Recon Coverage Report

Files 87 files

Files

Lines

20219

Coverage

46%

2435 / 5258

Actions

92% lib/chimera/src/CryticAsserts.sol

Lines covered: 13 / 14 (92%)

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;

import {Asserts} from "./Asserts.sol";

contract CryticAsserts is Asserts {
    event Log(string);

    function gt(uint256 a, uint256 b, string memory reason) internal virtual override {
        if (!(a > b)) {
            emit Log(reason);
            assert(false);
        }
    }

    function gte(uint256 a, uint256 b, string memory reason) internal virtual override {
        if (!(a >= b)) {
            emit Log(reason);
            assert(false);
        }
    }

    function lt(uint256 a, uint256 b, string memory reason) internal virtual override {
        if (!(a < b)) {
            emit Log(reason);
            assert(false);
        }
    }

    function lte(uint256 a, uint256 b, string memory reason) internal virtual override {
        if (!(a <= b)) {
            emit Log(reason);
            assert(false);
        }
    }

    function eq(uint256 a, uint256 b, string memory reason) internal virtual override {
        if (!(a == b)) {
            emit Log(reason);
            assert(false);
        }
    }

    function t(bool b, string memory reason) internal virtual override {
        if (!b) {
            emit Log(reason);
            assert(false);
        }
    }

    function between(uint256 value, uint256 low, uint256 high) internal virtual override returns (uint256) {
        if (value < low || value > high) {
            uint256 ans = low + (value % (high - low + 1));
            return ans;
        }
        return value;
    }

    function between(int256 value, int256 low, int256 high) internal virtual override returns (int256) {
        if (value < low || value > high) {
            int256 range = high - low + 1;
            int256 clamped = (value - low) % (range);
            if (clamped < 0) clamped += range;
            int256 ans = low + clamped;
            return ans;
        }
        return value;
    }

    function precondition(bool p) internal virtual override {
        require(p);
    }
}

50% lib/forge-std/src/Base.sol

Lines covered: 1 / 2 (50%)

// SPDX-License-Identifier: MIT
pragma solidity >=0.6.2 <0.9.0;

import {StdStorage} from "./StdStorage.sol";
import {Vm, VmSafe} from "./Vm.sol";

abstract contract CommonBase {
    /// @dev Cheat code address.
    /// Calculated as `address(uint160(uint256(keccak256("hevm cheat code"))))`.
    address internal constant VM_ADDRESS = 0x7109709ECfa91a80626fF3989D68f67F5b1DD12D;
    /// @dev console.sol and console2.sol work by executing a staticcall to this address.
    /// Calculated as `address(uint160(uint88(bytes11("console.log"))))`.
    address internal constant CONSOLE = 0x000000000000000000636F6e736F6c652e6c6f67;
    /// @dev Used when deploying with create2.
    /// Taken from https://github.com/Arachnid/deterministic-deployment-proxy.
    address internal constant CREATE2_FACTORY = 0x4e59b44847b379578588920cA78FbF26c0B4956C;
    /// @dev The default address for tx.origin and msg.sender.
    /// Calculated as `address(uint160(uint256(keccak256("foundry default caller"))))`.
    address internal constant DEFAULT_SENDER = 0x1804c8AB1F12E6bbf3894d4083f33e07309d1f38;
    /// @dev The address of the first contract `CREATE`d by a running test contract.
    /// When running tests, each test contract is `CREATE`d by `DEFAULT_SENDER` with nonce 1.
    /// Calculated as `VM.computeCreateAddress(VM.computeCreateAddress(DEFAULT_SENDER, 1), 1)`.
    address internal constant DEFAULT_TEST_CONTRACT = 0x5615dEB798BB3E4dFa0139dFa1b3D433Cc23b72f;
    /// @dev Deterministic deployment address of the Multicall3 contract.
    /// Taken from https://www.multicall3.com.
    address internal constant MULTICALL3_ADDRESS = 0xcA11bde05977b3631167028862bE2a173976CA11;
    /// @dev The order of the secp256k1 curve.
    uint256 internal constant SECP256K1_ORDER =
        115792089237316195423570985008687907852837564279074904382605163141518161494337;

    uint256 internal constant UINT256_MAX =
        115792089237316195423570985008687907853269984665640564039457584007913129639935;

    Vm internal constant vm = Vm(VM_ADDRESS);
    StdStorage internal stdstore;
}

abstract contract TestBase is CommonBase {}

abstract contract ScriptBase is CommonBase {
    VmSafe internal constant vmSafe = VmSafe(VM_ADDRESS);
}

100% lib/forge-std/src/StdChains.sol

Lines covered: 1 / 1 (100%)

// SPDX-License-Identifier: MIT
pragma solidity >=0.6.2 <0.9.0;

import {VmSafe} from "./Vm.sol";

/**
 * StdChains provides information about EVM compatible chains that can be used in scripts/tests.
 * For each chain, the chain's name, chain ID, and a default RPC URL are provided. Chains are
 * identified by their alias, which is the same as the alias in the `[rpc_endpoints]` section of
 * the `foundry.toml` file. For best UX, ensure the alias in the `foundry.toml` file match the
 * alias used in this contract, which can be found as the first argument to the
 * `setChainWithDefaultRpcUrl` call in the `initializeStdChains` function.
 *
 * There are two main ways to use this contract:
 *   1. Set a chain with `setChain(string memory chainAlias, ChainData memory chain)` or
 *      `setChain(string memory chainAlias, Chain memory chain)`
 *   2. Get a chain with `getChain(string memory chainAlias)` or `getChain(uint256 chainId)`.
 *
 * The first time either of those are used, chains are initialized with the default set of RPC URLs.
 * This is done in `initializeStdChains`, which uses `setChainWithDefaultRpcUrl`. Defaults are recorded in
 * `defaultRpcUrls`.
 *
 * The `setChain` function is straightforward, and it simply saves off the given chain data.
 *
 * The `getChain` methods use `getChainWithUpdatedRpcUrl` to return a chain. For example, let's say
 * we want to retrieve the RPC URL for `mainnet`:
 *   - If you have specified data with `setChain`, it will return that.
 *   - If you have configured a mainnet RPC URL in `foundry.toml`, it will return the URL, provided it
 *     is valid (e.g. a URL is specified, or an environment variable is given and exists).
 *   - If neither of the above conditions is met, the default data is returned.
 *
 * Summarizing the above, the prioritization hierarchy is `setChain` -> `foundry.toml` -> environment variable -> defaults.
 */
abstract contract StdChains {
    VmSafe private constant vm = VmSafe(address(uint160(uint256(keccak256("hevm cheat code")))));

    bool private stdChainsInitialized;

    struct ChainData {
        string name;
        uint256 chainId;
        string rpcUrl;
    }

    struct Chain {
        // The chain name.
        string name;
        // The chain's Chain ID.
        uint256 chainId;
        // The chain's alias. (i.e. what gets specified in `foundry.toml`).
        string chainAlias;
        // A default RPC endpoint for this chain.
        // NOTE: This default RPC URL is included for convenience to facilitate quick tests and
        // experimentation. Do not use this RPC URL for production test suites, CI, or other heavy
        // usage as you will be throttled and this is a disservice to others who need this endpoint.
        string rpcUrl;
    }

    // Maps from the chain's alias (matching the alias in the `foundry.toml` file) to chain data.
    mapping(string => Chain) private chains;
    // Maps from the chain's alias to it's default RPC URL.
    mapping(string => string) private defaultRpcUrls;
    // Maps from a chain ID to it's alias.
    mapping(uint256 => string) private idToAlias;

    bool private fallbackToDefaultRpcUrls = true;

    // The RPC URL will be fetched from config or defaultRpcUrls if possible.
    function getChain(string memory chainAlias) internal virtual returns (Chain memory chain) {
        require(bytes(chainAlias).length != 0, "StdChains getChain(string): Chain alias cannot be the empty string.");

        initializeStdChains();
        chain = chains[chainAlias];
        require(
            chain.chainId != 0,
            string(abi.encodePacked("StdChains getChain(string): Chain with alias \"", chainAlias, "\" not found."))
        );

        chain = getChainWithUpdatedRpcUrl(chainAlias, chain);
    }

    function getChain(uint256 chainId) internal virtual returns (Chain memory chain) {
        require(chainId != 0, "StdChains getChain(uint256): Chain ID cannot be 0.");
        initializeStdChains();
        string memory chainAlias = idToAlias[chainId];

        chain = chains[chainAlias];

        require(
            chain.chainId != 0,
            string(abi.encodePacked("StdChains getChain(uint256): Chain with ID ", vm.toString(chainId), " not found."))
        );

        chain = getChainWithUpdatedRpcUrl(chainAlias, chain);
    }

    // set chain info, with priority to argument's rpcUrl field.
    function setChain(string memory chainAlias, ChainData memory chain) internal virtual {
        require(
            bytes(chainAlias).length != 0,
            "StdChains setChain(string,ChainData): Chain alias cannot be the empty string."
        );

        require(chain.chainId != 0, "StdChains setChain(string,ChainData): Chain ID cannot be 0.");

        initializeStdChains();
        string memory foundAlias = idToAlias[chain.chainId];

        require(
            bytes(foundAlias).length == 0 || keccak256(bytes(foundAlias)) == keccak256(bytes(chainAlias)),
            string(
                abi.encodePacked(
                    "StdChains setChain(string,ChainData): Chain ID ",
                    vm.toString(chain.chainId),
                    " already used by \"",
                    foundAlias,
                    "\"."
                )
            )
        );

        uint256 oldChainId = chains[chainAlias].chainId;
        delete idToAlias[oldChainId];

        chains[chainAlias] =
            Chain({name: chain.name, chainId: chain.chainId, chainAlias: chainAlias, rpcUrl: chain.rpcUrl});
        idToAlias[chain.chainId] = chainAlias;
    }

    // set chain info, with priority to argument's rpcUrl field.
    function setChain(string memory chainAlias, Chain memory chain) internal virtual {
        setChain(chainAlias, ChainData({name: chain.name, chainId: chain.chainId, rpcUrl: chain.rpcUrl}));
    }

    function _toUpper(string memory str) private pure returns (string memory) {
        bytes memory strb = bytes(str);
        bytes memory copy = new bytes(strb.length);
        for (uint256 i = 0; i < strb.length; i++) {
            bytes1 b = strb[i];
            if (b >= 0x61 && b <= 0x7A) {
                copy[i] = bytes1(uint8(b) - 32);
            } else {
                copy[i] = b;
            }
        }
        return string(copy);
    }

    // lookup rpcUrl, in descending order of priority:
    // current -> config (foundry.toml) -> environment variable -> default
    function getChainWithUpdatedRpcUrl(string memory chainAlias, Chain memory chain)
        private
        view
        returns (Chain memory)
    {
        if (bytes(chain.rpcUrl).length == 0) {
            try vm.rpcUrl(chainAlias) returns (string memory configRpcUrl) {
                chain.rpcUrl = configRpcUrl;
            } catch (bytes memory err) {
                string memory envName = string(abi.encodePacked(_toUpper(chainAlias), "_RPC_URL"));
                if (fallbackToDefaultRpcUrls) {
                    chain.rpcUrl = vm.envOr(envName, defaultRpcUrls[chainAlias]);
                } else {
                    chain.rpcUrl = vm.envString(envName);
                }
                // Distinguish 'not found' from 'cannot read'
                // The upstream error thrown by forge for failing cheats changed so we check both the old and new versions
                bytes memory oldNotFoundError =
                    abi.encodeWithSignature("CheatCodeError", string(abi.encodePacked("invalid rpc url ", chainAlias)));
                bytes memory newNotFoundError = abi.encodeWithSignature(
                    "CheatcodeError(string)", string(abi.encodePacked("invalid rpc url: ", chainAlias))
                );
                bytes32 errHash = keccak256(err);
                if (
                    (errHash != keccak256(oldNotFoundError) && errHash != keccak256(newNotFoundError))
                        || bytes(chain.rpcUrl).length == 0
                ) {
                    /// @solidity memory-safe-assembly
                    assembly {
                        revert(add(32, err), mload(err))
                    }
                }
            }
        }
        return chain;
    }

    function setFallbackToDefaultRpcUrls(bool useDefault) internal {
        fallbackToDefaultRpcUrls = useDefault;
    }

    function initializeStdChains() private {
        if (stdChainsInitialized) return;

        stdChainsInitialized = true;

        // If adding an RPC here, make sure to test the default RPC URL in `test_Rpcs` in `StdChains.t.sol`
        setChainWithDefaultRpcUrl("anvil", ChainData("Anvil", 31337, "http://127.0.0.1:8545"));
        setChainWithDefaultRpcUrl("mainnet", ChainData("Mainnet", 1, "https://eth.llamarpc.com"));
        setChainWithDefaultRpcUrl(
            "sepolia", ChainData("Sepolia", 11155111, "https://sepolia.infura.io/v3/b9794ad1ddf84dfb8c34d6bb5dca2001")
        );
        setChainWithDefaultRpcUrl("holesky", ChainData("Holesky", 17000, "https://rpc.holesky.ethpandaops.io"));
        setChainWithDefaultRpcUrl("hoodi", ChainData("Hoodi", 560048, "https://rpc.hoodi.ethpandaops.io"));
        setChainWithDefaultRpcUrl("optimism", ChainData("Optimism", 10, "https://mainnet.optimism.io"));
        setChainWithDefaultRpcUrl(
            "optimism_sepolia", ChainData("Optimism Sepolia", 11155420, "https://sepolia.optimism.io")
        );
        setChainWithDefaultRpcUrl("arbitrum_one", ChainData("Arbitrum One", 42161, "https://arb1.arbitrum.io/rpc"));
        setChainWithDefaultRpcUrl(
            "arbitrum_one_sepolia", ChainData("Arbitrum One Sepolia", 421614, "https://sepolia-rollup.arbitrum.io/rpc")
        );
        setChainWithDefaultRpcUrl("arbitrum_nova", ChainData("Arbitrum Nova", 42170, "https://nova.arbitrum.io/rpc"));
        setChainWithDefaultRpcUrl("polygon", ChainData("Polygon", 137, "https://polygon-rpc.com"));
        setChainWithDefaultRpcUrl(
            "polygon_amoy", ChainData("Polygon Amoy", 80002, "https://rpc-amoy.polygon.technology")
        );
        setChainWithDefaultRpcUrl("avalanche", ChainData("Avalanche", 43114, "https://api.avax.network/ext/bc/C/rpc"));
        setChainWithDefaultRpcUrl(
            "avalanche_fuji", ChainData("Avalanche Fuji", 43113, "https://api.avax-test.network/ext/bc/C/rpc")
        );
        setChainWithDefaultRpcUrl(
            "bnb_smart_chain", ChainData("BNB Smart Chain", 56, "https://bsc-dataseed1.binance.org")
        );
        setChainWithDefaultRpcUrl(
            "bnb_smart_chain_testnet",
            ChainData("BNB Smart Chain Testnet", 97, "https://rpc.ankr.com/bsc_testnet_chapel")
        );
        setChainWithDefaultRpcUrl("gnosis_chain", ChainData("Gnosis Chain", 100, "https://rpc.gnosischain.com"));
        setChainWithDefaultRpcUrl("moonbeam", ChainData("Moonbeam", 1284, "https://rpc.api.moonbeam.network"));
        setChainWithDefaultRpcUrl(
            "moonriver", ChainData("Moonriver", 1285, "https://rpc.api.moonriver.moonbeam.network")
        );
        setChainWithDefaultRpcUrl("moonbase", ChainData("Moonbase", 1287, "https://rpc.testnet.moonbeam.network"));
        setChainWithDefaultRpcUrl("base_sepolia", ChainData("Base Sepolia", 84532, "https://sepolia.base.org"));
        setChainWithDefaultRpcUrl("base", ChainData("Base", 8453, "https://mainnet.base.org"));
        setChainWithDefaultRpcUrl("blast_sepolia", ChainData("Blast Sepolia", 168587773, "https://sepolia.blast.io"));
        setChainWithDefaultRpcUrl("blast", ChainData("Blast", 81457, "https://rpc.blast.io"));
        setChainWithDefaultRpcUrl("fantom_opera", ChainData("Fantom Opera", 250, "https://rpc.ankr.com/fantom/"));
        setChainWithDefaultRpcUrl(
            "fantom_opera_testnet", ChainData("Fantom Opera Testnet", 4002, "https://rpc.ankr.com/fantom_testnet/")
        );
        setChainWithDefaultRpcUrl("fraxtal", ChainData("Fraxtal", 252, "https://rpc.frax.com"));
        setChainWithDefaultRpcUrl("fraxtal_testnet", ChainData("Fraxtal Testnet", 2522, "https://rpc.testnet.frax.com"));
        setChainWithDefaultRpcUrl(
            "berachain_bartio_testnet", ChainData("Berachain bArtio Testnet", 80084, "https://bartio.rpc.berachain.com")
        );
        setChainWithDefaultRpcUrl("flare", ChainData("Flare", 14, "https://flare-api.flare.network/ext/C/rpc"));
        setChainWithDefaultRpcUrl(
            "flare_coston2", ChainData("Flare Coston2", 114, "https://coston2-api.flare.network/ext/C/rpc")
        );

        setChainWithDefaultRpcUrl("mode", ChainData("Mode", 34443, "https://mode.drpc.org"));
        setChainWithDefaultRpcUrl("mode_sepolia", ChainData("Mode Sepolia", 919, "https://sepolia.mode.network"));

        setChainWithDefaultRpcUrl("zora", ChainData("Zora", 7777777, "https://zora.drpc.org"));
        setChainWithDefaultRpcUrl(
            "zora_sepolia", ChainData("Zora Sepolia", 999999999, "https://sepolia.rpc.zora.energy")
        );

        setChainWithDefaultRpcUrl("race", ChainData("Race", 6805, "https://racemainnet.io"));
        setChainWithDefaultRpcUrl("race_sepolia", ChainData("Race Sepolia", 6806, "https://racemainnet.io"));

        setChainWithDefaultRpcUrl("metal", ChainData("Metal", 1750, "https://metall2.drpc.org"));
        setChainWithDefaultRpcUrl("metal_sepolia", ChainData("Metal Sepolia", 1740, "https://testnet.rpc.metall2.com"));

        setChainWithDefaultRpcUrl("binary", ChainData("Binary", 624, "https://rpc.zero.thebinaryholdings.com"));
        setChainWithDefaultRpcUrl(
            "binary_sepolia", ChainData("Binary Sepolia", 625, "https://rpc.zero.thebinaryholdings.com")
        );

        setChainWithDefaultRpcUrl("orderly", ChainData("Orderly", 291, "https://rpc.orderly.network"));
        setChainWithDefaultRpcUrl(
            "orderly_sepolia", ChainData("Orderly Sepolia", 4460, "https://testnet-rpc.orderly.org")
        );
    }

    // set chain info, with priority to chainAlias' rpc url in foundry.toml
    function setChainWithDefaultRpcUrl(string memory chainAlias, ChainData memory chain) private {
        string memory rpcUrl = chain.rpcUrl;
        defaultRpcUrls[chainAlias] = rpcUrl;
        chain.rpcUrl = "";
        setChain(chainAlias, chain);
        chain.rpcUrl = rpcUrl; // restore argument
    }
}

10% lib/forge-std/src/StdCheats.sol

Lines covered: 6 / 55 (10%)

// SPDX-License-Identifier: MIT
pragma solidity >=0.6.2 <0.9.0;

pragma experimental ABIEncoderV2;

import {StdStorage, stdStorage} from "./StdStorage.sol";
import {console2} from "./console2.sol";
import {Vm} from "./Vm.sol";

abstract contract StdCheatsSafe {
    Vm private constant vm = Vm(address(uint160(uint256(keccak256("hevm cheat code")))));

    uint256 private constant UINT256_MAX =
        115792089237316195423570985008687907853269984665640564039457584007913129639935;

    bool private gasMeteringOff;

    // Data structures to parse Transaction objects from the broadcast artifact
    // that conform to EIP1559. The Raw structs is what is parsed from the JSON
    // and then converted to the one that is used by the user for better UX.

    struct RawTx1559 {
        string[] arguments;
        address contractAddress;
        string contractName;
        // json value name = function
        string functionSig;
        bytes32 hash;
        // json value name = tx
        RawTx1559Detail txDetail;
        // json value name = type
        string opcode;
    }

    struct RawTx1559Detail {
        AccessList[] accessList;
        bytes data;
        address from;
        bytes gas;
        bytes nonce;
        address to;
        bytes txType;
        bytes value;
    }

    struct Tx1559 {
        string[] arguments;
        address contractAddress;
        string contractName;
        string functionSig;
        bytes32 hash;
        Tx1559Detail txDetail;
        string opcode;
    }

    struct Tx1559Detail {
        AccessList[] accessList;
        bytes data;
        address from;
        uint256 gas;
        uint256 nonce;
        address to;
        uint256 txType;
        uint256 value;
    }

    // Data structures to parse Transaction objects from the broadcast artifact
    // that DO NOT conform to EIP1559. The Raw structs is what is parsed from the JSON
    // and then converted to the one that is used by the user for better UX.

    struct TxLegacy {
        string[] arguments;
        address contractAddress;
        string contractName;
        string functionSig;
        string hash;
        string opcode;
        TxDetailLegacy transaction;
    }

    struct TxDetailLegacy {
        AccessList[] accessList;
        uint256 chainId;
        bytes data;
        address from;
        uint256 gas;
        uint256 gasPrice;
        bytes32 hash;
        uint256 nonce;
        bytes1 opcode;
        bytes32 r;
        bytes32 s;
        uint256 txType;
        address to;
        uint8 v;
        uint256 value;
    }

    struct AccessList {
        address accessAddress;
        bytes32[] storageKeys;
    }

    // Data structures to parse Receipt objects from the broadcast artifact.
    // The Raw structs is what is parsed from the JSON
    // and then converted to the one that is used by the user for better UX.

    struct RawReceipt {
        bytes32 blockHash;
        bytes blockNumber;
        address contractAddress;
        bytes cumulativeGasUsed;
        bytes effectiveGasPrice;
        address from;
        bytes gasUsed;
        RawReceiptLog[] logs;
        bytes logsBloom;
        bytes status;
        address to;
        bytes32 transactionHash;
        bytes transactionIndex;
    }

    struct Receipt {
        bytes32 blockHash;
        uint256 blockNumber;
        address contractAddress;
        uint256 cumulativeGasUsed;
        uint256 effectiveGasPrice;
        address from;
        uint256 gasUsed;
        ReceiptLog[] logs;
        bytes logsBloom;
        uint256 status;
        address to;
        bytes32 transactionHash;
        uint256 transactionIndex;
    }

    // Data structures to parse the entire broadcast artifact, assuming the
    // transactions conform to EIP1559.

    struct EIP1559ScriptArtifact {
        string[] libraries;
        string path;
        string[] pending;
        Receipt[] receipts;
        uint256 timestamp;
        Tx1559[] transactions;
        TxReturn[] txReturns;
    }

    struct RawEIP1559ScriptArtifact {
        string[] libraries;
        string path;
        string[] pending;
        RawReceipt[] receipts;
        TxReturn[] txReturns;
        uint256 timestamp;
        RawTx1559[] transactions;
    }

    struct RawReceiptLog {
        // json value = address
        address logAddress;
        bytes32 blockHash;
        bytes blockNumber;
        bytes data;
        bytes logIndex;
        bool removed;
        bytes32[] topics;
        bytes32 transactionHash;
        bytes transactionIndex;
        bytes transactionLogIndex;
    }

    struct ReceiptLog {
        // json value = address
        address logAddress;
        bytes32 blockHash;
        uint256 blockNumber;
        bytes data;
        uint256 logIndex;
        bytes32[] topics;
        uint256 transactionIndex;
        uint256 transactionLogIndex;
        bool removed;
    }

    struct TxReturn {
        string internalType;
        string value;
    }

    struct Account {
        address addr;
        uint256 key;
    }

    enum AddressType {
        Payable,
        NonPayable,
        ZeroAddress,
        Precompile,
        ForgeAddress
    }

    // Checks that `addr` is not blacklisted by token contracts that have a blacklist.
    function assumeNotBlacklisted(address token, address addr) internal view virtual {
        // Nothing to check if `token` is not a contract.
        uint256 tokenCodeSize;
        assembly {
            tokenCodeSize := extcodesize(token)
        }
        require(tokenCodeSize > 0, "StdCheats assumeNotBlacklisted(address,address): Token address is not a contract.");

        bool success;
        bytes memory returnData;

        // 4-byte selector for `isBlacklisted(address)`, used by USDC.
        (success, returnData) = token.staticcall(abi.encodeWithSelector(0xfe575a87, addr));
        vm.assume(!success || abi.decode(returnData, (bool)) == false);

        // 4-byte selector for `isBlackListed(address)`, used by USDT.
        (success, returnData) = token.staticcall(abi.encodeWithSelector(0xe47d6060, addr));
        vm.assume(!success || abi.decode(returnData, (bool)) == false);
    }

    // Checks that `addr` is not blacklisted by token contracts that have a blacklist.
    // This is identical to `assumeNotBlacklisted(address,address)` but with a different name, for
    // backwards compatibility, since this name was used in the original PR which already has
    // a release. This function can be removed in a future release once we want a breaking change.
    function assumeNoBlacklisted(address token, address addr) internal view virtual {
        assumeNotBlacklisted(token, addr);
    }

    function assumeAddressIsNot(address addr, AddressType addressType) internal virtual {
        if (addressType == AddressType.Payable) {
            assumeNotPayable(addr);
        } else if (addressType == AddressType.NonPayable) {
            assumePayable(addr);
        } else if (addressType == AddressType.ZeroAddress) {
            assumeNotZeroAddress(addr);
        } else if (addressType == AddressType.Precompile) {
            assumeNotPrecompile(addr);
        } else if (addressType == AddressType.ForgeAddress) {
            assumeNotForgeAddress(addr);
        }
    }

    function assumeAddressIsNot(address addr, AddressType addressType1, AddressType addressType2) internal virtual {
        assumeAddressIsNot(addr, addressType1);
        assumeAddressIsNot(addr, addressType2);
    }

    function assumeAddressIsNot(
        address addr,
        AddressType addressType1,
        AddressType addressType2,
        AddressType addressType3
    ) internal virtual {
        assumeAddressIsNot(addr, addressType1);
        assumeAddressIsNot(addr, addressType2);
        assumeAddressIsNot(addr, addressType3);
    }

    function assumeAddressIsNot(
        address addr,
        AddressType addressType1,
        AddressType addressType2,
        AddressType addressType3,
        AddressType addressType4
    ) internal virtual {
        assumeAddressIsNot(addr, addressType1);
        assumeAddressIsNot(addr, addressType2);
        assumeAddressIsNot(addr, addressType3);
        assumeAddressIsNot(addr, addressType4);
    }

    // This function checks whether an address, `addr`, is payable. It works by sending 1 wei to
    // `addr` and checking the `success` return value.
    // NOTE: This function may result in state changes depending on the fallback/receive logic
    // implemented by `addr`, which should be taken into account when this function is used.
    function _isPayable(address addr) private returns (bool) {
        require(
            addr.balance < UINT256_MAX,
            "StdCheats _isPayable(address): Balance equals max uint256, so it cannot receive any more funds"
        );
        uint256 origBalanceTest = address(this).balance;
        uint256 origBalanceAddr = address(addr).balance;

        vm.deal(address(this), 1);
        (bool success,) = payable(addr).call{value: 1}("");

        // reset balances
        vm.deal(address(this), origBalanceTest);
        vm.deal(addr, origBalanceAddr);

        return success;
    }

    // NOTE: This function may result in state changes depending on the fallback/receive logic
    // implemented by `addr`, which should be taken into account when this function is used. See the
    // `_isPayable` method for more information.
    function assumePayable(address addr) internal virtual {
        vm.assume(_isPayable(addr));
    }

    function assumeNotPayable(address addr) internal virtual {
        vm.assume(!_isPayable(addr));
    }

    function assumeNotZeroAddress(address addr) internal pure virtual {
        vm.assume(addr != address(0));
    }

    function assumeNotPrecompile(address addr) internal pure virtual {
        assumeNotPrecompile(addr, _pureChainId());
    }

    function assumeNotPrecompile(address addr, uint256 chainId) internal pure virtual {
        // Note: For some chains like Optimism these are technically predeploys (i.e. bytecode placed at a specific
        // address), but the same rationale for excluding them applies so we include those too.

        // These are reserved by Ethereum and may be on all EVM-compatible chains.
        vm.assume(addr < address(0x1) || addr > address(0xff));

        // forgefmt: disable-start
        if (chainId == 10 || chainId == 420) {
            // https://github.com/ethereum-optimism/optimism/blob/eaa371a0184b56b7ca6d9eb9cb0a2b78b2ccd864/op-bindings/predeploys/addresses.go#L6-L21
            vm.assume(addr < address(0x4200000000000000000000000000000000000000) || addr > address(0x4200000000000000000000000000000000000800));
        } else if (chainId == 42161 || chainId == 421613) {
            // https://developer.arbitrum.io/useful-addresses#arbitrum-precompiles-l2-same-on-all-arb-chains
            vm.assume(addr < address(0x0000000000000000000000000000000000000064) || addr > address(0x0000000000000000000000000000000000000068));
        } else if (chainId == 43114 || chainId == 43113) {
            // https://github.com/ava-labs/subnet-evm/blob/47c03fd007ecaa6de2c52ea081596e0a88401f58/precompile/params.go#L18-L59
            vm.assume(addr < address(0x0100000000000000000000000000000000000000) || addr > address(0x01000000000000000000000000000000000000ff));
            vm.assume(addr < address(0x0200000000000000000000000000000000000000) || addr > address(0x02000000000000000000000000000000000000FF));
            vm.assume(addr < address(0x0300000000000000000000000000000000000000) || addr > address(0x03000000000000000000000000000000000000Ff));
        }
        // forgefmt: disable-end
    }

    function assumeNotForgeAddress(address addr) internal pure virtual {
        // vm, console, and Create2Deployer addresses
        vm.assume(
            addr != address(vm) && addr != 0x000000000000000000636F6e736F6c652e6c6f67
                && addr != 0x4e59b44847b379578588920cA78FbF26c0B4956C
        );
    }

    function assumeUnusedAddress(address addr) internal view virtual {
        uint256 size;
        assembly {
            size := extcodesize(addr)
        }
        vm.assume(size == 0);

        assumeNotPrecompile(addr);
        assumeNotZeroAddress(addr);
        assumeNotForgeAddress(addr);
    }

    function readEIP1559ScriptArtifact(string memory path)
        internal
        view
        virtual
        returns (EIP1559ScriptArtifact memory)
    {
        string memory data = vm.readFile(path);
        bytes memory parsedData = vm.parseJson(data);
        RawEIP1559ScriptArtifact memory rawArtifact = abi.decode(parsedData, (RawEIP1559ScriptArtifact));
        EIP1559ScriptArtifact memory artifact;
        artifact.libraries = rawArtifact.libraries;
        artifact.path = rawArtifact.path;
        artifact.timestamp = rawArtifact.timestamp;
        artifact.pending = rawArtifact.pending;
        artifact.txReturns = rawArtifact.txReturns;
        artifact.receipts = rawToConvertedReceipts(rawArtifact.receipts);
        artifact.transactions = rawToConvertedEIPTx1559s(rawArtifact.transactions);
        return artifact;
    }

    function rawToConvertedEIPTx1559s(RawTx1559[] memory rawTxs) internal pure virtual returns (Tx1559[] memory) {
        Tx1559[] memory txs = new Tx1559[](rawTxs.length);
        for (uint256 i; i < rawTxs.length; i++) {
            txs[i] = rawToConvertedEIPTx1559(rawTxs[i]);
        }
        return txs;
    }

    function rawToConvertedEIPTx1559(RawTx1559 memory rawTx) internal pure virtual returns (Tx1559 memory) {
        Tx1559 memory transaction;
        transaction.arguments = rawTx.arguments;
        transaction.contractName = rawTx.contractName;
        transaction.functionSig = rawTx.functionSig;
        transaction.hash = rawTx.hash;
        transaction.txDetail = rawToConvertedEIP1559Detail(rawTx.txDetail);
        transaction.opcode = rawTx.opcode;
        return transaction;
    }

    function rawToConvertedEIP1559Detail(RawTx1559Detail memory rawDetail)
        internal
        pure
        virtual
        returns (Tx1559Detail memory)
    {
        Tx1559Detail memory txDetail;
        txDetail.data = rawDetail.data;
        txDetail.from = rawDetail.from;
        txDetail.to = rawDetail.to;
        txDetail.nonce = _bytesToUint(rawDetail.nonce);
        txDetail.txType = _bytesToUint(rawDetail.txType);
        txDetail.value = _bytesToUint(rawDetail.value);
        txDetail.gas = _bytesToUint(rawDetail.gas);
        txDetail.accessList = rawDetail.accessList;
        return txDetail;
    }

    function readTx1559s(string memory path) internal view virtual returns (Tx1559[] memory) {
        string memory deployData = vm.readFile(path);
        bytes memory parsedDeployData = vm.parseJson(deployData, ".transactions");
        RawTx1559[] memory rawTxs = abi.decode(parsedDeployData, (RawTx1559[]));
        return rawToConvertedEIPTx1559s(rawTxs);
    }

    function readTx1559(string memory path, uint256 index) internal view virtual returns (Tx1559 memory) {
        string memory deployData = vm.readFile(path);
        string memory key = string(abi.encodePacked(".transactions[", vm.toString(index), "]"));
        bytes memory parsedDeployData = vm.parseJson(deployData, key);
        RawTx1559 memory rawTx = abi.decode(parsedDeployData, (RawTx1559));
        return rawToConvertedEIPTx1559(rawTx);
    }

