 |= prod1 * twos;
                        // Invert denominator mod 2^256. Now that denominator is an odd number, it has an inverse modulo 2^256 such
                        // that denominator * inv = 1 mod 2^256. Compute the inverse by starting with a seed that is correct for
                        // four bits. That is, denominator * inv = 1 mod 2^4.
                        uint256 inverse = (3 * denominator) ^ 2;
                        // Use the Newton-Raphson iteration to improve the precision. Thanks to Hensel's lifting lemma, this also works
                        // in modular arithmetic, doubling the correct bits in each step.
                        inverse *= 2 - denominator * inverse; // inverse mod 2^8
                        inverse *= 2 - denominator * inverse; // inverse mod 2^16
                        inverse *= 2 - denominator * inverse; // inverse mod 2^32
                        inverse *= 2 - denominator * inverse; // inverse mod 2^64
                        inverse *= 2 - denominator * inverse; // inverse mod 2^128
                        inverse *= 2 - denominator * inverse; // inverse mod 2^256
                        // Because the division is now exact we can divide by multiplying with the modular inverse of denominator.
                        // This will give us the correct result modulo 2^256. Since the preconditions guarantee that the outcome is
                        // less than 2^256, this is the final result. We don't need to compute the high bits of the result and prod1
                        // is no longer required.
                        result = prod0 * inverse;
                        return result;
                    }
                }
                /**
                 * @notice Calculates x * y / denominator with full precision, following the selected rounding direction.
                 */
                function mulDiv(
                    uint256 x,
                    uint256 y,
                    uint256 denominator,
                    Rounding rounding
                ) internal pure returns (uint256) {
                    uint256 result = mulDiv(x, y, denominator);
                    if (rounding == Rounding.Up && mulmod(x, y, denominator) > 0) {
                        result += 1;
                    }
                    return result;
                }
                /**
                 * @dev Returns the square root of a number. It the number is not a perfect square, the value is rounded down.
                 *
                 * Inspired by Henry S. Warren, Jr.'s "Hacker's Delight" (Chapter 11).
                 */
                function sqrt(uint256 a) internal pure returns (uint256) {
                    if (a == 0) {
                        return 0;
                    }
                    // For our first guess, we get the biggest power of 2 which is smaller than the square root of the target.
                    // We know that the "msb" (most significant bit) of our target number `a` is a power of 2 such that we have
                    // `msb(a) <= a < 2*msb(a)`.
                    // We also know that `k`, the position of the most significant bit, is such that `msb(a) = 2**k`.
                    // This gives `2**k < a <= 2**(k+1)` → `2**(k/2) <= sqrt(a) < 2 ** (k/2+1)`.
                    // Using an algorithm similar to the msb conmputation, we are able to compute `result = 2**(k/2)` which is a
                    // good first aproximation of `sqrt(a)` with at least 1 correct bit.
                    uint256 result = 1;
                    uint256 x = a;
                    if (x >> 128 > 0) {
                        x >>= 128;
                        result <<= 64;
                    }
                    if (x >> 64 > 0) {
                        x >>= 64;
                        result <<= 32;
                    }
                    if (x >> 32 > 0) {
                        x >>= 32;
                        result <<= 16;
                    }
                    if (x >> 16 > 0) {
                        x >>= 16;
                        result <<= 8;
                    }
                    if (x >> 8 > 0) {
                        x >>= 8;
                        result <<= 4;
                    }
                    if (x >> 4 > 0) {
                        x >>= 4;
                        result <<= 2;
                    }
                    if (x >> 2 > 0) {
                        result <<= 1;
                    }
                    // At this point `result` is an estimation with one bit of precision. We know the true value is a uint128,
                    // since it is the square root of a uint256. Newton's method converges quadratically (precision doubles at
                    // every iteration). We thus need at most 7 iteration to turn our partial result with one bit of precision
                    // into the expected uint128 result.
                    unchecked {
                        result = (result + a / result) >> 1;
                        result = (result + a / result) >> 1;
                        result = (result + a / result) >> 1;
                        result = (result + a / result) >> 1;
                        result = (result + a / result) >> 1;
                        result = (result + a / result) >> 1;
                        result = (result + a / result) >> 1;
                        return min(result, a / result);
                    }
                }
                /**
                 * @notice Calculates sqrt(a), following the selected rounding direction.
                 */
                function sqrt(uint256 a, Rounding rounding) internal pure returns (uint256) {
                    uint256 result = sqrt(a);
                    if (rounding == Rounding.Up && result * result < a) {
                        result += 1;
                    }
                    return result;
                }
            }
            // SPDX-License-Identifier: MIT
            pragma solidity 0.8.15;
            /// @title Burn
            /// @notice Utilities for burning stuff.
            library Burn {
                /// @notice Burns a given amount of ETH.
                /// @param _amount Amount of ETH to burn.
                function eth(uint256 _amount) internal {
                    new Burner{ value: _amount }();
                }
                /// @notice Burns a given amount of gas.
                /// @param _amount Amount of gas to burn.
                function gas(uint256 _amount) internal view {
                    uint256 i = 0;
                    uint256 initialGas = gasleft();
                    while (initialGas - gasleft() < _amount) {
                        ++i;
                    }
                }
            }
            /// @title Burner
            /// @notice Burner self-destructs on creation and sends all ETH to itself, removing all ETH given to
            ///         the contract from the circulating supply. Self-destructing is the only way to remove ETH
            ///         from the circulating supply.
            contract Burner {
                constructor() payable {
                    selfdestruct(payable(address(this)));
                }
            }
            // SPDX-License-Identifier: MIT
            pragma solidity 0.8.15;
            import { SignedMath } from "@openzeppelin/contracts/utils/math/SignedMath.sol";
            import { FixedPointMathLib } from "@rari-capital/solmate/src/utils/FixedPointMathLib.sol";
            /// @title Arithmetic
            /// @notice Even more math than before.
            library Arithmetic {
                /// @notice Clamps a value between a minimum and maximum.
                /// @param _value The value to clamp.
                /// @param _min   The minimum value.
                /// @param _max   The maximum value.
                /// @return The clamped value.
                function clamp(
                    int256 _value,
                    int256 _min,
                    int256 _max
                ) internal pure returns (int256) {
                    return SignedMath.min(SignedMath.max(_value, _min), _max);
                }
                /// @notice (c)oefficient (d)enominator (exp)onentiation function.
                ///         Returns the result of: c * (1 - 1/d)^exp.
                /// @param _coefficient Coefficient of the function.
                /// @param _denominator Fractional denominator.
                /// @param _exponent    Power function exponent.
                /// @return Result of c * (1 - 1/d)^exp.
                function cdexp(
                    int256 _coefficient,
                    int256 _denominator,
                    int256 _exponent
                ) internal pure returns (int256) {
                    return
                        (_coefficient *
                            (FixedPointMathLib.powWad(1e18 - (1e18 / _denominator), _exponent * 1e18))) / 1e18;
                }
            }
            // SPDX-License-Identifier: MIT
            // OpenZeppelin Contracts (last updated v4.7.0) (utils/Strings.sol)
            pragma solidity ^0.8.0;
            /**
             * @dev String operations.
             */
            library Strings {
                bytes16 private constant _HEX_SYMBOLS = "0123456789abcdef";
                uint8 private constant _ADDRESS_LENGTH = 20;
                /**
                 * @dev Converts a `uint256` to its ASCII `string` decimal representation.