    // Analogous to readTransactions, but for receipts.
    function readReceipts(string memory path) internal view virtual returns (Receipt[] memory) {
        string memory deployData = vm.readFile(path);
        bytes memory parsedDeployData = vm.parseJson(deployData, ".receipts");
        RawReceipt[] memory rawReceipts = abi.decode(parsedDeployData, (RawReceipt[]));
        return rawToConvertedReceipts(rawReceipts);
    }

    function readReceipt(string memory path, uint256 index) internal view virtual returns (Receipt memory) {
        string memory deployData = vm.readFile(path);
        string memory key = string(abi.encodePacked(".receipts[", vm.toString(index), "]"));
        bytes memory parsedDeployData = vm.parseJson(deployData, key);
        RawReceipt memory rawReceipt = abi.decode(parsedDeployData, (RawReceipt));
        return rawToConvertedReceipt(rawReceipt);
    }

    function rawToConvertedReceipts(RawReceipt[] memory rawReceipts) internal pure virtual returns (Receipt[] memory) {
        Receipt[] memory receipts = new Receipt[](rawReceipts.length);
        for (uint256 i; i < rawReceipts.length; i++) {
            receipts[i] = rawToConvertedReceipt(rawReceipts[i]);
        }
        return receipts;
    }

    function rawToConvertedReceipt(RawReceipt memory rawReceipt) internal pure virtual returns (Receipt memory) {
        Receipt memory receipt;
        receipt.blockHash = rawReceipt.blockHash;
        receipt.to = rawReceipt.to;
        receipt.from = rawReceipt.from;
        receipt.contractAddress = rawReceipt.contractAddress;
        receipt.effectiveGasPrice = _bytesToUint(rawReceipt.effectiveGasPrice);
        receipt.cumulativeGasUsed = _bytesToUint(rawReceipt.cumulativeGasUsed);
        receipt.gasUsed = _bytesToUint(rawReceipt.gasUsed);
        receipt.status = _bytesToUint(rawReceipt.status);
        receipt.transactionIndex = _bytesToUint(rawReceipt.transactionIndex);
        receipt.blockNumber = _bytesToUint(rawReceipt.blockNumber);
        receipt.logs = rawToConvertedReceiptLogs(rawReceipt.logs);
        receipt.logsBloom = rawReceipt.logsBloom;
        receipt.transactionHash = rawReceipt.transactionHash;
        return receipt;
    }

    function rawToConvertedReceiptLogs(RawReceiptLog[] memory rawLogs)
        internal
        pure
        virtual
        returns (ReceiptLog[] memory)
    {
        ReceiptLog[] memory logs = new ReceiptLog[](rawLogs.length);
        for (uint256 i; i < rawLogs.length; i++) {
            logs[i].logAddress = rawLogs[i].logAddress;
            logs[i].blockHash = rawLogs[i].blockHash;
            logs[i].blockNumber = _bytesToUint(rawLogs[i].blockNumber);
            logs[i].data = rawLogs[i].data;
            logs[i].logIndex = _bytesToUint(rawLogs[i].logIndex);
            logs[i].topics = rawLogs[i].topics;
            logs[i].transactionIndex = _bytesToUint(rawLogs[i].transactionIndex);
            logs[i].transactionLogIndex = _bytesToUint(rawLogs[i].transactionLogIndex);
            logs[i].removed = rawLogs[i].removed;
        }
        return logs;
    }

    // Deploy a contract by fetching the contract bytecode from
    // the artifacts directory
    // e.g. `deployCode(code, abi.encode(arg1,arg2,arg3))`
    function deployCode(string memory what, bytes memory args) internal virtual returns (address addr) {
        bytes memory bytecode = abi.encodePacked(vm.getCode(what), args);
        /// @solidity memory-safe-assembly
        assembly {
            addr := create(0, add(bytecode, 0x20), mload(bytecode))
        }

        require(addr != address(0), "StdCheats deployCode(string,bytes): Deployment failed.");
    }

    function deployCode(string memory what) internal virtual returns (address addr) {
        bytes memory bytecode = vm.getCode(what);
        /// @solidity memory-safe-assembly
        assembly {
            addr := create(0, add(bytecode, 0x20), mload(bytecode))
        }

        require(addr != address(0), "StdCheats deployCode(string): Deployment failed.");
    }

    /// @dev deploy contract with value on construction
    function deployCode(string memory what, bytes memory args, uint256 val) internal virtual returns (address addr) {
        bytes memory bytecode = abi.encodePacked(vm.getCode(what), args);
        /// @solidity memory-safe-assembly
        assembly {
            addr := create(val, add(bytecode, 0x20), mload(bytecode))
        }

        require(addr != address(0), "StdCheats deployCode(string,bytes,uint256): Deployment failed.");
    }

    function deployCode(string memory what, uint256 val) internal virtual returns (address addr) {
        bytes memory bytecode = vm.getCode(what);
        /// @solidity memory-safe-assembly
        assembly {
            addr := create(val, add(bytecode, 0x20), mload(bytecode))
        }

        require(addr != address(0), "StdCheats deployCode(string,uint256): Deployment failed.");
    }

    // creates a labeled address and the corresponding private key
    function makeAddrAndKey(string memory name) internal virtual returns (address addr, uint256 privateKey) {
        privateKey = uint256(keccak256(abi.encodePacked(name)));
        addr = vm.addr(privateKey);
        vm.label(addr, name);
    }

    // creates a labeled address
    function makeAddr(string memory name) internal virtual returns (address addr) {
        (addr,) = makeAddrAndKey(name);
    }

    // Destroys an account immediately, sending the balance to beneficiary.
    // Destroying means: balance will be zero, code will be empty, and nonce will be 0
    // This is similar to selfdestruct but not identical: selfdestruct destroys code and nonce
    // only after tx ends, this will run immediately.
    function destroyAccount(address who, address beneficiary) internal virtual {
        uint256 currBalance = who.balance;
        vm.etch(who, abi.encode());
        vm.deal(who, 0);
        vm.resetNonce(who);

        uint256 beneficiaryBalance = beneficiary.balance;
        vm.deal(beneficiary, currBalance + beneficiaryBalance);
    }

    // creates a struct containing both a labeled address and the corresponding private key
    function makeAccount(string memory name) internal virtual returns (Account memory account) {
        (account.addr, account.key) = makeAddrAndKey(name);
    }

    function deriveRememberKey(string memory mnemonic, uint32 index)
        internal
        virtual
        returns (address who, uint256 privateKey)
    {
        privateKey = vm.deriveKey(mnemonic, index);
        who = vm.rememberKey(privateKey);
    }

    function _bytesToUint(bytes memory b) private pure returns (uint256) {
        require(b.length <= 32, "StdCheats _bytesToUint(bytes): Bytes length exceeds 32.");
        return abi.decode(abi.encodePacked(new bytes(32 - b.length), b), (uint256));
    }

    function isFork() internal view virtual returns (bool status) {
        try vm.activeFork() {
            status = true;
        } catch (bytes memory) {}
    }

    modifier skipWhenForking() {
        if (!isFork()) {
            _;
        }
    }

    modifier skipWhenNotForking() {
        if (isFork()) {
            _;
        }
    }

    modifier noGasMetering() {
        vm.pauseGasMetering();
        // To prevent turning gas monitoring back on with nested functions that use this modifier,
        // we check if gasMetering started in the off position. If it did, we don't want to turn
        // it back on until we exit the top level function that used the modifier
        //
        // i.e. funcA() noGasMetering { funcB() }, where funcB has noGasMetering as well.
        // funcA will have `gasStartedOff` as false, funcB will have it as true,
        // so we only turn metering back on at the end of the funcA
        bool gasStartedOff = gasMeteringOff;
        gasMeteringOff = true;

        _;

        // if gas metering was on when this modifier was called, turn it back on at the end
        if (!gasStartedOff) {
            gasMeteringOff = false;
            vm.resumeGasMetering();
        }
    }

    // We use this complex approach of `_viewChainId` and `_pureChainId` to ensure there are no
    // compiler warnings when accessing chain ID in any solidity version supported by forge-std. We
    // can't simply access the chain ID in a normal view or pure function because the solc View Pure
    // Checker changed `chainid` from pure to view in 0.8.0.
    function _viewChainId() private view returns (uint256 chainId) {
        // Assembly required since `block.chainid` was introduced in 0.8.0.
        assembly {
            chainId := chainid()
        }

        address(this); // Silence warnings in older Solc versions.
    }

    function _pureChainId() private pure returns (uint256 chainId) {
        function() internal view returns (uint256) fnIn = _viewChainId;
        function() internal pure returns (uint256) pureChainId;
        assembly {
            pureChainId := fnIn
        }
        chainId = pureChainId();
    }
}

// Wrappers around cheatcodes to avoid footguns
abstract contract StdCheats is StdCheatsSafe {
    using stdStorage for StdStorage;

    StdStorage private stdstore;
    Vm private constant vm = Vm(address(uint160(uint256(keccak256("hevm cheat code")))));
    address private constant CONSOLE2_ADDRESS = 0x000000000000000000636F6e736F6c652e6c6f67;

    // Skip forward or rewind time by the specified number of seconds
    function skip(uint256 time) internal virtual {
        vm.warp(vm.getBlockTimestamp() + time);
    }

    function rewind(uint256 time) internal virtual {
        vm.warp(vm.getBlockTimestamp() - time);
    }

    // Setup a prank from an address that has some ether
    function hoax(address msgSender) internal virtual {
        vm.deal(msgSender, 1 << 128);
        vm.prank(msgSender);
    }

    function hoax(address msgSender, uint256 give) internal virtual {
        vm.deal(msgSender, give);
        vm.prank(msgSender);
    }

    function hoax(address msgSender, address origin) internal virtual {
        vm.deal(msgSender, 1 << 128);
        vm.prank(msgSender, origin);
    }

    function hoax(address msgSender, address origin, uint256 give) internal virtual {
        vm.deal(msgSender, give);
        vm.prank(msgSender, origin);
    }

    // Start perpetual prank from an address that has some ether
    function startHoax(address msgSender) internal virtual {
        vm.deal(msgSender, 1 << 128);
        vm.startPrank(msgSender);
    }

    function startHoax(address msgSender, uint256 give) internal virtual {
        vm.deal(msgSender, give);
        vm.startPrank(msgSender);
    }

    // Start perpetual prank from an address that has some ether
    // tx.origin is set to the origin parameter
    function startHoax(address msgSender, address origin) internal virtual {
        vm.deal(msgSender, 1 << 128);
        vm.startPrank(msgSender, origin);
    }

    function startHoax(address msgSender, address origin, uint256 give) internal virtual {
        vm.deal(msgSender, give);
        vm.startPrank(msgSender, origin);
    }

    function changePrank(address msgSender) internal virtual {
        console2_log_StdCheats("changePrank is deprecated. Please use vm.startPrank instead.");
        vm.stopPrank();
        vm.startPrank(msgSender);
    }

    function changePrank(address msgSender, address txOrigin) internal virtual {
        vm.stopPrank();
        vm.startPrank(msgSender, txOrigin);
    }

    // The same as Vm's `deal`
    // Use the alternative signature for ERC20 tokens
    function deal(address to, uint256 give) internal virtual {
        vm.deal(to, give);
    }

    // Set the balance of an account for any ERC20 token
    // Use the alternative signature to update `totalSupply`
    function deal(address token, address to, uint256 give) internal virtual {
        deal(token, to, give, false);
    }

    // Set the balance of an account for any ERC1155 token
    // Use the alternative signature to update `totalSupply`
    function dealERC1155(address token, address to, uint256 id, uint256 give) internal virtual {
        dealERC1155(token, to, id, give, false);
    }

    function deal(address token, address to, uint256 give, bool adjust) internal virtual {
        // get current balance
        (, bytes memory balData) = token.staticcall(abi.encodeWithSelector(0x70a08231, to));
        uint256 prevBal = abi.decode(balData, (uint256));

        // update balance
        stdstore.target(token).sig(0x70a08231).with_key(to).checked_write(give);

        // update total supply
        if (adjust) {
            (, bytes memory totSupData) = token.staticcall(abi.encodeWithSelector(0x18160ddd));
            uint256 totSup = abi.decode(totSupData, (uint256));
            if (give < prevBal) {
                totSup -= (prevBal - give);
            } else {
                totSup += (give - prevBal);
            }
            stdstore.target(token).sig(0x18160ddd).checked_write(totSup);
        }
    }

    function dealERC1155(address token, address to, uint256 id, uint256 give, bool adjust) internal virtual {
        // get current balance
        (, bytes memory balData) = token.staticcall(abi.encodeWithSelector(0x00fdd58e, to, id));
        uint256 prevBal = abi.decode(balData, (uint256));

        // update balance
        stdstore.target(token).sig(0x00fdd58e).with_key(to).with_key(id).checked_write(give);

        // update total supply
        if (adjust) {
            (, bytes memory totSupData) = token.staticcall(abi.encodeWithSelector(0xbd85b039, id));
            require(
                totSupData.length != 0,
                "StdCheats deal(address,address,uint,uint,bool): target contract is not ERC1155Supply."
            );
            uint256 totSup = abi.decode(totSupData, (uint256));
            if (give < prevBal) {
                totSup -= (prevBal - give);
            } else {
                totSup += (give - prevBal);
            }
            stdstore.target(token).sig(0xbd85b039).with_key(id).checked_write(totSup);
        }
    }

    function dealERC721(address token, address to, uint256 id) internal virtual {
        // check if token id is already minted and the actual owner.
        (bool successMinted, bytes memory ownerData) = token.staticcall(abi.encodeWithSelector(0x6352211e, id));
        require(successMinted, "StdCheats deal(address,address,uint,bool): id not minted.");

        // get owner current balance
        (, bytes memory fromBalData) =
            token.staticcall(abi.encodeWithSelector(0x70a08231, abi.decode(ownerData, (address))));
        uint256 fromPrevBal = abi.decode(fromBalData, (uint256));

        // get new user current balance
        (, bytes memory toBalData) = token.staticcall(abi.encodeWithSelector(0x70a08231, to));
        uint256 toPrevBal = abi.decode(toBalData, (uint256));

        // update balances
        stdstore.target(token).sig(0x70a08231).with_key(abi.decode(ownerData, (address))).checked_write(--fromPrevBal);
        stdstore.target(token).sig(0x70a08231).with_key(to).checked_write(++toPrevBal);

        // update owner
        stdstore.target(token).sig(0x6352211e).with_key(id).checked_write(to);
    }

    function deployCodeTo(string memory what, address where) internal virtual {
        deployCodeTo(what, "", 0, where);
    }

    function deployCodeTo(string memory what, bytes memory args, address where) internal virtual {
        deployCodeTo(what, args, 0, where);
    }

    function deployCodeTo(string memory what, bytes memory args, uint256 value, address where) internal virtual {
        bytes memory creationCode = vm.getCode(what);
        vm.etch(where, abi.encodePacked(creationCode, args));
        (bool success, bytes memory runtimeBytecode) = where.call{value: value}("");
        require(success, "StdCheats deployCodeTo(string,bytes,uint256,address): Failed to create runtime bytecode.");
        vm.etch(where, runtimeBytecode);
    }

    // Used to prevent the compilation of console, which shortens the compilation time when console is not used elsewhere.
    function console2_log_StdCheats(string memory p0) private view {
        (bool status,) = address(CONSOLE2_ADDRESS).staticcall(abi.encodeWithSignature("log(string)", p0));
        status;
    }
}

17% lib/forge-std/src/StdInvariant.sol

Lines covered: 4 / 23 (17%)

// SPDX-License-Identifier: MIT
pragma solidity >=0.6.2 <0.9.0;

pragma experimental ABIEncoderV2;

abstract contract StdInvariant {
    struct FuzzSelector {
        address addr;
        bytes4[] selectors;
    }

    struct FuzzArtifactSelector {
        string artifact;
        bytes4[] selectors;
    }

    struct FuzzInterface {
        address addr;
        string[] artifacts;
    }

    address[] private _excludedContracts;
    address[] private _excludedSenders;
    address[] private _targetedContracts;
    address[] private _targetedSenders;

    string[] private _excludedArtifacts;
    string[] private _targetedArtifacts;

    FuzzArtifactSelector[] private _targetedArtifactSelectors;

    FuzzSelector[] private _excludedSelectors;
    FuzzSelector[] private _targetedSelectors;

    FuzzInterface[] private _targetedInterfaces;

    // Functions for users:
    // These are intended to be called in tests.

    function excludeContract(address newExcludedContract_) internal {
        _excludedContracts.push(newExcludedContract_);
    }

    function excludeSelector(FuzzSelector memory newExcludedSelector_) internal {
        _excludedSelectors.push(newExcludedSelector_);
    }

    function excludeSender(address newExcludedSender_) internal {
        _excludedSenders.push(newExcludedSender_);
    }

    function excludeArtifact(string memory newExcludedArtifact_) internal {
        _excludedArtifacts.push(newExcludedArtifact_);
    }

    function targetArtifact(string memory newTargetedArtifact_) internal {
        _targetedArtifacts.push(newTargetedArtifact_);
    }

    function targetArtifactSelector(FuzzArtifactSelector memory newTargetedArtifactSelector_) internal {
        _targetedArtifactSelectors.push(newTargetedArtifactSelector_);
    }

    function targetContract(address newTargetedContract_) internal {
        _targetedContracts.push(newTargetedContract_);
    }

    function targetSelector(FuzzSelector memory newTargetedSelector_) internal {
        _targetedSelectors.push(newTargetedSelector_);
    }

    function targetSender(address newTargetedSender_) internal {
        _targetedSenders.push(newTargetedSender_);
    }

    function targetInterface(FuzzInterface memory newTargetedInterface_) internal {
        _targetedInterfaces.push(newTargetedInterface_);
    }

    // Functions for forge:
    // These are called by forge to run invariant tests and don't need to be called in tests.

    function excludeArtifacts() public view returns (string[] memory excludedArtifacts_) {
        excludedArtifacts_ = _excludedArtifacts;
    }

    function excludeContracts() public view returns (address[] memory excludedContracts_) {
        excludedContracts_ = _excludedContracts;
    }

    function excludeSelectors() public view returns (FuzzSelector[] memory excludedSelectors_) {
        excludedSelectors_ = _excludedSelectors;
    }

    function excludeSenders() public view returns (address[] memory excludedSenders_) {
        excludedSenders_ = _excludedSenders;
    }

    function targetArtifacts() public view returns (string[] memory targetedArtifacts_) {
        targetedArtifacts_ = _targetedArtifacts;
    }

    function targetArtifactSelectors() public view returns (FuzzArtifactSelector[] memory targetedArtifactSelectors_) {
        targetedArtifactSelectors_ = _targetedArtifactSelectors;
    }

    function targetContracts() public view returns (address[] memory targetedContracts_) {
        targetedContracts_ = _targetedContracts;
    }

    function targetSelectors() public view returns (FuzzSelector[] memory targetedSelectors_) {
        targetedSelectors_ = _targetedSelectors;
    }

    function targetSenders() public view returns (address[] memory targetedSenders_) {
        targetedSenders_ = _targetedSenders;
    }

    function targetInterfaces() public view returns (FuzzInterface[] memory targetedInterfaces_) {
        targetedInterfaces_ = _targetedInterfaces;
    }
}

100% lib/forge-std/src/Test.sol

Lines covered: 1 / 1 (100%)

// SPDX-License-Identifier: MIT
pragma solidity >=0.6.2 <0.9.0;

pragma experimental ABIEncoderV2;

// 💬 ABOUT
// Forge Std's default Test.

// 🧩 MODULES
import {console} from "./console.sol";
import {console2} from "./console2.sol";
import {safeconsole} from "./safeconsole.sol";
import {StdAssertions} from "./StdAssertions.sol";
import {StdChains} from "./StdChains.sol";
import {StdCheats} from "./StdCheats.sol";
import {StdConstants} from "./StdConstants.sol";
import {stdError} from "./StdError.sol";
import {StdInvariant} from "./StdInvariant.sol";
import {stdJson} from "./StdJson.sol";
import {stdMath} from "./StdMath.sol";
import {StdStorage, stdStorage} from "./StdStorage.sol";
import {StdStyle} from "./StdStyle.sol";
import {stdToml} from "./StdToml.sol";
import {StdUtils} from "./StdUtils.sol";
import {Vm} from "./Vm.sol";

// 📦 BOILERPLATE
import {TestBase} from "./Base.sol";

// ⭐️ TEST
abstract contract Test is TestBase, StdAssertions, StdChains, StdCheats, StdInvariant, StdUtils {
    // Note: IS_TEST() must return true.
    bool public IS_TEST = true;
}

86% lib/setup-helpers/src/ActorManager.sol

Lines covered: 13 / 15 (86%)

// SPDX-License-Identifier: GPL-2.0
pragma solidity ^0.8.0;

import {BaseSetup} from "@chimera/BaseSetup.sol";
import {vm} from "@chimera/Hevm.sol";
import {EnumerableSet} from "./EnumerableSet.sol";

/// @dev This is the source of truth for the actors being used in the test
/// @notice No actors should be used in the suite without being added here first
abstract contract ActorManager {
    using EnumerableSet for EnumerableSet.AddressSet;

    ///@notice The current actor being used
    address private _actor;

    ///@notice The list of all actors being used
    EnumerableSet.AddressSet private _actors;

    // If the current target is address(0) then it has not been setup yet and should revert
    error ActorNotSetup();
    // Do not allow duplicates
    error ActorExists();
    // If the actor does not exist
    error ActorNotAdded();
    // Do not allow the default actor
    error DefaultActor();

    /// @notice address(this) is the default actor
    constructor() {
        _actors.add(address(this));
        _actor = address(this);
    }

    /// @notice Returns the current active actor
    function _getActor() internal view returns (address) {
        return _actor;
    }

    /// @notice Returns all actors being used
    function _getActors() internal view returns (address[] memory) {
        return _actors.values();
    }

    /// @notice Adds an actor to the list of actors
    function _addActor(address target) internal {
        if (_actors.contains(target)) {
            revert ActorExists();
        }

        if (target == address(this)) {
            revert DefaultActor();
        }

        _actors.add(target);
    }

    /// @notice Removes an actor from the list of actors
    function _removeActor(address target) internal {
        if (!_actors.contains(target)) {
            revert ActorNotAdded();
        }

        if (target == address(this)) {
            revert DefaultActor();
        }

        _actors.remove(target);
    }

    /// @dev Expose this in the `TargetFunctions` contract to let the fuzzer switch actors
    ///   NOTE: We revert if the entropy is greater than the number of actors, for Halmos compatibility
    /// @dev This may reduce fuzzing performance if using multiple actors, if so add explicitly clamped handlers to ManagersTargets using the index of all added actors
    /// @notice Switches the current actor based on the entropy
    /// @param entropy The entropy to choose a random actor in the array for switching
    /// @return target The new active actor
    function _switchActor(uint256 entropy) internal returns (address target) {
        target = _actors.at(entropy);
        _actor = target;
    }
}

88% lib/setup-helpers/src/AssetManager.sol

Lines covered: 8 / 9 (88%)

// SPDX-License-Identifier: GPL-2.0
pragma solidity ^0.8.0;

import {BaseSetup} from "@chimera/BaseSetup.sol";
import {vm} from "@chimera/Hevm.sol";

import {EnumerableSet} from "./EnumerableSet.sol";
import {MockERC20} from "./MockERC20.sol";

/// @dev Source of truth for the assets being used in the test
/// @notice No assets should be used in the suite without being added here first
abstract contract AssetManager {
    using EnumerableSet for EnumerableSet.AddressSet;

    /// @notice The current target for this set of variables
    address private __asset;

    /// @notice The list of all assets being used
    EnumerableSet.AddressSet private _assets;

    // If the current target is address(0) then it has not been setup yet and should revert
    error NotSetup();
    // Do not allow duplicates
    error Exists();
    // Enable only added assets
    error NotAdded();

    /// @notice Returns the current active asset
    function _getAsset() internal view returns (address) {
        if (__asset == address(0)) {
            revert NotSetup();
        }

        return __asset;
    }

    /// @notice Returns all assets being used
    function _getAssets() internal view returns (address[] memory) {
        return _assets.values();
    }

    /// @notice Creates a new asset and adds it to the list of assets
    /// @param decimals The number of decimals for the asset
    /// @return The address of the new asset
    function _newAsset(uint8 decimals) internal returns (address) {
        address asset_ = address(new MockERC20("Test Token", "TST", decimals)); // If names get confusing, concatenate the decimals to the name
        _addAsset(asset_);
        __asset = asset_; // sets the asset as the current asset
        return asset_;
    }

    /// @notice Adds an asset to the list of assets
    /// @param target The address of the asset to add
    function _addAsset(address target) internal {
        if (_assets.contains(target)) {
            revert Exists();
        }

        _assets.add(target);
    }

    /// @notice Removes an asset from the list of assets
    /// @param target The address of the asset to remove
    function _removeAsset(address target) internal {
        if (!_assets.contains(target)) {
            revert NotAdded();
        }

        _assets.remove(target);
    }

    /// @notice Switches the current asset based on the entropy
    ///   NOTE: We revert if the entropy is greater than the number of actors, for Halmos compatibility
    /// @param entropy The entropy to choose a random asset in the array for switching
    function _switchAsset(uint256 entropy) internal {
        address target = _assets.at(entropy);
        __asset = target;
    }

    /// === Approve & Mint Asset === ///

    /// @notice Mint initial balance and approve allowances for the active asset
    /// @param actorsArray The array of actors to mint the asset to
    /// @param approvalArray The array of addresses to approve the asset to
    /// @param amount The amount of the asset to mint
    function _finalizeAssetDeployment(address[] memory actorsArray, address[] memory approvalArray, uint256 amount)
        internal
    {
        _mintAssetToAllActors(actorsArray, amount);
        for (uint256 i; i < approvalArray.length; i++) {
            _approveAssetToAddressForAllActors(actorsArray, approvalArray[i]);
        }
    }

    /// @notice Mint the asset to all actors
    /// @param actorsArray The array of actors to mint the asset to
    /// @param amount The amount of the asset to mint
    function _mintAssetToAllActors(address[] memory actorsArray, uint256 amount) private {
        // mint all actors
        address[] memory assets = _getAssets();
        for (uint256 i; i < assets.length; i++) {
            for (uint256 j; j < actorsArray.length; j++) {
                vm.prank(actorsArray[j]);
                MockERC20(assets[i]).mint(actorsArray[j], amount);
            }
        }
    }

    /// @notice Approve the asset to all actors
    /// @param actorsArray The array of actors to approve the asset from
    /// @param addressToApprove The address to approve the asset to
    function _approveAssetToAddressForAllActors(address[] memory actorsArray, address addressToApprove) private {
        // approve to all actors
        address[] memory assets = _getAssets();
        for (uint256 i; i < assets.length; i++) {
            for (uint256 j; j < actorsArray.length; j++) {
                vm.prank(actorsArray[j]);
                MockERC20(assets[i]).approve(addressToApprove, type(uint256).max);
            }
        }
    }
}

90% lib/setup-helpers/src/EnumerableSet.sol

Lines covered: 19 / 21 (90%)

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (utils/structs/EnumerableSet.sol)
// This file was procedurally generated from scripts/generate/templates/EnumerableSet.js.

pragma solidity ^0.8.0;

/**
 * @dev Library for managing
 * https://en.wikipedia.org/wiki/Set_(abstract_data_type)[sets] of primitive
 * types.
 *
 * Sets have the following properties:
 *
 * - Elements are added, removed, and checked for existence in constant time
 * (O(1)).
 * - Elements are enumerated in O(n). No guarantees are made on the ordering.
 *
 * ```solidity
 * contract Example {
 *     // Add the library methods
 *     using EnumerableSet for EnumerableSet.AddressSet;
 *
 *     // Declare a set state variable
 *     EnumerableSet.AddressSet private mySet;
 * }
 * ```
 *
 * As of v3.3.0, sets of type `bytes32` (`Bytes32Set`), `address` (`AddressSet`)
 * and `uint256` (`UintSet`) are supported.
 *
 * [WARNING]
 * ====
 * Trying to delete such a structure from storage will likely result in data corruption, rendering the structure
 * unusable.
 * See https://github.com/ethereum/solidity/pull/11843[ethereum/solidity#11843] for more info.
 *
 * In order to clean an EnumerableSet, you can either remove all elements one by one or create a fresh instance using an
 * array of EnumerableSet.
 * ====
 */
library EnumerableSet {
    // To implement this library for multiple types with as little code
    // repetition as possible, we write it in terms of a generic Set type with
    // bytes32 values.
    // The Set implementation uses private functions, and user-facing
    // implementations (such as AddressSet) are just wrappers around the
    // underlying Set.
    // This means that we can only create new EnumerableSets for types that fit
    // in bytes32.

    struct Set {
        // Storage of set values
        bytes32[] _values;
        // Position of the value in the `values` array, plus 1 because index 0
        // means a value is not in the set.
        mapping(bytes32 => uint256) _indexes;
    }

    /**
     * @dev Add a value to a set. O(1).
     *
     * Returns true if the value was added to the set, that is if it was not
     * already present.
     */
    function _add(Set storage set, bytes32 value) private returns (bool) {
        if (!_contains(set, value)) {
            set._values.push(value);
            // The value is stored at length-1, but we add 1 to all indexes
            // and use 0 as a sentinel value
            set._indexes[value] = set._values.length;
            return true;
        } else {
            return false;
        }
    }

    /**
     * @dev Removes a value from a set. O(1).
     *
     * Returns true if the value was removed from the set, that is if it was
     * present.
     */
    function _remove(Set storage set, bytes32 value) private returns (bool) {
        // We read and store the value's index to prevent multiple reads from the same storage slot
        uint256 valueIndex = set._indexes[value];

        if (valueIndex != 0) {
            // Equivalent to contains(set, value)
            // To delete an element from the _values array in O(1), we swap the element to delete with the last one in
            // the array, and then remove the last element (sometimes called as 'swap and pop').
            // This modifies the order of the array, as noted in {at}.

            uint256 toDeleteIndex = valueIndex - 1;
            uint256 lastIndex = set._values.length - 1;

            if (lastIndex != toDeleteIndex) {
                bytes32 lastValue = set._values[lastIndex];

                // Move the last value to the index where the value to delete is
                set._values[toDeleteIndex] = lastValue;
                // Update the index for the moved value
                set._indexes[lastValue] = valueIndex; // Replace lastValue's index to valueIndex
            }

            // Delete the slot where the moved value was stored
            set._values.pop();

            // Delete the index for the deleted slot
            delete set._indexes[value];

            return true;
        } else {
            return false;
        }
    }

    /**
     * @dev Returns true if the value is in the set. O(1).
     */
    function _contains(Set storage set, bytes32 value) private view returns (bool) {
        return set._indexes[value] != 0;
    }

    /**
     * @dev Returns the number of values on the set. O(1).
     */
    function _length(Set storage set) private view returns (uint256) {
        return set._values.length;
    }

    /**
     * @dev Returns the value stored at position `index` in the set. O(1).
     *
     * Note that there are no guarantees on the ordering of values inside the
     * array, and it may change when more values are added or removed.
     *
     * Requirements:
     *
     * - `index` must be strictly less than {length}.
     */
    function _at(Set storage set, uint256 index) private view returns (bytes32) {
        return set._values[index];
    }

    /**
     * @dev Return the entire set in an array
     *
     * WARNING: This operation will copy the entire storage to memory, which can be quite expensive. This is designed
     * to mostly be used by view accessors that are queried without any gas fees. Developers should keep in mind that
     * this function has an unbounded cost, and using it as part of a state-changing function may render the function
     * uncallable if the set grows to a point where copying to memory consumes too much gas to fit in a block.
     */
    function _values(Set storage set) private view returns (bytes32[] memory) {
        return set._values;
    }

    // Bytes32Set

    struct Bytes32Set {
        Set _inner;
    }

    /**
     * @dev Add a value to a set. O(1).
     *
     * Returns true if the value was added to the set, that is if it was not
     * already present.
     */
    function add(Bytes32Set storage set, bytes32 value) internal returns (bool) {
        return _add(set._inner, value);
    }

    /**
     * @dev Removes a value from a set. O(1).
     *
     * Returns true if the value was removed from the set, that is if it was
     * present.
     */
    function remove(Bytes32Set storage set, bytes32 value) internal returns (bool) {
        return _remove(set._inner, value);
    }

    /**
     * @dev Returns true if the value is in the set. O(1).
     */
    function contains(Bytes32Set storage set, bytes32 value) internal view returns (bool) {
        return _contains(set._inner, value);
    }

    /**
     * @dev Returns the number of values in the set. O(1).
     */
    function length(Bytes32Set storage set) internal view returns (uint256) {
        return _length(set._inner);
    }

    /**
     * @dev Returns the value stored at position `index` in the set. O(1).
     *
     * Note that there are no guarantees on the ordering of values inside the
     * array, and it may change when more values are added or removed.
     *
     * Requirements:
     *
     * - `index` must be strictly less than {length}.
     */
    function at(Bytes32Set storage set, uint256 index) internal view returns (bytes32) {
        return _at(set._inner, index);
    }

    /**
     * @dev Return the entire set in an array
     *
     * WARNING: This operation will copy the entire storage to memory, which can be quite expensive. This is designed
     * to mostly be used by view accessors that are queried without any gas fees. Developers should keep in mind that
     * this function has an unbounded cost, and using it as part of a state-changing function may render the function
     * uncallable if the set grows to a point where copying to memory consumes too much gas to fit in a block.
     */
    function values(Bytes32Set storage set) internal view returns (bytes32[] memory) {
        bytes32[] memory store = _values(set._inner);
        bytes32[] memory result;

        /// @solidity memory-safe-assembly
        assembly {
            result := store
        }

        return result;
    }

    // AddressSet

    struct AddressSet {
        Set _inner;
    }

    /**
     * @dev Add a value to a set. O(1).
     *
     * Returns true if the value was added to the set, that is if it was not
     * already present.
     */
    function add(AddressSet storage set, address value) internal returns (bool) {
        return _add(set._inner, bytes32(uint256(uint160(value))));
    }