                 */
                function toString(uint256 value) internal pure returns (string memory) {
                    // Inspired by OraclizeAPI's implementation - MIT licence
                    // https://github.com/oraclize/ethereum-api/blob/b42146b063c7d6ee1358846c198246239e9360e8/oraclizeAPI_0.4.25.sol
                    if (value == 0) {
                        return "0";
                    }
                    uint256 temp = value;
                    uint256 digits;
                    while (temp != 0) {
                        digits++;
                        temp /= 10;
                    }
                    bytes memory buffer = new bytes(digits);
                    while (value != 0) {
                        digits -= 1;
                        buffer[digits] = bytes1(uint8(48 + uint256(value % 10)));
                        value /= 10;
                    }
                    return string(buffer);
                }
                /**
                 * @dev Converts a `uint256` to its ASCII `string` hexadecimal representation.
                 */
                function toHexString(uint256 value) internal pure returns (string memory) {
                    if (value == 0) {
                        return "0x00";
                    }
                    uint256 temp = value;
                    uint256 length = 0;
                    while (temp != 0) {
                        length++;
                        temp >>= 8;
                    }
                    return toHexString(value, length);
                }
                /**
                 * @dev Converts a `uint256` to its ASCII `string` hexadecimal representation with fixed length.
                 */
                function toHexString(uint256 value, uint256 length) internal pure returns (string memory) {
                    bytes memory buffer = new bytes(2 * length + 2);
                    buffer[0] = "0";
                    buffer[1] = "x";
                    for (uint256 i = 2 * length + 1; i > 1; --i) {
                        buffer[i] = _HEX_SYMBOLS[value & 0xf];
                        value >>= 4;
                    }
                    require(value == 0, "Strings: hex length insufficient");
                    return string(buffer);
                }
                /**
                 * @dev Converts an `address` with fixed length of 20 bytes to its not checksummed ASCII `string` hexadecimal representation.
                 */
                function toHexString(address addr) internal pure returns (string memory) {
                    return toHexString(uint256(uint160(addr)), _ADDRESS_LENGTH);
                }
            }
            // SPDX-License-Identifier: MIT
            // OpenZeppelin Contracts v4.4.1 (utils/Context.sol)
            pragma solidity ^0.8.0;
            import "../proxy/utils/Initializable.sol";
            /**
             * @dev Provides information about the current execution context, including the
             * sender of the transaction and its data. While these are generally available
             * via msg.sender and msg.data, they should not be accessed in such a direct
             * manner, since when dealing with meta-transactions the account sending and
             * paying for execution may not be the actual sender (as far as an application
             * is concerned).
             *
             * This contract is only required for intermediate, library-like contracts.
             */
            abstract contract ContextUpgradeable is Initializable {
                function __Context_init() internal onlyInitializing {
                }
                function __Context_init_unchained() internal onlyInitializing {
                }
                function _msgSender() internal view virtual returns (address) {
                    return msg.sender;
                }
                function _msgData() internal view virtual returns (bytes calldata) {
                    return msg.data;
                }
                /**
                 * @dev This empty reserved space is put in place to allow future versions to add new
                 * variables without shifting down storage in the inheritance chain.
                 * See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps
                 */
                uint256[50] private __gap;
            }
            // SPDX-License-Identifier: MIT
            // OpenZeppelin Contracts (last updated v4.7.0) (proxy/utils/Initializable.sol)
            pragma solidity ^0.8.2;
            import "../../utils/AddressUpgradeable.sol";
            /**
             * @dev This is a base contract to aid in writing upgradeable contracts, or any kind of contract that will be deployed
             * behind a proxy. Since proxied contracts do not make use of a constructor, it's common to move constructor logic to an
             * external initializer function, usually called `initialize`. It then becomes necessary to protect this initializer
             * function so it can only be called once. The {initializer} modifier provided by this contract will have this effect.
             *
             * The initialization functions use a version number. Once a version number is used, it is consumed and cannot be
             * reused. This mechanism prevents re-execution of each "step" but allows the creation of new initialization steps in
             * case an upgrade adds a module that needs to be initialized.
             *
             * For example:
             *
             * [.hljs-theme-light.nopadding]
             * ```
             * contract MyToken is ERC20Upgradeable {
             *     function initialize() initializer public {
             *         __ERC20_init("MyToken", "MTK");
             *     }
             * }
             * contract MyTokenV2 is MyToken, ERC20PermitUpgradeable {
             *     function initializeV2() reinitializer(2) public {
             *         __ERC20Permit_init("MyToken");
             *     }
             * }
             * ```
             *
             * TIP: To avoid leaving the proxy in an uninitialized state, the initializer function should be called as early as
             * possible by providing the encoded function call as the `_data` argument to {ERC1967Proxy-constructor}.
             *
             * CAUTION: When used with inheritance, manual care must be taken to not invoke a parent initializer twice, or to ensure
             * that all initializers are idempotent. This is not verified automatically as constructors are by Solidity.
             *
             * [CAUTION]
             * ====
             * Avoid leaving a contract uninitialized.
             *
             * An uninitialized contract can be taken over by an attacker. This applies to both a proxy and its implementation
             * contract, which may impact the proxy. To prevent the implementation contract from being used, you should invoke
             * the {_disableInitializers} function in the constructor to automatically lock it when it is deployed:
             *
             * [.hljs-theme-light.nopadding]
             * ```
             * /// @custom:oz-upgrades-unsafe-allow constructor
             * constructor() {
             *     _disableInitializers();
             * }
             * ```
             * ====
             */
            abstract contract Initializable {
                /**
                 * @dev Indicates that the contract has been initialized.
                 * @custom:oz-retyped-from bool
                 */
                uint8 private _initialized;
                /**
                 * @dev Indicates that the contract is in the process of being initialized.
                 */
                bool private _initializing;
                /**
                 * @dev Triggered when the contract has been initialized or reinitialized.
                 */
                event Initialized(uint8 version);
                /**
                 * @dev A modifier that defines a protected initializer function that can be invoked at most once. In its scope,
                 * `onlyInitializing` functions can be used to initialize parent contracts. Equivalent to `reinitializer(1)`.
                 */
                modifier initializer() {
                    bool isTopLevelCall = !_initializing;
                    require(
                        (isTopLevelCall && _initialized < 1) || (!AddressUpgradeable.isContract(address(this)) && _initialized == 1),
                        "Initializable: contract is already initialized"
                    );
                    _initialized = 1;
                    if (isTopLevelCall) {
                        _initializing = true;
                    }
                    _;
                    if (isTopLevelCall) {
                        _initializing = false;
                        emit Initialized(1);
                    }
                }
                /**
                 * @dev A modifier that defines a protected reinitializer function that can be invoked at most once, and only if the
                 * contract hasn't been initialized to a greater version before. In its scope, `onlyInitializing` functions can be
                 * used to initialize parent contracts.
                 *
                 * `initializer` is equivalent to `reinitializer(1)`, so a reinitializer may be used after the original
                 * initialization step. This is essential to configure modules that are added through upgrades and that require
                 * initialization.
                 *
                 * Note that versions can jump in increments greater than 1; this implies that if multiple reinitializers coexist in
                 * a contract, executing them in the right order is up to the developer or operator.
                 */
                modifier reinitializer(uint8 version) {
                    require(!_initializing && _initialized < version, "Initializable: contract is already initialized");
                    _initialized = version;
                    _initializing = true;
                    _;
                    _initializing = false;
                    emit Initialized(version);
                }
                /**
                 * @dev Modifier to protect an initialization function so that it can only be invoked by functions with the
                 * {initializer} and {reinitializer} modifiers, directly or indirectly.
                 */
                modifier onlyInitializing() {
                    require(_initializing, "Initializable: contract is not initializing");
                    _;
                }
                /**
                 * @dev Locks the contract, preventing any future reinitialization. This cannot be part of an initializer call.
                 * Calling this in the constructor of a contract will prevent that contract from being initialized or reinitialized
                 * to any version. It is recommended to use this to lock implementation contracts that are designed to be called
                 * through proxies.