    /**
     * @dev Removes a value from a set. O(1).
     *
     * Returns true if the value was removed from the set, that is if it was
     * present.
     */
    function remove(AddressSet storage set, address value) internal returns (bool) {
        return _remove(set._inner, bytes32(uint256(uint160(value))));
    }

    /**
     * @dev Returns true if the value is in the set. O(1).
     */
    function contains(AddressSet storage set, address value) internal view returns (bool) {
        return _contains(set._inner, bytes32(uint256(uint160(value))));
    }

    /**
     * @dev Returns the number of values in the set. O(1).
     */
    function length(AddressSet storage set) internal view returns (uint256) {
        return _length(set._inner);
    }

    /**
     * @dev Returns the value stored at position `index` in the set. O(1).
     *
     * Note that there are no guarantees on the ordering of values inside the
     * array, and it may change when more values are added or removed.
     *
     * Requirements:
     *
     * - `index` must be strictly less than {length}.
     */
    function at(AddressSet storage set, uint256 index) internal view returns (address) {
        return address(uint160(uint256(_at(set._inner, index))));
    }

    /**
     * @dev Return the entire set in an array
     *
     * WARNING: This operation will copy the entire storage to memory, which can be quite expensive. This is designed
     * to mostly be used by view accessors that are queried without any gas fees. Developers should keep in mind that
     * this function has an unbounded cost, and using it as part of a state-changing function may render the function
     * uncallable if the set grows to a point where copying to memory consumes too much gas to fit in a block.
     */
    function values(AddressSet storage set) internal view returns (address[] memory) {
        bytes32[] memory store = _values(set._inner);
        address[] memory result;

        /// @solidity memory-safe-assembly
        assembly {
            result := store
        }

        return result;
    }

    // UintSet

    struct UintSet {
        Set _inner;
    }

    /**
     * @dev Add a value to a set. O(1).
     *
     * Returns true if the value was added to the set, that is if it was not
     * already present.
     */
    function add(UintSet storage set, uint256 value) internal returns (bool) {
        return _add(set._inner, bytes32(value));
    }

    /**
     * @dev Removes a value from a set. O(1).
     *
     * Returns true if the value was removed from the set, that is if it was
     * present.
     */
    function remove(UintSet storage set, uint256 value) internal returns (bool) {
        return _remove(set._inner, bytes32(value));
    }

    /**
     * @dev Returns true if the value is in the set. O(1).
     */
    function contains(UintSet storage set, uint256 value) internal view returns (bool) {
        return _contains(set._inner, bytes32(value));
    }

    /**
     * @dev Returns the number of values in the set. O(1).
     */
    function length(UintSet storage set) internal view returns (uint256) {
        return _length(set._inner);
    }

    /**
     * @dev Returns the value stored at position `index` in the set. O(1).
     *
     * Note that there are no guarantees on the ordering of values inside the
     * array, and it may change when more values are added or removed.
     *
     * Requirements:
     *
     * - `index` must be strictly less than {length}.
     */
    function at(UintSet storage set, uint256 index) internal view returns (uint256) {
        return uint256(_at(set._inner, index));
    }

    /**
     * @dev Return the entire set in an array
     *
     * WARNING: This operation will copy the entire storage to memory, which can be quite expensive. This is designed
     * to mostly be used by view accessors that are queried without any gas fees. Developers should keep in mind that
     * this function has an unbounded cost, and using it as part of a state-changing function may render the function
     * uncallable if the set grows to a point where copying to memory consumes too much gas to fit in a block.
     */
    function values(UintSet storage set) internal view returns (uint256[] memory) {
        bytes32[] memory store = _values(set._inner);
        uint256[] memory result;

        /// @solidity memory-safe-assembly
        assembly {
            result := store
        }

        return result;
    }
}

22% src/access/AccessManagerEnumerable.sol

Lines covered: 8 / 36 (22%)

// SPDX-License-Identifier: UNLICENSED
// Copyright (c) 2025 Aave Labs
pragma solidity 0.8.28;

import {AccessManager} from 'src/dependencies/openzeppelin/AccessManager.sol';
import {EnumerableSet} from 'src/dependencies/openzeppelin/EnumerableSet.sol';
import {IAccessManagerEnumerable} from 'src/access/interfaces/IAccessManagerEnumerable.sol';

/// @title AccessManagerEnumerable
/// @author Aave Labs
/// @notice Extension of AccessManager that tracks role members and their function selectors using EnumerableSet.
contract AccessManagerEnumerable is AccessManager, IAccessManagerEnumerable {
  using EnumerableSet for EnumerableSet.AddressSet;
  using EnumerableSet for EnumerableSet.Bytes32Set;

  /// @dev Map of role identifiers to their respective member sets.
  mapping(uint64 roleId => EnumerableSet.AddressSet) private _roleMembers;

  /// @dev Map of role identifiers and target contract addresses to their respective set of function selectors.
  mapping(uint64 roleId => mapping(address target => EnumerableSet.Bytes32Set))
    private _roleTargetFunctions;

  constructor(address initialAdmin_) AccessManager(initialAdmin_) {}

  /// @inheritdoc IAccessManagerEnumerable
  function getRoleMember(uint64 roleId, uint256 index) external view returns (address) {
    return _roleMembers[roleId].at(index);
  }

  /// @inheritdoc IAccessManagerEnumerable
  function getRoleMemberCount(uint64 roleId) external view returns (uint256) {
    return _roleMembers[roleId].length();
  }

  /// @inheritdoc IAccessManagerEnumerable
  function getRoleMembers(
    uint64 roleId,
    uint256 start,
    uint256 end
  ) external view returns (address[] memory) {
    return _roleMembers[roleId].values(start, end);
  }

  /// @inheritdoc IAccessManagerEnumerable
  function getRoleTargetFunction(
    uint64 roleId,
    address target,
    uint256 index
  ) external view returns (bytes4) {
    return bytes4(_roleTargetFunctions[roleId][target].at(index));
  }

  /// @inheritdoc IAccessManagerEnumerable
  function getRoleTargetFunctionCount(
    uint64 roleId,
    address target
  ) external view returns (uint256) {
    return _roleTargetFunctions[roleId][target].length();
  }

  /// @inheritdoc IAccessManagerEnumerable
  function getRoleTargetFunctions(
    uint64 roleId,
    address target,
    uint256 start,
    uint256 end
  ) external view returns (bytes4[] memory) {
    bytes32[] memory targetFunctions = _roleTargetFunctions[roleId][target].values(start, end);
    bytes4[] memory targetFunctionSelectors;
    assembly ('memory-safe') {
      targetFunctionSelectors := targetFunctions
    }
    return targetFunctionSelectors;
  }

  /// @dev Override AccessManager `_grantRole` function to track role members.
  function _grantRole(
    uint64 roleId,
    address account,
    uint32 grantDelay,
    uint32 executionDelay
  ) internal override returns (bool) {
    bool granted = super._grantRole(roleId, account, grantDelay, executionDelay);
    if (granted) {
      _roleMembers[roleId].add(account);
    }
    return granted;
  }

  /// @dev Override AccessManager `_revokeRole` function to remove from tracked role members.
  function _revokeRole(uint64 roleId, address account) internal override returns (bool) {
    bool revoked = super._revokeRole(roleId, account);
    if (revoked) {
      _roleMembers[roleId].remove(account);
    }
    return revoked;
  }

  /// @dev Override AccessManager `_setTargetFunctionRole` function to track function selectors attributed to roles.
  function _setTargetFunctionRole(
    address target,
    bytes4 selector,
    uint64 roleId
  ) internal override {
    uint64 oldRoleId = getTargetFunctionRole(target, selector);
    super._setTargetFunctionRole(target, selector, roleId);
    if (oldRoleId != ADMIN_ROLE) {
      _roleTargetFunctions[oldRoleId][target].remove(bytes32(selector));
    }
    if (roleId != ADMIN_ROLE) {
      _roleTargetFunctions[roleId][target].add(bytes32(selector));
    }
  }
}

67% src/dependencies/openzeppelin/AccessManaged.sol

Lines covered: 19 / 28 (67%)

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.4.0) (access/manager/AccessManaged.sol)

pragma solidity ^0.8.20;

import {AuthorityUtils} from './AuthorityUtils.sol';
import {IAccessManager} from './IAccessManager.sol';
import {IAccessManaged} from './IAccessManaged.sol';
import {Context} from './Context.sol';

/**
 * @dev This contract module makes available a {restricted} modifier. Functions decorated with this modifier will be
 * permissioned according to an "authority": a contract like {AccessManager} that follows the {IAuthority} interface,
 * implementing a policy that allows certain callers to access certain functions.
 *
 * IMPORTANT: The `restricted` modifier should never be used on `internal` functions, judiciously used in `public`
 * functions, and ideally only used in `external` functions. See {restricted}.
 */
abstract contract AccessManaged is Context, IAccessManaged {
  address private _authority;

  bool private _consumingSchedule;

  /**
   * @dev Initializes the contract connected to an initial authority.
   */
  constructor(address initialAuthority) {
    _setAuthority(initialAuthority);
  }

  /**
   * @dev Restricts access to a function as defined by the connected Authority for this contract and the
   * caller and selector of the function that entered the contract.
   *
   * [IMPORTANT]
   * ====
   * In general, this modifier should only be used on `external` functions. It is okay to use it on `public`
   * functions that are used as external entry points and are not called internally. Unless you know what you're
   * doing, it should never be used on `internal` functions. Failure to follow these rules can have critical security
   * implications! This is because the permissions are determined by the function that entered the contract, i.e. the
   * function at the bottom of the call stack, and not the function where the modifier is visible in the source code.
   * ====
   *
   * [WARNING]
   * ====
   * Avoid adding this modifier to the https://docs.soliditylang.org/en/v0.8.20/contracts.html#receive-ether-function[`receive()`]
   * function or the https://docs.soliditylang.org/en/v0.8.20/contracts.html#fallback-function[`fallback()`]. These
   * functions are the only execution paths where a function selector cannot be unambiguously determined from the calldata
   * since the selector defaults to `0x00000000` in the `receive()` function and similarly in the `fallback()` function
   * if no calldata is provided. (See {_checkCanCall}).
   *
   * The `receive()` function will always panic whereas the `fallback()` may panic depending on the calldata length.
   * ====
   */
  modifier restricted() {
    _checkCanCall(_msgSender(), _msgData());
    _;
  }

  /// @inheritdoc IAccessManaged
  function authority() public view virtual returns (address) {
    return _authority;
  }

  /// @inheritdoc IAccessManaged
  function setAuthority(address newAuthority) public virtual {
    address caller = _msgSender();
    if (caller != authority()) {
      revert AccessManagedUnauthorized(caller);
    }
    if (newAuthority.code.length == 0) {
      revert AccessManagedInvalidAuthority(newAuthority);
    }
    _setAuthority(newAuthority);
  }

  /// @inheritdoc IAccessManaged
  function isConsumingScheduledOp() public view returns (bytes4) {
    return _consumingSchedule ? this.isConsumingScheduledOp.selector : bytes4(0);
  }

  /**
   * @dev Transfers control to a new authority. Internal function with no access restriction. Allows bypassing the
   * permissions set by the current authority.
   */
  function _setAuthority(address newAuthority) internal virtual {
    _authority = newAuthority;
    emit AuthorityUpdated(newAuthority);
  }

  /**
   * @dev Reverts if the caller is not allowed to call the function identified by a selector. Panics if the calldata
   * is less than 4 bytes long.
   */
  function _checkCanCall(address caller, bytes calldata data) internal virtual {
    (bool immediate, uint32 delay) = AuthorityUtils.canCallWithDelay(
      authority(),
      caller,
      address(this),
      bytes4(data[0:4])
    );
    if (!immediate) {
      if (delay > 0) {
        _consumingSchedule = true;
        IAccessManager(authority()).consumeScheduledOp(caller, data);
        _consumingSchedule = false;
      } else {
        revert AccessManagedUnauthorized(caller);
      }
    }
  }
}

14% src/dependencies/openzeppelin/AccessManager.sol

Lines covered: 36 / 250 (14%)

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.1.0) (access/manager/AccessManager.sol)

pragma solidity ^0.8.20;

import {IAccessManager} from './IAccessManager.sol';
import {IAccessManaged} from './IAccessManaged.sol';
import {Address} from './Address.sol';
import {Context} from './Context.sol';
import {Multicall} from './Multicall.sol';
import {Math} from './Math.sol';
import {Time} from './Time.sol';

/**
 * @dev AccessManager is a central contract to store the permissions of a system.
 *
 * A smart contract under the control of an AccessManager instance is known as a target, and will inherit from the
 * {AccessManaged} contract, be connected to this contract as its manager and implement the {AccessManaged-restricted}
 * modifier on a set of functions selected to be permissioned. Note that any function without this setup won't be
 * effectively restricted.
 *
 * The restriction rules for such functions are defined in terms of "roles" identified by an `uint64` and scoped
 * by target (`address`) and function selectors (`bytes4`). These roles are stored in this contract and can be
 * configured by admins (`ADMIN_ROLE` members) after a delay (see {getTargetAdminDelay}).
 *
 * For each target contract, admins can configure the following without any delay:
 *
 * * The target's {AccessManaged-authority} via {updateAuthority}.
 * * Close or open a target via {setTargetClosed} keeping the permissions intact.
 * * The roles that are allowed (or disallowed) to call a given function (identified by its selector) through {setTargetFunctionRole}.
 *
 * By default every address is member of the `PUBLIC_ROLE` and every target function is restricted to the `ADMIN_ROLE` until configured otherwise.
 * Additionally, each role has the following configuration options restricted to this manager's admins:
 *
 * * A role's admin role via {setRoleAdmin} who can grant or revoke roles.
 * * A role's guardian role via {setRoleGuardian} who's allowed to cancel operations.
 * * A delay in which a role takes effect after being granted through {setGrantDelay}.
 * * A delay of any target's admin action via {setTargetAdminDelay}.
 * * A role label for discoverability purposes with {labelRole}.
 *
 * Any account can be added and removed into any number of these roles by using the {grantRole} and {revokeRole} functions
 * restricted to each role's admin (see {getRoleAdmin}).
 *
 * Since all the permissions of the managed system can be modified by the admins of this instance, it is expected that
 * they will be highly secured (e.g., a multisig or a well-configured DAO).
 *
 * NOTE: This contract implements a form of the {IAuthority} interface, but {canCall} has additional return data so it
 * doesn't inherit `IAuthority`. It is however compatible with the `IAuthority` interface since the first 32 bytes of
 * the return data are a boolean as expected by that interface.
 *
 * NOTE: Systems that implement other access control mechanisms (for example using {Ownable}) can be paired with an
 * {AccessManager} by transferring permissions (ownership in the case of {Ownable}) directly to the {AccessManager}.
 * Users will be able to interact with these contracts through the {execute} function, following the access rules
 * registered in the {AccessManager}. Keep in mind that in that context, the msg.sender seen by restricted functions
 * will be {AccessManager} itself.
 *
 * WARNING: When granting permissions over an {Ownable} or {AccessControl} contract to an {AccessManager}, be very
 * mindful of the danger associated with functions such as {Ownable-renounceOwnership} or
 * {AccessControl-renounceRole}.
 */
contract AccessManager is Context, Multicall, IAccessManager {
  using Time for *;

  // Structure that stores the details for a target contract.
  struct TargetConfig {
    mapping(bytes4 selector => uint64 roleId) allowedRoles;
    Time.Delay adminDelay;
    bool closed;
  }

  // Structure that stores the details for a role/account pair. This structures fit into a single slot.
  struct Access {
    // Timepoint at which the user gets the permission.
    // If this is either 0 or in the future, then the role permission is not available.
    uint48 since;
    // Delay for execution. Only applies to restricted() / execute() calls.
    Time.Delay delay;
  }

  // Structure that stores the details of a role.
  struct Role {
    // Members of the role.
    mapping(address user => Access access) members;
    // Admin who can grant or revoke permissions.
    uint64 admin;
    // Guardian who can cancel operations targeting functions that need this role.
    uint64 guardian;
    // Delay in which the role takes effect after being granted.
    Time.Delay grantDelay;
  }

  // Structure that stores the details for a scheduled operation. This structure fits into a single slot.
  struct Schedule {
    // Moment at which the operation can be executed.
    uint48 timepoint;
    // Operation nonce to allow third-party contracts to identify the operation.
    uint32 nonce;
  }

  /**
   * @dev The identifier of the admin role. Required to perform most configuration operations including
   * other roles' management and target restrictions.
   */
  uint64 public constant ADMIN_ROLE = type(uint64).min; // 0

  /**
   * @dev The identifier of the public role. Automatically granted to all addresses with no delay.
   */
  uint64 public constant PUBLIC_ROLE = type(uint64).max; // 2**64-1

  mapping(address target => TargetConfig mode) private _targets;
  mapping(uint64 roleId => Role) private _roles;
  mapping(bytes32 operationId => Schedule) private _schedules;

  // Used to identify operations that are currently being executed via {execute}.
  // This should be transient storage when supported by the EVM.
  bytes32 private _executionId;

  /**
   * @dev Check that the caller is authorized to perform the operation.
   * See {AccessManager} description for a detailed breakdown of the authorization logic.
   */
  modifier onlyAuthorized() {
    _checkAuthorized();
    _;
  }

  constructor(address initialAdmin) {
    if (initialAdmin == address(0)) {
      revert AccessManagerInvalidInitialAdmin(address(0));
    }

    // admin is active immediately and without any execution delay.
    _grantRole(ADMIN_ROLE, initialAdmin, 0, 0);
  }

  // =================================================== GETTERS ====================================================
  /// @inheritdoc IAccessManager
  function canCall(
    address caller,
    address target,
    bytes4 selector
  ) public view virtual returns (bool immediate, uint32 delay) {
    if (isTargetClosed(target)) {
      return (false, 0);
    } else if (caller == address(this)) {
      // Caller is AccessManager, this means the call was sent through {execute} and it already checked
      // permissions. We verify that the call "identifier", which is set during {execute}, is correct.
      return (_isExecuting(target, selector), 0);
    } else {
      uint64 roleId = getTargetFunctionRole(target, selector);
      (bool isMember, uint32 currentDelay) = hasRole(roleId, caller);
      return isMember ? (currentDelay == 0, currentDelay) : (false, 0);
    }
  }

  /// @inheritdoc IAccessManager
  function expiration() public view virtual returns (uint32) {
    return 1 weeks;
  }

  /// @inheritdoc IAccessManager
  function minSetback() public view virtual returns (uint32) {
    return 5 days;
  }

  /// @inheritdoc IAccessManager
  function isTargetClosed(address target) public view virtual returns (bool) {
    return _targets[target].closed;
  }

  /// @inheritdoc IAccessManager
  function getTargetFunctionRole(
    address target,
    bytes4 selector
  ) public view virtual returns (uint64) {
    return _targets[target].allowedRoles[selector];
  }

  /// @inheritdoc IAccessManager
  function getTargetAdminDelay(address target) public view virtual returns (uint32) {
    return _targets[target].adminDelay.get();
  }

  /// @inheritdoc IAccessManager
  function getRoleAdmin(uint64 roleId) public view virtual returns (uint64) {
    return _roles[roleId].admin;
  }

  /// @inheritdoc IAccessManager
  function getRoleGuardian(uint64 roleId) public view virtual returns (uint64) {
    return _roles[roleId].guardian;
  }

  /// @inheritdoc IAccessManager
  function getRoleGrantDelay(uint64 roleId) public view virtual returns (uint32) {
    return _roles[roleId].grantDelay.get();
  }

  /// @inheritdoc IAccessManager
  function getAccess(
    uint64 roleId,
    address account
  )
    public
    view
    virtual
    returns (uint48 since, uint32 currentDelay, uint32 pendingDelay, uint48 effect)
  {
    Access storage access = _roles[roleId].members[account];

    since = access.since;
    (currentDelay, pendingDelay, effect) = access.delay.getFull();

    return (since, currentDelay, pendingDelay, effect);
  }

  /// @inheritdoc IAccessManager
  function hasRole(
    uint64 roleId,
    address account
  ) public view virtual returns (bool isMember, uint32 executionDelay) {
    if (roleId == PUBLIC_ROLE) {
      return (true, 0);
    } else {
      (uint48 hasRoleSince, uint32 currentDelay, , ) = getAccess(roleId, account);
      return (hasRoleSince != 0 && hasRoleSince <= Time.timestamp(), currentDelay);
    }
  }

  // =============================================== ROLE MANAGEMENT ===============================================
  /// @inheritdoc IAccessManager
  function labelRole(uint64 roleId, string calldata label) public virtual onlyAuthorized {
    if (roleId == ADMIN_ROLE || roleId == PUBLIC_ROLE) {
      revert AccessManagerLockedRole(roleId);
    }
    emit RoleLabel(roleId, label);
  }

  /// @inheritdoc IAccessManager
  function grantRole(
    uint64 roleId,
    address account,
    uint32 executionDelay
  ) public virtual onlyAuthorized {
    _grantRole(roleId, account, getRoleGrantDelay(roleId), executionDelay);
  }

  /// @inheritdoc IAccessManager
  function revokeRole(uint64 roleId, address account) public virtual onlyAuthorized {
    _revokeRole(roleId, account);
  }

  /// @inheritdoc IAccessManager
  function renounceRole(uint64 roleId, address callerConfirmation) public virtual {
    if (callerConfirmation != _msgSender()) {
      revert AccessManagerBadConfirmation();
    }
    _revokeRole(roleId, callerConfirmation);
  }

  /// @inheritdoc IAccessManager
  function setRoleAdmin(uint64 roleId, uint64 admin) public virtual onlyAuthorized {
    _setRoleAdmin(roleId, admin);
  }

  /// @inheritdoc IAccessManager
  function setRoleGuardian(uint64 roleId, uint64 guardian) public virtual onlyAuthorized {
    _setRoleGuardian(roleId, guardian);
  }

  /// @inheritdoc IAccessManager
  function setGrantDelay(uint64 roleId, uint32 newDelay) public virtual onlyAuthorized {
    _setGrantDelay(roleId, newDelay);
  }

  /**
   * @dev Internal version of {grantRole} without access control. Returns true if the role was newly granted.
   *
   * Emits a {RoleGranted} event.
   */
  function _grantRole(
    uint64 roleId,
    address account,
    uint32 grantDelay,
    uint32 executionDelay
  ) internal virtual returns (bool) {
    if (roleId == PUBLIC_ROLE) {
      revert AccessManagerLockedRole(roleId);
    }

    bool newMember = _roles[roleId].members[account].since == 0;
    uint48 since;

    if (newMember) {
      since = Time.timestamp() + grantDelay;
      _roles[roleId].members[account] = Access({since: since, delay: executionDelay.toDelay()});
    } else {
      // No setback here. Value can be reset by doing revoke + grant, effectively allowing the admin to perform
      // any change to the execution delay within the duration of the role admin delay.
      (_roles[roleId].members[account].delay, since) = _roles[roleId]
        .members[account]
        .delay
        .withUpdate(executionDelay, 0);
    }

    emit RoleGranted(roleId, account, executionDelay, since, newMember);
    return newMember;
  }

  /**
   * @dev Internal version of {revokeRole} without access control. This logic is also used by {renounceRole}.
   * Returns true if the role was previously granted.
   *
   * Emits a {RoleRevoked} event if the account had the role.
   */
  function _revokeRole(uint64 roleId, address account) internal virtual returns (bool) {
    if (roleId == PUBLIC_ROLE) {
      revert AccessManagerLockedRole(roleId);
    }

    if (_roles[roleId].members[account].since == 0) {
      return false;
    }

    delete _roles[roleId].members[account];

    emit RoleRevoked(roleId, account);
    return true;
  }

  /**
   * @dev Internal version of {setRoleAdmin} without access control.
   *
   * Emits a {RoleAdminChanged} event.
   *
   * NOTE: Setting the admin role as the `PUBLIC_ROLE` is allowed, but it will effectively allow
   * anyone to set grant or revoke such role.
   */
  function _setRoleAdmin(uint64 roleId, uint64 admin) internal virtual {
    if (roleId == ADMIN_ROLE || roleId == PUBLIC_ROLE) {
      revert AccessManagerLockedRole(roleId);
    }

    _roles[roleId].admin = admin;

    emit RoleAdminChanged(roleId, admin);
  }

  /**
   * @dev Internal version of {setRoleGuardian} without access control.
   *
   * Emits a {RoleGuardianChanged} event.
   *
   * NOTE: Setting the guardian role as the `PUBLIC_ROLE` is allowed, but it will effectively allow
   * anyone to cancel any scheduled operation for such role.
   */
  function _setRoleGuardian(uint64 roleId, uint64 guardian) internal virtual {
    if (roleId == ADMIN_ROLE || roleId == PUBLIC_ROLE) {
      revert AccessManagerLockedRole(roleId);
    }

    _roles[roleId].guardian = guardian;

    emit RoleGuardianChanged(roleId, guardian);
  }

  /**
   * @dev Internal version of {setGrantDelay} without access control.
   *
   * Emits a {RoleGrantDelayChanged} event.
   */
  function _setGrantDelay(uint64 roleId, uint32 newDelay) internal virtual {
    if (roleId == PUBLIC_ROLE) {
      revert AccessManagerLockedRole(roleId);
    }

    uint48 effect;
    (_roles[roleId].grantDelay, effect) = _roles[roleId].grantDelay.withUpdate(
      newDelay,
      minSetback()
    );

    emit RoleGrantDelayChanged(roleId, newDelay, effect);
  }

  // ============================================= FUNCTION MANAGEMENT ==============================================
  /// @inheritdoc IAccessManager
  function setTargetFunctionRole(
    address target,
    bytes4[] calldata selectors,
    uint64 roleId
  ) public virtual onlyAuthorized {
    for (uint256 i = 0; i < selectors.length; ++i) {
      _setTargetFunctionRole(target, selectors[i], roleId);
    }
  }

  /**
   * @dev Internal version of {setTargetFunctionRole} without access control.
   *
   * Emits a {TargetFunctionRoleUpdated} event.
   */
  function _setTargetFunctionRole(address target, bytes4 selector, uint64 roleId) internal virtual {
    _targets[target].allowedRoles[selector] = roleId;
    emit TargetFunctionRoleUpdated(target, selector, roleId);
  }

  /// @inheritdoc IAccessManager
  function setTargetAdminDelay(address target, uint32 newDelay) public virtual onlyAuthorized {
    _setTargetAdminDelay(target, newDelay);
  }

  /**
   * @dev Internal version of {setTargetAdminDelay} without access control.
   *
   * Emits a {TargetAdminDelayUpdated} event.
   */
  function _setTargetAdminDelay(address target, uint32 newDelay) internal virtual {
    uint48 effect;
    (_targets[target].adminDelay, effect) = _targets[target].adminDelay.withUpdate(
      newDelay,
      minSetback()
    );

    emit TargetAdminDelayUpdated(target, newDelay, effect);
  }

  // =============================================== MODE MANAGEMENT ================================================
  /// @inheritdoc IAccessManager
  function setTargetClosed(address target, bool closed) public virtual onlyAuthorized {
    _setTargetClosed(target, closed);
  }

  /**
   * @dev Set the closed flag for a contract. This is an internal setter with no access restrictions.
   *
   * Emits a {TargetClosed} event.
   */
  function _setTargetClosed(address target, bool closed) internal virtual {
    _targets[target].closed = closed;
    emit TargetClosed(target, closed);
  }

  // ============================================== DELAYED OPERATIONS ==============================================
  /// @inheritdoc IAccessManager
  function getSchedule(bytes32 id) public view virtual returns (uint48) {
    uint48 timepoint = _schedules[id].timepoint;
    return _isExpired(timepoint) ? 0 : timepoint;
  }

  /// @inheritdoc IAccessManager
  function getNonce(bytes32 id) public view virtual returns (uint32) {
    return _schedules[id].nonce;
  }

  /// @inheritdoc IAccessManager
  function schedule(
    address target,
    bytes calldata data,
    uint48 when
  ) public virtual returns (bytes32 operationId, uint32 nonce) {
    address caller = _msgSender();

    // Fetch restrictions that apply to the caller on the targeted function
    (, uint32 setback) = _canCallExtended(caller, target, data);

    uint48 minWhen = Time.timestamp() + setback;

    // If call with delay is not authorized, or if requested timing is too soon, revert
    if (setback == 0 || (when > 0 && when < minWhen)) {
      revert AccessManagerUnauthorizedCall(caller, target, _checkSelector(data));
    }

    // Reuse variable due to stack too deep
    when = uint48(Math.max(when, minWhen)); // cast is safe: both inputs are uint48

    // If caller is authorised, schedule operation
    operationId = hashOperation(caller, target, data);

    _checkNotScheduled(operationId);

    unchecked {
      // It's not feasible to overflow the nonce in less than 1000 years
      nonce = _schedules[operationId].nonce + 1;
    }
    _schedules[operationId].timepoint = when;
    _schedules[operationId].nonce = nonce;
    emit OperationScheduled(operationId, nonce, when, caller, target, data);

    // Using named return values because otherwise we get stack too deep
  }

  /**
   * @dev Reverts if the operation is currently scheduled and has not expired.
   *
   * NOTE: This function was introduced due to stack too deep errors in schedule.
   */
  function _checkNotScheduled(bytes32 operationId) private view {
    uint48 prevTimepoint = _schedules[operationId].timepoint;
    if (prevTimepoint != 0 && !_isExpired(prevTimepoint)) {
      revert AccessManagerAlreadyScheduled(operationId);
    }
  }

  /// @inheritdoc IAccessManager
  // Reentrancy is not an issue because permissions are checked on msg.sender. Additionally,
  // _consumeScheduledOp guarantees a scheduled operation is only executed once.
  // slither-disable-next-line reentrancy-no-eth
  function execute(address target, bytes calldata data) public payable virtual returns (uint32) {
    address caller = _msgSender();

    // Fetch restrictions that apply to the caller on the targeted function
    (bool immediate, uint32 setback) = _canCallExtended(caller, target, data);

    // If call is not authorized, revert
    if (!immediate && setback == 0) {
      revert AccessManagerUnauthorizedCall(caller, target, _checkSelector(data));
    }

    bytes32 operationId = hashOperation(caller, target, data);
    uint32 nonce;

    // If caller is authorised, check operation was scheduled early enough
    // Consume an available schedule even if there is no currently enforced delay
    if (setback != 0 || getSchedule(operationId) != 0) {
      nonce = _consumeScheduledOp(operationId);
    }

    // Mark the target and selector as authorised
    bytes32 executionIdBefore = _executionId;
    _executionId = _hashExecutionId(target, _checkSelector(data));

    // Perform call
    Address.functionCallWithValue(target, data, msg.value);

    // Reset execute identifier
    _executionId = executionIdBefore;

    return nonce;
  }

  /// @inheritdoc IAccessManager
  function cancel(
    address caller,
    address target,
    bytes calldata data
  ) public virtual returns (uint32) {
    address msgsender = _msgSender();
    bytes4 selector = _checkSelector(data);

    bytes32 operationId = hashOperation(caller, target, data);
    if (_schedules[operationId].timepoint == 0) {
      revert AccessManagerNotScheduled(operationId);
    } else if (caller != msgsender) {
      // calls can only be canceled by the account that scheduled them, a global admin, or by a guardian of the required role.
      (bool isAdmin, ) = hasRole(ADMIN_ROLE, msgsender);
      (bool isGuardian, ) = hasRole(
        getRoleGuardian(getTargetFunctionRole(target, selector)),
        msgsender
      );
      if (!isAdmin && !isGuardian) {
        revert AccessManagerUnauthorizedCancel(msgsender, caller, target, selector);
      }
    }

    delete _schedules[operationId].timepoint; // reset the timepoint, keep the nonce
    uint32 nonce = _schedules[operationId].nonce;
    emit OperationCanceled(operationId, nonce);

    return nonce;
  }

  /// @inheritdoc IAccessManager
  function consumeScheduledOp(address caller, bytes calldata data) public virtual {
    address target = _msgSender();
    if (
      IAccessManaged(target).isConsumingScheduledOp() !=
      IAccessManaged.isConsumingScheduledOp.selector
    ) {
      revert AccessManagerUnauthorizedConsume(target);
    }
    _consumeScheduledOp(hashOperation(caller, target, data));
  }

  /**
   * @dev Internal variant of {consumeScheduledOp} that operates on bytes32 operationId.
   *
   * Returns the nonce of the scheduled operation that is consumed.
   */
  function _consumeScheduledOp(bytes32 operationId) internal virtual returns (uint32) {
    uint48 timepoint = _schedules[operationId].timepoint;
    uint32 nonce = _schedules[operationId].nonce;

    if (timepoint == 0) {
      revert AccessManagerNotScheduled(operationId);
    } else if (timepoint > Time.timestamp()) {
      revert AccessManagerNotReady(operationId);
    } else if (_isExpired(timepoint)) {
      revert AccessManagerExpired(operationId);
    }

    delete _schedules[operationId].timepoint; // reset the timepoint, keep the nonce
    emit OperationExecuted(operationId, nonce);

    return nonce;
  }

  /// @inheritdoc IAccessManager
  function hashOperation(
    address caller,
    address target,
    bytes calldata data
  ) public view virtual returns (bytes32) {
    return keccak256(abi.encode(caller, target, data));
  }

  // ==================================================== OTHERS ====================================================
  /// @inheritdoc IAccessManager
  function updateAuthority(address target, address newAuthority) public virtual onlyAuthorized {
    IAccessManaged(target).setAuthority(newAuthority);
  }

  // ================================================= ADMIN LOGIC ==================================================
  /**
   * @dev Check if the current call is authorized according to admin and roles logic.
   *
   * WARNING: Carefully review the considerations of {AccessManaged-restricted} since they apply to this modifier.
   */
  function _checkAuthorized() private {
    address caller = _msgSender();
    (bool immediate, uint32 delay) = _canCallSelf(caller, _msgData());
    if (!immediate) {
      if (delay == 0) {
        (, uint64 requiredRole, ) = _getAdminRestrictions(_msgData());
        revert AccessManagerUnauthorizedAccount(caller, requiredRole);
      } else {
        _consumeScheduledOp(hashOperation(caller, address(this), _msgData()));
      }
    }
  }

  /**
   * @dev Get the admin restrictions of a given function call based on the function and arguments involved.
   *
   * Returns:
   * - bool restricted: does this data match a restricted operation
   * - uint64: which role is this operation restricted to
   * - uint32: minimum delay to enforce for that operation (max between operation's delay and admin's execution delay)
   */
  function _getAdminRestrictions(
    bytes calldata data
  ) private view returns (bool adminRestricted, uint64 roleAdminId, uint32 executionDelay) {
    if (data.length < 4) {
      return (false, 0, 0);
    }

    bytes4 selector = _checkSelector(data);

    // Restricted to ADMIN with no delay beside any execution delay the caller may have
    if (
      selector == this.labelRole.selector ||
      selector == this.setRoleAdmin.selector ||
      selector == this.setRoleGuardian.selector ||
      selector == this.setGrantDelay.selector ||
      selector == this.setTargetAdminDelay.selector
    ) {
      return (true, ADMIN_ROLE, 0);
    }

    // Restricted to ADMIN with the admin delay corresponding to the target
    if (
      selector == this.updateAuthority.selector ||
      selector == this.setTargetClosed.selector ||
      selector == this.setTargetFunctionRole.selector
    ) {
      // First argument is a target.
      address target = abi.decode(data[0x04:0x24], (address));
      uint32 delay = getTargetAdminDelay(target);
      return (true, ADMIN_ROLE, delay);
    }

    // Restricted to that role's admin with no delay beside any execution delay the caller may have.
    if (selector == this.grantRole.selector || selector == this.revokeRole.selector) {
      // First argument is a roleId.
      uint64 roleId = abi.decode(data[0x04:0x24], (uint64));
      return (true, getRoleAdmin(roleId), 0);
    }

    return (false, getTargetFunctionRole(address(this), selector), 0);
  }

  // =================================================== HELPERS ====================================================
  /**
   * @dev An extended version of {canCall} for internal usage that checks {_canCallSelf}
   * when the target is this contract.
   *
   * Returns:
   * - bool immediate: whether the operation can be executed immediately (with no delay)
   * - uint32 delay: the execution delay
   */
  function _canCallExtended(
    address caller,
    address target,
    bytes calldata data
  ) private view returns (bool immediate, uint32 delay) {
    if (target == address(this)) {
      return _canCallSelf(caller, data);
    } else {
      return data.length < 4 ? (false, 0) : canCall(caller, target, _checkSelector(data));
    }
  }

  /**
   * @dev A version of {canCall} that checks for restrictions in this contract.
   */
  function _canCallSelf(
    address caller,
    bytes calldata data
  ) private view returns (bool immediate, uint32 delay) {
    if (data.length < 4) {
      return (false, 0);
    }

    if (caller == address(this)) {
      // Caller is AccessManager, this means the call was sent through {execute} and it already checked
      // permissions. We verify that the call "identifier", which is set during {execute}, is correct.
      return (_isExecuting(address(this), _checkSelector(data)), 0);
    }

    (bool adminRestricted, uint64 roleId, uint32 operationDelay) = _getAdminRestrictions(data);

    // isTargetClosed apply to non-admin-restricted function
    if (!adminRestricted && isTargetClosed(address(this))) {
      return (false, 0);
    }

    (bool inRole, uint32 executionDelay) = hasRole(roleId, caller);
    if (!inRole) {
      return (false, 0);
    }

    // downcast is safe because both options are uint32
    delay = uint32(Math.max(operationDelay, executionDelay));
    return (delay == 0, delay);
  }

  /**
   * @dev Returns true if a call with `target` and `selector` is being executed via {executed}.
   */
  function _isExecuting(address target, bytes4 selector) private view returns (bool) {
    return _executionId == _hashExecutionId(target, selector);
  }

  /**
   * @dev Returns true if a schedule timepoint is past its expiration deadline.
   */
  function _isExpired(uint48 timepoint) private view returns (bool) {
    return timepoint + expiration() <= Time.timestamp();
  }

  /**
   * @dev Extracts the selector from calldata. Panics if data is not at least 4 bytes
   */
  function _checkSelector(bytes calldata data) private pure returns (bytes4) {
    return bytes4(data[0:4]);
  }

  /**
   * @dev Hashing function for execute protection
   */
  function _hashExecutionId(address target, bytes4 selector) private pure returns (bytes32) {
    return keccak256(abi.encode(target, selector));
  }
}

7% src/dependencies/openzeppelin/Address.sol

Lines covered: 2 / 27 (7%)

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.4.0) (utils/Address.sol)

pragma solidity ^0.8.20;

import {Errors} from './Errors.sol';

/**
 * @dev Collection of functions related to the address type
 */
library Address {
  /**
   * @dev There's no code at `target` (it is not a contract).
   */
  error AddressEmptyCode(address target);

  /**
   * @dev Replacement for Solidity's `transfer`: sends `amount` wei to
   * `recipient`, forwarding all available gas and reverting on errors.
   *
   * https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost
   * of certain opcodes, possibly making contracts go over the 2300 gas limit
   * imposed by `transfer`, making them unable to receive funds via
   * `transfer`. {sendValue} removes this limitation.
   *
   * https://consensys.net/diligence/blog/2019/09/stop-using-soliditys-transfer-now/[Learn more].
   *
   * IMPORTANT: because control is transferred to `recipient`, care must be
   * taken to not create reentrancy vulnerabilities. Consider using
   * {ReentrancyGuard} or the
   * https://solidity.readthedocs.io/en/v0.8.20/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern].
   */
  function sendValue(address payable recipient, uint256 amount) internal {
    if (address(this).balance < amount) {
      revert Errors.InsufficientBalance(address(this).balance, amount);
    }

    (bool success, bytes memory returndata) = recipient.call{value: amount}('');
    if (!success) {
      _revert(returndata);
    }
  }

  /**
   * @dev Performs a Solidity function call using a low level `call`. A
   * plain `call` is an unsafe replacement for a function call: use this
   * function instead.
   *
   * If `target` reverts with a revert reason or custom error, it is bubbled
   * up by this function (like regular Solidity function calls). However, if
   * the call reverted with no returned reason, this function reverts with a
   * {Errors.FailedCall} error.
   *
   * Returns the raw returned data. To convert to the expected return value,
   * use https://solidity.readthedocs.io/en/latest/units-and-global-variables.html?highlight=abi.decode#abi-encoding-and-decoding-functions[`abi.decode`].
   *
   * Requirements:
   *
   * - `target` must be a contract.
   * - calling `target` with `data` must not revert.
   */
  function functionCall(address target, bytes memory data) internal returns (bytes memory) {
    return functionCallWithValue(target, data, 0);
  }

  /**
   * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
   * but also transferring `value` wei to `target`.
   *
   * Requirements:
   *
   * - the calling contract must have an ETH balance of at least `value`.
   * - the called Solidity function must be `payable`.
   */
  function functionCallWithValue(
    address target,
    bytes memory data,
    uint256 value
  ) internal returns (bytes memory) {
    if (address(this).balance < value) {
      revert Errors.InsufficientBalance(address(this).balance, value);
    }
    (bool success, bytes memory returndata) = target.call{value: value}(data);
    return verifyCallResultFromTarget(target, success, returndata);
  }

  /**
   * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
   * but performing a static call.
   */
  function functionStaticCall(
    address target,
    bytes memory data
  ) internal view returns (bytes memory) {
    (bool success, bytes memory returndata) = target.staticcall(data);
    return verifyCallResultFromTarget(target, success, returndata);
  }

  /**
   * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
   * but performing a delegate call.
   */
  function functionDelegateCall(address target, bytes memory data) internal returns (bytes memory) {
    (bool success, bytes memory returndata) = target.delegatecall(data);
    return verifyCallResultFromTarget(target, success, returndata);
  }

  /**
   * @dev Tool to verify that a low level call to smart-contract was successful, and reverts if the target
   * was not a contract or bubbling up the revert reason (falling back to {Errors.FailedCall}) in case
   * of an unsuccessful call.
   */
  function verifyCallResultFromTarget(
    address target,
    bool success,
    bytes memory returndata
  ) internal view returns (bytes memory) {
    if (!success) {
      _revert(returndata);
    } else {
      // only check if target is a contract if the call was successful and the return data is empty
      // otherwise we already know that it was a contract
      if (returndata.length == 0 && target.code.length == 0) {
        revert AddressEmptyCode(target);
      }
      return returndata;
    }
  }

  /**
   * @dev Tool to verify that a low level call was successful, and reverts if it wasn't, either by bubbling the
   * revert reason or with a default {Errors.FailedCall} error.
   */
  function verifyCallResult(
    bool success,
    bytes memory returndata
  ) internal pure returns (bytes memory) {
    if (!success) {
      _revert(returndata);
    } else {
      return returndata;
    }
  }

  /**
   * @dev Reverts with returndata if present. Otherwise reverts with {Errors.FailedCall}.
   */
  function _revert(bytes memory returndata) private pure {
    // Look for revert reason and bubble it up if present
    if (returndata.length > 0) {
      // The easiest way to bubble the revert reason is using memory via assembly
      assembly ('memory-safe') {
        revert(add(returndata, 0x20), mload(returndata))
      }
    } else {
      revert Errors.FailedCall();
    }
  }
}

83% src/dependencies/openzeppelin/Arrays.sol

Lines covered: 25 / 30 (83%)

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.4.0) (utils/Arrays.sol)
// This file was procedurally generated from scripts/generate/templates/Arrays.js.

pragma solidity ^0.8.20;

import {Comparators} from './Comparators.sol';
import {SlotDerivation} from './SlotDerivation.sol';
import {StorageSlot} from './StorageSlot.sol';
import {Math} from './Math.sol';

/**
 * @dev Collection of functions related to array types.
 */
library Arrays {
  using SlotDerivation for bytes32;
  using StorageSlot for bytes32;

  /**
   * @dev Sort an array of uint256 (in memory) following the provided comparator function.
   *
   * This function does the sorting "in place", meaning that it overrides the input. The object is returned for
   * convenience, but that returned value can be discarded safely if the caller has a memory pointer to the array.
   *
   * NOTE: this function's cost is `O(n · log(n))` in average and `O(n²)` in the worst case, with n the length of the
   * array. Using it in view functions that are executed through `eth_call` is safe, but one should be very careful
   * when executing this as part of a transaction. If the array being sorted is too large, the sort operation may
   * consume more gas than is available in a block, leading to potential DoS.
   *
   * IMPORTANT: Consider memory side-effects when using custom comparator functions that access memory in an unsafe way.
   */
  function sort(
    uint256[] memory array,
    function(uint256, uint256) pure returns (bool) comp
  ) internal pure returns (uint256[] memory) {
    _quickSort(_begin(array), _end(array), comp);
    return array;
  }

  /**
   * @dev Variant of {sort} that sorts an array of uint256 in increasing order.
   */
  function sort(uint256[] memory array) internal pure returns (uint256[] memory) {
    sort(array, Comparators.lt);
    return array;
  }

  /**
   * @dev Sort an array of address (in memory) following the provided comparator function.
   *
   * This function does the sorting "in place", meaning that it overrides the input. The object is returned for
   * convenience, but that returned value can be discarded safely if the caller has a memory pointer to the array.
   *
   * NOTE: this function's cost is `O(n · log(n))` in average and `O(n²)` in the worst case, with n the length of the
   * array. Using it in view functions that are executed through `eth_call` is safe, but one should be very careful
   * when executing this as part of a transaction. If the array being sorted is too large, the sort operation may
   * consume more gas than is available in a block, leading to potential DoS.
   *
   * IMPORTANT: Consider memory side-effects when using custom comparator functions that access memory in an unsafe way.
   */
  function sort(
    address[] memory array,
    function(address, address) pure returns (bool) comp
  ) internal pure returns (address[] memory) {
    sort(_castToUint256Array(array), _castToUint256Comp(comp));
    return array;
  }

  /**
   * @dev Variant of {sort} that sorts an array of address in increasing order.
   */
  function sort(address[] memory array) internal pure returns (address[] memory) {
    sort(_castToUint256Array(array), Comparators.lt);
    return array;
  }

  /**
   * @dev Sort an array of bytes32 (in memory) following the provided comparator function.
   *
   * This function does the sorting "in place", meaning that it overrides the input. The object is returned for
   * convenience, but that returned value can be discarded safely if the caller has a memory pointer to the array.
   *
   * NOTE: this function's cost is `O(n · log(n))` in average and `O(n²)` in the worst case, with n the length of the
   * array. Using it in view functions that are executed through `eth_call` is safe, but one should be very careful
   * when executing this as part of a transaction. If the array being sorted is too large, the sort operation may
   * consume more gas than is available in a block, leading to potential DoS.
   *
   * IMPORTANT: Consider memory side-effects when using custom comparator functions that access memory in an unsafe way.
   */
  function sort(
    bytes32[] memory array,
    function(bytes32, bytes32) pure returns (bool) comp
  ) internal pure returns (bytes32[] memory) {
    sort(_castToUint256Array(array), _castToUint256Comp(comp));
    return array;
  }

  /**
   * @dev Variant of {sort} that sorts an array of bytes32 in increasing order.
   */
  function sort(bytes32[] memory array) internal pure returns (bytes32[] memory) {
    sort(_castToUint256Array(array), Comparators.lt);
    return array;
  }

  /**
   * @dev Performs a quick sort of a segment of memory. The segment sorted starts at `begin` (inclusive), and stops
   * at end (exclusive). Sorting follows the `comp` comparator.
   *
   * Invariant: `begin <= end`. This is the case when initially called by {sort} and is preserved in subcalls.
   *
   * IMPORTANT: Memory locations between `begin` and `end` are not validated/zeroed. This function should
   * be used only if the limits are within a memory array.
   */
  function _quickSort(
    uint256 begin,
    uint256 end,
    function(uint256, uint256) pure returns (bool) comp
  ) private pure {
    unchecked {
      if (end - begin < 0x40) return;

      // Use first element as pivot
      uint256 pivot = _mload(begin);
      // Position where the pivot should be at the end of the loop
      uint256 pos = begin;

      for (uint256 it = begin + 0x20; it < end; it += 0x20) {
        if (comp(_mload(it), pivot)) {
          // If the value stored at the iterator's position comes before the pivot, we increment the
          // position of the pivot and move the value there.
          pos += 0x20;
          _swap(pos, it);
        }
      }

      _swap(begin, pos); // Swap pivot into place
      _quickSort(begin, pos, comp); // Sort the left side of the pivot
      _quickSort(pos + 0x20, end, comp); // Sort the right side of the pivot
    }
  }

  /**
   * @dev Pointer to the memory location of the first element of `array`.
   */
  function _begin(uint256[] memory array) private pure returns (uint256 ptr) {
    assembly ('memory-safe') {
      ptr := add(array, 0x20)
    }
  }

  /**
   * @dev Pointer to the memory location of the first memory word (32bytes) after `array`. This is the memory word
   * that comes just after the last element of the array.
   */
  function _end(uint256[] memory array) private pure returns (uint256 ptr) {
    unchecked {
      return _begin(array) + array.length * 0x20;
    }
  }

  /**
   * @dev Load memory word (as a uint256) at location `ptr`.
   */
  function _mload(uint256 ptr) private pure returns (uint256 value) {
    assembly {
      value := mload(ptr)
    }
  }

  /**
   * @dev Swaps the elements memory location `ptr1` and `ptr2`.
   */
  function _swap(uint256 ptr1, uint256 ptr2) private pure {
    assembly {
      let value1 := mload(ptr1)
      let value2 := mload(ptr2)
      mstore(ptr1, value2)
      mstore(ptr2, value1)
    }
  }

  /// @dev Helper: low level cast address memory array to uint256 memory array
  function _castToUint256Array(
    address[] memory input
  ) private pure returns (uint256[] memory output) {
    assembly {
      output := input
    }
  }

  /// @dev Helper: low level cast bytes32 memory array to uint256 memory array
  function _castToUint256Array(
    bytes32[] memory input
  ) private pure returns (uint256[] memory output) {
    assembly {
      output := input
    }
  }

  /// @dev Helper: low level cast address comp function to uint256 comp function
  function _castToUint256Comp(
    function(address, address) pure returns (bool) input
  ) private pure returns (function(uint256, uint256) pure returns (bool) output) {
    assembly {
      output := input
    }
  }

  /// @dev Helper: low level cast bytes32 comp function to uint256 comp function
  function _castToUint256Comp(
    function(bytes32, bytes32) pure returns (bool) input
  ) private pure returns (function(uint256, uint256) pure returns (bool) output) {
    assembly {
      output := input
    }
  }

  /**
   * @dev Searches a sorted `array` and returns the first index that contains
   * a value greater or equal to `element`. If no such index exists (i.e. all
   * values in the array are strictly less than `element`), the array length is
   * returned. Time complexity O(log n).
   *
   * NOTE: The `array` is expected to be sorted in ascending order, and to
   * contain no repeated elements.
   *
   * IMPORTANT: Deprecated. This implementation behaves as {lowerBound} but lacks
   * support for repeated elements in the array. The {lowerBound} function should
   * be used instead.
   */
  function findUpperBound(
    uint256[] storage array,
    uint256 element
  ) internal view returns (uint256) {
    uint256 low = 0;
    uint256 high = array.length;

    if (high == 0) {
      return 0;
    }

    while (low < high) {
      uint256 mid = Math.average(low, high);

      // Note that mid will always be strictly less than high (i.e. it will be a valid array index)
      // because Math.average rounds towards zero (it does integer division with truncation).
      if (unsafeAccess(array, mid).value > element) {
        high = mid;
      } else {
        low = mid + 1;
      }
    }

    // At this point `low` is the exclusive upper bound. We will return the inclusive upper bound.
    if (low > 0 && unsafeAccess(array, low - 1).value == element) {
      return low - 1;
    } else {
      return low;
    }
  }

  /**
   * @dev Searches an `array` sorted in ascending order and returns the first
   * index that contains a value greater or equal than `element`. If no such index
   * exists (i.e. all values in the array are strictly less than `element`), the array
   * length is returned. Time complexity O(log n).
   *
   * See C++'s https://en.cppreference.com/w/cpp/algorithm/lower_bound[lower_bound].
   */
  function lowerBound(uint256[] storage array, uint256 element) internal view returns (uint256) {
    uint256 low = 0;
    uint256 high = array.length;

    if (high == 0) {
      return 0;
    }

    while (low < high) {
      uint256 mid = Math.average(low, high);

      // Note that mid will always be strictly less than high (i.e. it will be a valid array index)
      // because Math.average rounds towards zero (it does integer division with truncation).
      if (unsafeAccess(array, mid).value < element) {
        // this cannot overflow because mid < high
        unchecked {
          low = mid + 1;
        }
      } else {
        high = mid;
      }
    }

    return low;
  }

  /**
   * @dev Searches an `array` sorted in ascending order and returns the first
   * index that contains a value strictly greater than `element`. If no such index
   * exists (i.e. all values in the array are strictly less than `element`), the array
   * length is returned. Time complexity O(log n).
   *
   * See C++'s https://en.cppreference.com/w/cpp/algorithm/upper_bound[upper_bound].
   */
  function upperBound(uint256[] storage array, uint256 element) internal view returns (uint256) {
    uint256 low = 0;
    uint256 high = array.length;

    if (high == 0) {
      return 0;
    }

    while (low < high) {
      uint256 mid = Math.average(low, high);

      // Note that mid will always be strictly less than high (i.e. it will be a valid array index)
      // because Math.average rounds towards zero (it does integer division with truncation).
      if (unsafeAccess(array, mid).value > element) {
        high = mid;
      } else {
        // this cannot overflow because mid < high
        unchecked {
          low = mid + 1;
        }
      }
    }

    return low;
  }

  /**
   * @dev Same as {lowerBound}, but with an array in memory.
   */
  function lowerBoundMemory(
    uint256[] memory array,
    uint256 element
  ) internal pure returns (uint256) {
    uint256 low = 0;
    uint256 high = array.length;

    if (high == 0) {
      return 0;
    }

    while (low < high) {
      uint256 mid = Math.average(low, high);

      // Note that mid will always be strictly less than high (i.e. it will be a valid array index)
      // because Math.average rounds towards zero (it does integer division with truncation).
      if (unsafeMemoryAccess(array, mid) < element) {
        // this cannot overflow because mid < high
        unchecked {
          low = mid + 1;
        }
      } else {
        high = mid;
      }
    }

    return low;
  }

  /**
   * @dev Same as {upperBound}, but with an array in memory.
   */
  function upperBoundMemory(
    uint256[] memory array,
    uint256 element
  ) internal pure returns (uint256) {
    uint256 low = 0;
    uint256 high = array.length;

    if (high == 0) {
      return 0;
    }

    while (low < high) {
      uint256 mid = Math.average(low, high);

      // Note that mid will always be strictly less than high (i.e. it will be a valid array index)
      // because Math.average rounds towards zero (it does integer division with truncation).
      if (unsafeMemoryAccess(array, mid) > element) {
        high = mid;
      } else {
        // this cannot overflow because mid < high
        unchecked {
          low = mid + 1;
        }
      }
    }

    return low;
  }

  /**
   * @dev Access an array in an "unsafe" way. Skips solidity "index-out-of-range" check.
   *
   * WARNING: Only use if you are certain `pos` is lower than the array length.
   */
  function unsafeAccess(
    address[] storage arr,
    uint256 pos
  ) internal pure returns (StorageSlot.AddressSlot storage) {
    bytes32 slot;
    assembly ('memory-safe') {
      slot := arr.slot
    }
    return slot.deriveArray().offset(pos).getAddressSlot();
  }

  /**
   * @dev Access an array in an "unsafe" way. Skips solidity "index-out-of-range" check.
   *
   * WARNING: Only use if you are certain `pos` is lower than the array length.
   */
  function unsafeAccess(
    bytes32[] storage arr,
    uint256 pos
  ) internal pure returns (StorageSlot.Bytes32Slot storage) {
    bytes32 slot;
    assembly ('memory-safe') {
      slot := arr.slot
    }
    return slot.deriveArray().offset(pos).getBytes32Slot();
  }

  /**
   * @dev Access an array in an "unsafe" way. Skips solidity "index-out-of-range" check.
   *
   * WARNING: Only use if you are certain `pos` is lower than the array length.
   */
  function unsafeAccess(
    uint256[] storage arr,
    uint256 pos
  ) internal pure returns (StorageSlot.Uint256Slot storage) {
    bytes32 slot;
    assembly ('memory-safe') {
      slot := arr.slot
    }
    return slot.deriveArray().offset(pos).getUint256Slot();
  }

  /**
   * @dev Access an array in an "unsafe" way. Skips solidity "index-out-of-range" check.
   *
   * WARNING: Only use if you are certain `pos` is lower than the array length.
   */
  function unsafeAccess(
    bytes[] storage arr,
    uint256 pos
  ) internal pure returns (StorageSlot.BytesSlot storage) {
    bytes32 slot;
    assembly ('memory-safe') {
      slot := arr.slot
    }
    return slot.deriveArray().offset(pos).getBytesSlot();
  }

  /**
   * @dev Access an array in an "unsafe" way. Skips solidity "index-out-of-range" check.
   *
   * WARNING: Only use if you are certain `pos` is lower than the array length.
   */
  function unsafeAccess(
    string[] storage arr,
    uint256 pos
  ) internal pure returns (StorageSlot.StringSlot storage) {
    bytes32 slot;
    assembly ('memory-safe') {
      slot := arr.slot
    }
    return slot.deriveArray().offset(pos).getStringSlot();
  }

  /**
   * @dev Access an array in an "unsafe" way. Skips solidity "index-out-of-range" check.
   *
   * WARNING: Only use if you are certain `pos` is lower than the array length.
   */
  function unsafeMemoryAccess(
    address[] memory arr,
    uint256 pos
  ) internal pure returns (address res) {
    assembly {
      res := mload(add(add(arr, 0x20), mul(pos, 0x20)))
    }
  }

  /**
   * @dev Access an array in an "unsafe" way. Skips solidity "index-out-of-range" check.
   *
   * WARNING: Only use if you are certain `pos` is lower than the array length.
   */
  function unsafeMemoryAccess(
    bytes32[] memory arr,
    uint256 pos
  ) internal pure returns (bytes32 res) {
    assembly {
      res := mload(add(add(arr, 0x20), mul(pos, 0x20)))
    }
  }

  /**
   * @dev Access an array in an "unsafe" way. Skips solidity "index-out-of-range" check.
   *
   * WARNING: Only use if you are certain `pos` is lower than the array length.
   */
  function unsafeMemoryAccess(
    uint256[] memory arr,
    uint256 pos
  ) internal pure returns (uint256 res) {
    assembly {
      res := mload(add(add(arr, 0x20), mul(pos, 0x20)))
    }
  }

  /**
   * @dev Access an array in an "unsafe" way. Skips solidity "index-out-of-range" check.
   *
   * WARNING: Only use if you are certain `pos` is lower than the array length.
   */
  function unsafeMemoryAccess(
    bytes[] memory arr,
    uint256 pos
  ) internal pure returns (bytes memory res) {
    assembly {
      res := mload(add(add(arr, 0x20), mul(pos, 0x20)))
    }
  }

  /**
   * @dev Access an array in an "unsafe" way. Skips solidity "index-out-of-range" check.
   *
   * WARNING: Only use if you are certain `pos` is lower than the array length.
   */
  function unsafeMemoryAccess(
    string[] memory arr,
    uint256 pos
  ) internal pure returns (string memory res) {
    assembly {
      res := mload(add(add(arr, 0x20), mul(pos, 0x20)))
    }
  }

  /**
   * @dev Helper to set the length of a dynamic array. Directly writing to `.length` is forbidden.
   *
   * WARNING: this does not clear elements if length is reduced, of initialize elements if length is increased.
   */
  function unsafeSetLength(address[] storage array, uint256 len) internal {
    assembly ('memory-safe') {
      sstore(array.slot, len)
    }
  }

  /**
   * @dev Helper to set the length of a dynamic array. Directly writing to `.length` is forbidden.
   *
   * WARNING: this does not clear elements if length is reduced, of initialize elements if length is increased.
   */
  function unsafeSetLength(bytes32[] storage array, uint256 len) internal {
    assembly ('memory-safe') {
      sstore(array.slot, len)
    }
  }

  /**
   * @dev Helper to set the length of a dynamic array. Directly writing to `.length` is forbidden.
   *
   * WARNING: this does not clear elements if length is reduced, of initialize elements if length is increased.
   */
  function unsafeSetLength(uint256[] storage array, uint256 len) internal {
    assembly ('memory-safe') {
      sstore(array.slot, len)
    }
  }

  /**
   * @dev Helper to set the length of a dynamic array. Directly writing to `.length` is forbidden.
   *
   * WARNING: this does not clear elements if length is reduced, of initialize elements if length is increased.
   */
  function unsafeSetLength(bytes[] storage array, uint256 len) internal {
    assembly ('memory-safe') {
      sstore(array.slot, len)
    }
  }

  /**
   * @dev Helper to set the length of a dynamic array. Directly writing to `.length` is forbidden.
   *
   * WARNING: this does not clear elements if length is reduced, of initialize elements if length is increased.
   */
  function unsafeSetLength(string[] storage array, uint256 len) internal {
    assembly ('memory-safe') {
      sstore(array.slot, len)
    }
  }
}

90% src/dependencies/openzeppelin/AuthorityUtils.sol

Lines covered: 10 / 11 (90%)

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.3.0) (access/manager/AuthorityUtils.sol)

pragma solidity ^0.8.20;

import {IAuthority} from './IAuthority.sol';

library AuthorityUtils {
  /**
   * @dev Since `AccessManager` implements an extended IAuthority interface, invoking `canCall` with backwards compatibility
   * for the preexisting `IAuthority` interface requires special care to avoid reverting on insufficient return data.
   * This helper function takes care of invoking `canCall` in a backwards compatible way without reverting.
   */
  function canCallWithDelay(
    address authority,
    address caller,
    address target,
    bytes4 selector
  ) internal view returns (bool immediate, uint32 delay) {
    bytes memory data = abi.encodeCall(IAuthority.canCall, (caller, target, selector));

    assembly ('memory-safe') {
      mstore(0x00, 0x00)
      mstore(0x20, 0x00)

      if staticcall(gas(), authority, add(data, 0x20), mload(data), 0x00, 0x40) {
        immediate := mload(0x00)
        delay := mload(0x20)

        // If delay does not fit in a uint32, return 0 (no delay)
        // equivalent to: if gt(delay, 0xFFFFFFFF) { delay := 0 }
        delay := mul(delay, iszero(shr(32, delay)))
      }
    }
  }
}

0% src/dependencies/openzeppelin/Bytes.sol

Lines covered: 0 / 1 (0%)

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.4.0) (utils/Bytes.sol)

pragma solidity ^0.8.24;

import {Math} from './Math.sol';

/**
 * @dev Bytes operations.
 */
library Bytes {
  /**
   * @dev Forward search for `s` in `buffer`
   * * If `s` is present in the buffer, returns the index of the first instance
   * * If `s` is not present in the buffer, returns type(uint256).max
   *
   * NOTE: replicates the behavior of https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/indexOf[Javascript's `Array.indexOf`]
   */
  function indexOf(bytes memory buffer, bytes1 s) internal pure returns (uint256) {
    return indexOf(buffer, s, 0);
  }

  /**
   * @dev Forward search for `s` in `buffer` starting at position `pos`
   * * If `s` is present in the buffer (at or after `pos`), returns the index of the next instance
   * * If `s` is not present in the buffer (at or after `pos`), returns type(uint256).max
   *
   * NOTE: replicates the behavior of https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/indexOf[Javascript's `Array.indexOf`]
   */
  function indexOf(bytes memory buffer, bytes1 s, uint256 pos) internal pure returns (uint256) {
    uint256 length = buffer.length;
    for (uint256 i = pos; i < length; ++i) {
      if (bytes1(_unsafeReadBytesOffset(buffer, i)) == s) {
        return i;
      }
    }
    return type(uint256).max;
  }

  /**
   * @dev Backward search for `s` in `buffer`
   * * If `s` is present in the buffer, returns the index of the last instance
   * * If `s` is not present in the buffer, returns type(uint256).max
   *
   * NOTE: replicates the behavior of https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/lastIndexOf[Javascript's `Array.lastIndexOf`]
   */
  function lastIndexOf(bytes memory buffer, bytes1 s) internal pure returns (uint256) {
    return lastIndexOf(buffer, s, type(uint256).max);
  }

  /**
   * @dev Backward search for `s` in `buffer` starting at position `pos`
   * * If `s` is present in the buffer (at or before `pos`), returns the index of the previous instance
   * * If `s` is not present in the buffer (at or before `pos`), returns type(uint256).max
   *
   * NOTE: replicates the behavior of https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/lastIndexOf[Javascript's `Array.lastIndexOf`]
   */
  function lastIndexOf(bytes memory buffer, bytes1 s, uint256 pos) internal pure returns (uint256) {
    unchecked {
      uint256 length = buffer.length;
      for (uint256 i = Math.min(Math.saturatingAdd(pos, 1), length); i > 0; --i) {
        if (bytes1(_unsafeReadBytesOffset(buffer, i - 1)) == s) {
          return i - 1;
        }
      }
      return type(uint256).max;
    }
  }

  /**
   * @dev Copies the content of `buffer`, from `start` (included) to the end of `buffer` into a new bytes object in
   * memory.
   *
   * NOTE: replicates the behavior of https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/slice[Javascript's `Array.slice`]
   */
  function slice(bytes memory buffer, uint256 start) internal pure returns (bytes memory) {
    return slice(buffer, start, buffer.length);
  }

  /**
   * @dev Copies the content of `buffer`, from `start` (included) to `end` (excluded) into a new bytes object in
   * memory.
   *
   * NOTE: replicates the behavior of https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/slice[Javascript's `Array.slice`]
   */
  function slice(
    bytes memory buffer,
    uint256 start,
    uint256 end
  ) internal pure returns (bytes memory) {
    // sanitize
    uint256 length = buffer.length;
    end = Math.min(end, length);
    start = Math.min(start, end);

    // allocate and copy
    bytes memory result = new bytes(end - start);
    assembly ('memory-safe') {
      mcopy(add(result, 0x20), add(add(buffer, 0x20), start), sub(end, start))
    }

    return result;
  }

  /**
   * @dev Reads a bytes32 from a bytes array without bounds checking.
   *
   * NOTE: making this function internal would mean it could be used with memory unsafe offset, and marking the
   * assembly block as such would prevent some optimizations.
   */
  function _unsafeReadBytesOffset(
    bytes memory buffer,
    uint256 offset
  ) private pure returns (bytes32 value) {
    // This is not memory safe in the general case, but all calls to this private function are within bounds.
    assembly ('memory-safe') {
      value := mload(add(add(buffer, 0x20), offset))
    }
  }
}

0% src/dependencies/openzeppelin/Comparators.sol

Lines covered: 0 / 1 (0%)

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.1.0) (utils/Comparators.sol)

pragma solidity ^0.8.20;

/**
 * @dev Provides a set of functions to compare values.
 *
 * _Available since v5.1._
 */
library Comparators {
  function lt(uint256 a, uint256 b) internal pure returns (bool) {
    return a < b;
  }

  function gt(uint256 a, uint256 b) internal pure returns (bool) {
    return a > b;
  }
}