                 */
                function _disableInitializers() internal virtual {
                    require(!_initializing, "Initializable: contract is initializing");
                    if (_initialized < type(uint8).max) {
                        _initialized = type(uint8).max;
                        emit Initialized(type(uint8).max);
                    }
                }
            }
            // SPDX-License-Identifier: MIT
            pragma solidity ^0.8.0;
            /**
             * @custom:attribution https://github.com/bakaoh/solidity-rlp-encode
             * @title RLPWriter
             * @author RLPWriter is a library for encoding Solidity types to RLP bytes. Adapted from Bakaoh's
             *         RLPEncode library (https://github.com/bakaoh/solidity-rlp-encode) with minor
             *         modifications to improve legibility.
             */
            library RLPWriter {
                /**
                 * @notice RLP encodes a byte string.
                 *
                 * @param _in The byte string to encode.
                 *
                 * @return The RLP encoded string in bytes.
                 */
                function writeBytes(bytes memory _in) internal pure returns (bytes memory) {
                    bytes memory encoded;
                    if (_in.length == 1 && uint8(_in[0]) < 128) {
                        encoded = _in;
                    } else {
                        encoded = abi.encodePacked(_writeLength(_in.length, 128), _in);
                    }
                    return encoded;
                }
                /**
                 * @notice RLP encodes a list of RLP encoded byte byte strings.
                 *
                 * @param _in The list of RLP encoded byte strings.
                 *
                 * @return The RLP encoded list of items in bytes.
                 */
                function writeList(bytes[] memory _in) internal pure returns (bytes memory) {
                    bytes memory list = _flatten(_in);
                    return abi.encodePacked(_writeLength(list.length, 192), list);
                }
                /**
                 * @notice RLP encodes a string.
                 *
                 * @param _in The string to encode.
                 *
                 * @return The RLP encoded string in bytes.
                 */
                function writeString(string memory _in) internal pure returns (bytes memory) {
                    return writeBytes(bytes(_in));
                }
                /**
                 * @notice RLP encodes an address.
                 *
                 * @param _in The address to encode.
                 *
                 * @return The RLP encoded address in bytes.
                 */
                function writeAddress(address _in) internal pure returns (bytes memory) {
                    return writeBytes(abi.encodePacked(_in));
                }
                /**
                 * @notice RLP encodes a uint.
                 *
                 * @param _in The uint256 to encode.
                 *
                 * @return The RLP encoded uint256 in bytes.
                 */
                function writeUint(uint256 _in) internal pure returns (bytes memory) {
                    return writeBytes(_toBinary(_in));
                }
                /**
                 * @notice RLP encodes a bool.
                 *
                 * @param _in The bool to encode.
                 *
                 * @return The RLP encoded bool in bytes.
                 */
                function writeBool(bool _in) internal pure returns (bytes memory) {
                    bytes memory encoded = new bytes(1);
                    encoded[0] = (_in ? bytes1(0x01) : bytes1(0x80));
                    return encoded;
                }
                /**
                 * @notice Encode the first byte and then the `len` in binary form if `length` is more than 55.
                 *
                 * @param _len    The length of the string or the payload.
                 * @param _offset 128 if item is string, 192 if item is list.
                 *
                 * @return RLP encoded bytes.
                 */
                function _writeLength(uint256 _len, uint256 _offset) private pure returns (bytes memory) {
                    bytes memory encoded;
                    if (_len < 56) {
                        encoded = new bytes(1);
                        encoded[0] = bytes1(uint8(_len) + uint8(_offset));
                    } else {
                        uint256 lenLen;
                        uint256 i = 1;
                        while (_len / i != 0) {
                            lenLen++;
                            i *= 256;
                        }
                        encoded = new bytes(lenLen + 1);
                        encoded[0] = bytes1(uint8(lenLen) + uint8(_offset) + 55);
                        for (i = 1; i <= lenLen; i++) {
                            encoded[i] = bytes1(uint8((_len / (256**(lenLen - i))) % 256));
                        }
                    }
                    return encoded;
                }
                /**
                 * @notice Encode integer in big endian binary form with no leading zeroes.
                 *
                 * @param _x The integer to encode.
                 *
                 * @return RLP encoded bytes.
                 */
                function _toBinary(uint256 _x) private pure returns (bytes memory) {
                    bytes memory b = abi.encodePacked(_x);
                    uint256 i = 0;
                    for (; i < 32; i++) {
                        if (b[i] != 0) {
                            break;
                        }
                    }
                    bytes memory res = new bytes(32 - i);
                    for (uint256 j = 0; j < res.length; j++) {
                        res[j] = b[i++];
                    }
                    return res;
                }
                /**
                 * @custom:attribution https://github.com/Arachnid/solidity-stringutils
                 * @notice Copies a piece of memory to another location.
                 *
                 * @param _dest Destination location.
                 * @param _src  Source location.
                 * @param _len  Length of memory to copy.
                 */
                function _memcpy(
                    uint256 _dest,
                    uint256 _src,
                    uint256 _len
                ) private pure {
                    uint256 dest = _dest;
                    uint256 src = _src;
                    uint256 len = _len;
                    for (; len >= 32; len -= 32) {
                        assembly {
                            mstore(dest, mload(src))
                        }
                        dest += 32;
                        src += 32;
                    }
                    uint256 mask;
                    unchecked {
                        mask = 256**(32 - len) - 1;
                    }
                    assembly {
                        let srcpart := and(mload(src), not(mask))
                        let destpart := and(mload(dest), mask)
                        mstore(dest, or(destpart, srcpart))
                    }
                }
                /**
                 * @custom:attribution https://github.com/sammayo/solidity-rlp-encoder
                 * @notice Flattens a list of byte strings into one byte string.
                 *
                 * @param _list List of byte strings to flatten.
                 *
                 * @return The flattened byte string.
                 */
                function _flatten(bytes[] memory _list) private pure returns (bytes memory) {
                    if (_list.length == 0) {
                        return new bytes(0);
                    }
                    uint256 len;
                    uint256 i = 0;
                    for (; i < _list.length; i++) {
                        len += _list[i].length;
                    }
                    bytes memory flattened = new bytes(len);
                    uint256 flattenedPtr;
                    assembly {
                        flattenedPtr := add(flattened, 0x20)
                    }
                    for (i = 0; i < _list.length; i++) {
                        bytes memory item = _list[i];
                        uint256 listPtr;
                        assembly {
                            listPtr := add(item, 0x20)
                        }
                        _memcpy(flattenedPtr, listPtr, item.length);
                        flattenedPtr += _list[i].length;
                    }
                    return flattened;
                }
            }
            // SPDX-License-Identifier: MIT
            pragma solidity ^0.8.0;
            /// @title Bytes
            /// @notice Bytes is a library for manipulating byte arrays.
            library Bytes {
                /// @custom:attribution https://github.com/GNSPS/solidity-bytes-utils
                /// @notice Slices a byte array with a given starting index and length. Returns a new byte array
                ///         as opposed to a pointer to the original array. Will throw if trying to slice more
                ///         bytes than exist in the array.
                /// @param _bytes Byte array to slice.
                /// @param _start Starting index of the slice.
                /// @param _length Length of the slice.
                /// @return Slice of the input byte array.
                function slice(
                    bytes memory _bytes,
                    uint256 _start,
                    uint256 _length
                ) internal pure returns (bytes memory) {
                    unchecked {
                        require(_length + 31 >= _length, "slice_overflow");
                        require(_start + _length >= _start, "slice_overflow");
                        require(_bytes.length >= _start + _length, "slice_outOfBounds");
                    }
                    bytes memory tempBytes;
                    assembly {
                        switch iszero(_length)
                        case 0 {
                            // Get a location of some free memory and store it in tempBytes as
                            // Solidity does for memory variables.