100% src/dependencies/openzeppelin/Context.sol

Lines covered: 3 / 3 (100%)

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.1) (utils/Context.sol)

pragma solidity ^0.8.20;

/**
 * @dev Provides information about the current execution context, including the
 * sender of the transaction and its data. While these are generally available
 * via msg.sender and msg.data, they should not be accessed in such a direct
 * manner, since when dealing with meta-transactions the account sending and
 * paying for execution may not be the actual sender (as far as an application
 * is concerned).
 *
 * This contract is only required for intermediate, library-like contracts.
 */
abstract contract Context {
  function _msgSender() internal view virtual returns (address) {
    return msg.sender;
  }

  function _msgData() internal view virtual returns (bytes calldata) {
    return msg.data;
  }

  function _contextSuffixLength() internal view virtual returns (uint256) {
    return 0;
  }
}

11% src/dependencies/openzeppelin/ECDSA.sol

Lines covered: 2 / 18 (11%)

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.1.0) (utils/cryptography/ECDSA.sol)

pragma solidity ^0.8.20;

/**
 * @dev Elliptic Curve Digital Signature Algorithm (ECDSA) operations.
 *
 * These functions can be used to verify that a message was signed by the holder
 * of the private keys of a given address.
 */
library ECDSA {
  enum RecoverError {
    NoError,
    InvalidSignature,
    InvalidSignatureLength,
    InvalidSignatureS
  }

  /**
   * @dev The signature derives the `address(0)`.
   */
  error ECDSAInvalidSignature();

  /**
   * @dev The signature has an invalid length.
   */
  error ECDSAInvalidSignatureLength(uint256 length);

  /**
   * @dev The signature has an S value that is in the upper half order.
   */
  error ECDSAInvalidSignatureS(bytes32 s);

  /**
   * @dev Returns the address that signed a hashed message (`hash`) with `signature` or an error. This will not
   * return address(0) without also returning an error description. Errors are documented using an enum (error type)
   * and a bytes32 providing additional information about the error.
   *
   * If no error is returned, then the address can be used for verification purposes.
   *
   * The `ecrecover` EVM precompile allows for malleable (non-unique) signatures:
   * this function rejects them by requiring the `s` value to be in the lower
   * half order, and the `v` value to be either 27 or 28.
   *
   * IMPORTANT: `hash` _must_ be the result of a hash operation for the
   * verification to be secure: it is possible to craft signatures that
   * recover to arbitrary addresses for non-hashed data. A safe way to ensure
   * this is by receiving a hash of the original message (which may otherwise
   * be too long), and then calling {MessageHashUtils-toEthSignedMessageHash} on it.
   *
   * Documentation for signature generation:
   * - with https://web3js.readthedocs.io/en/v1.3.4/web3-eth-accounts.html#sign[Web3.js]
   * - with https://docs.ethers.io/v5/api/signer/#Signer-signMessage[ethers]
   */
  function tryRecover(
    bytes32 hash,
    bytes memory signature
  ) internal pure returns (address recovered, RecoverError err, bytes32 errArg) {
    if (signature.length == 65) {
      bytes32 r;
      bytes32 s;
      uint8 v;
      // ecrecover takes the signature parameters, and the only way to get them
      // currently is to use assembly.
      assembly ('memory-safe') {
        r := mload(add(signature, 0x20))
        s := mload(add(signature, 0x40))
        v := byte(0, mload(add(signature, 0x60)))
      }
      return tryRecover(hash, v, r, s);
    } else {
      return (address(0), RecoverError.InvalidSignatureLength, bytes32(signature.length));
    }
  }

  /**
   * @dev Returns the address that signed a hashed message (`hash`) with
   * `signature`. This address can then be used for verification purposes.
   *
   * The `ecrecover` EVM precompile allows for malleable (non-unique) signatures:
   * this function rejects them by requiring the `s` value to be in the lower
   * half order, and the `v` value to be either 27 or 28.
   *
   * IMPORTANT: `hash` _must_ be the result of a hash operation for the
   * verification to be secure: it is possible to craft signatures that
   * recover to arbitrary addresses for non-hashed data. A safe way to ensure
   * this is by receiving a hash of the original message (which may otherwise
   * be too long), and then calling {MessageHashUtils-toEthSignedMessageHash} on it.
   */
  function recover(bytes32 hash, bytes memory signature) internal pure returns (address) {
    (address recovered, RecoverError error, bytes32 errorArg) = tryRecover(hash, signature);
    _throwError(error, errorArg);
    return recovered;
  }

  /**
   * @dev Overload of {ECDSA-tryRecover} that receives the `r` and `vs` short-signature fields separately.
   *
   * See https://eips.ethereum.org/EIPS/eip-2098[ERC-2098 short signatures]
   */
  function tryRecover(
    bytes32 hash,
    bytes32 r,
    bytes32 vs
  ) internal pure returns (address recovered, RecoverError err, bytes32 errArg) {
    unchecked {
      bytes32 s = vs & bytes32(0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff);
      // We do not check for an overflow here since the shift operation results in 0 or 1.
      uint8 v = uint8((uint256(vs) >> 255) + 27);
      return tryRecover(hash, v, r, s);
    }
  }

  /**
   * @dev Overload of {ECDSA-recover} that receives the `r and `vs` short-signature fields separately.
   */
  function recover(bytes32 hash, bytes32 r, bytes32 vs) internal pure returns (address) {
    (address recovered, RecoverError error, bytes32 errorArg) = tryRecover(hash, r, vs);
    _throwError(error, errorArg);
    return recovered;
  }

  /**
   * @dev Overload of {ECDSA-tryRecover} that receives the `v`,
   * `r` and `s` signature fields separately.
   */
  function tryRecover(
    bytes32 hash,
    uint8 v,
    bytes32 r,
    bytes32 s
  ) internal pure returns (address recovered, RecoverError err, bytes32 errArg) {
    // EIP-2 still allows signature malleability for ecrecover(). Remove this possibility and make the signature
    // unique. Appendix F in the Ethereum Yellow paper (https://ethereum.github.io/yellowpaper/paper.pdf), defines
    // the valid range for s in (301): 0 < s < secp256k1n ÷ 2 + 1, and for v in (302): v ∈ {27, 28}. Most
    // signatures from current libraries generate a unique signature with an s-value in the lower half order.
    //
    // If your library generates malleable signatures, such as s-values in the upper range, calculate a new s-value
    // with 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141 - s1 and flip v from 27 to 28 or
    // vice versa. If your library also generates signatures with 0/1 for v instead 27/28, add 27 to v to accept
    // these malleable signatures as well.
    if (uint256(s) > 0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0) {
      return (address(0), RecoverError.InvalidSignatureS, s);
    }

    // If the signature is valid (and not malleable), return the signer address
    address signer = ecrecover(hash, v, r, s);
    if (signer == address(0)) {
      return (address(0), RecoverError.InvalidSignature, bytes32(0));
    }

    return (signer, RecoverError.NoError, bytes32(0));
  }

  /**
   * @dev Overload of {ECDSA-recover} that receives the `v`,
   * `r` and `s` signature fields separately.
   */
  function recover(bytes32 hash, uint8 v, bytes32 r, bytes32 s) internal pure returns (address) {
    (address recovered, RecoverError error, bytes32 errorArg) = tryRecover(hash, v, r, s);
    _throwError(error, errorArg);
    return recovered;
  }

  /**
   * @dev Optionally reverts with the corresponding custom error according to the `error` argument provided.
   */
  function _throwError(RecoverError error, bytes32 errorArg) private pure {
    if (error == RecoverError.NoError) {
      return; // no error: do nothing
    } else if (error == RecoverError.InvalidSignature) {
      revert ECDSAInvalidSignature();
    } else if (error == RecoverError.InvalidSignatureLength) {
      revert ECDSAInvalidSignatureLength(uint256(errorArg));
    } else if (error == RecoverError.InvalidSignatureS) {
      revert ECDSAInvalidSignatureS(errorArg);
    }
  }
}

0% src/dependencies/openzeppelin/ERC1967Proxy.sol

Lines covered: 0 / 5 (0%)

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.2.0) (proxy/ERC1967/ERC1967Proxy.sol)

pragma solidity ^0.8.22;

import {Proxy} from './Proxy.sol';
import {ERC1967Utils} from './ERC1967Utils.sol';

/**
 * @dev This contract implements an upgradeable proxy. It is upgradeable because calls are delegated to an
 * implementation address that can be changed. This address is stored in storage in the location specified by
 * https://eips.ethereum.org/EIPS/eip-1967[ERC-1967], so that it doesn't conflict with the storage layout of the
 * implementation behind the proxy.
 */
contract ERC1967Proxy is Proxy {
  /**
   * @dev Initializes the upgradeable proxy with an initial implementation specified by `implementation`.
   *
   * If `_data` is nonempty, it's used as data in a delegate call to `implementation`. This will typically be an
   * encoded function call, and allows initializing the storage of the proxy like a Solidity constructor.
   *
   * Requirements:
   *
   * - If `data` is empty, `msg.value` must be zero.
   */
  constructor(address implementation, bytes memory _data) payable {
    ERC1967Utils.upgradeToAndCall(implementation, _data);
  }

  /**
   * @dev Returns the current implementation address.
   *
   * TIP: To get this value clients can read directly from the storage slot shown below (specified by ERC-1967) using
   * the https://eth.wiki/json-rpc/API#eth_getstorageat[`eth_getStorageAt`] RPC call.
   * `0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc`
   */
  function _implementation() internal view virtual override returns (address) {
    return ERC1967Utils.getImplementation();
  }
}

0% src/dependencies/openzeppelin/ERC1967Utils.sol

Lines covered: 0 / 26 (0%)

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.4.0) (proxy/ERC1967/ERC1967Utils.sol)

pragma solidity ^0.8.21;

import {IBeacon} from './IBeacon.sol';
import {IERC1967} from './IERC1967.sol';
import {Address} from './Address.sol';
import {StorageSlot} from './StorageSlot.sol';

/**
 * @dev This library provides getters and event emitting update functions for
 * https://eips.ethereum.org/EIPS/eip-1967[ERC-1967] slots.
 */
library ERC1967Utils {
  /**
   * @dev Storage slot with the address of the current implementation.
   * This is the keccak-256 hash of "eip1967.proxy.implementation" subtracted by 1.
   */
  // solhint-disable-next-line private-vars-leading-underscore
  bytes32 internal constant IMPLEMENTATION_SLOT =
    0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc;

  /**
   * @dev The `implementation` of the proxy is invalid.
   */
  error ERC1967InvalidImplementation(address implementation);

  /**
   * @dev The `admin` of the proxy is invalid.
   */
  error ERC1967InvalidAdmin(address admin);

  /**
   * @dev The `beacon` of the proxy is invalid.
   */
  error ERC1967InvalidBeacon(address beacon);

  /**
   * @dev An upgrade function sees `msg.value > 0` that may be lost.
   */
  error ERC1967NonPayable();

  /**
   * @dev Returns the current implementation address.
   */
  function getImplementation() internal view returns (address) {
    return StorageSlot.getAddressSlot(IMPLEMENTATION_SLOT).value;
  }

  /**
   * @dev Stores a new address in the ERC-1967 implementation slot.
   */
  function _setImplementation(address newImplementation) private {
    if (newImplementation.code.length == 0) {
      revert ERC1967InvalidImplementation(newImplementation);
    }
    StorageSlot.getAddressSlot(IMPLEMENTATION_SLOT).value = newImplementation;
  }

  /**
   * @dev Performs implementation upgrade with additional setup call if data is nonempty.
   * This function is payable only if the setup call is performed, otherwise `msg.value` is rejected
   * to avoid stuck value in the contract.
   *
   * Emits an {IERC1967-Upgraded} event.
   */
  function upgradeToAndCall(address newImplementation, bytes memory data) internal {
    _setImplementation(newImplementation);
    emit IERC1967.Upgraded(newImplementation);

    if (data.length > 0) {
      Address.functionDelegateCall(newImplementation, data);
    } else {
      _checkNonPayable();
    }
  }

  /**
   * @dev Storage slot with the admin of the contract.
   * This is the keccak-256 hash of "eip1967.proxy.admin" subtracted by 1.
   */
  // solhint-disable-next-line private-vars-leading-underscore
  bytes32 internal constant ADMIN_SLOT =
    0xb53127684a568b3173ae13b9f8a6016e243e63b6e8ee1178d6a717850b5d6103;

  /**
   * @dev Returns the current admin.
   *
   * TIP: To get this value clients can read directly from the storage slot shown below (specified by ERC-1967) using
   * the https://eth.wiki/json-rpc/API#eth_getstorageat[`eth_getStorageAt`] RPC call.
   * `0xb53127684a568b3173ae13b9f8a6016e243e63b6e8ee1178d6a717850b5d6103`
   */
  function getAdmin() internal view returns (address) {
    return StorageSlot.getAddressSlot(ADMIN_SLOT).value;
  }

  /**
   * @dev Stores a new address in the ERC-1967 admin slot.
   */
  function _setAdmin(address newAdmin) private {
    if (newAdmin == address(0)) {
      revert ERC1967InvalidAdmin(address(0));
    }
    StorageSlot.getAddressSlot(ADMIN_SLOT).value = newAdmin;
  }

  /**
   * @dev Changes the admin of the proxy.
   *
   * Emits an {IERC1967-AdminChanged} event.
   */
  function changeAdmin(address newAdmin) internal {
    emit IERC1967.AdminChanged(getAdmin(), newAdmin);
    _setAdmin(newAdmin);
  }

  /**
   * @dev The storage slot of the UpgradeableBeacon contract which defines the implementation for this proxy.
   * This is the keccak-256 hash of "eip1967.proxy.beacon" subtracted by 1.
   */
  // solhint-disable-next-line private-vars-leading-underscore
  bytes32 internal constant BEACON_SLOT =
    0xa3f0ad74e5423aebfd80d3ef4346578335a9a72aeaee59ff6cb3582b35133d50;

  /**
   * @dev Returns the current beacon.
   */
  function getBeacon() internal view returns (address) {
    return StorageSlot.getAddressSlot(BEACON_SLOT).value;
  }

  /**
   * @dev Stores a new beacon in the ERC-1967 beacon slot.
   */
  function _setBeacon(address newBeacon) private {
    if (newBeacon.code.length == 0) {
      revert ERC1967InvalidBeacon(newBeacon);
    }

    StorageSlot.getAddressSlot(BEACON_SLOT).value = newBeacon;

    address beaconImplementation = IBeacon(newBeacon).implementation();
    if (beaconImplementation.code.length == 0) {
      revert ERC1967InvalidImplementation(beaconImplementation);
    }
  }

  /**
   * @dev Change the beacon and trigger a setup call if data is nonempty.
   * This function is payable only if the setup call is performed, otherwise `msg.value` is rejected
   * to avoid stuck value in the contract.
   *
   * Emits an {IERC1967-BeaconUpgraded} event.
   *
   * CAUTION: Invoking this function has no effect on an instance of {BeaconProxy} since v5, since
   * it uses an immutable beacon without looking at the value of the ERC-1967 beacon slot for
   * efficiency.
   */
  function upgradeBeaconToAndCall(address newBeacon, bytes memory data) internal {
    _setBeacon(newBeacon);
    emit IERC1967.BeaconUpgraded(newBeacon);

    if (data.length > 0) {
      Address.functionDelegateCall(IBeacon(newBeacon).implementation(), data);
    } else {
      _checkNonPayable();
    }
  }

  /**
   * @dev Reverts if `msg.value` is not zero. It can be used to avoid `msg.value` stuck in the contract
   * if an upgrade doesn't perform an initialization call.
   */
  function _checkNonPayable() private {
    if (msg.value > 0) {
      revert ERC1967NonPayable();
    }
  }
}

64% src/dependencies/openzeppelin/ERC20.sol

Lines covered: 42 / 65 (64%)

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.4.0) (token/ERC20/ERC20.sol)

pragma solidity ^0.8.20;

import {IERC20} from './IERC20.sol';
import {IERC20Metadata} from './IERC20Metadata.sol';
import {Context} from './Context.sol';
import {IERC20Errors} from './IERC20Errors.sol';

/**
 * @dev Implementation of the {IERC20} interface.
 *
 * This implementation is agnostic to the way tokens are created. This means
 * that a supply mechanism has to be added in a derived contract using {_mint}.
 *
 * TIP: For a detailed writeup see our guide
 * https://forum.openzeppelin.com/t/how-to-implement-erc20-supply-mechanisms/226[How
 * to implement supply mechanisms].
 *
 * The default value of {decimals} is 18. To change this, you should override
 * this function so it returns a different value.
 *
 * We have followed general OpenZeppelin Contracts guidelines: functions revert
 * instead returning `false` on failure. This behavior is nonetheless
 * conventional and does not conflict with the expectations of ERC-20
 * applications.
 */
abstract contract ERC20 is Context, IERC20, IERC20Metadata, IERC20Errors {
  mapping(address account => uint256) private _balances;

  mapping(address account => mapping(address spender => uint256)) private _allowances;

  uint256 private _totalSupply;

  string private _name;
  string private _symbol;

  /**
   * @dev Sets the values for {name} and {symbol}.
   *
   * Both values are immutable: they can only be set once during construction.
   */
  constructor(string memory name_, string memory symbol_) {
    _name = name_;
    _symbol = symbol_;
  }

  /**
   * @dev Returns the name of the token.
   */
  function name() public view virtual returns (string memory) {
    return _name;
  }

  /**
   * @dev Returns the symbol of the token, usually a shorter version of the
   * name.
   */
  function symbol() public view virtual returns (string memory) {
    return _symbol;
  }

  /**
   * @dev Returns the number of decimals used to get its user representation.
   * For example, if `decimals` equals `2`, a balance of `505` tokens should
   * be displayed to a user as `5.05` (`505 / 10 ** 2`).
   *
   * Tokens usually opt for a value of 18, imitating the relationship between
   * Ether and Wei. This is the default value returned by this function, unless
   * it's overridden.
   *
   * NOTE: This information is only used for _display_ purposes: it in
   * no way affects any of the arithmetic of the contract, including
   * {IERC20-balanceOf} and {IERC20-transfer}.
   */
  function decimals() public view virtual returns (uint8) {
    return 18;
  }

  /// @inheritdoc IERC20
  function totalSupply() public view virtual returns (uint256) {
    return _totalSupply;
  }

  /// @inheritdoc IERC20
  function balanceOf(address account) public view virtual returns (uint256) {
    return _balances[account];
  }

  /**
   * @dev See {IERC20-transfer}.
   *
   * Requirements:
   *
   * - `to` cannot be the zero address.
   * - the caller must have a balance of at least `value`.
   */
  function transfer(address to, uint256 value) public virtual returns (bool) {
    address owner = _msgSender();
    _transfer(owner, to, value);
    return true;
  }

  /// @inheritdoc IERC20
  function allowance(address owner, address spender) public view virtual returns (uint256) {
    return _allowances[owner][spender];
  }

  /**
   * @dev See {IERC20-approve}.
   *
   * NOTE: If `value` is the maximum `uint256`, the allowance is not updated on
   * `transferFrom`. This is semantically equivalent to an infinite approval.
   *
   * Requirements:
   *
   * - `spender` cannot be the zero address.
   */
  function approve(address spender, uint256 value) public virtual returns (bool) {
    address owner = _msgSender();
    _approve(owner, spender, value);
    return true;
  }

  /**
   * @dev See {IERC20-transferFrom}.
   *
   * Skips emitting an {Approval} event indicating an allowance update. This is not
   * required by the ERC. See {xref-ERC20-_approve-address-address-uint256-bool-}[_approve].
   *
   * NOTE: Does not update the allowance if the current allowance
   * is the maximum `uint256`.
   *
   * Requirements:
   *
   * - `from` and `to` cannot be the zero address.
   * - `from` must have a balance of at least `value`.
   * - the caller must have allowance for ``from``'s tokens of at least
   * `value`.
   */
  function transferFrom(address from, address to, uint256 value) public virtual returns (bool) {
    address spender = _msgSender();
    _spendAllowance(from, spender, value);
    _transfer(from, to, value);
    return true;
  }

  /**
   * @dev Moves a `value` amount of tokens from `from` to `to`.
   *
   * This internal function is equivalent to {transfer}, and can be used to
   * e.g. implement automatic token fees, slashing mechanisms, etc.
   *
   * Emits a {Transfer} event.
   *
   * NOTE: This function is not virtual, {_update} should be overridden instead.
   */
  function _transfer(address from, address to, uint256 value) internal {
    if (from == address(0)) {
      revert ERC20InvalidSender(address(0));
    }
    if (to == address(0)) {
      revert ERC20InvalidReceiver(address(0));
    }
    _update(from, to, value);
  }

  /**
   * @dev Transfers a `value` amount of tokens from `from` to `to`, or alternatively mints (or burns) if `from`
   * (or `to`) is the zero address. All customizations to transfers, mints, and burns should be done by overriding
   * this function.
   *
   * Emits a {Transfer} event.
   */
  function _update(address from, address to, uint256 value) internal virtual {
    if (from == address(0)) {
      // Overflow check required: The rest of the code assumes that totalSupply never overflows
      _totalSupply += value;
    } else {
      uint256 fromBalance = _balances[from];
      if (fromBalance < value) {
        revert ERC20InsufficientBalance(from, fromBalance, value);
      }
      unchecked {
        // Overflow not possible: value <= fromBalance <= totalSupply.
        _balances[from] = fromBalance - value;
      }
    }

    if (to == address(0)) {
      unchecked {
        // Overflow not possible: value <= totalSupply or value <= fromBalance <= totalSupply.
        _totalSupply -= value;
      }
    } else {
      unchecked {
        // Overflow not possible: balance + value is at most totalSupply, which we know fits into a uint256.
        _balances[to] += value;
      }
    }

    emit Transfer(from, to, value);
  }

  /**
   * @dev Creates a `value` amount of tokens and assigns them to `account`, by transferring it from address(0).
   * Relies on the `_update` mechanism
   *
   * Emits a {Transfer} event with `from` set to the zero address.
   *
   * NOTE: This function is not virtual, {_update} should be overridden instead.
   */
  function _mint(address account, uint256 value) internal {
    if (account == address(0)) {
      revert ERC20InvalidReceiver(address(0));
    }
    _update(address(0), account, value);
  }

  /**
   * @dev Destroys a `value` amount of tokens from `account`, lowering the total supply.
   * Relies on the `_update` mechanism.
   *
   * Emits a {Transfer} event with `to` set to the zero address.
   *
   * NOTE: This function is not virtual, {_update} should be overridden instead
   */
  function _burn(address account, uint256 value) internal {
    if (account == address(0)) {
      revert ERC20InvalidSender(address(0));
    }
    _update(account, address(0), value);
  }

  /**
   * @dev Sets `value` as the allowance of `spender` over the `owner`'s tokens.
   *
   * This internal function is equivalent to `approve`, and can be used to
   * e.g. set automatic allowances for certain subsystems, etc.
   *
   * Emits an {Approval} event.
   *
   * Requirements:
   *
   * - `owner` cannot be the zero address.
   * - `spender` cannot be the zero address.
   *
   * Overrides to this logic should be done to the variant with an additional `bool emitEvent` argument.
   */
  function _approve(address owner, address spender, uint256 value) internal {
    _approve(owner, spender, value, true);
  }

  /**
   * @dev Variant of {_approve} with an optional flag to enable or disable the {Approval} event.
   *
   * By default (when calling {_approve}) the flag is set to true. On the other hand, approval changes made by
   * `_spendAllowance` during the `transferFrom` operation set the flag to false. This saves gas by not emitting any
   * `Approval` event during `transferFrom` operations.
   *
   * Anyone who wishes to continue emitting `Approval` events on the`transferFrom` operation can force the flag to
   * true using the following override:
   *
   * ```solidity
   * function _approve(address owner, address spender, uint256 value, bool) internal virtual override {
   *     super._approve(owner, spender, value, true);
   * }
   * ```
   *
   * Requirements are the same as {_approve}.
   */
  function _approve(
    address owner,
    address spender,
    uint256 value,
    bool emitEvent
  ) internal virtual {
    if (owner == address(0)) {
      revert ERC20InvalidApprover(address(0));
    }
    if (spender == address(0)) {
      revert ERC20InvalidSpender(address(0));
    }
    _allowances[owner][spender] = value;
    if (emitEvent) {
      emit Approval(owner, spender, value);
    }
  }

  /**
   * @dev Updates `owner`'s allowance for `spender` based on spent `value`.
   *
   * Does not update the allowance value in case of infinite allowance.
   * Revert if not enough allowance is available.
   *
   * Does not emit an {Approval} event.
   */
  function _spendAllowance(address owner, address spender, uint256 value) internal virtual {
    uint256 currentAllowance = allowance(owner, spender);
    if (currentAllowance < type(uint256).max) {
      if (currentAllowance < value) {
        revert ERC20InsufficientAllowance(spender, currentAllowance, value);
      }
      unchecked {
        _approve(owner, spender, currentAllowance - value, false);
      }
    }
  }
}

34% src/dependencies/openzeppelin/EnumerableSet.sol

Lines covered: 19 / 55 (34%)

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.4.0) (utils/structs/EnumerableSet.sol)
// This file was procedurally generated from scripts/generate/templates/EnumerableSet.js.

pragma solidity ^0.8.20;

import {Arrays} from './Arrays.sol';
import {Math} from './Math.sol';

/**
 * @dev Library for managing
 * https://en.wikipedia.org/wiki/Set_(abstract_data_type)[sets] of primitive
 * types.
 *
 * Sets have the following properties:
 *
 * - Elements are added, removed, and checked for existence in constant time
 * (O(1)).
 * - Elements are enumerated in O(n). No guarantees are made on the ordering.
 * - Set can be cleared (all elements removed) in O(n).
 *
 * ```solidity
 * contract Example {
 *     // Add the library methods
 *     using EnumerableSet for EnumerableSet.AddressSet;
 *
 *     // Declare a set state variable
 *     EnumerableSet.AddressSet private mySet;
 * }
 * ```
 *
 * The following types are supported:
 *
 * - `bytes32` (`Bytes32Set`) since v3.3.0
 * - `address` (`AddressSet`) since v3.3.0
 * - `uint256` (`UintSet`) since v3.3.0
 * - `string` (`StringSet`) since v5.4.0
 * - `bytes` (`BytesSet`) since v5.4.0
 *
 * [WARNING]
 * ====
 * Trying to delete such a structure from storage will likely result in data corruption, rendering the structure
 * unusable.
 * See https://github.com/ethereum/solidity/pull/11843[ethereum/solidity#11843] for more info.
 *
 * In order to clean an EnumerableSet, you can either remove all elements one by one or create a fresh instance using an
 * array of EnumerableSet.
 * ====
 */
library EnumerableSet {
  // To implement this library for multiple types with as little code
  // repetition as possible, we write it in terms of a generic Set type with
  // bytes32 values.
  // The Set implementation uses private functions, and user-facing
  // implementations (such as AddressSet) are just wrappers around the
  // underlying Set.
  // This means that we can only create new EnumerableSets for types that fit
  // in bytes32.

  struct Set {
    // Storage of set values
    bytes32[] _values;
    // Position is the index of the value in the `values` array plus 1.
    // Position 0 is used to mean a value is not in the set.
    mapping(bytes32 value => uint256) _positions;
  }

  /**
   * @dev Add a value to a set. O(1).
   *
   * Returns true if the value was added to the set, that is if it was not
   * already present.
   */
  function _add(Set storage set, bytes32 value) private returns (bool) {
    if (!_contains(set, value)) {
      set._values.push(value);
      // The value is stored at length-1, but we add 1 to all indexes
      // and use 0 as a sentinel value
      set._positions[value] = set._values.length;
      return true;
    } else {
      return false;
    }
  }

  /**
   * @dev Removes a value from a set. O(1).
   *
   * Returns true if the value was removed from the set, that is if it was
   * present.
   */
  function _remove(Set storage set, bytes32 value) private returns (bool) {
    // We cache the value's position to prevent multiple reads from the same storage slot
    uint256 position = set._positions[value];

    if (position != 0) {
      // Equivalent to contains(set, value)
      // To delete an element from the _values array in O(1), we swap the element to delete with the last one in
      // the array, and then remove the last element (sometimes called as 'swap and pop').
      // This modifies the order of the array, as noted in {at}.

      uint256 valueIndex = position - 1;
      uint256 lastIndex = set._values.length - 1;

      if (valueIndex != lastIndex) {
        bytes32 lastValue = set._values[lastIndex];

        // Move the lastValue to the index where the value to delete is
        set._values[valueIndex] = lastValue;
        // Update the tracked position of the lastValue (that was just moved)
        set._positions[lastValue] = position;
      }

      // Delete the slot where the moved value was stored
      set._values.pop();

      // Delete the tracked position for the deleted slot
      delete set._positions[value];

      return true;
    } else {
      return false;
    }
  }

  /**
   * @dev Removes all the values from a set. O(n).
   *
   * WARNING: This function has an unbounded cost that scales with set size. Developers should keep in mind that
   * using it may render the function uncallable if the set grows to the point where clearing it consumes too much
   * gas to fit in a block.
   */
  function _clear(Set storage set) private {
    uint256 len = _length(set);
    for (uint256 i = 0; i < len; ++i) {
      delete set._positions[set._values[i]];
    }
    Arrays.unsafeSetLength(set._values, 0);
  }

  /**
   * @dev Returns true if the value is in the set. O(1).
   */
  function _contains(Set storage set, bytes32 value) private view returns (bool) {
    return set._positions[value] != 0;
  }

  /**
   * @dev Returns the number of values on the set. O(1).
   */
  function _length(Set storage set) private view returns (uint256) {
    return set._values.length;
  }

  /**
   * @dev Returns the value stored at position `index` in the set. O(1).
   *
   * Note that there are no guarantees on the ordering of values inside the
   * array, and it may change when more values are added or removed.
   *
   * Requirements:
   *
   * - `index` must be strictly less than {length}.
   */
  function _at(Set storage set, uint256 index) private view returns (bytes32) {
    return set._values[index];
  }

  /**
   * @dev Return the entire set in an array
   *
   * WARNING: This operation will copy the entire storage to memory, which can be quite expensive. This is designed
   * to mostly be used by view accessors that are queried without any gas fees. Developers should keep in mind that
   * this function has an unbounded cost, and using it as part of a state-changing function may render the function
   * uncallable if the set grows to a point where copying to memory consumes too much gas to fit in a block.
   */
  function _values(Set storage set) private view returns (bytes32[] memory) {
    return set._values;
  }

  /**
   * @dev Return a slice of the set in an array
   *
   * WARNING: This operation will copy the entire storage to memory, which can be quite expensive. This is designed
   * to mostly be used by view accessors that are queried without any gas fees. Developers should keep in mind that
   * this function has an unbounded cost, and using it as part of a state-changing function may render the function
   * uncallable if the set grows to a point where copying to memory consumes too much gas to fit in a block.
   */
  function _values(
    Set storage set,
    uint256 start,
    uint256 end
  ) private view returns (bytes32[] memory) {
    unchecked {
      end = Math.min(end, _length(set));
      start = Math.min(start, end);

      uint256 len = end - start;
      bytes32[] memory result = new bytes32[](len);
      for (uint256 i = 0; i < len; ++i) {
        result[i] = Arrays.unsafeAccess(set._values, start + i).value;
      }
      return result;
    }
  }

  // Bytes32Set

  struct Bytes32Set {
    Set _inner;
  }

  /**
   * @dev Add a value to a set. O(1).
   *
   * Returns true if the value was added to the set, that is if it was not
   * already present.
   */
  function add(Bytes32Set storage set, bytes32 value) internal returns (bool) {
    return _add(set._inner, value);
  }

  /**
   * @dev Removes a value from a set. O(1).
   *
   * Returns true if the value was removed from the set, that is if it was
   * present.
   */
  function remove(Bytes32Set storage set, bytes32 value) internal returns (bool) {
    return _remove(set._inner, value);
  }

  /**
   * @dev Removes all the values from a set. O(n).
   *
   * WARNING: Developers should keep in mind that this function has an unbounded cost and using it may render the
   * function uncallable if the set grows to the point where clearing it consumes too much gas to fit in a block.
   */
  function clear(Bytes32Set storage set) internal {
    _clear(set._inner);
  }

  /**
   * @dev Returns true if the value is in the set. O(1).
   */
  function contains(Bytes32Set storage set, bytes32 value) internal view returns (bool) {
    return _contains(set._inner, value);
  }

  /**
   * @dev Returns the number of values in the set. O(1).
   */
  function length(Bytes32Set storage set) internal view returns (uint256) {
    return _length(set._inner);
  }

  /**
   * @dev Returns the value stored at position `index` in the set. O(1).
   *
   * Note that there are no guarantees on the ordering of values inside the
   * array, and it may change when more values are added or removed.
   *
   * Requirements:
   *
   * - `index` must be strictly less than {length}.
   */
  function at(Bytes32Set storage set, uint256 index) internal view returns (bytes32) {
    return _at(set._inner, index);
  }