                            tempBytes := mload(0x40)
                            // The first word of the slice result is potentially a partial
                            // word read from the original array. To read it, we calculate
                            // the length of that partial word and start copying that many
                            // bytes into the array. The first word we copy will start with
                            // data we don't care about, but the last `lengthmod` bytes will
                            // land at the beginning of the contents of the new array. When
                            // we're done copying, we overwrite the full first word with
                            // the actual length of the slice.
                            let lengthmod := and(_length, 31)
                            // The multiplication in the next line is necessary
                            // because when slicing multiples of 32 bytes (lengthmod == 0)
                            // the following copy loop was copying the origin's length
                            // and then ending prematurely not copying everything it should.
                            let mc := add(add(tempBytes, lengthmod), mul(0x20, iszero(lengthmod)))
                            let end := add(mc, _length)
                            for {
                                // The multiplication in the next line has the same exact purpose
                                // as the one above.
                                let cc := add(add(add(_bytes, lengthmod), mul(0x20, iszero(lengthmod))), _start)
                            } lt(mc, end) {
                                mc := add(mc, 0x20)
                                cc := add(cc, 0x20)
                            } {
                                mstore(mc, mload(cc))
                            }
                            mstore(tempBytes, _length)
                            //update free-memory pointer
                            //allocating the array padded to 32 bytes like the compiler does now
                            mstore(0x40, and(add(mc, 31), not(31)))
                        }
                        //if we want a zero-length slice let's just return a zero-length array
                        default {
                            tempBytes := mload(0x40)
                            //zero out the 32 bytes slice we are about to return
                            //we need to do it because Solidity does not garbage collect
                            mstore(tempBytes, 0)
                            mstore(0x40, add(tempBytes, 0x20))
                        }
                    }
                    return tempBytes;
                }
                /// @notice Slices a byte array with a given starting index up to the end of the original byte
                ///         array. Returns a new array rathern than a pointer to the original.
                /// @param _bytes Byte array to slice.
                /// @param _start Starting index of the slice.
                /// @return Slice of the input byte array.
                function slice(bytes memory _bytes, uint256 _start) internal pure returns (bytes memory) {
                    if (_start >= _bytes.length) {
                        return bytes("");
                    }
                    return slice(_bytes, _start, _bytes.length - _start);
                }
                /// @notice Converts a byte array into a nibble array by splitting each byte into two nibbles.
                ///         Resulting nibble array will be exactly twice as long as the input byte array.
                /// @param _bytes Input byte array to convert.
                /// @return Resulting nibble array.
                function toNibbles(bytes memory _bytes) internal pure returns (bytes memory) {
                    bytes memory _nibbles;
                    assembly {
                        // Grab a free memory offset for the new array
                        _nibbles := mload(0x40)
                        // Load the length of the passed bytes array from memory
                        let bytesLength := mload(_bytes)
                        // Calculate the length of the new nibble array
                        // This is the length of the input array times 2
                        let nibblesLength := shl(0x01, bytesLength)
                        // Update the free memory pointer to allocate memory for the new array.
                        // To do this, we add the length of the new array + 32 bytes for the array length
                        // rounded up to the nearest 32 byte boundary to the current free memory pointer.
                        mstore(0x40, add(_nibbles, and(not(0x1F), add(nibblesLength, 0x3F))))
                        // Store the length of the new array in memory
                        mstore(_nibbles, nibblesLength)
                        // Store the memory offset of the _bytes array's contents on the stack
                        let bytesStart := add(_bytes, 0x20)
                        // Store the memory offset of the nibbles array's contents on the stack
                        let nibblesStart := add(_nibbles, 0x20)
                        // Loop through each byte in the input array
                        for {
                            let i := 0x00
                        } lt(i, bytesLength) {
                            i := add(i, 0x01)
                        } {
                            // Get the starting offset of the next 2 bytes in the nibbles array
                            let offset := add(nibblesStart, shl(0x01, i))
                            // Load the byte at the current index within the `_bytes` array
                            let b := byte(0x00, mload(add(bytesStart, i)))
                            // Pull out the first nibble and store it in the new array
                            mstore8(offset, shr(0x04, b))
                            // Pull out the second nibble and store it in the new array
                            mstore8(add(offset, 0x01), and(b, 0x0F))
                        }
                    }
                    return _nibbles;
                }
                /// @notice Compares two byte arrays by comparing their keccak256 hashes.
                /// @param _bytes First byte array to compare.
                /// @param _other Second byte array to compare.
                /// @return True if the two byte arrays are equal, false otherwise.
                function equal(bytes memory _bytes, bytes memory _other) internal pure returns (bool) {
                    return keccak256(_bytes) == keccak256(_other);
                }
            }
            // SPDX-License-Identifier: MIT
            pragma solidity ^0.8.8;
            /**
             * @custom:attribution https://github.com/hamdiallam/Solidity-RLP
             * @title RLPReader
             * @notice RLPReader is a library for parsing RLP-encoded byte arrays into Solidity types. Adapted
             *         from Solidity-RLP (https://github.com/hamdiallam/Solidity-RLP) by Hamdi Allam with
             *         various tweaks to improve readability.
             */
            library RLPReader {
                /**
                 * Custom pointer type to avoid confusion between pointers and uint256s.
                 */
                type MemoryPointer is uint256;
                /**
                 * @notice RLP item types.
                 *
                 * @custom:value DATA_ITEM Represents an RLP data item (NOT a list).
                 * @custom:value LIST_ITEM Represents an RLP list item.
                 */
                enum RLPItemType {
                    DATA_ITEM,
                    LIST_ITEM
                }
                /**
                 * @notice Struct representing an RLP item.
                 *
                 * @custom:field length Length of the RLP item.
                 * @custom:field ptr    Pointer to the RLP item in memory.
                 */
                struct RLPItem {
                    uint256 length;
                    MemoryPointer ptr;
                }
                /**
                 * @notice Max list length that this library will accept.
                 */
                uint256 internal constant MAX_LIST_LENGTH = 32;
                /**
                 * @notice Converts bytes to a reference to memory position and length.
                 *
                 * @param _in Input bytes to convert.
                 *
                 * @return Output memory reference.
                 */
                function toRLPItem(bytes memory _in) internal pure returns (RLPItem memory) {
                    // Empty arrays are not RLP items.
                    require(
                        _in.length > 0,
                        "RLPReader: length of an RLP item must be greater than zero to be decodable"
                    );
                    MemoryPointer ptr;
                    assembly {
                        ptr := add(_in, 32)
                    }
                    return RLPItem({ length: _in.length, ptr: ptr });
                }
                /**
                 * @notice Reads an RLP list value into a list of RLP items.
                 *
                 * @param _in RLP list value.
                 *
                 * @return Decoded RLP list items.
                 */
                function readList(RLPItem memory _in) internal pure returns (RLPItem[] memory) {
                    (uint256 listOffset, uint256 listLength, RLPItemType itemType) = _decodeLength(_in);
                    require(
                        itemType == RLPItemType.LIST_ITEM,
                        "RLPReader: decoded item type for list is not a list item"
                    );
                    require(
                        listOffset + listLength == _in.length,
                        "RLPReader: list item has an invalid data remainder"
                    );
                    // Solidity in-memory arrays can't be increased in size, but *can* be decreased in size by
                    // writing to the length. Since we can't know the number of RLP items without looping over
                    // the entire input, we'd have to loop twice to accurately size this array. It's easier to
                    // simply set a reasonable maximum list length and decrease the size before we finish.