  /**
   * @dev Return the entire set in an array
   *
   * WARNING: This operation will copy the entire storage to memory, which can be quite expensive. This is designed
   * to mostly be used by view accessors that are queried without any gas fees. Developers should keep in mind that
   * this function has an unbounded cost, and using it as part of a state-changing function may render the function
   * uncallable if the set grows to a point where copying to memory consumes too much gas to fit in a block.
   */
  function values(Bytes32Set storage set) internal view returns (bytes32[] memory) {
    bytes32[] memory store = _values(set._inner);
    bytes32[] memory result;

    assembly ('memory-safe') {
      result := store
    }

    return result;
  }

  /**
   * @dev Return a slice of the set in an array
   *
   * WARNING: This operation will copy the entire storage to memory, which can be quite expensive. This is designed
   * to mostly be used by view accessors that are queried without any gas fees. Developers should keep in mind that
   * this function has an unbounded cost, and using it as part of a state-changing function may render the function
   * uncallable if the set grows to a point where copying to memory consumes too much gas to fit in a block.
   */
  function values(
    Bytes32Set storage set,
    uint256 start,
    uint256 end
  ) internal view returns (bytes32[] memory) {
    bytes32[] memory store = _values(set._inner, start, end);
    bytes32[] memory result;

    assembly ('memory-safe') {
      result := store
    }

    return result;
  }

  // AddressSet

  struct AddressSet {
    Set _inner;
  }

  /**
   * @dev Add a value to a set. O(1).
   *
   * Returns true if the value was added to the set, that is if it was not
   * already present.
   */
  function add(AddressSet storage set, address value) internal returns (bool) {
    return _add(set._inner, bytes32(uint256(uint160(value))));
  }

  /**
   * @dev Removes a value from a set. O(1).
   *
   * Returns true if the value was removed from the set, that is if it was
   * present.
   */
  function remove(AddressSet storage set, address value) internal returns (bool) {
    return _remove(set._inner, bytes32(uint256(uint160(value))));
  }

  /**
   * @dev Removes all the values from a set. O(n).
   *
   * WARNING: Developers should keep in mind that this function has an unbounded cost and using it may render the
   * function uncallable if the set grows to the point where clearing it consumes too much gas to fit in a block.
   */
  function clear(AddressSet storage set) internal {
    _clear(set._inner);
  }

  /**
   * @dev Returns true if the value is in the set. O(1).
   */
  function contains(AddressSet storage set, address value) internal view returns (bool) {
    return _contains(set._inner, bytes32(uint256(uint160(value))));
  }

  /**
   * @dev Returns the number of values in the set. O(1).
   */
  function length(AddressSet storage set) internal view returns (uint256) {
    return _length(set._inner);
  }

  /**
   * @dev Returns the value stored at position `index` in the set. O(1).
   *
   * Note that there are no guarantees on the ordering of values inside the
   * array, and it may change when more values are added or removed.
   *
   * Requirements:
   *
   * - `index` must be strictly less than {length}.
   */
  function at(AddressSet storage set, uint256 index) internal view returns (address) {
    return address(uint160(uint256(_at(set._inner, index))));
  }

  /**
   * @dev Return the entire set in an array
   *
   * WARNING: This operation will copy the entire storage to memory, which can be quite expensive. This is designed
   * to mostly be used by view accessors that are queried without any gas fees. Developers should keep in mind that
   * this function has an unbounded cost, and using it as part of a state-changing function may render the function
   * uncallable if the set grows to a point where copying to memory consumes too much gas to fit in a block.
   */
  function values(AddressSet storage set) internal view returns (address[] memory) {
    bytes32[] memory store = _values(set._inner);
    address[] memory result;

    assembly ('memory-safe') {
      result := store
    }

    return result;
  }

  /**
   * @dev Return a slice of the set in an array
   *
   * WARNING: This operation will copy the entire storage to memory, which can be quite expensive. This is designed
   * to mostly be used by view accessors that are queried without any gas fees. Developers should keep in mind that
   * this function has an unbounded cost, and using it as part of a state-changing function may render the function
   * uncallable if the set grows to a point where copying to memory consumes too much gas to fit in a block.
   */
  function values(
    AddressSet storage set,
    uint256 start,
    uint256 end
  ) internal view returns (address[] memory) {
    bytes32[] memory store = _values(set._inner, start, end);
    address[] memory result;

    assembly ('memory-safe') {
      result := store
    }

    return result;
  }

  // UintSet

  struct UintSet {
    Set _inner;
  }

  /**
   * @dev Add a value to a set. O(1).
   *
   * Returns true if the value was added to the set, that is if it was not
   * already present.
   */
  function add(UintSet storage set, uint256 value) internal returns (bool) {
    return _add(set._inner, bytes32(value));
  }

  /**
   * @dev Removes a value from a set. O(1).
   *
   * Returns true if the value was removed from the set, that is if it was
   * present.
   */
  function remove(UintSet storage set, uint256 value) internal returns (bool) {
    return _remove(set._inner, bytes32(value));
  }

  /**
   * @dev Removes all the values from a set. O(n).
   *
   * WARNING: Developers should keep in mind that this function has an unbounded cost and using it may render the
   * function uncallable if the set grows to the point where clearing it consumes too much gas to fit in a block.
   */
  function clear(UintSet storage set) internal {
    _clear(set._inner);
  }

  /**
   * @dev Returns true if the value is in the set. O(1).
   */
  function contains(UintSet storage set, uint256 value) internal view returns (bool) {
    return _contains(set._inner, bytes32(value));
  }

  /**
   * @dev Returns the number of values in the set. O(1).
   */
  function length(UintSet storage set) internal view returns (uint256) {
    return _length(set._inner);
  }

  /**
   * @dev Returns the value stored at position `index` in the set. O(1).
   *
   * Note that there are no guarantees on the ordering of values inside the
   * array, and it may change when more values are added or removed.
   *
   * Requirements:
   *
   * - `index` must be strictly less than {length}.
   */
  function at(UintSet storage set, uint256 index) internal view returns (uint256) {
    return uint256(_at(set._inner, index));
  }

  /**
   * @dev Return the entire set in an array
   *
   * WARNING: This operation will copy the entire storage to memory, which can be quite expensive. This is designed
   * to mostly be used by view accessors that are queried without any gas fees. Developers should keep in mind that
   * this function has an unbounded cost, and using it as part of a state-changing function may render the function
   * uncallable if the set grows to a point where copying to memory consumes too much gas to fit in a block.
   */
  function values(UintSet storage set) internal view returns (uint256[] memory) {
    bytes32[] memory store = _values(set._inner);
    uint256[] memory result;

    assembly ('memory-safe') {
      result := store
    }

    return result;
  }

  /**
   * @dev Return a slice of the set in an array
   *
   * WARNING: This operation will copy the entire storage to memory, which can be quite expensive. This is designed
   * to mostly be used by view accessors that are queried without any gas fees. Developers should keep in mind that
   * this function has an unbounded cost, and using it as part of a state-changing function may render the function
   * uncallable if the set grows to a point where copying to memory consumes too much gas to fit in a block.
   */
  function values(
    UintSet storage set,
    uint256 start,
    uint256 end
  ) internal view returns (uint256[] memory) {
    bytes32[] memory store = _values(set._inner, start, end);
    uint256[] memory result;

    assembly ('memory-safe') {
      result := store
    }

    return result;
  }

  struct StringSet {
    // Storage of set values
    string[] _values;
    // Position is the index of the value in the `values` array plus 1.
    // Position 0 is used to mean a value is not in the set.
    mapping(string value => uint256) _positions;
  }

  /**
   * @dev Add a value to a set. O(1).
   *
   * Returns true if the value was added to the set, that is if it was not
   * already present.
   */
  function add(StringSet storage set, string memory value) internal returns (bool) {
    if (!contains(set, value)) {
      set._values.push(value);
      // The value is stored at length-1, but we add 1 to all indexes
      // and use 0 as a sentinel value
      set._positions[value] = set._values.length;
      return true;
    } else {
      return false;
    }
  }

  /**
   * @dev Removes a value from a set. O(1).
   *
   * Returns true if the value was removed from the set, that is if it was
   * present.
   */
  function remove(StringSet storage set, string memory value) internal returns (bool) {
    // We cache the value's position to prevent multiple reads from the same storage slot
    uint256 position = set._positions[value];

    if (position != 0) {
      // Equivalent to contains(set, value)
      // To delete an element from the _values array in O(1), we swap the element to delete with the last one in
      // the array, and then remove the last element (sometimes called as 'swap and pop').
      // This modifies the order of the array, as noted in {at}.

      uint256 valueIndex = position - 1;
      uint256 lastIndex = set._values.length - 1;

      if (valueIndex != lastIndex) {
        string memory lastValue = set._values[lastIndex];

        // Move the lastValue to the index where the value to delete is
        set._values[valueIndex] = lastValue;
        // Update the tracked position of the lastValue (that was just moved)
        set._positions[lastValue] = position;
      }

      // Delete the slot where the moved value was stored
      set._values.pop();

      // Delete the tracked position for the deleted slot
      delete set._positions[value];

      return true;
    } else {
      return false;
    }
  }

  /**
   * @dev Removes all the values from a set. O(n).
   *
   * WARNING: Developers should keep in mind that this function has an unbounded cost and using it may render the
   * function uncallable if the set grows to the point where clearing it consumes too much gas to fit in a block.
   */
  function clear(StringSet storage set) internal {
    uint256 len = length(set);
    for (uint256 i = 0; i < len; ++i) {
      delete set._positions[set._values[i]];
    }
    Arrays.unsafeSetLength(set._values, 0);
  }

  /**
   * @dev Returns true if the value is in the set. O(1).
   */
  function contains(StringSet storage set, string memory value) internal view returns (bool) {
    return set._positions[value] != 0;
  }

  /**
   * @dev Returns the number of values on the set. O(1).
   */
  function length(StringSet storage set) internal view returns (uint256) {
    return set._values.length;
  }

  /**
   * @dev Returns the value stored at position `index` in the set. O(1).
   *
   * Note that there are no guarantees on the ordering of values inside the
   * array, and it may change when more values are added or removed.
   *
   * Requirements:
   *
   * - `index` must be strictly less than {length}.
   */
  function at(StringSet storage set, uint256 index) internal view returns (string memory) {
    return set._values[index];
  }

  /**
   * @dev Return the entire set in an array
   *
   * WARNING: This operation will copy the entire storage to memory, which can be quite expensive. This is designed
   * to mostly be used by view accessors that are queried without any gas fees. Developers should keep in mind that
   * this function has an unbounded cost, and using it as part of a state-changing function may render the function
   * uncallable if the set grows to a point where copying to memory consumes too much gas to fit in a block.
   */
  function values(StringSet storage set) internal view returns (string[] memory) {
    return set._values;
  }

  /**
   * @dev Return a slice of the set in an array
   *
   * WARNING: This operation will copy the entire storage to memory, which can be quite expensive. This is designed
   * to mostly be used by view accessors that are queried without any gas fees. Developers should keep in mind that
   * this function has an unbounded cost, and using it as part of a state-changing function may render the function
   * uncallable if the set grows to a point where copying to memory consumes too much gas to fit in a block.
   */
  function values(
    StringSet storage set,
    uint256 start,
    uint256 end
  ) internal view returns (string[] memory) {
    unchecked {
      end = Math.min(end, length(set));
      start = Math.min(start, end);

      uint256 len = end - start;
      string[] memory result = new string[](len);
      for (uint256 i = 0; i < len; ++i) {
        result[i] = Arrays.unsafeAccess(set._values, start + i).value;
      }
      return result;
    }
  }

  struct BytesSet {
    // Storage of set values
    bytes[] _values;
    // Position is the index of the value in the `values` array plus 1.
    // Position 0 is used to mean a value is not in the set.
    mapping(bytes value => uint256) _positions;
  }

  /**
   * @dev Add a value to a set. O(1).
   *
   * Returns true if the value was added to the set, that is if it was not
   * already present.
   */
  function add(BytesSet storage set, bytes memory value) internal returns (bool) {
    if (!contains(set, value)) {
      set._values.push(value);
      // The value is stored at length-1, but we add 1 to all indexes
      // and use 0 as a sentinel value
      set._positions[value] = set._values.length;
      return true;
    } else {
      return false;
    }
  }

  /**
   * @dev Removes a value from a set. O(1).
   *
   * Returns true if the value was removed from the set, that is if it was
   * present.
   */
  function remove(BytesSet storage set, bytes memory value) internal returns (bool) {
    // We cache the value's position to prevent multiple reads from the same storage slot
    uint256 position = set._positions[value];

    if (position != 0) {
      // Equivalent to contains(set, value)
      // To delete an element from the _values array in O(1), we swap the element to delete with the last one in
      // the array, and then remove the last element (sometimes called as 'swap and pop').
      // This modifies the order of the array, as noted in {at}.

      uint256 valueIndex = position - 1;
      uint256 lastIndex = set._values.length - 1;

      if (valueIndex != lastIndex) {
        bytes memory lastValue = set._values[lastIndex];

        // Move the lastValue to the index where the value to delete is
        set._values[valueIndex] = lastValue;
        // Update the tracked position of the lastValue (that was just moved)
        set._positions[lastValue] = position;
      }

      // Delete the slot where the moved value was stored
      set._values.pop();

      // Delete the tracked position for the deleted slot
      delete set._positions[value];

      return true;
    } else {
      return false;
    }
  }

  /**
   * @dev Removes all the values from a set. O(n).
   *
   * WARNING: Developers should keep in mind that this function has an unbounded cost and using it may render the
   * function uncallable if the set grows to the point where clearing it consumes too much gas to fit in a block.
   */
  function clear(BytesSet storage set) internal {
    uint256 len = length(set);
    for (uint256 i = 0; i < len; ++i) {
      delete set._positions[set._values[i]];
    }
    Arrays.unsafeSetLength(set._values, 0);
  }

  /**
   * @dev Returns true if the value is in the set. O(1).
   */
  function contains(BytesSet storage set, bytes memory value) internal view returns (bool) {
    return set._positions[value] != 0;
  }

  /**
   * @dev Returns the number of values on the set. O(1).
   */
  function length(BytesSet storage set) internal view returns (uint256) {
    return set._values.length;
  }

  /**
   * @dev Returns the value stored at position `index` in the set. O(1).
   *
   * Note that there are no guarantees on the ordering of values inside the
   * array, and it may change when more values are added or removed.
   *
   * Requirements:
   *
   * - `index` must be strictly less than {length}.
   */
  function at(BytesSet storage set, uint256 index) internal view returns (bytes memory) {
    return set._values[index];
  }

  /**
   * @dev Return the entire set in an array
   *
   * WARNING: This operation will copy the entire storage to memory, which can be quite expensive. This is designed
   * to mostly be used by view accessors that are queried without any gas fees. Developers should keep in mind that
   * this function has an unbounded cost, and using it as part of a state-changing function may render the function
   * uncallable if the set grows to a point where copying to memory consumes too much gas to fit in a block.
   */
  function values(BytesSet storage set) internal view returns (bytes[] memory) {
    return set._values;
  }

  /**
   * @dev Return a slice of the set in an array
   *
   * WARNING: This operation will copy the entire storage to memory, which can be quite expensive. This is designed
   * to mostly be used by view accessors that are queried without any gas fees. Developers should keep in mind that
   * this function has an unbounded cost, and using it as part of a state-changing function may render the function
   * uncallable if the set grows to a point where copying to memory consumes too much gas to fit in a block.
   */
  function values(
    BytesSet storage set,
    uint256 start,
    uint256 end
  ) internal view returns (bytes[] memory) {
    unchecked {
      end = Math.min(end, length(set));
      start = Math.min(start, end);

      uint256 len = end - start;
      bytes[] memory result = new bytes[](len);
      for (uint256 i = 0; i < len; ++i) {
        result[i] = Arrays.unsafeAccess(set._values, start + i).value;
      }
      return result;
    }
  }
}

0% src/dependencies/openzeppelin/Errors.sol

Lines covered: 0 / 1 (0%)

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.1.0) (utils/Errors.sol)

pragma solidity ^0.8.20;

/**
 * @dev Collection of common custom errors used in multiple contracts
 *
 * IMPORTANT: Backwards compatibility is not guaranteed in future versions of the library.
 * It is recommended to avoid relying on the error API for critical functionality.
 *
 * _Available since v5.1._
 */
library Errors {
  /**
   * @dev The ETH balance of the account is not enough to perform the operation.
   */
  error InsufficientBalance(uint256 balance, uint256 needed);

  /**
   * @dev A call to an address target failed. The target may have reverted.
   */
  error FailedCall();

  /**
   * @dev The deployment failed.
   */
  error FailedDeployment();

  /**
   * @dev A necessary precompile is missing.
   */
  error MissingPrecompile(address);
}

0% src/dependencies/openzeppelin/Math.sol

Lines covered: 0 / 42 (0%)

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.3.0) (utils/math/Math.sol)

pragma solidity ^0.8.20;

import {Panic} from './Panic.sol';
import {SafeCast} from './SafeCast.sol';

/**
 * @dev Standard math utilities missing in the Solidity language.
 */
library Math {
  enum Rounding {
    Floor, // Toward negative infinity
    Ceil, // Toward positive infinity
    Trunc, // Toward zero
    Expand // Away from zero
  }

  /**
   * @dev Return the 512-bit addition of two uint256.
   *
   * The result is stored in two 256 variables such that sum = high * 2²⁵⁶ + low.
   */
  function add512(uint256 a, uint256 b) internal pure returns (uint256 high, uint256 low) {
    assembly ('memory-safe') {
      low := add(a, b)
      high := lt(low, a)
    }
  }

  /**
   * @dev Return the 512-bit multiplication of two uint256.
   *
   * The result is stored in two 256 variables such that product = high * 2²⁵⁶ + low.
   */
  function mul512(uint256 a, uint256 b) internal pure returns (uint256 high, uint256 low) {
    // 512-bit multiply [high low] = x * y. Compute the product mod 2²⁵⁶ and mod 2²⁵⁶ - 1, then use
    // the Chinese Remainder Theorem to reconstruct the 512 bit result. The result is stored in two 256
    // variables such that product = high * 2²⁵⁶ + low.
    assembly ('memory-safe') {
      let mm := mulmod(a, b, not(0))
      low := mul(a, b)
      high := sub(sub(mm, low), lt(mm, low))
    }
  }

  /**
   * @dev Returns the addition of two unsigned integers, with a success flag (no overflow).
   */
  function tryAdd(uint256 a, uint256 b) internal pure returns (bool success, uint256 result) {
    unchecked {
      uint256 c = a + b;
      success = c >= a;
      result = c * SafeCast.toUint(success);
    }
  }

  /**
   * @dev Returns the subtraction of two unsigned integers, with a success flag (no overflow).
   */
  function trySub(uint256 a, uint256 b) internal pure returns (bool success, uint256 result) {
    unchecked {
      uint256 c = a - b;
      success = c <= a;
      result = c * SafeCast.toUint(success);
    }
  }

  /**
   * @dev Returns the multiplication of two unsigned integers, with a success flag (no overflow).
   */
  function tryMul(uint256 a, uint256 b) internal pure returns (bool success, uint256 result) {
    unchecked {
      uint256 c = a * b;
      assembly ('memory-safe') {
        // Only true when the multiplication doesn't overflow
        // (c / a == b) || (a == 0)
        success := or(eq(div(c, a), b), iszero(a))
      }
      // equivalent to: success ? c : 0
      result = c * SafeCast.toUint(success);
    }
  }

  /**
   * @dev Returns the division of two unsigned integers, with a success flag (no division by zero).
   */
  function tryDiv(uint256 a, uint256 b) internal pure returns (bool success, uint256 result) {
    unchecked {
      success = b > 0;
      assembly ('memory-safe') {
        // The `DIV` opcode returns zero when the denominator is 0.
        result := div(a, b)
      }
    }
  }

  /**
   * @dev Returns the remainder of dividing two unsigned integers, with a success flag (no division by zero).
   */
  function tryMod(uint256 a, uint256 b) internal pure returns (bool success, uint256 result) {
    unchecked {
      success = b > 0;
      assembly ('memory-safe') {
        // The `MOD` opcode returns zero when the denominator is 0.
        result := mod(a, b)
      }
    }
  }

  /**
   * @dev Unsigned saturating addition, bounds to `2²⁵⁶ - 1` instead of overflowing.
   */
  function saturatingAdd(uint256 a, uint256 b) internal pure returns (uint256) {
    (bool success, uint256 result) = tryAdd(a, b);
    return ternary(success, result, type(uint256).max);
  }

  /**
   * @dev Unsigned saturating subtraction, bounds to zero instead of overflowing.
   */
  function saturatingSub(uint256 a, uint256 b) internal pure returns (uint256) {
    (, uint256 result) = trySub(a, b);
    return result;
  }

  /**
   * @dev Unsigned saturating multiplication, bounds to `2²⁵⁶ - 1` instead of overflowing.
   */
  function saturatingMul(uint256 a, uint256 b) internal pure returns (uint256) {
    (bool success, uint256 result) = tryMul(a, b);
    return ternary(success, result, type(uint256).max);
  }

  /**
   * @dev Branchless ternary evaluation for `a ? b : c`. Gas costs are constant.
   *
   * IMPORTANT: This function may reduce bytecode size and consume less gas when used standalone.
   * However, the compiler may optimize Solidity ternary operations (i.e. `a ? b : c`) to only compute
   * one branch when needed, making this function more expensive.
   */
  function ternary(bool condition, uint256 a, uint256 b) internal pure returns (uint256) {
    unchecked {
      // branchless ternary works because:
      // b ^ (a ^ b) == a
      // b ^ 0 == b
      return b ^ ((a ^ b) * SafeCast.toUint(condition));
    }
  }

  /**
   * @dev Returns the largest of two numbers.
   */
  function max(uint256 a, uint256 b) internal pure returns (uint256) {
    return ternary(a > b, a, b);
  }

  /**
   * @dev Returns the smallest of two numbers.
   */
  function min(uint256 a, uint256 b) internal pure returns (uint256) {
    return ternary(a < b, a, b);
  }

  /**
   * @dev Returns the average of two numbers. The result is rounded towards
   * zero.
   */
  function average(uint256 a, uint256 b) internal pure returns (uint256) {
    // (a + b) / 2 can overflow.
    return (a & b) + (a ^ b) / 2;
  }

  /**
   * @dev Returns the ceiling of the division of two numbers.
   *
   * This differs from standard division with `/` in that it rounds towards infinity instead
   * of rounding towards zero.
   */
  function ceilDiv(uint256 a, uint256 b) internal pure returns (uint256) {
    if (b == 0) {
      // Guarantee the same behavior as in a regular Solidity division.
      Panic.panic(Panic.DIVISION_BY_ZERO);
    }

    // The following calculation ensures accurate ceiling division without overflow.
    // Since a is non-zero, (a - 1) / b will not overflow.
    // The largest possible result occurs when (a - 1) / b is type(uint256).max,
    // but the largest value we can obtain is type(uint256).max - 1, which happens
    // when a = type(uint256).max and b = 1.
    unchecked {
      return SafeCast.toUint(a > 0) * ((a - 1) / b + 1);
    }
  }

  /**
   * @dev Calculates floor(x * y / denominator) with full precision. Throws if result overflows a uint256 or
   * denominator == 0.
   *
   * Original credit to Remco Bloemen under MIT license (https://xn--2-umb.com/21/muldiv) with further edits by
   * Uniswap Labs also under MIT license.
   */
  function mulDiv(
    uint256 x,
    uint256 y,
    uint256 denominator
  ) internal pure returns (uint256 result) {
    unchecked {
      (uint256 high, uint256 low) = mul512(x, y);

      // Handle non-overflow cases, 256 by 256 division.
      if (high == 0) {
        // Solidity will revert if denominator == 0, unlike the div opcode on its own.
        // The surrounding unchecked block does not change this fact.
        // See https://docs.soliditylang.org/en/latest/control-structures.html#checked-or-unchecked-arithmetic.
        return low / denominator;
      }

      // Make sure the result is less than 2²⁵⁶. Also prevents denominator == 0.
      if (denominator <= high) {
        Panic.panic(ternary(denominator == 0, Panic.DIVISION_BY_ZERO, Panic.UNDER_OVERFLOW));
      }

      ///////////////////////////////////////////////
      // 512 by 256 division.
      ///////////////////////////////////////////////

      // Make division exact by subtracting the remainder from [high low].
      uint256 remainder;
      assembly ('memory-safe') {
        // Compute remainder using mulmod.
        remainder := mulmod(x, y, denominator)

        // Subtract 256 bit number from 512 bit number.
        high := sub(high, gt(remainder, low))
        low := sub(low, remainder)
      }

      // Factor powers of two out of denominator and compute largest power of two divisor of denominator.
      // Always >= 1. See https://cs.stackexchange.com/q/138556/92363.

      uint256 twos = denominator & (0 - denominator);
      assembly ('memory-safe') {
        // Divide denominator by twos.
        denominator := div(denominator, twos)

        // Divide [high low] by twos.
        low := div(low, twos)

        // Flip twos such that it is 2²⁵⁶ / twos. If twos is zero, then it becomes one.
        twos := add(div(sub(0, twos), twos), 1)
      }

      // Shift in bits from high into low.
      low |= high * twos;

      // Invert denominator mod 2²⁵⁶. Now that denominator is an odd number, it has an inverse modulo 2²⁵⁶ such
      // that denominator * inv ≡ 1 mod 2²⁵⁶. Compute the inverse by starting with a seed that is correct for
      // four bits. That is, denominator * inv ≡ 1 mod 2⁴.
      uint256 inverse = (3 * denominator) ^ 2;

      // Use the Newton-Raphson iteration to improve the precision. Thanks to Hensel's lifting lemma, this also
      // works in modular arithmetic, doubling the correct bits in each step.
      inverse *= 2 - denominator * inverse; // inverse mod 2⁸
      inverse *= 2 - denominator * inverse; // inverse mod 2¹⁶
      inverse *= 2 - denominator * inverse; // inverse mod 2³²
      inverse *= 2 - denominator * inverse; // inverse mod 2⁶⁴
      inverse *= 2 - denominator * inverse; // inverse mod 2¹²⁸
      inverse *= 2 - denominator * inverse; // inverse mod 2²⁵⁶

      // Because the division is now exact we can divide by multiplying with the modular inverse of denominator.
      // This will give us the correct result modulo 2²⁵⁶. Since the preconditions guarantee that the outcome is
      // less than 2²⁵⁶, this is the final result. We don't need to compute the high bits of the result and high
      // is no longer required.
      result = low * inverse;
      return result;
    }
  }

  /**
   * @dev Calculates x * y / denominator with full precision, following the selected rounding direction.
   */
  function mulDiv(
    uint256 x,
    uint256 y,
    uint256 denominator,
    Rounding rounding
  ) internal pure returns (uint256) {
    return
      mulDiv(x, y, denominator) +
      SafeCast.toUint(unsignedRoundsUp(rounding) && mulmod(x, y, denominator) > 0);
  }

  /**
   * @dev Calculates floor(x * y >> n) with full precision. Throws if result overflows a uint256.
   */
  function mulShr(uint256 x, uint256 y, uint8 n) internal pure returns (uint256 result) {
    unchecked {
      (uint256 high, uint256 low) = mul512(x, y);
      if (high >= 1 << n) {
        Panic.panic(Panic.UNDER_OVERFLOW);
      }
      return (high << (256 - n)) | (low >> n);
    }
  }

  /**
   * @dev Calculates x * y >> n with full precision, following the selected rounding direction.
   */
  function mulShr(
    uint256 x,
    uint256 y,
    uint8 n,
    Rounding rounding
  ) internal pure returns (uint256) {
    return
      mulShr(x, y, n) + SafeCast.toUint(unsignedRoundsUp(rounding) && mulmod(x, y, 1 << n) > 0);
  }

  /**
   * @dev Calculate the modular multiplicative inverse of a number in Z/nZ.
   *
   * If n is a prime, then Z/nZ is a field. In that case all elements are inversible, except 0.
   * If n is not a prime, then Z/nZ is not a field, and some elements might not be inversible.
   *
   * If the input value is not inversible, 0 is returned.
   *
   * NOTE: If you know for sure that n is (big) a prime, it may be cheaper to use Fermat's little theorem and get the
   * inverse using `Math.modExp(a, n - 2, n)`. See {invModPrime}.
   */
  function invMod(uint256 a, uint256 n) internal pure returns (uint256) {
    unchecked {
      if (n == 0) return 0;

      // The inverse modulo is calculated using the Extended Euclidean Algorithm (iterative version)
      // Used to compute integers x and y such that: ax + ny = gcd(a, n).
      // When the gcd is 1, then the inverse of a modulo n exists and it's x.
      // ax + ny = 1
      // ax = 1 + (-y)n
      // ax ≡ 1 (mod n) # x is the inverse of a modulo n

      // If the remainder is 0 the gcd is n right away.
      uint256 remainder = a % n;
      uint256 gcd = n;

      // Therefore the initial coefficients are:
      // ax + ny = gcd(a, n) = n
      // 0a + 1n = n
      int256 x = 0;
      int256 y = 1;

      while (remainder != 0) {
        uint256 quotient = gcd / remainder;

        (gcd, remainder) = (
          // The old remainder is the next gcd to try.
          remainder,
          // Compute the next remainder.
          // Can't overflow given that (a % gcd) * (gcd // (a % gcd)) <= gcd
          // where gcd is at most n (capped to type(uint256).max)
          gcd - remainder * quotient
        );

        (x, y) = (
          // Increment the coefficient of a.
          y,
          // Decrement the coefficient of n.
          // Can overflow, but the result is casted to uint256 so that the
          // next value of y is "wrapped around" to a value between 0 and n - 1.
          x - y * int256(quotient)
        );
      }

      if (gcd != 1) return 0; // No inverse exists.
      return ternary(x < 0, n - uint256(-x), uint256(x)); // Wrap the result if it's negative.
    }
  }

  /**
   * @dev Variant of {invMod}. More efficient, but only works if `p` is known to be a prime greater than `2`.
   *
   * From https://en.wikipedia.org/wiki/Fermat%27s_little_theorem[Fermat's little theorem], we know that if p is
   * prime, then `a**(p-1) ≡ 1 mod p`. As a consequence, we have `a * a**(p-2) ≡ 1 mod p`, which means that
   * `a**(p-2)` is the modular multiplicative inverse of a in Fp.
   *
   * NOTE: this function does NOT check that `p` is a prime greater than `2`.
   */
  function invModPrime(uint256 a, uint256 p) internal view returns (uint256) {
    unchecked {
      return Math.modExp(a, p - 2, p);
    }
  }

  /**
   * @dev Returns the modular exponentiation of the specified base, exponent and modulus (b ** e % m)
   *
   * Requirements:
   * - modulus can't be zero
   * - underlying staticcall to precompile must succeed
   *
   * IMPORTANT: The result is only valid if the underlying call succeeds. When using this function, make
   * sure the chain you're using it on supports the precompiled contract for modular exponentiation
   * at address 0x05 as specified in https://eips.ethereum.org/EIPS/eip-198[EIP-198]. Otherwise,
   * the underlying function will succeed given the lack of a revert, but the result may be incorrectly
   * interpreted as 0.
   */
  function modExp(uint256 b, uint256 e, uint256 m) internal view returns (uint256) {
    (bool success, uint256 result) = tryModExp(b, e, m);
    if (!success) {
      Panic.panic(Panic.DIVISION_BY_ZERO);
    }
    return result;
  }

  /**
   * @dev Returns the modular exponentiation of the specified base, exponent and modulus (b ** e % m).
   * It includes a success flag indicating if the operation succeeded. Operation will be marked as failed if trying
   * to operate modulo 0 or if the underlying precompile reverted.
   *
   * IMPORTANT: The result is only valid if the success flag is true. When using this function, make sure the chain
   * you're using it on supports the precompiled contract for modular exponentiation at address 0x05 as specified in
   * https://eips.ethereum.org/EIPS/eip-198[EIP-198]. Otherwise, the underlying function will succeed given the lack
   * of a revert, but the result may be incorrectly interpreted as 0.
   */
  function tryModExp(
    uint256 b,
    uint256 e,
    uint256 m
  ) internal view returns (bool success, uint256 result) {
    if (m == 0) return (false, 0);
    assembly ('memory-safe') {
      let ptr := mload(0x40)
      // | Offset    | Content    | Content (Hex)                                                      |
      // |-----------|------------|--------------------------------------------------------------------|
      // | 0x00:0x1f | size of b  | 0x0000000000000000000000000000000000000000000000000000000000000020 |
      // | 0x20:0x3f | size of e  | 0x0000000000000000000000000000000000000000000000000000000000000020 |
      // | 0x40:0x5f | size of m  | 0x0000000000000000000000000000000000000000000000000000000000000020 |
      // | 0x60:0x7f | value of b | 0x<.............................................................b> |
      // | 0x80:0x9f | value of e | 0x<.............................................................e> |
      // | 0xa0:0xbf | value of m | 0x<.............................................................m> |
      mstore(ptr, 0x20)
      mstore(add(ptr, 0x20), 0x20)
      mstore(add(ptr, 0x40), 0x20)
      mstore(add(ptr, 0x60), b)
      mstore(add(ptr, 0x80), e)
      mstore(add(ptr, 0xa0), m)

      // Given the result < m, it's guaranteed to fit in 32 bytes,
      // so we can use the memory scratch space located at offset 0.
      success := staticcall(gas(), 0x05, ptr, 0xc0, 0x00, 0x20)
      result := mload(0x00)
    }
  }

  /**
   * @dev Variant of {modExp} that supports inputs of arbitrary length.
   */
  function modExp(
    bytes memory b,
    bytes memory e,
    bytes memory m
  ) internal view returns (bytes memory) {
    (bool success, bytes memory result) = tryModExp(b, e, m);
    if (!success) {
      Panic.panic(Panic.DIVISION_BY_ZERO);
    }
    return result;
  }

  /**
   * @dev Variant of {tryModExp} that supports inputs of arbitrary length.
   */
  function tryModExp(
    bytes memory b,
    bytes memory e,
    bytes memory m
  ) internal view returns (bool success, bytes memory result) {
    if (_zeroBytes(m)) return (false, new bytes(0));

    uint256 mLen = m.length;

    // Encode call args in result and move the free memory pointer
    result = abi.encodePacked(b.length, e.length, mLen, b, e, m);

    assembly ('memory-safe') {
      let dataPtr := add(result, 0x20)
      // Write result on top of args to avoid allocating extra memory.
      success := staticcall(gas(), 0x05, dataPtr, mload(result), dataPtr, mLen)
      // Overwrite the length.
      // result.length > returndatasize() is guaranteed because returndatasize() == m.length
      mstore(result, mLen)
      // Set the memory pointer after the returned data.
      mstore(0x40, add(dataPtr, mLen))
    }
  }

  /**
   * @dev Returns whether the provided byte array is zero.
   */
  function _zeroBytes(bytes memory byteArray) private pure returns (bool) {
    for (uint256 i = 0; i < byteArray.length; ++i) {
      if (byteArray[i] != 0) {
        return false;
      }
    }
    return true;
  }

  /**
   * @dev Returns the square root of a number. If the number is not a perfect square, the value is rounded
   * towards zero.
   *
   * This method is based on Newton's method for computing square roots; the algorithm is restricted to only
   * using integer operations.
   */
  function sqrt(uint256 a) internal pure returns (uint256) {
    unchecked {
      // Take care of easy edge cases when a == 0 or a == 1
      if (a <= 1) {
        return a;
      }

      // In this function, we use Newton's method to get a root of `f(x) := x² - a`. It involves building a
      // sequence x_n that converges toward sqrt(a). For each iteration x_n, we also define the error between
      // the current value as `ε_n = | x_n - sqrt(a) |`.
      //
      // For our first estimation, we consider `e` the smallest power of 2 which is bigger than the square root
      // of the target. (i.e. `2**(e-1) ≤ sqrt(a) < 2**e`). We know that `e ≤ 128` because `(2¹²⁸)² = 2²⁵⁶` is
      // bigger than any uint256.
      //
      // By noticing that
      // `2**(e-1) ≤ sqrt(a) < 2**e → (2**(e-1))² ≤ a < (2**e)² → 2**(2*e-2) ≤ a < 2**(2*e)`
      // we can deduce that `e - 1` is `log2(a) / 2`. We can thus compute `x_n = 2**(e-1)` using a method similar
      // to the msb function.
      uint256 aa = a;
      uint256 xn = 1;

      if (aa >= (1 << 128)) {
        aa >>= 128;
        xn <<= 64;
      }
      if (aa >= (1 << 64)) {
        aa >>= 64;
        xn <<= 32;
      }
      if (aa >= (1 << 32)) {
        aa >>= 32;
        xn <<= 16;
      }
      if (aa >= (1 << 16)) {
        aa >>= 16;
        xn <<= 8;
      }
      if (aa >= (1 << 8)) {
        aa >>= 8;
        xn <<= 4;
      }
      if (aa >= (1 << 4)) {
        aa >>= 4;
        xn <<= 2;
      }
      if (aa >= (1 << 2)) {
        xn <<= 1;
      }

      // We now have x_n such that `x_n = 2**(e-1) ≤ sqrt(a) < 2**e = 2 * x_n`. This implies ε_n ≤ 2**(e-1).
      //
      // We can refine our estimation by noticing that the middle of that interval minimizes the error.
      // If we move x_n to equal 2**(e-1) + 2**(e-2), then we reduce the error to ε_n ≤ 2**(e-2).
      // This is going to be our x_0 (and ε_0)
      xn = (3 * xn) >> 1; // ε_0 := | x_0 - sqrt(a) | ≤ 2**(e-2)

      // From here, Newton's method give us:
      // x_{n+1} = (x_n + a / x_n) / 2
      //
      // One should note that:
      // x_{n+1}² - a = ((x_n + a / x_n) / 2)² - a
      //              = ((x_n² + a) / (2 * x_n))² - a
      //              = (x_n⁴ + 2 * a * x_n² + a²) / (4 * x_n²) - a
      //              = (x_n⁴ + 2 * a * x_n² + a² - 4 * a * x_n²) / (4 * x_n²)
      //              = (x_n⁴ - 2 * a * x_n² + a²) / (4 * x_n²)
      //              = (x_n² - a)² / (2 * x_n)²
      //              = ((x_n² - a) / (2 * x_n))²
      //              ≥ 0
      // Which proves that for all n ≥ 1, sqrt(a) ≤ x_n
      //
      // This gives us the proof of quadratic convergence of the sequence:
      // ε_{n+1} = | x_{n+1} - sqrt(a) |
      //         = | (x_n + a / x_n) / 2 - sqrt(a) |
      //         = | (x_n² + a - 2*x_n*sqrt(a)) / (2 * x_n) |
      //         = | (x_n - sqrt(a))² / (2 * x_n) |
      //         = | ε_n² / (2 * x_n) |
      //         = ε_n² / | (2 * x_n) |
      //
      // For the first iteration, we have a special case where x_0 is known:
      // ε_1 = ε_0² / | (2 * x_0) |
      //     ≤ (2**(e-2))² / (2 * (2**(e-1) + 2**(e-2)))
      //     ≤ 2**(2*e-4) / (3 * 2**(e-1))
      //     ≤ 2**(e-3) / 3
      //     ≤ 2**(e-3-log2(3))
      //     ≤ 2**(e-4.5)
      //
      // For the following iterations, we use the fact that, 2**(e-1) ≤ sqrt(a) ≤ x_n:
      // ε_{n+1} = ε_n² / | (2 * x_n) |
      //         ≤ (2**(e-k))² / (2 * 2**(e-1))
      //         ≤ 2**(2*e-2*k) / 2**e
      //         ≤ 2**(e-2*k)
      xn = (xn + a / xn) >> 1; // ε_1 := | x_1 - sqrt(a) | ≤ 2**(e-4.5)  -- special case, see above
      xn = (xn + a / xn) >> 1; // ε_2 := | x_2 - sqrt(a) | ≤ 2**(e-9)    -- general case with k = 4.5
      xn = (xn + a / xn) >> 1; // ε_3 := | x_3 - sqrt(a) | ≤ 2**(e-18)   -- general case with k = 9
      xn = (xn + a / xn) >> 1; // ε_4 := | x_4 - sqrt(a) | ≤ 2**(e-36)   -- general case with k = 18
      xn = (xn + a / xn) >> 1; // ε_5 := | x_5 - sqrt(a) | ≤ 2**(e-72)   -- general case with k = 36
      xn = (xn + a / xn) >> 1; // ε_6 := | x_6 - sqrt(a) | ≤ 2**(e-144)  -- general case with k = 72

      // Because e ≤ 128 (as discussed during the first estimation phase), we know have reached a precision
      // ε_6 ≤ 2**(e-144) < 1. Given we're operating on integers, then we can ensure that xn is now either
      // sqrt(a) or sqrt(a) + 1.
      return xn - SafeCast.toUint(xn > a / xn);
    }
  }

  /**
   * @dev Calculates sqrt(a), following the selected rounding direction.
   */
  function sqrt(uint256 a, Rounding rounding) internal pure returns (uint256) {
    unchecked {
      uint256 result = sqrt(a);
      return result + SafeCast.toUint(unsignedRoundsUp(rounding) && result * result < a);
    }
  }

  /**
   * @dev Return the log in base 2 of a positive value rounded towards zero.
   * Returns 0 if given 0.
   */
  function log2(uint256 x) internal pure returns (uint256 r) {
    // If value has upper 128 bits set, log2 result is at least 128
    r = SafeCast.toUint(x > 0xffffffffffffffffffffffffffffffff) << 7;
    // If upper 64 bits of 128-bit half set, add 64 to result
    r |= SafeCast.toUint((x >> r) > 0xffffffffffffffff) << 6;
    // If upper 32 bits of 64-bit half set, add 32 to result
    r |= SafeCast.toUint((x >> r) > 0xffffffff) << 5;
    // If upper 16 bits of 32-bit half set, add 16 to result
    r |= SafeCast.toUint((x >> r) > 0xffff) << 4;
    // If upper 8 bits of 16-bit half set, add 8 to result
    r |= SafeCast.toUint((x >> r) > 0xff) << 3;
    // If upper 4 bits of 8-bit half set, add 4 to result
    r |= SafeCast.toUint((x >> r) > 0xf) << 2;

    // Shifts value right by the current result and use it as an index into this lookup table:
    //
    // | x (4 bits) |  index  | table[index] = MSB position |
    // |------------|---------|-----------------------------|
    // |    0000    |    0    |        table[0] = 0         |
    // |    0001    |    1    |        table[1] = 0         |
    // |    0010    |    2    |        table[2] = 1         |
    // |    0011    |    3    |        table[3] = 1         |
    // |    0100    |    4    |        table[4] = 2         |
    // |    0101    |    5    |        table[5] = 2         |
    // |    0110    |    6    |        table[6] = 2         |
    // |    0111    |    7    |        table[7] = 2         |
    // |    1000    |    8    |        table[8] = 3         |
    // |    1001    |    9    |        table[9] = 3         |
    // |    1010    |   10    |        table[10] = 3        |
    // |    1011    |   11    |        table[11] = 3        |
    // |    1100    |   12    |        table[12] = 3        |
    // |    1101    |   13    |        table[13] = 3        |
    // |    1110    |   14    |        table[14] = 3        |
    // |    1111    |   15    |        table[15] = 3        |
    //
    // The lookup table is represented as a 32-byte value with the MSB positions for 0-15 in the last 16 bytes.
    assembly ('memory-safe') {
      r := or(
        r,
        byte(shr(r, x), 0x0000010102020202030303030303030300000000000000000000000000000000)
      )
    }
  }

  /**
   * @dev Return the log in base 2, following the selected rounding direction, of a positive value.
   * Returns 0 if given 0.
   */
  function log2(uint256 value, Rounding rounding) internal pure returns (uint256) {
    unchecked {
      uint256 result = log2(value);
      return result + SafeCast.toUint(unsignedRoundsUp(rounding) && 1 << result < value);
    }
  }

  /**
   * @dev Return the log in base 10 of a positive value rounded towards zero.
   * Returns 0 if given 0.
   */
  function log10(uint256 value) internal pure returns (uint256) {
    uint256 result = 0;
    unchecked {
      if (value >= 10 ** 64) {
        value /= 10 ** 64;
        result += 64;
      }
      if (value >= 10 ** 32) {
        value /= 10 ** 32;
        result += 32;
      }
      if (value >= 10 ** 16) {
        value /= 10 ** 16;
        result += 16;
      }
      if (value >= 10 ** 8) {
        value /= 10 ** 8;
        result += 8;
      }
      if (value >= 10 ** 4) {
        value /= 10 ** 4;
        result += 4;
      }
      if (value >= 10 ** 2) {
        value /= 10 ** 2;
        result += 2;
      }
      if (value >= 10 ** 1) {
        result += 1;
      }
    }
    return result;
  }

  /**
   * @dev Return the log in base 10, following the selected rounding direction, of a positive value.
   * Returns 0 if given 0.
   */
  function log10(uint256 value, Rounding rounding) internal pure returns (uint256) {
    unchecked {
      uint256 result = log10(value);
      return result + SafeCast.toUint(unsignedRoundsUp(rounding) && 10 ** result < value);
    }
  }

  /**
   * @dev Return the log in base 256 of a positive value rounded towards zero.
   * Returns 0 if given 0.
   *
   * Adding one to the result gives the number of pairs of hex symbols needed to represent `value` as a hex string.
   */
  function log256(uint256 x) internal pure returns (uint256 r) {
    // If value has upper 128 bits set, log2 result is at least 128
    r = SafeCast.toUint(x > 0xffffffffffffffffffffffffffffffff) << 7;
    // If upper 64 bits of 128-bit half set, add 64 to result
    r |= SafeCast.toUint((x >> r) > 0xffffffffffffffff) << 6;
    // If upper 32 bits of 64-bit half set, add 32 to result
    r |= SafeCast.toUint((x >> r) > 0xffffffff) << 5;
    // If upper 16 bits of 32-bit half set, add 16 to result
    r |= SafeCast.toUint((x >> r) > 0xffff) << 4;
    // Add 1 if upper 8 bits of 16-bit half set, and divide accumulated result by 8
    return (r >> 3) | SafeCast.toUint((x >> r) > 0xff);
  }

  /**
   * @dev Return the log in base 256, following the selected rounding direction, of a positive value.
   * Returns 0 if given 0.
   */
  function log256(uint256 value, Rounding rounding) internal pure returns (uint256) {
    unchecked {
      uint256 result = log256(value);
      return result + SafeCast.toUint(unsignedRoundsUp(rounding) && 1 << (result << 3) < value);
    }
  }

  /**
   * @dev Returns whether a provided rounding mode is considered rounding up for unsigned integers.
   */
  function unsignedRoundsUp(Rounding rounding) internal pure returns (bool) {
    return uint8(rounding) % 2 == 1;
  }
}

0% src/dependencies/openzeppelin/Multicall.sol

Lines covered: 0 / 7 (0%)

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.3.0) (utils/Multicall.sol)

pragma solidity ^0.8.20;

import {Address} from './Address.sol';
import {Context} from './Context.sol';

/**
 * @dev Provides a function to batch together multiple calls in a single external call.
 *
 * Consider any assumption about calldata validation performed by the sender may be violated if it's not especially
 * careful about sending transactions invoking {multicall}. For example, a relay address that filters function
 * selectors won't filter calls nested within a {multicall} operation.
 *
 * NOTE: Since 5.0.1 and 4.9.4, this contract identifies non-canonical contexts (i.e. `msg.sender` is not {Context-_msgSender}).
 * If a non-canonical context is identified, the following self `delegatecall` appends the last bytes of `msg.data`
 * to the subcall. This makes it safe to use with {ERC2771Context}. Contexts that don't affect the resolution of
 * {Context-_msgSender} are not propagated to subcalls.
 */
abstract contract Multicall is Context {
  /**
   * @dev Receives and executes a batch of function calls on this contract.
   * @custom:oz-upgrades-unsafe-allow-reachable delegatecall
   */
  function multicall(bytes[] calldata data) external virtual returns (bytes[] memory results) {
    bytes memory context = msg.sender == _msgSender()
      ? new bytes(0)
      : msg.data[msg.data.length - _contextSuffixLength():];

    results = new bytes[](data.length);
    for (uint256 i = 0; i < data.length; i++) {
      results[i] = Address.functionDelegateCall(address(this), bytes.concat(data[i], context));
    }
    return results;
  }
}

28% src/dependencies/openzeppelin/Ownable.sol

Lines covered: 6 / 21 (28%)

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (access/Ownable.sol)

pragma solidity ^0.8.20;

import {Context} from './Context.sol';

/**
 * @dev Contract module which provides a basic access control mechanism, where
 * there is an account (an owner) that can be granted exclusive access to
 * specific functions.
 *
 * The initial owner is set to the address provided by the deployer. This can
 * later be changed with {transferOwnership}.
 *
 * This module is used through inheritance. It will make available the modifier
 * `onlyOwner`, which can be applied to your functions to restrict their use to
 * the owner.
 */
abstract contract Ownable is Context {
  address private _owner;

  /**
   * @dev The caller account is not authorized to perform an operation.
   */
  error OwnableUnauthorizedAccount(address account);

  /**
   * @dev The owner is not a valid owner account. (eg. `address(0)`)
   */
  error OwnableInvalidOwner(address owner);

  event OwnershipTransferred(address indexed previousOwner, address indexed newOwner);

  /**
   * @dev Initializes the contract setting the address provided by the deployer as the initial owner.
   */
  constructor(address initialOwner) {
    if (initialOwner == address(0)) {
      revert OwnableInvalidOwner(address(0));
    }
    _transferOwnership(initialOwner);
  }

  /**
   * @dev Throws if called by any account other than the owner.
   */
  modifier onlyOwner() {
    _checkOwner();
    _;
  }

  /**
   * @dev Returns the address of the current owner.
   */
  function owner() public view virtual returns (address) {
    return _owner;
  }

  /**
   * @dev Throws if the sender is not the owner.
   */
  function _checkOwner() internal view virtual {
    if (owner() != _msgSender()) {
      revert OwnableUnauthorizedAccount(_msgSender());
    }
  }

  /**
   * @dev Leaves the contract without owner. It will not be possible to call
   * `onlyOwner` functions. Can only be called by the current owner.
   *
   * NOTE: Renouncing ownership will leave the contract without an owner,
   * thereby disabling any functionality that is only available to the owner.
   */
  function renounceOwnership() public virtual onlyOwner {
    _transferOwnership(address(0));
  }

  /**
   * @dev Transfers ownership of the contract to a new account (`newOwner`).
   * Can only be called by the current owner.
   */
  function transferOwnership(address newOwner) public virtual onlyOwner {
    if (newOwner == address(0)) {
      revert OwnableInvalidOwner(address(0));
    }
    _transferOwnership(newOwner);
  }

  /**
   * @dev Transfers ownership of the contract to a new account (`newOwner`).
   * Internal function without access restriction.
   */
  function _transferOwnership(address newOwner) internal virtual {
    address oldOwner = _owner;
    _owner = newOwner;
    emit OwnershipTransferred(oldOwner, newOwner);
  }
}

25% src/dependencies/openzeppelin/Ownable2Step.sol

Lines covered: 3 / 12 (25%)

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.1.0) (access/Ownable2Step.sol)

pragma solidity ^0.8.20;

import {Ownable} from './Ownable.sol';

/**
 * @dev Contract module which provides access control mechanism, where
 * there is an account (an owner) that can be granted exclusive access to
 * specific functions.
 *
 * This extension of the {Ownable} contract includes a two-step mechanism to transfer
 * ownership, where the new owner must call {acceptOwnership} in order to replace the
 * old one. This can help prevent common mistakes, such as transfers of ownership to
 * incorrect accounts, or to contracts that are unable to interact with the
 * permission system.
 *
 * The initial owner is specified at deployment time in the constructor for `Ownable`. This
 * can later be changed with {transferOwnership} and {acceptOwnership}.
 *
 * This module is used through inheritance. It will make available all functions
 * from parent (Ownable).
 */
abstract contract Ownable2Step is Ownable {
  address private _pendingOwner;

  event OwnershipTransferStarted(address indexed previousOwner, address indexed newOwner);

  /**
   * @dev Returns the address of the pending owner.
   */
  function pendingOwner() public view virtual returns (address) {
    return _pendingOwner;
  }

  /**
   * @dev Starts the ownership transfer of the contract to a new account. Replaces the pending transfer if there is one.
   * Can only be called by the current owner.
   *
   * Setting `newOwner` to the zero address is allowed; this can be used to cancel an initiated ownership transfer.
   */
  function transferOwnership(address newOwner) public virtual override onlyOwner {
    _pendingOwner = newOwner;
    emit OwnershipTransferStarted(owner(), newOwner);
  }

  /**
   * @dev Transfers ownership of the contract to a new account (`newOwner`) and deletes any pending owner.
   * Internal function without access restriction.
   */
  function _transferOwnership(address newOwner) internal virtual override {
    delete _pendingOwner;
    super._transferOwnership(newOwner);
  }

  /**
   * @dev The new owner accepts the ownership transfer.
   */
  function acceptOwnership() public virtual {
    address sender = _msgSender();
    if (pendingOwner() != sender) {
      revert OwnableUnauthorizedAccount(sender);
    }
    _transferOwnership(sender);
  }
}

0% src/dependencies/openzeppelin/Panic.sol

Lines covered: 0 / 6 (0%)

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.1.0) (utils/Panic.sol)

pragma solidity ^0.8.20;

/**
 * @dev Helper library for emitting standardized panic codes.
 *
 * ```solidity
 * contract Example {
 *      using Panic for uint256;
 *
 *      // Use any of the declared internal constants
 *      function foo() { Panic.GENERIC.panic(); }
 *
 *      // Alternatively
 *      function foo() { Panic.panic(Panic.GENERIC); }
 * }
 * ```
 *
 * Follows the list from https://github.com/ethereum/solidity/blob/v0.8.24/libsolutil/ErrorCodes.h[libsolutil].
 *
 * _Available since v5.1._
 */
// slither-disable-next-line unused-state
library Panic {
  /// @dev generic / unspecified error
  uint256 internal constant GENERIC = 0x00;
  /// @dev used by the assert() builtin
  uint256 internal constant ASSERT = 0x01;
  /// @dev arithmetic underflow or overflow
  uint256 internal constant UNDER_OVERFLOW = 0x11;
  /// @dev division or modulo by zero
  uint256 internal constant DIVISION_BY_ZERO = 0x12;
  /// @dev enum conversion error
  uint256 internal constant ENUM_CONVERSION_ERROR = 0x21;
  /// @dev invalid encoding in storage
  uint256 internal constant STORAGE_ENCODING_ERROR = 0x22;
  /// @dev empty array pop
  uint256 internal constant EMPTY_ARRAY_POP = 0x31;
  /// @dev array out of bounds access
  uint256 internal constant ARRAY_OUT_OF_BOUNDS = 0x32;
  /// @dev resource error (too large allocation or too large array)
  uint256 internal constant RESOURCE_ERROR = 0x41;
  /// @dev calling invalid internal function
  uint256 internal constant INVALID_INTERNAL_FUNCTION = 0x51;

  /// @dev Reverts with a panic code. Recommended to use with
  /// the internal constants with predefined codes.
  function panic(uint256 code) internal pure {
    assembly ('memory-safe') {
      mstore(0x00, 0x4e487b71)
      mstore(0x20, code)
      revert(0x1c, 0x24)
    }
  }
}

0% src/dependencies/openzeppelin/Proxy.sol

Lines covered: 0 / 11 (0%)

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (proxy/Proxy.sol)

pragma solidity ^0.8.20;

/**
 * @dev This abstract contract provides a fallback function that delegates all calls to another contract using the EVM
 * instruction `delegatecall`. We refer to the second contract as the _implementation_ behind the proxy, and it has to
 * be specified by overriding the virtual {_implementation} function.
 *
 * Additionally, delegation to the implementation can be triggered manually through the {_fallback} function, or to a
 * different contract through the {_delegate} function.
 *
 * The success and return data of the delegated call will be returned back to the caller of the proxy.
 */
abstract contract Proxy {
    /**
     * @dev Delegates the current call to `implementation`.
     *
     * This function does not return to its internal call site, it will return directly to the external caller.
     */
    function _delegate(address implementation) internal virtual {
        assembly {
            // Copy msg.data. We take full control of memory in this inline assembly
            // block because it will not return to Solidity code. We overwrite the
            // Solidity scratch pad at memory position 0.
            calldatacopy(0, 0, calldatasize())

            // Call the implementation.
            // out and outsize are 0 because we don't know the size yet.
            let result := delegatecall(gas(), implementation, 0, calldatasize(), 0, 0)

            // Copy the returned data.
            returndatacopy(0, 0, returndatasize())

            switch result
            // delegatecall returns 0 on error.
            case 0 {
                revert(0, returndatasize())
            }
            default {
                return(0, returndatasize())
            }
        }
    }

    /**
     * @dev This is a virtual function that should be overridden so it returns the address to which the fallback
     * function and {_fallback} should delegate.
     */
    function _implementation() internal view virtual returns (address);

    /**
     * @dev Delegates the current call to the address returned by `_implementation()`.
     *
     * This function does not return to its internal call site, it will return directly to the external caller.
     */
    function _fallback() internal virtual {
        _delegate(_implementation());
    }

    /**
     * @dev Fallback function that delegates calls to the address returned by `_implementation()`. Will run if no other
     * function in the contract matches the call data.
     */
    fallback() external payable virtual {
        _fallback();
    }
}

0% src/dependencies/openzeppelin/ProxyAdmin.sol

Lines covered: 0 / 5 (0%)

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.2.0) (proxy/transparent/ProxyAdmin.sol)

pragma solidity ^0.8.22;

import {ITransparentUpgradeableProxy} from './TransparentUpgradeableProxy.sol';
import {Ownable} from './Ownable.sol';

/**
 * @dev This is an auxiliary contract meant to be assigned as the admin of a {TransparentUpgradeableProxy}. For an
 * explanation of why you would want to use this see the documentation for {TransparentUpgradeableProxy}.
 */
contract ProxyAdmin is Ownable {
  /**
   * @dev The version of the upgrade interface of the contract. If this getter is missing, both `upgrade(address,address)`
   * and `upgradeAndCall(address,address,bytes)` are present, and `upgrade` must be used if no function should be called,
   * while `upgradeAndCall` will invoke the `receive` function if the third argument is the empty byte string.
   * If the getter returns `"5.0.0"`, only `upgradeAndCall(address,address,bytes)` is present, and the third argument must
   * be the empty byte string if no function should be called, making it impossible to invoke the `receive` function
   * during an upgrade.
   */
  string public constant UPGRADE_INTERFACE_VERSION = '5.0.0';

  /**
   * @dev Sets the initial owner who can perform upgrades.
   */
  constructor(address initialOwner) Ownable(initialOwner) {}

  /**
   * @dev Upgrades `proxy` to `implementation` and calls a function on the new implementation.
   * See {TransparentUpgradeableProxy-_dispatchUpgradeToAndCall}.
   *
   * Requirements:
   *
   * - This contract must be the admin of `proxy`.
   * - If `data` is empty, `msg.value` must be zero.
   */
  function upgradeAndCall(
    ITransparentUpgradeableProxy proxy,
    address implementation,
    bytes memory data
  ) public payable virtual onlyOwner {
    proxy.upgradeToAndCall{value: msg.value}(implementation, data);
  }
}

0% src/dependencies/openzeppelin/ReentrancyGuardTransient.sol

Lines covered: 0 / 9 (0%)

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.3.0) (utils/ReentrancyGuardTransient.sol)

pragma solidity ^0.8.24;

import {TransientSlot} from './TransientSlot.sol';

/**
 * @dev Variant of {ReentrancyGuard} that uses transient storage.
 *
 * NOTE: This variant only works on networks where EIP-1153 is available.
 *
 * _Available since v5.1._
 */
abstract contract ReentrancyGuardTransient {
  using TransientSlot for *;

  // keccak256(abi.encode(uint256(keccak256("openzeppelin.storage.ReentrancyGuard")) - 1)) & ~bytes32(uint256(0xff))
  bytes32 private constant REENTRANCY_GUARD_STORAGE =
    0x9b779b17422d0df92223018b32b4d1fa46e071723d6817e2486d003becc55f00;

  /**
   * @dev Unauthorized reentrant call.
   */
  error ReentrancyGuardReentrantCall();

  /**
   * @dev Prevents a contract from calling itself, directly or indirectly.
   * Calling a `nonReentrant` function from another `nonReentrant`
   * function is not supported. It is possible to prevent this from happening
   * by making the `nonReentrant` function external, and making it call a
   * `private` function that does the actual work.
   */
  modifier nonReentrant() {
    _nonReentrantBefore();
    _;
    _nonReentrantAfter();
  }

  function _nonReentrantBefore() private {
    // On the first call to nonReentrant, REENTRANCY_GUARD_STORAGE.asBoolean().tload() will be false
    if (_reentrancyGuardEntered()) {
      revert ReentrancyGuardReentrantCall();
    }

    // Any calls to nonReentrant after this point will fail
    REENTRANCY_GUARD_STORAGE.asBoolean().tstore(true);
  }

  function _nonReentrantAfter() private {
    REENTRANCY_GUARD_STORAGE.asBoolean().tstore(false);
  }

  /**
   * @dev Returns true if the reentrancy guard is currently set to "entered", which indicates there is a
   * `nonReentrant` function in the call stack.
   */
  function _reentrancyGuardEntered() internal view returns (bool) {
    return REENTRANCY_GUARD_STORAGE.asBoolean().tload();
  }
}

32% src/dependencies/openzeppelin/SafeCast.sol

Lines covered: 21 / 64 (32%)

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.1.0) (utils/math/SafeCast.sol)
// This file was procedurally generated from scripts/generate/templates/SafeCast.js.

pragma solidity ^0.8.20;

/**
 * @dev Wrappers over Solidity's uintXX/intXX/bool casting operators with added overflow
 * checks.
 *
 * Downcasting from uint256/int256 in Solidity does not revert on overflow. This can
 * easily result in undesired exploitation or bugs, since developers usually
 * assume that overflows raise errors. `SafeCast` restores this intuition by
 * reverting the transaction when such an operation overflows.
 *
 * Using this library instead of the unchecked operations eliminates an entire
 * class of bugs, so it's recommended to use it always.
 */
library SafeCast {
  /**
   * @dev Value doesn't fit in an uint of `bits` size.
   */
  error SafeCastOverflowedUintDowncast(uint8 bits, uint256 value);

  /**
   * @dev An int value doesn't fit in an uint of `bits` size.
   */
  error SafeCastOverflowedIntToUint(int256 value);

  /**
   * @dev Value doesn't fit in an int of `bits` size.
   */
  error SafeCastOverflowedIntDowncast(uint8 bits, int256 value);

  /**
   * @dev An uint value doesn't fit in an int of `bits` size.
   */
  error SafeCastOverflowedUintToInt(uint256 value);

  /**
   * @dev Returns the downcasted uint248 from uint256, reverting on
   * overflow (when the input is greater than largest uint248).
   *
   * Counterpart to Solidity's `uint248` operator.
   *
   * Requirements:
   *
   * - input must fit into 248 bits
   */
  function toUint248(uint256 value) internal pure returns (uint248) {
    if (value > type(uint248).max) {
      revert SafeCastOverflowedUintDowncast(248, value);
    }
    return uint248(value);
  }

  /**
   * @dev Returns the downcasted uint240 from uint256, reverting on
   * overflow (when the input is greater than largest uint240).
   *
   * Counterpart to Solidity's `uint240` operator.
   *
   * Requirements:
   *
   * - input must fit into 240 bits
   */
  function toUint240(uint256 value) internal pure returns (uint240) {
    if (value > type(uint240).max) {
      revert SafeCastOverflowedUintDowncast(240, value);
    }
    return uint240(value);
  }

  /**
   * @dev Returns the downcasted uint232 from uint256, reverting on
   * overflow (when the input is greater than largest uint232).
   *
   * Counterpart to Solidity's `uint232` operator.
   *
   * Requirements:
   *
   * - input must fit into 232 bits
   */
  function toUint232(uint256 value) internal pure returns (uint232) {
    if (value > type(uint232).max) {
      revert SafeCastOverflowedUintDowncast(232, value);
    }
    return uint232(value);
  }

  /**
   * @dev Returns the downcasted uint224 from uint256, reverting on
   * overflow (when the input is greater than largest uint224).
   *
   * Counterpart to Solidity's `uint224` operator.
   *
   * Requirements:
   *
   * - input must fit into 224 bits
   */
  function toUint224(uint256 value) internal pure returns (uint224) {
    if (value > type(uint224).max) {
      revert SafeCastOverflowedUintDowncast(224, value);
    }
    return uint224(value);
  }

  /**
   * @dev Returns the downcasted uint216 from uint256, reverting on
   * overflow (when the input is greater than largest uint216).
   *
   * Counterpart to Solidity's `uint216` operator.
   *
   * Requirements:
   *
   * - input must fit into 216 bits
   */
  function toUint216(uint256 value) internal pure returns (uint216) {
    if (value > type(uint216).max) {
      revert SafeCastOverflowedUintDowncast(216, value);
    }
    return uint216(value);
  }

  /**
   * @dev Returns the downcasted uint208 from uint256, reverting on
   * overflow (when the input is greater than largest uint208).
   *
   * Counterpart to Solidity's `uint208` operator.
   *
   * Requirements:
   *
   * - input must fit into 208 bits
   */
  function toUint208(uint256 value) internal pure returns (uint208) {
    if (value > type(uint208).max) {
      revert SafeCastOverflowedUintDowncast(208, value);
    }
    return uint208(value);
  }

  /**
   * @dev Returns the downcasted uint200 from uint256, reverting on
   * overflow (when the input is greater than largest uint200).
   *
   * Counterpart to Solidity's `uint200` operator.
   *
   * Requirements:
   *
   * - input must fit into 200 bits
   */
  function toUint200(uint256 value) internal pure returns (uint200) {
    if (value > type(uint200).max) {
      revert SafeCastOverflowedUintDowncast(200, value);
    }
    return uint200(value);
  }

  /**
   * @dev Returns the downcasted uint192 from uint256, reverting on
   * overflow (when the input is greater than largest uint192).
   *
   * Counterpart to Solidity's `uint192` operator.
   *
   * Requirements:
   *
   * - input must fit into 192 bits
   */
  function toUint192(uint256 value) internal pure returns (uint192) {
    if (value > type(uint192).max) {
      revert SafeCastOverflowedUintDowncast(192, value);
    }
    return uint192(value);
  }

  /**
   * @dev Returns the downcasted uint184 from uint256, reverting on
   * overflow (when the input is greater than largest uint184).
   *
   * Counterpart to Solidity's `uint184` operator.
   *
   * Requirements:
   *
   * - input must fit into 184 bits
   */
  function toUint184(uint256 value) internal pure returns (uint184) {
    if (value > type(uint184).max) {
      revert SafeCastOverflowedUintDowncast(184, value);
    }
    return uint184(value);
  }

  /**
   * @dev Returns the downcasted uint176 from uint256, reverting on
   * overflow (when the input is greater than largest uint176).
   *
   * Counterpart to Solidity's `uint176` operator.
   *
   * Requirements:
   *
   * - input must fit into 176 bits
   */
  function toUint176(uint256 value) internal pure returns (uint176) {
    if (value > type(uint176).max) {
      revert SafeCastOverflowedUintDowncast(176, value);
    }
    return uint176(value);
  }

  /**
   * @dev Returns the downcasted uint168 from uint256, reverting on
   * overflow (when the input is greater than largest uint168).
   *
   * Counterpart to Solidity's `uint168` operator.
   *
   * Requirements:
   *
   * - input must fit into 168 bits
   */
  function toUint168(uint256 value) internal pure returns (uint168) {
    if (value > type(uint168).max) {
      revert SafeCastOverflowedUintDowncast(168, value);
    }
    return uint168(value);
  }

  /**
   * @dev Returns the downcasted uint160 from uint256, reverting on
   * overflow (when the input is greater than largest uint160).
   *
   * Counterpart to Solidity's `uint160` operator.
   *
   * Requirements:
   *
   * - input must fit into 160 bits
   */
  function toUint160(uint256 value) internal pure returns (uint160) {
    if (value > type(uint160).max) {
      revert SafeCastOverflowedUintDowncast(160, value);
    }
    return uint160(value);
  }