                    RLPItem[] memory out = new RLPItem[](MAX_LIST_LENGTH);
                    uint256 itemCount = 0;
                    uint256 offset = listOffset;
                    while (offset < _in.length) {
                        (uint256 itemOffset, uint256 itemLength, ) = _decodeLength(
                            RLPItem({
                                length: _in.length - offset,
                                ptr: MemoryPointer.wrap(MemoryPointer.unwrap(_in.ptr) + offset)
                            })
                        );
                        // We don't need to check itemCount < out.length explicitly because Solidity already
                        // handles this check on our behalf, we'd just be wasting gas.
                        out[itemCount] = RLPItem({
                            length: itemLength + itemOffset,
                            ptr: MemoryPointer.wrap(MemoryPointer.unwrap(_in.ptr) + offset)
                        });
                        itemCount += 1;
                        offset += itemOffset + itemLength;
                    }
                    // Decrease the array size to match the actual item count.
                    assembly {
                        mstore(out, itemCount)
                    }
                    return out;
                }
                /**
                 * @notice Reads an RLP list value into a list of RLP items.
                 *
                 * @param _in RLP list value.
                 *
                 * @return Decoded RLP list items.
                 */
                function readList(bytes memory _in) internal pure returns (RLPItem[] memory) {
                    return readList(toRLPItem(_in));
                }
                /**
                 * @notice Reads an RLP bytes value into bytes.
                 *
                 * @param _in RLP bytes value.
                 *
                 * @return Decoded bytes.
                 */
                function readBytes(RLPItem memory _in) internal pure returns (bytes memory) {
                    (uint256 itemOffset, uint256 itemLength, RLPItemType itemType) = _decodeLength(_in);
                    require(
                        itemType == RLPItemType.DATA_ITEM,
                        "RLPReader: decoded item type for bytes is not a data item"
                    );
                    require(
                        _in.length == itemOffset + itemLength,
                        "RLPReader: bytes value contains an invalid remainder"
                    );
                    return _copy(_in.ptr, itemOffset, itemLength);
                }
                /**
                 * @notice Reads an RLP bytes value into bytes.
                 *
                 * @param _in RLP bytes value.
                 *
                 * @return Decoded bytes.
                 */
                function readBytes(bytes memory _in) internal pure returns (bytes memory) {
                    return readBytes(toRLPItem(_in));
                }
                /**
                 * @notice Reads the raw bytes of an RLP item.
                 *
                 * @param _in RLP item to read.
                 *
                 * @return Raw RLP bytes.
                 */
                function readRawBytes(RLPItem memory _in) internal pure returns (bytes memory) {
                    return _copy(_in.ptr, 0, _in.length);
                }
                /**
                 * @notice Decodes the length of an RLP item.
                 *
                 * @param _in RLP item to decode.
                 *
                 * @return Offset of the encoded data.
                 * @return Length of the encoded data.
                 * @return RLP item type (LIST_ITEM or DATA_ITEM).
                 */
                function _decodeLength(RLPItem memory _in)
                    private
                    pure
                    returns (
                        uint256,
                        uint256,
                        RLPItemType
                    )
                {
                    // Short-circuit if there's nothing to decode, note that we perform this check when
                    // the user creates an RLP item via toRLPItem, but it's always possible for them to bypass
                    // that function and create an RLP item directly. So we need to check this anyway.
                    require(
                        _in.length > 0,
                        "RLPReader: length of an RLP item must be greater than zero to be decodable"
                    );
                    MemoryPointer ptr = _in.ptr;
                    uint256 prefix;
                    assembly {
                        prefix := byte(0, mload(ptr))
                    }
                    if (prefix <= 0x7f) {
                        // Single byte.
                        return (0, 1, RLPItemType.DATA_ITEM);
                    } else if (prefix <= 0xb7) {
                        // Short string.
                        // slither-disable-next-line variable-scope
                        uint256 strLen = prefix - 0x80;
                        require(
                            _in.length > strLen,
                            "RLPReader: length of content must be greater than string length (short string)"
                        );
                        bytes1 firstByteOfContent;
                        assembly {
                            firstByteOfContent := and(mload(add(ptr, 1)), shl(248, 0xff))
                        }
                        require(
                            strLen != 1 || firstByteOfContent >= 0x80,
                            "RLPReader: invalid prefix, single byte < 0x80 are not prefixed (short string)"
                        );
                        return (1, strLen, RLPItemType.DATA_ITEM);
                    } else if (prefix <= 0xbf) {
                        // Long string.
                        uint256 lenOfStrLen = prefix - 0xb7;
                        require(
                            _in.length > lenOfStrLen,
                            "RLPReader: length of content must be > than length of string length (long string)"
                        );
                        bytes1 firstByteOfContent;
                        assembly {
                            firstByteOfContent := and(mload(add(ptr, 1)), shl(248, 0xff))
                        }
                        require(
                            firstByteOfContent != 0x00,
                            "RLPReader: length of content must not have any leading zeros (long string)"
                        );
                        uint256 strLen;
                        assembly {
                            strLen := shr(sub(256, mul(8, lenOfStrLen)), mload(add(ptr, 1)))
                        }
                        require(
                            strLen > 55,
                            "RLPReader: length of content must be greater than 55 bytes (long string)"
                        );
                        require(
                            _in.length > lenOfStrLen + strLen,
                            "RLPReader: length of content must be greater than total length (long string)"
                        );
                        return (1 + lenOfStrLen, strLen, RLPItemType.DATA_ITEM);
                    } else if (prefix <= 0xf7) {
                        // Short list.
                        // slither-disable-next-line variable-scope
                        uint256 listLen = prefix - 0xc0;
                        require(
                            _in.length > listLen,
                            "RLPReader: length of content must be greater than list length (short list)"
                        );
                        return (1, listLen, RLPItemType.LIST_ITEM);
                    } else {
                        // Long list.
                        uint256 lenOfListLen = prefix - 0xf7;
                        require(
                            _in.length > lenOfListLen,
                            "RLPReader: length of content must be > than length of list length (long list)"
                        );
                        bytes1 firstByteOfContent;
                        assembly {
                            firstByteOfContent := and(mload(add(ptr, 1)), shl(248, 0xff))
                        }
                        require(
                            firstByteOfContent != 0x00,
                            "RLPReader: length of content must not have any leading zeros (long list)"
                        );
                        uint256 listLen;
                        assembly {
                            listLen := shr(sub(256, mul(8, lenOfListLen)), mload(add(ptr, 1)))
                        }
                        require(
                            listLen > 55,
                            "RLPReader: length of content must be greater than 55 bytes (long list)"
                        );
                        require(
                            _in.length > lenOfListLen + listLen,
                            "RLPReader: length of content must be greater than total length (long list)"
                        );
                        return (1 + lenOfListLen, listLen, RLPItemType.LIST_ITEM);
                    }
                }
                /**
                 * @notice Copies the bytes from a memory location.
                 *
                 * @param _src    Pointer to the location to read from.
                 * @param _offset Offset to start reading from.
                 * @param _length Number of bytes to read.
                 *
                 * @return Copied bytes.
                 */
                function _copy(
                    MemoryPointer _src,
                    uint256 _offset,
                    uint256 _length
                ) private pure returns (bytes memory) {
                    bytes memory out = new bytes(_length);
                    if (_length == 0) {
                        return out;
                    }
                    // Mostly based on Solidity's copy_memory_to_memory:
                    // solhint-disable max-line-length
                    // https://github.com/ethereum/solidity/blob/34dd30d71b4da730488be72ff6af7083cf2a91f6/libsolidity/codegen/YulUtilFunctions.cpp#L102-L114
                    uint256 src = MemoryPointer.unwrap(_src) + _offset;
                    assembly {
                        let dest := add(out, 32)
                        let i := 0
                        for {
                        } lt(i, _length) {
                            i := add(i, 32)
                        } {
                            mstore(add(dest, i), mload(add(src, i)))
                        }
                        if gt(i, _length) {
                            mstore(add(dest, _length), 0)
                        }
                    }
                    return out;
                }
            }
            // SPDX-License-Identifier: MIT
            // OpenZeppelin Contracts (last updated v4.5.0) (utils/math/SignedMath.sol)
            pragma solidity ^0.8.0;
            /**
             * @dev Standard signed math utilities missing in the Solidity language.
             */
            library SignedMath {
                /**
                 * @dev Returns the largest of two signed numbers.
                 */
                function max(int256 a, int256 b) internal pure returns (int256) {
                    return a >= b ? a : b;
                }
                /**
                 * @dev Returns the smallest of two signed numbers.
                 */
                function min(int256 a, int256 b) internal pure returns (int256) {
                    return a < b ? a : b;
                }
                /**
                 * @dev Returns the average of two signed numbers without overflow.
                 * The result is rounded towards zero.
                 */
                function average(int256 a, int256 b) internal pure returns (int256) {
                    // Formula from the book "Hacker's Delight"
                    int256 x = (a & b) + ((a ^ b) >> 1);
                    return x + (int256(uint256(x) >> 255) & (a ^ b));
                }
                /**
                 * @dev Returns the absolute unsigned value of a signed value.
                 */
                function abs(int256 n) internal pure returns (uint256) {
                    unchecked {
                        // must be unchecked in order to support `n = type(int256).min`
                        return uint256(n >= 0 ? n : -n);
                    }
                }
            }
            // SPDX-License-Identifier: MIT
            pragma solidity >=0.8.0;
            /// @notice Arithmetic library with operations for fixed-point numbers.
            /// @author Solmate (https://github.com/Rari-Capital/solmate/blob/main/src/utils/FixedPointMathLib.sol)
            library FixedPointMathLib {
                /*//////////////////////////////////////////////////////////////
                                SIMPLIFIED FIXED POINT OPERATIONS
                //////////////////////////////////////////////////////////////*/
                uint256 internal constant WAD = 1e18; // The scalar of ETH and most ERC20s.
                function mulWadDown(uint256 x, uint256 y) internal pure returns (uint256) {
                    return mulDivDown(x, y, WAD); // Equivalent to (x * y) / WAD rounded down.
                }
                function mulWadUp(uint256 x, uint256 y) internal pure returns (uint256) {
                    return mulDivUp(x, y, WAD); // Equivalent to (x * y) / WAD rounded up.
                }
                function divWadDown(uint256 x, uint256 y) internal pure returns (uint256) {
                    return mulDivDown(x, WAD, y); // Equivalent to (x * WAD) / y rounded down.
                }
                function divWadUp(uint256 x, uint256 y) internal pure returns (uint256) {
                    return mulDivUp(x, WAD, y); // Equivalent to (x * WAD) / y rounded up.
                }
                function powWad(int256 x, int256 y) internal pure returns (int256) {
                    // Equivalent to x to the power of y because x ** y = (e ** ln(x)) ** y = e ** (ln(x) * y)
                    return expWad((lnWad(x) * y) / int256(WAD)); // Using ln(x) means x must be greater than 0.
                }
                function expWad(int256 x) internal pure returns (int256 r) {
                    unchecked {
                        // When the result is < 0.5 we return zero. This happens when
                        // x <= floor(log(0.5e18) * 1e18) ~ -42e18
                        if (x <= -42139678854452767551) return 0;
                        // When the result is > (2**255 - 1) / 1e18 we can not represent it as an
                        // int. This happens when x >= floor(log((2**255 - 1) / 1e18) * 1e18) ~ 135.
                        if (x >= 135305999368893231589) revert("EXP_OVERFLOW");
                        // x is now in the range (-42, 136) * 1e18. Convert to (-42, 136) * 2**96
                        // for more intermediate precision and a binary basis. This base conversion
                        // is a multiplication by 1e18 / 2**96 = 5**18 / 2**78.
                        x = (x << 78) / 5**18;
                        // Reduce range of x to (-½ ln 2, ½ ln 2) * 2**96 by factoring out powers
                        // of two such that exp(x) = exp(x') * 2**k, where k is an integer.
                        // Solving this gives k = round(x / log(2)) and x' = x - k * log(2).
                        int256 k = ((x << 96) / 54916777467707473351141471128 + 2**95) >> 96;
                        x = x - k * 54916777467707473351141471128;
                        // k is in the range [-61, 195].
                        // Evaluate using a (6, 7)-term rational approximation.
                        // p is made monic, we'll multiply by a scale factor later.
                        int256 y = x + 1346386616545796478920950773328;
                        y = ((y * x) >> 96) + 57155421227552351082224309758442;
                        int256 p = y + x - 94201549194550492254356042504812;
                        p = ((p * y) >> 96) + 28719021644029726153956944680412240;
                        p = p * x + (4385272521454847904659076985693276 << 96);
                        // We leave p in 2**192 basis so we don't need to scale it back up for the division.
                        int256 q = x - 2855989394907223263936484059900;
                        q = ((q * x) >> 96) + 50020603652535783019961831881945;
                        q = ((q * x) >> 96) - 533845033583426703283633433725380;
                        q = ((q * x) >> 96) + 3604857256930695427073651918091429;
                        q = ((q * x) >> 96) - 14423608567350463180887372962807573;
                        q = ((q * x) >> 96) + 26449188498355588339934803723976023;
                        assembly {
                            // Div in assembly because solidity adds a zero check despite the unchecked.
                            // The q polynomial won't have zeros in the domain as all its roots are complex.
                            // No scaling is necessary because p is already 2**96 too large.
                            r := sdiv(p, q)
                        }
                        // r should be in the range (0.09, 0.25) * 2**96.
                        // We now need to multiply r by:
                        // * the scale factor s = ~6.031367120.
                        // * the 2**k factor from the range reduction.
                        // * the 1e18 / 2**96 factor for base conversion.
                        // We do this all at once, with an intermediate result in 2**213
                        // basis, so the final right shift is always by a positive amount.
                        r = int256((uint256(r) * 3822833074963236453042738258902158003155416615667) >> uint256(195 - k));
                    }
                }
                function lnWad(int256 x) internal pure returns (int256 r) {
                    unchecked {
                        require(x > 0, "UNDEFINED");
                        // We want to convert x from 10**18 fixed point to 2**96 fixed point.
                        // We do this by multiplying by 2**96 / 10**18. But since
                        // ln(x * C) = ln(x) + ln(C), we can simply do nothing here
                        // and add ln(2**96 / 10**18) at the end.
                        // Reduce range of x to (1, 2) * 2**96
                        // ln(2^k * x) = k * ln(2) + ln(x)
                        int256 k = int256(log2(uint256(x))) - 96;
                        x <<= uint256(159 - k);
                        x = int256(uint256(x) >> 159);
                        // Evaluate using a (8, 8)-term rational approximation.
                        // p is made monic, we will multiply by a scale factor later.
                        int256 p = x + 3273285459638523848632254066296;
                        p = ((p * x) >> 96) + 24828157081833163892658089445524;
                        p = ((p * x) >> 96) + 43456485725739037958740375743393;
                        p = ((p * x) >> 96) - 11111509109440967052023855526967;
                        p = ((p * x) >> 96) - 45023709667254063763336534515857;
                        p = ((p * x) >> 96) - 14706773417378608786704636184526;
                        p = p * x - (795164235651350426258249787498 << 96);
                        // We leave p in 2**192 basis so we don't need to scale it back up for the division.
                        // q is monic by convention.
                        int256 q = x + 5573035233440673466300451813936;
                        q = ((q * x) >> 96) + 71694874799317883764090561454958;
                        q = ((q * x) >> 96) + 283447036172924575727196451306956;
                        q = ((q * x) >> 96) + 401686690394027663651624208769553;
                        q = ((q * x) >> 96) + 204048457590392012362485061816622;
                        q = ((q * x) >> 96) + 31853899698501571402653359427138;
                        q = ((q * x) >> 96) + 909429971244387300277376558375;
                        assembly {
                            // Div in assembly because solidity adds a zero check despite the unchecked.
                            // The q polynomial is known not to have zeros in the domain.
                            // No scaling required because p is already 2**96 too large.
                            r := sdiv(p, q)
                        }
                        // r is in the range (0, 0.125) * 2**96
                        // Finalization, we need to:
                        // * multiply by the scale factor s = 5.549…
                        // * add ln(2**96 / 10**18)
                        // * add k * ln(2)
                        // * multiply by 10**18 / 2**96 = 5**18 >> 78
                        // mul s * 5e18 * 2**96, base is now 5**18 * 2**192
                        r *= 1677202110996718588342820967067443963516166;
                        // add ln(2) * k * 5e18 * 2**192
                        r += 16597577552685614221487285958193947469193820559219878177908093499208371 * k;
                        // add ln(2**96 / 10**18) * 5e18 * 2**192
                        r += 600920179829731861736702779321621459595472258049074101567377883020018308;
                        // base conversion: mul 2**18 / 2**192
                        r >>= 174;
                    }
                }
                /*//////////////////////////////////////////////////////////////
                                LOW LEVEL FIXED POINT OPERATIONS
                //////////////////////////////////////////////////////////////*/
                function mulDivDown(
                    uint256 x,
                    uint256 y,
                    uint256 denominator
                ) internal pure returns (uint256 z) {
                    assembly {
                        // Store x * y in z for now.
                        z := mul(x, y)
                        // Equivalent to require(denominator != 0 && (x == 0 || (x * y) / x == y))
                        if iszero(and(iszero(iszero(denominator)), or(iszero(x), eq(div(z, x), y)))) {
                            revert(0, 0)
                        }
                        // Divide z by the denominator.
                        z := div(z, denominator)
                    }
                }
                function mulDivUp(
                    uint256 x,
                    uint256 y,
                    uint256 denominator
                ) internal pure returns (uint256 z) {
                    assembly {
                        // Store x * y in z for now.
                        z := mul(x, y)
                        // Equivalent to require(denominator != 0 && (x == 0 || (x * y) / x == y))
                        if iszero(and(iszero(iszero(denominator)), or(iszero(x), eq(div(z, x), y)))) {
                            revert(0, 0)
                        }
                        // First, divide z - 1 by the denominator and add 1.
                        // We allow z - 1 to underflow if z is 0, because we multiply the
                        // end result by 0 if z is zero, ensuring we return 0 if z is zero.
                        z := mul(iszero(iszero(z)), add(div(sub(z, 1), denominator), 1))
                    }
                }
                function rpow(
                    uint256 x,
                    uint256 n,
                    uint256 scalar
                ) internal pure returns (uint256 z) {
                    assembly {
                        switch x
                        case 0 {
                            switch n
                            case 0 {
                                // 0 ** 0 = 1
                                z := scalar
                            }
                            default {
                                // 0 ** n = 0
                                z := 0
                            }
                        }
                        default {
                            switch mod(n, 2)
                            case 0 {
                                // If n is even, store scalar in z for now.
                                z := scalar
                            }
                            default {
                                // If n is odd, store x in z for now.
                                z := x
                            }
                            // Shifting right by 1 is like dividing by 2.
                            let half := shr(1, scalar)
                            for {
                                // Shift n right by 1 before looping to halve it.
                                n := shr(1, n)
                            } n {
                                // Shift n right by 1 each iteration to halve it.
                                n := shr(1, n)
                            } {
                                // Revert immediately if x ** 2 would overflow.
                                // Equivalent to iszero(eq(div(xx, x), x)) here.
                                if shr(128, x) {
                                    revert(0, 0)
                                }
                                // Store x squared.
                                let xx := mul(x, x)
                                // Round to the nearest number.
                                let xxRound := add(xx, half)
                                // Revert if xx + half overflowed.
                                if lt(xxRound, xx) {
                                    revert(0, 0)
                                }
                                // Set x to scaled xxRound.
                                x := div(xxRound, scalar)
                                // If n is even:
                                if mod(n, 2) {
                                    // Compute z * x.
                                    let zx := mul(z, x)
                                    // If z * x overflowed:
                                    if iszero(eq(div(zx, x), z)) {
                                        // Revert if x is non-zero.
                                        if iszero(iszero(x)) {
                                            revert(0, 0)
                                        }
                                    }
                                    // Round to the nearest number.
                                    let zxRound := add(zx, half)
                                    // Revert if zx + half overflowed.
                                    if lt(zxRound, zx) {
                                        revert(0, 0)
                                    }
                                    // Return properly scaled zxRound.
                                    z := div(zxRound, scalar)
                                }
                            }
                        }
                    }
                }
                /*//////////////////////////////////////////////////////////////
                                    GENERAL NUMBER UTILITIES
                //////////////////////////////////////////////////////////////*/
                function sqrt(uint256 x) internal pure returns (uint256 z) {
                    assembly {
                        let y := x // We start y at x, which will help us make our initial estimate.
                        z := 181 // The "correct" value is 1, but this saves a multiplication later.
                        // This segment is to get a reasonable initial estimate for the Babylonian method. With a bad
                        // start, the correct # of bits increases ~linearly each iteration instead of ~quadratically.
                        // We check y >= 2^(k + 8) but shift right by k bits
                        // each branch to ensure that if x >= 256, then y >= 256.
                        if iszero(lt(y, 0x10000000000000000000000000000000000)) {
                            y := shr(128, y)
                            z := shl(64, z)
                        }
                        if iszero(lt(y, 0x1000000000000000000)) {
                            y := shr(64, y)
                            z := shl(32, z)
                        }
                        if iszero(lt(y, 0x10000000000)) {
                            y := shr(32, y)
                            z := shl(16, z)
                        }
                        if iszero(lt(y, 0x1000000)) {
                            y := shr(16, y)
                            z := shl(8, z)
                        }
                        // Goal was to get z*z*y within a small factor of x. More iterations could
                        // get y in a tighter range. Currently, we will have y in [256, 256*2^16).
                        // We ensured y >= 256 so that the relative difference between y and y+1 is small.
                        // That's not possible if x < 256 but we can just verify those cases exhaustively.
                        // Now, z*z*y <= x < z*z*(y+1), and y <= 2^(16+8), and either y >= 256, or x < 256.
                        // Correctness can be checked exhaustively for x < 256, so we assume y >= 256.
                        // Then z*sqrt(y) is within sqrt(257)/sqrt(256) of sqrt(x), or about 20bps.
                        // For s in the range [1/256, 256], the estimate f(s) = (181/1024) * (s+1) is in the range
                        // (1/2.84 * sqrt(s), 2.84 * sqrt(s)), with largest error when s = 1 and when s = 256 or 1/256.
                        // Since y is in [256, 256*2^16), let a = y/65536, so that a is in [1/256, 256). Then we can estimate
                        // sqrt(y) using sqrt(65536) * 181/1024 * (a + 1) = 181/4 * (y + 65536)/65536 = 181 * (y + 65536)/2^18.
                        // There is no overflow risk here since y < 2^136 after the first branch above.
                        z := shr(18, mul(z, add(y, 65536))) // A mul() is saved from starting z at 181.
                        // Given the worst case multiplicative error of 2.84 above, 7 iterations should be enough.
                        z := shr(1, add(z, div(x, z)))
                        z := shr(1, add(z, div(x, z)))
                        z := shr(1, add(z, div(x, z)))
                        z := shr(1, add(z, div(x, z)))
                        z := shr(1, add(z, div(x, z)))
                        z := shr(1, add(z, div(x, z)))
                        z := shr(1, add(z, div(x, z)))
                        // If x+1 is a perfect square, the Babylonian method cycles between
                        // floor(sqrt(x)) and ceil(sqrt(x)). This statement ensures we return floor.
                        // See: https://en.wikipedia.org/wiki/Integer_square_root#Using_only_integer_division
                        // Since the ceil is rare, we save gas on the assignment and repeat division in the rare case.
                        // If you don't care whether the floor or ceil square root is returned, you can remove this statement.
                        z := sub(z, lt(div(x, z), z))
                    }
                }
                function log2(uint256 x) internal pure returns (uint256 r) {
                    require(x > 0, "UNDEFINED");
                    assembly {
                        r := shl(7, lt(0xffffffffffffffffffffffffffffffff, x))
                        r := or(r, shl(6, lt(0xffffffffffffffff, shr(r, x))))
                        r := or(r, shl(5, lt(0xffffffff, shr(r, x))))
                        r := or(r, shl(4, lt(0xffff, shr(r, x))))
                        r := or(r, shl(3, lt(0xff, shr(r, x))))
                        r := or(r, shl(2, lt(0xf, shr(r, x))))
                        r := or(r, shl(1, lt(0x3, shr(r, x))))
                        r := or(r, lt(0x1, shr(r, x)))
                    }
                }
            }
            // SPDX-License-Identifier: MIT
            // OpenZeppelin Contracts (last updated v4.7.0) (utils/Address.sol)
            pragma solidity ^0.8.1;
            /**
             * @dev Collection of functions related to the address type
             */
            library AddressUpgradeable {
                /**
                 * @dev Returns true if `account` is a contract.
                 *
                 * [IMPORTANT]
                 * ====
                 * It is unsafe to assume that an address for which this function returns
                 * false is an externally-owned account (EOA) and not a contract.
                 *
                 * Among others, `isContract` will return false for the following
                 * types of addresses:
                 *
                 *  - an externally-owned account
                 *  - a contract in construction
                 *  - an address where a contract will be created
                 *  - an address where a contract lived, but was destroyed
                 * ====
                 *
                 * [IMPORTANT]
                 * ====
                 * You shouldn't rely on `isContract` to protect against flash loan attacks!
                 *
                 * Preventing calls from contracts is highly discouraged. It breaks composability, breaks support for smart wallets
                 * like Gnosis Safe, and does not provide security since it can be circumvented by calling from a contract
                 * constructor.
                 * ====
                 */
                function isContract(address account) internal view returns (bool) {
                    // This method relies on extcodesize/address.code.length, which returns 0
                    // for contracts in construction, since the code is only stored at the end
                    // of the constructor execution.
                    return account.code.length > 0;
                }
                /**
                 * @dev Replacement for Solidity's `transfer`: sends `amount` wei to
                 * `recipient`, forwarding all available gas and reverting on errors.
                 *
                 * https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost
                 * of certain opcodes, possibly making contracts go over the 2300 gas limit
                 * imposed by `transfer`, making them unable to receive funds via
                 * `transfer`. {sendValue} removes this limitation.
                 *
                 * https://diligence.consensys.net/posts/2019/09/stop-using-soliditys-transfer-now/[Learn more].
                 *
                 * IMPORTANT: because control is transferred to `recipient`, care must be
                 * taken to not create reentrancy vulnerabilities. Consider using
                 * {ReentrancyGuard} or the
                 * https://solidity.readthedocs.io/en/v0.5.11/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern].
                 */
                function sendValue(address payable recipient, uint256 amount) internal {
                    require(address(this).balance >= amount, "Address: insufficient balance");
                    (bool success, ) = recipient.call{value: amount}("");
                    require(success, "Address: unable to send value, recipient may have reverted");
                }
                /**
                 * @dev Performs a Solidity function call using a low level `call`. A
                 * plain `call` is an unsafe replacement for a function call: use this
                 * function instead.
                 *
                 * If `target` reverts with a revert reason, it is bubbled up by this
                 * function (like regular Solidity function calls).
                 *
                 * Returns the raw returned data. To convert to the expected return value,
                 * use https://solidity.readthedocs.io/en/latest/units-and-global-variables.html?highlight=abi.decode#abi-encoding-and-decoding-functions[`abi.decode`].
                 *
                 * Requirements:
                 *
                 * - `target` must be a contract.
                 * - calling `target` with `data` must not revert.
                 *
                 * _Available since v3.1._
                 */
                function functionCall(address target, bytes memory data) internal returns (bytes memory) {
                    return functionCall(target, data, "Address: low-level call failed");
                }
                /**
                 * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], but with
                 * `errorMessage` as a fallback revert reason when `target` reverts.
                 *
                 * _Available since v3.1._
                 */
                function functionCall(
                    address target,
                    bytes memory data,
                    string memory errorMessage
                ) internal returns (bytes memory) {
                    return functionCallWithValue(target, data, 0, errorMessage);
                }
                /**
                 * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
                 * but also transferring `value` wei to `target`.
                 *
                 * Requirements:
                 *
                 * - the calling contract must have an ETH balance of at least `value`.
                 * - the called Solidity function must be `payable`.
                 *
                 * _Available since v3.1._
                 */
                function functionCallWithValue(
                    address target,
                    bytes memory data,
                    uint256 value
                ) internal returns (bytes memory) {
                    return functionCallWithValue(target, data, value, "Address: low-level call with value failed");
                }
                /**
                 * @dev Same as {xref-Address-functionCallWithValue-address-bytes-uint256-}[`functionCallWithValue`], but
                 * with `errorMessage` as a fallback revert reason when `target` reverts.
                 *
                 * _Available since v3.1._
                 */
                function functionCallWithValue(
                    address target,
                    bytes memory data,
                    uint256 value,
                    string memory errorMessage
                ) internal returns (bytes memory) {
                    require(address(this).balance >= value, "Address: insufficient balance for call");
                    require(isContract(target), "Address: call to non-contract");
                    (bool success, bytes memory returndata) = target.call{value: value}(data);
                    return verifyCallResult(success, returndata, errorMessage);
                }
                /**
                 * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
                 * but performing a static call.
                 *
                 * _Available since v3.3._
                 */
                function functionStaticCall(address target, bytes memory data) internal view returns (bytes memory) {
                    return functionStaticCall(target, data, "Address: low-level static call failed");
                }
                /**
                 * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],
                 * but performing a static call.
                 *
                 * _Available since v3.3._
                 */
                function functionStaticCall(
                    address target,
                    bytes memory data,
                    string memory errorMessage
                ) internal view returns (bytes memory) {
                    require(isContract(target), "Address: static call to non-contract");
                    (bool success, bytes memory returndata) = target.staticcall(data);
                    return verifyCallResult(success, returndata, errorMessage);
                }
                /**
                 * @dev Tool to verifies that a low level call was successful, and revert if it wasn't, either by bubbling the
                 * revert reason using the provided one.
                 *
                 * _Available since v4.3._
                 */
                function verifyCallResult(
                    bool success,
                    bytes memory returndata,
                    string memory errorMessage
                ) internal pure returns (bytes memory) {
                    if (success) {
                        return returndata;
                    } else {
                        // Look for revert reason and bubble it up if present
                        if (returndata.length > 0) {
                            // The easiest way to bubble the revert reason is using memory via assembly
                            /// @solidity memory-safe-assembly
                            assembly {
                                let returndata_size := mload(returndata)
                                revert(add(32, returndata), returndata_size)
                            }
                        } else {
                            revert(errorMessage);
                        }
                    }
                }
            }