  /**
   * @dev Returns the downcasted uint152 from uint256, reverting on
   * overflow (when the input is greater than largest uint152).
   *
   * Counterpart to Solidity's `uint152` operator.
   *
   * Requirements:
   *
   * - input must fit into 152 bits
   */
  function toUint152(uint256 value) internal pure returns (uint152) {
    if (value > type(uint152).max) {
      revert SafeCastOverflowedUintDowncast(152, value);
    }
    return uint152(value);
  }

  /**
   * @dev Returns the downcasted uint144 from uint256, reverting on
   * overflow (when the input is greater than largest uint144).
   *
   * Counterpart to Solidity's `uint144` operator.
   *
   * Requirements:
   *
   * - input must fit into 144 bits
   */
  function toUint144(uint256 value) internal pure returns (uint144) {
    if (value > type(uint144).max) {
      revert SafeCastOverflowedUintDowncast(144, value);
    }
    return uint144(value);
  }

  /**
   * @dev Returns the downcasted uint136 from uint256, reverting on
   * overflow (when the input is greater than largest uint136).
   *
   * Counterpart to Solidity's `uint136` operator.
   *
   * Requirements:
   *
   * - input must fit into 136 bits
   */
  function toUint136(uint256 value) internal pure returns (uint136) {
    if (value > type(uint136).max) {
      revert SafeCastOverflowedUintDowncast(136, value);
    }
    return uint136(value);
  }

  /**
   * @dev Returns the downcasted uint128 from uint256, reverting on
   * overflow (when the input is greater than largest uint128).
   *
   * Counterpart to Solidity's `uint128` operator.
   *
   * Requirements:
   *
   * - input must fit into 128 bits
   */
  function toUint128(uint256 value) internal pure returns (uint128) {
    if (value > type(uint128).max) {
      revert SafeCastOverflowedUintDowncast(128, value);
    }
    return uint128(value);
  }

  /**
   * @dev Returns the downcasted uint120 from uint256, reverting on
   * overflow (when the input is greater than largest uint120).
   *
   * Counterpart to Solidity's `uint120` operator.
   *
   * Requirements:
   *
   * - input must fit into 120 bits
   */
  function toUint120(uint256 value) internal pure returns (uint120) {
    if (value > type(uint120).max) {
      revert SafeCastOverflowedUintDowncast(120, value);
    }
    return uint120(value);
  }

  /**
   * @dev Returns the downcasted uint112 from uint256, reverting on
   * overflow (when the input is greater than largest uint112).
   *
   * Counterpart to Solidity's `uint112` operator.
   *
   * Requirements:
   *
   * - input must fit into 112 bits
   */
  function toUint112(uint256 value) internal pure returns (uint112) {
    if (value > type(uint112).max) {
      revert SafeCastOverflowedUintDowncast(112, value);
    }
    return uint112(value);
  }

  /**
   * @dev Returns the downcasted uint104 from uint256, reverting on
   * overflow (when the input is greater than largest uint104).
   *
   * Counterpart to Solidity's `uint104` operator.
   *
   * Requirements:
   *
   * - input must fit into 104 bits
   */
  function toUint104(uint256 value) internal pure returns (uint104) {
    if (value > type(uint104).max) {
      revert SafeCastOverflowedUintDowncast(104, value);
    }
    return uint104(value);
  }

  /**
   * @dev Returns the downcasted uint96 from uint256, reverting on
   * overflow (when the input is greater than largest uint96).
   *
   * Counterpart to Solidity's `uint96` operator.
   *
   * Requirements:
   *
   * - input must fit into 96 bits
   */
  function toUint96(uint256 value) internal pure returns (uint96) {
    if (value > type(uint96).max) {
      revert SafeCastOverflowedUintDowncast(96, value);
    }
    return uint96(value);
  }

  /**
   * @dev Returns the downcasted uint88 from uint256, reverting on
   * overflow (when the input is greater than largest uint88).
   *
   * Counterpart to Solidity's `uint88` operator.
   *
   * Requirements:
   *
   * - input must fit into 88 bits
   */
  function toUint88(uint256 value) internal pure returns (uint88) {
    if (value > type(uint88).max) {
      revert SafeCastOverflowedUintDowncast(88, value);
    }
    return uint88(value);
  }

  /**
   * @dev Returns the downcasted uint80 from uint256, reverting on
   * overflow (when the input is greater than largest uint80).
   *
   * Counterpart to Solidity's `uint80` operator.
   *
   * Requirements:
   *
   * - input must fit into 80 bits
   */
  function toUint80(uint256 value) internal pure returns (uint80) {
    if (value > type(uint80).max) {
      revert SafeCastOverflowedUintDowncast(80, value);
    }
    return uint80(value);
  }

  /**
   * @dev Returns the downcasted uint72 from uint256, reverting on
   * overflow (when the input is greater than largest uint72).
   *
   * Counterpart to Solidity's `uint72` operator.
   *
   * Requirements:
   *
   * - input must fit into 72 bits
   */
  function toUint72(uint256 value) internal pure returns (uint72) {
    if (value > type(uint72).max) {
      revert SafeCastOverflowedUintDowncast(72, value);
    }
    return uint72(value);
  }

  /**
   * @dev Returns the downcasted uint64 from uint256, reverting on
   * overflow (when the input is greater than largest uint64).
   *
   * Counterpart to Solidity's `uint64` operator.
   *
   * Requirements:
   *
   * - input must fit into 64 bits
   */
  function toUint64(uint256 value) internal pure returns (uint64) {
    if (value > type(uint64).max) {
      revert SafeCastOverflowedUintDowncast(64, value);
    }
    return uint64(value);
  }

  /**
   * @dev Returns the downcasted uint56 from uint256, reverting on
   * overflow (when the input is greater than largest uint56).
   *
   * Counterpart to Solidity's `uint56` operator.
   *
   * Requirements:
   *
   * - input must fit into 56 bits
   */
  function toUint56(uint256 value) internal pure returns (uint56) {
    if (value > type(uint56).max) {
      revert SafeCastOverflowedUintDowncast(56, value);
    }
    return uint56(value);
  }

  /**
   * @dev Returns the downcasted uint48 from uint256, reverting on
   * overflow (when the input is greater than largest uint48).
   *
   * Counterpart to Solidity's `uint48` operator.
   *
   * Requirements:
   *
   * - input must fit into 48 bits
   */
  function toUint48(uint256 value) internal pure returns (uint48) {
    if (value > type(uint48).max) {
      revert SafeCastOverflowedUintDowncast(48, value);
    }
    return uint48(value);
  }

  /**
   * @dev Returns the downcasted uint40 from uint256, reverting on
   * overflow (when the input is greater than largest uint40).
   *
   * Counterpart to Solidity's `uint40` operator.
   *
   * Requirements:
   *
   * - input must fit into 40 bits
   */
  function toUint40(uint256 value) internal pure returns (uint40) {
    if (value > type(uint40).max) {
      revert SafeCastOverflowedUintDowncast(40, value);
    }
    return uint40(value);
  }

  /**
   * @dev Returns the downcasted uint32 from uint256, reverting on
   * overflow (when the input is greater than largest uint32).
   *
   * Counterpart to Solidity's `uint32` operator.
   *
   * Requirements:
   *
   * - input must fit into 32 bits
   */
  function toUint32(uint256 value) internal pure returns (uint32) {
    if (value > type(uint32).max) {
      revert SafeCastOverflowedUintDowncast(32, value);
    }
    return uint32(value);
  }

  /**
   * @dev Returns the downcasted uint24 from uint256, reverting on
   * overflow (when the input is greater than largest uint24).
   *
   * Counterpart to Solidity's `uint24` operator.
   *
   * Requirements:
   *
   * - input must fit into 24 bits
   */
  function toUint24(uint256 value) internal pure returns (uint24) {
    if (value > type(uint24).max) {
      revert SafeCastOverflowedUintDowncast(24, value);
    }
    return uint24(value);
  }

  /**
   * @dev Returns the downcasted uint16 from uint256, reverting on
   * overflow (when the input is greater than largest uint16).
   *
   * Counterpart to Solidity's `uint16` operator.
   *
   * Requirements:
   *
   * - input must fit into 16 bits
   */
  function toUint16(uint256 value) internal pure returns (uint16) {
    if (value > type(uint16).max) {
      revert SafeCastOverflowedUintDowncast(16, value);
    }
    return uint16(value);
  }

  /**
   * @dev Returns the downcasted uint8 from uint256, reverting on
   * overflow (when the input is greater than largest uint8).
   *
   * Counterpart to Solidity's `uint8` operator.
   *
   * Requirements:
   *
   * - input must fit into 8 bits
   */
  function toUint8(uint256 value) internal pure returns (uint8) {
    if (value > type(uint8).max) {
      revert SafeCastOverflowedUintDowncast(8, value);
    }
    return uint8(value);
  }

  /**
   * @dev Converts a signed int256 into an unsigned uint256.
   *
   * Requirements:
   *
   * - input must be greater than or equal to 0.
   */
  function toUint256(int256 value) internal pure returns (uint256) {
    if (value < 0) {
      revert SafeCastOverflowedIntToUint(value);
    }
    return uint256(value);
  }

  /**
   * @dev Returns the downcasted int248 from int256, reverting on
   * overflow (when the input is less than smallest int248 or
   * greater than largest int248).
   *
   * Counterpart to Solidity's `int248` operator.
   *
   * Requirements:
   *
   * - input must fit into 248 bits
   */
  function toInt248(int256 value) internal pure returns (int248 downcasted) {
    downcasted = int248(value);
    if (downcasted != value) {
      revert SafeCastOverflowedIntDowncast(248, value);
    }
  }

  /**
   * @dev Returns the downcasted int240 from int256, reverting on
   * overflow (when the input is less than smallest int240 or
   * greater than largest int240).
   *
   * Counterpart to Solidity's `int240` operator.
   *
   * Requirements:
   *
   * - input must fit into 240 bits
   */
  function toInt240(int256 value) internal pure returns (int240 downcasted) {
    downcasted = int240(value);
    if (downcasted != value) {
      revert SafeCastOverflowedIntDowncast(240, value);
    }
  }

  /**
   * @dev Returns the downcasted int232 from int256, reverting on
   * overflow (when the input is less than smallest int232 or
   * greater than largest int232).
   *
   * Counterpart to Solidity's `int232` operator.
   *
   * Requirements:
   *
   * - input must fit into 232 bits
   */
  function toInt232(int256 value) internal pure returns (int232 downcasted) {
    downcasted = int232(value);
    if (downcasted != value) {
      revert SafeCastOverflowedIntDowncast(232, value);
    }
  }

  /**
   * @dev Returns the downcasted int224 from int256, reverting on
   * overflow (when the input is less than smallest int224 or
   * greater than largest int224).
   *
   * Counterpart to Solidity's `int224` operator.
   *
   * Requirements:
   *
   * - input must fit into 224 bits
   */
  function toInt224(int256 value) internal pure returns (int224 downcasted) {
    downcasted = int224(value);
    if (downcasted != value) {
      revert SafeCastOverflowedIntDowncast(224, value);
    }
  }

  /**
   * @dev Returns the downcasted int216 from int256, reverting on
   * overflow (when the input is less than smallest int216 or
   * greater than largest int216).
   *
   * Counterpart to Solidity's `int216` operator.
   *
   * Requirements:
   *
   * - input must fit into 216 bits
   */
  function toInt216(int256 value) internal pure returns (int216 downcasted) {
    downcasted = int216(value);
    if (downcasted != value) {
      revert SafeCastOverflowedIntDowncast(216, value);
    }
  }

  /**
   * @dev Returns the downcasted int208 from int256, reverting on
   * overflow (when the input is less than smallest int208 or
   * greater than largest int208).
   *
   * Counterpart to Solidity's `int208` operator.
   *
   * Requirements:
   *
   * - input must fit into 208 bits
   */
  function toInt208(int256 value) internal pure returns (int208 downcasted) {
    downcasted = int208(value);
    if (downcasted != value) {
      revert SafeCastOverflowedIntDowncast(208, value);
    }
  }

  /**
   * @dev Returns the downcasted int200 from int256, reverting on
   * overflow (when the input is less than smallest int200 or
   * greater than largest int200).
   *
   * Counterpart to Solidity's `int200` operator.
   *
   * Requirements:
   *
   * - input must fit into 200 bits
   */
  function toInt200(int256 value) internal pure returns (int200 downcasted) {
    downcasted = int200(value);
    if (downcasted != value) {
      revert SafeCastOverflowedIntDowncast(200, value);
    }
  }

  /**
   * @dev Returns the downcasted int192 from int256, reverting on
   * overflow (when the input is less than smallest int192 or
   * greater than largest int192).
   *
   * Counterpart to Solidity's `int192` operator.
   *
   * Requirements:
   *
   * - input must fit into 192 bits
   */
  function toInt192(int256 value) internal pure returns (int192 downcasted) {
    downcasted = int192(value);
    if (downcasted != value) {
      revert SafeCastOverflowedIntDowncast(192, value);
    }
  }

  /**
   * @dev Returns the downcasted int184 from int256, reverting on
   * overflow (when the input is less than smallest int184 or
   * greater than largest int184).
   *
   * Counterpart to Solidity's `int184` operator.
   *
   * Requirements:
   *
   * - input must fit into 184 bits
   */
  function toInt184(int256 value) internal pure returns (int184 downcasted) {
    downcasted = int184(value);
    if (downcasted != value) {
      revert SafeCastOverflowedIntDowncast(184, value);
    }
  }

  /**
   * @dev Returns the downcasted int176 from int256, reverting on
   * overflow (when the input is less than smallest int176 or
   * greater than largest int176).
   *
   * Counterpart to Solidity's `int176` operator.
   *
   * Requirements:
   *
   * - input must fit into 176 bits
   */
  function toInt176(int256 value) internal pure returns (int176 downcasted) {
    downcasted = int176(value);
    if (downcasted != value) {
      revert SafeCastOverflowedIntDowncast(176, value);
    }
  }

  /**
   * @dev Returns the downcasted int168 from int256, reverting on
   * overflow (when the input is less than smallest int168 or
   * greater than largest int168).
   *
   * Counterpart to Solidity's `int168` operator.
   *
   * Requirements:
   *
   * - input must fit into 168 bits
   */
  function toInt168(int256 value) internal pure returns (int168 downcasted) {
    downcasted = int168(value);
    if (downcasted != value) {
      revert SafeCastOverflowedIntDowncast(168, value);
    }
  }

  /**
   * @dev Returns the downcasted int160 from int256, reverting on
   * overflow (when the input is less than smallest int160 or
   * greater than largest int160).
   *
   * Counterpart to Solidity's `int160` operator.
   *
   * Requirements:
   *
   * - input must fit into 160 bits
   */
  function toInt160(int256 value) internal pure returns (int160 downcasted) {
    downcasted = int160(value);
    if (downcasted != value) {
      revert SafeCastOverflowedIntDowncast(160, value);
    }
  }

  /**
   * @dev Returns the downcasted int152 from int256, reverting on
   * overflow (when the input is less than smallest int152 or
   * greater than largest int152).
   *
   * Counterpart to Solidity's `int152` operator.
   *
   * Requirements:
   *
   * - input must fit into 152 bits
   */
  function toInt152(int256 value) internal pure returns (int152 downcasted) {
    downcasted = int152(value);
    if (downcasted != value) {
      revert SafeCastOverflowedIntDowncast(152, value);
    }
  }

  /**
   * @dev Returns the downcasted int144 from int256, reverting on
   * overflow (when the input is less than smallest int144 or
   * greater than largest int144).
   *
   * Counterpart to Solidity's `int144` operator.
   *
   * Requirements:
   *
   * - input must fit into 144 bits
   */
  function toInt144(int256 value) internal pure returns (int144 downcasted) {
    downcasted = int144(value);
    if (downcasted != value) {
      revert SafeCastOverflowedIntDowncast(144, value);
    }
  }

  /**
   * @dev Returns the downcasted int136 from int256, reverting on
   * overflow (when the input is less than smallest int136 or
   * greater than largest int136).
   *
   * Counterpart to Solidity's `int136` operator.
   *
   * Requirements:
   *
   * - input must fit into 136 bits
   */
  function toInt136(int256 value) internal pure returns (int136 downcasted) {
    downcasted = int136(value);
    if (downcasted != value) {
      revert SafeCastOverflowedIntDowncast(136, value);
    }
  }

  /**
   * @dev Returns the downcasted int128 from int256, reverting on
   * overflow (when the input is less than smallest int128 or
   * greater than largest int128).
   *
   * Counterpart to Solidity's `int128` operator.
   *
   * Requirements:
   *
   * - input must fit into 128 bits
   */
  function toInt128(int256 value) internal pure returns (int128 downcasted) {
    downcasted = int128(value);
    if (downcasted != value) {
      revert SafeCastOverflowedIntDowncast(128, value);
    }
  }

  /**
   * @dev Returns the downcasted int120 from int256, reverting on
   * overflow (when the input is less than smallest int120 or
   * greater than largest int120).
   *
   * Counterpart to Solidity's `int120` operator.
   *
   * Requirements:
   *
   * - input must fit into 120 bits
   */
  function toInt120(int256 value) internal pure returns (int120 downcasted) {
    downcasted = int120(value);
    if (downcasted != value) {
      revert SafeCastOverflowedIntDowncast(120, value);
    }
  }

  /**
   * @dev Returns the downcasted int112 from int256, reverting on
   * overflow (when the input is less than smallest int112 or
   * greater than largest int112).
   *
   * Counterpart to Solidity's `int112` operator.
   *
   * Requirements:
   *
   * - input must fit into 112 bits
   */
  function toInt112(int256 value) internal pure returns (int112 downcasted) {
    downcasted = int112(value);
    if (downcasted != value) {
      revert SafeCastOverflowedIntDowncast(112, value);
    }
  }

  /**
   * @dev Returns the downcasted int104 from int256, reverting on
   * overflow (when the input is less than smallest int104 or
   * greater than largest int104).
   *
   * Counterpart to Solidity's `int104` operator.
   *
   * Requirements:
   *
   * - input must fit into 104 bits
   */
  function toInt104(int256 value) internal pure returns (int104 downcasted) {
    downcasted = int104(value);
    if (downcasted != value) {
      revert SafeCastOverflowedIntDowncast(104, value);
    }
  }

  /**
   * @dev Returns the downcasted int96 from int256, reverting on
   * overflow (when the input is less than smallest int96 or
   * greater than largest int96).
   *
   * Counterpart to Solidity's `int96` operator.
   *
   * Requirements:
   *
   * - input must fit into 96 bits
   */
  function toInt96(int256 value) internal pure returns (int96 downcasted) {
    downcasted = int96(value);
    if (downcasted != value) {
      revert SafeCastOverflowedIntDowncast(96, value);
    }
  }

  /**
   * @dev Returns the downcasted int88 from int256, reverting on
   * overflow (when the input is less than smallest int88 or
   * greater than largest int88).
   *
   * Counterpart to Solidity's `int88` operator.
   *
   * Requirements:
   *
   * - input must fit into 88 bits
   */
  function toInt88(int256 value) internal pure returns (int88 downcasted) {
    downcasted = int88(value);
    if (downcasted != value) {
      revert SafeCastOverflowedIntDowncast(88, value);
    }
  }

  /**
   * @dev Returns the downcasted int80 from int256, reverting on
   * overflow (when the input is less than smallest int80 or
   * greater than largest int80).
   *
   * Counterpart to Solidity's `int80` operator.
   *
   * Requirements:
   *
   * - input must fit into 80 bits
   */
  function toInt80(int256 value) internal pure returns (int80 downcasted) {
    downcasted = int80(value);
    if (downcasted != value) {
      revert SafeCastOverflowedIntDowncast(80, value);
    }
  }

  /**
   * @dev Returns the downcasted int72 from int256, reverting on
   * overflow (when the input is less than smallest int72 or
   * greater than largest int72).
   *
   * Counterpart to Solidity's `int72` operator.
   *
   * Requirements:
   *
   * - input must fit into 72 bits
   */
  function toInt72(int256 value) internal pure returns (int72 downcasted) {
    downcasted = int72(value);
    if (downcasted != value) {
      revert SafeCastOverflowedIntDowncast(72, value);
    }
  }

  /**
   * @dev Returns the downcasted int64 from int256, reverting on
   * overflow (when the input is less than smallest int64 or
   * greater than largest int64).
   *
   * Counterpart to Solidity's `int64` operator.
   *
   * Requirements:
   *
   * - input must fit into 64 bits
   */
  function toInt64(int256 value) internal pure returns (int64 downcasted) {
    downcasted = int64(value);
    if (downcasted != value) {
      revert SafeCastOverflowedIntDowncast(64, value);
    }
  }

  /**
   * @dev Returns the downcasted int56 from int256, reverting on
   * overflow (when the input is less than smallest int56 or
   * greater than largest int56).
   *
   * Counterpart to Solidity's `int56` operator.
   *
   * Requirements:
   *
   * - input must fit into 56 bits
   */
  function toInt56(int256 value) internal pure returns (int56 downcasted) {
    downcasted = int56(value);
    if (downcasted != value) {
      revert SafeCastOverflowedIntDowncast(56, value);
    }
  }

  /**
   * @dev Returns the downcasted int48 from int256, reverting on
   * overflow (when the input is less than smallest int48 or
   * greater than largest int48).
   *
   * Counterpart to Solidity's `int48` operator.
   *
   * Requirements:
   *
   * - input must fit into 48 bits
   */
  function toInt48(int256 value) internal pure returns (int48 downcasted) {
    downcasted = int48(value);
    if (downcasted != value) {
      revert SafeCastOverflowedIntDowncast(48, value);
    }
  }

  /**
   * @dev Returns the downcasted int40 from int256, reverting on
   * overflow (when the input is less than smallest int40 or
   * greater than largest int40).
   *
   * Counterpart to Solidity's `int40` operator.
   *
   * Requirements:
   *
   * - input must fit into 40 bits
   */
  function toInt40(int256 value) internal pure returns (int40 downcasted) {
    downcasted = int40(value);
    if (downcasted != value) {
      revert SafeCastOverflowedIntDowncast(40, value);
    }
  }

  /**
   * @dev Returns the downcasted int32 from int256, reverting on
   * overflow (when the input is less than smallest int32 or
   * greater than largest int32).
   *
   * Counterpart to Solidity's `int32` operator.
   *
   * Requirements:
   *
   * - input must fit into 32 bits
   */
  function toInt32(int256 value) internal pure returns (int32 downcasted) {
    downcasted = int32(value);
    if (downcasted != value) {
      revert SafeCastOverflowedIntDowncast(32, value);
    }
  }

  /**
   * @dev Returns the downcasted int24 from int256, reverting on
   * overflow (when the input is less than smallest int24 or
   * greater than largest int24).
   *
   * Counterpart to Solidity's `int24` operator.
   *
   * Requirements:
   *
   * - input must fit into 24 bits
   */
  function toInt24(int256 value) internal pure returns (int24 downcasted) {
    downcasted = int24(value);
    if (downcasted != value) {
      revert SafeCastOverflowedIntDowncast(24, value);
    }
  }

  /**
   * @dev Returns the downcasted int16 from int256, reverting on
   * overflow (when the input is less than smallest int16 or
   * greater than largest int16).
   *
   * Counterpart to Solidity's `int16` operator.
   *
   * Requirements:
   *
   * - input must fit into 16 bits
   */
  function toInt16(int256 value) internal pure returns (int16 downcasted) {
    downcasted = int16(value);
    if (downcasted != value) {
      revert SafeCastOverflowedIntDowncast(16, value);
    }
  }

  /**
   * @dev Returns the downcasted int8 from int256, reverting on
   * overflow (when the input is less than smallest int8 or
   * greater than largest int8).
   *
   * Counterpart to Solidity's `int8` operator.
   *
   * Requirements:
   *
   * - input must fit into 8 bits
   */
  function toInt8(int256 value) internal pure returns (int8 downcasted) {
    downcasted = int8(value);
    if (downcasted != value) {
      revert SafeCastOverflowedIntDowncast(8, value);
    }
  }

  /**
   * @dev Converts an unsigned uint256 into a signed int256.
   *
   * Requirements:
   *
   * - input must be less than or equal to maxInt256.
   */
  function toInt256(uint256 value) internal pure returns (int256) {
    // Note: Unsafe cast below is okay because `type(int256).max` is guaranteed to be positive
    if (value > uint256(type(int256).max)) {
      revert SafeCastOverflowedUintToInt(value);
    }
    return int256(value);
  }

  /**
   * @dev Cast a boolean (false or true) to a uint256 (0 or 1) with no jump.
   */
  function toUint(bool b) internal pure returns (uint256 u) {
    assembly ('memory-safe') {
      u := iszero(iszero(b))
    }
  }
}

50% src/dependencies/openzeppelin/SafeERC20.sol

Lines covered: 15 / 30 (50%)

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.3.0) (token/ERC20/utils/SafeERC20.sol)

pragma solidity ^0.8.20;

import {IERC20} from './IERC20.sol';
import {IERC1363} from './IERC1363.sol';

/**
 * @title SafeERC20
 * @dev Wrappers around ERC-20 operations that throw on failure (when the token
 * contract returns false). Tokens that return no value (and instead revert or
 * throw on failure) are also supported, non-reverting calls are assumed to be
 * successful.
 * To use this library you can add a `using SafeERC20 for IERC20;` statement to your contract,
 * which allows you to call the safe operations as `token.safeTransfer(...)`, etc.
 */
library SafeERC20 {
  /**
   * @dev An operation with an ERC-20 token failed.
   */
  error SafeERC20FailedOperation(address token);

  /**
   * @dev Indicates a failed `decreaseAllowance` request.
   */
  error SafeERC20FailedDecreaseAllowance(
    address spender,
    uint256 currentAllowance,
    uint256 requestedDecrease
  );

  /**
   * @dev Transfer `value` amount of `token` from the calling contract to `to`. If `token` returns no value,
   * non-reverting calls are assumed to be successful.
   */
  function safeTransfer(IERC20 token, address to, uint256 value) internal {
    _callOptionalReturn(token, abi.encodeCall(token.transfer, (to, value)));
  }

  /**
   * @dev Transfer `value` amount of `token` from `from` to `to`, spending the approval given by `from` to the
   * calling contract. If `token` returns no value, non-reverting calls are assumed to be successful.
   */
  function safeTransferFrom(IERC20 token, address from, address to, uint256 value) internal {
    _callOptionalReturn(token, abi.encodeCall(token.transferFrom, (from, to, value)));
  }

  /**
   * @dev Variant of {safeTransfer} that returns a bool instead of reverting if the operation is not successful.
   */
  function trySafeTransfer(IERC20 token, address to, uint256 value) internal returns (bool) {
    return _callOptionalReturnBool(token, abi.encodeCall(token.transfer, (to, value)));
  }

  /**
   * @dev Variant of {safeTransferFrom} that returns a bool instead of reverting if the operation is not successful.
   */
  function trySafeTransferFrom(
    IERC20 token,
    address from,
    address to,
    uint256 value
  ) internal returns (bool) {
    return _callOptionalReturnBool(token, abi.encodeCall(token.transferFrom, (from, to, value)));
  }

  /**
   * @dev Increase the calling contract's allowance toward `spender` by `value`. If `token` returns no value,
   * non-reverting calls are assumed to be successful.
   *
   * IMPORTANT: If the token implements ERC-7674 (ERC-20 with temporary allowance), and if the "client"
   * smart contract uses ERC-7674 to set temporary allowances, then the "client" smart contract should avoid using
   * this function. Performing a {safeIncreaseAllowance} or {safeDecreaseAllowance} operation on a token contract
   * that has a non-zero temporary allowance (for that particular owner-spender) will result in unexpected behavior.
   */
  function safeIncreaseAllowance(IERC20 token, address spender, uint256 value) internal {
    uint256 oldAllowance = token.allowance(address(this), spender);
    forceApprove(token, spender, oldAllowance + value);
  }

  /**
   * @dev Decrease the calling contract's allowance toward `spender` by `requestedDecrease`. If `token` returns no
   * value, non-reverting calls are assumed to be successful.
   *
   * IMPORTANT: If the token implements ERC-7674 (ERC-20 with temporary allowance), and if the "client"
   * smart contract uses ERC-7674 to set temporary allowances, then the "client" smart contract should avoid using
   * this function. Performing a {safeIncreaseAllowance} or {safeDecreaseAllowance} operation on a token contract
   * that has a non-zero temporary allowance (for that particular owner-spender) will result in unexpected behavior.
   */
  function safeDecreaseAllowance(
    IERC20 token,
    address spender,
    uint256 requestedDecrease
  ) internal {
    unchecked {
      uint256 currentAllowance = token.allowance(address(this), spender);
      if (currentAllowance < requestedDecrease) {
        revert SafeERC20FailedDecreaseAllowance(spender, currentAllowance, requestedDecrease);
      }
      forceApprove(token, spender, currentAllowance - requestedDecrease);
    }
  }

  /**
   * @dev Set the calling contract's allowance toward `spender` to `value`. If `token` returns no value,
   * non-reverting calls are assumed to be successful. Meant to be used with tokens that require the approval
   * to be set to zero before setting it to a non-zero value, such as USDT.
   *
   * NOTE: If the token implements ERC-7674, this function will not modify any temporary allowance. This function
   * only sets the "standard" allowance. Any temporary allowance will remain active, in addition to the value being
   * set here.
   */
  function forceApprove(IERC20 token, address spender, uint256 value) internal {
    bytes memory approvalCall = abi.encodeCall(token.approve, (spender, value));

    if (!_callOptionalReturnBool(token, approvalCall)) {
      _callOptionalReturn(token, abi.encodeCall(token.approve, (spender, 0)));
      _callOptionalReturn(token, approvalCall);
    }
  }

  /**
   * @dev Performs an {ERC1363} transferAndCall, with a fallback to the simple {ERC20} transfer if the target has no
   * code. This can be used to implement an {ERC721}-like safe transfer that rely on {ERC1363} checks when
   * targeting contracts.
   *
   * Reverts if the returned value is other than `true`.
   */
  function transferAndCallRelaxed(
    IERC1363 token,
    address to,
    uint256 value,
    bytes memory data
  ) internal {
    if (to.code.length == 0) {
      safeTransfer(token, to, value);
    } else if (!token.transferAndCall(to, value, data)) {
      revert SafeERC20FailedOperation(address(token));
    }
  }

  /**
   * @dev Performs an {ERC1363} transferFromAndCall, with a fallback to the simple {ERC20} transferFrom if the target
   * has no code. This can be used to implement an {ERC721}-like safe transfer that rely on {ERC1363} checks when
   * targeting contracts.
   *
   * Reverts if the returned value is other than `true`.
   */
  function transferFromAndCallRelaxed(
    IERC1363 token,
    address from,
    address to,
    uint256 value,
    bytes memory data
  ) internal {
    if (to.code.length == 0) {
      safeTransferFrom(token, from, to, value);
    } else if (!token.transferFromAndCall(from, to, value, data)) {
      revert SafeERC20FailedOperation(address(token));
    }
  }

  /**
   * @dev Performs an {ERC1363} approveAndCall, with a fallback to the simple {ERC20} approve if the target has no
   * code. This can be used to implement an {ERC721}-like safe transfer that rely on {ERC1363} checks when
   * targeting contracts.
   *
   * NOTE: When the recipient address (`to`) has no code (i.e. is an EOA), this function behaves as {forceApprove}.
   * Opposedly, when the recipient address (`to`) has code, this function only attempts to call {ERC1363-approveAndCall}
   * once without retrying, and relies on the returned value to be true.
   *
   * Reverts if the returned value is other than `true`.
   */
  function approveAndCallRelaxed(
    IERC1363 token,
    address to,
    uint256 value,
    bytes memory data
  ) internal {
    if (to.code.length == 0) {
      forceApprove(token, to, value);
    } else if (!token.approveAndCall(to, value, data)) {
      revert SafeERC20FailedOperation(address(token));
    }
  }

  /**
   * @dev Imitates a Solidity high-level call (i.e. a regular function call to a contract), relaxing the requirement
   * on the return value: the return value is optional (but if data is returned, it must not be false).
   * @param token The token targeted by the call.
   * @param data The call data (encoded using abi.encode or one of its variants).
   *
   * This is a variant of {_callOptionalReturnBool} that reverts if call fails to meet the requirements.
   */
  function _callOptionalReturn(IERC20 token, bytes memory data) private {
    uint256 returnSize;
    uint256 returnValue;
    assembly ('memory-safe') {
      let success := call(gas(), token, 0, add(data, 0x20), mload(data), 0, 0x20)
      // bubble errors
      if iszero(success) {
        let ptr := mload(0x40)
        returndatacopy(ptr, 0, returndatasize())
        revert(ptr, returndatasize())
      }
      returnSize := returndatasize()
      returnValue := mload(0)
    }

    if (returnSize == 0 ? address(token).code.length == 0 : returnValue != 1) {
      revert SafeERC20FailedOperation(address(token));
    }
  }

  /**
   * @dev Imitates a Solidity high-level call (i.e. a regular function call to a contract), relaxing the requirement
   * on the return value: the return value is optional (but if data is returned, it must not be false).
   * @param token The token targeted by the call.
   * @param data The call data (encoded using abi.encode or one of its variants).
   *
   * This is a variant of {_callOptionalReturn} that silently catches all reverts and returns a bool instead.
   */
  function _callOptionalReturnBool(IERC20 token, bytes memory data) private returns (bool) {
    bool success;
    uint256 returnSize;
    uint256 returnValue;
    assembly ('memory-safe') {
      success := call(gas(), token, 0, add(data, 0x20), mload(data), 0, 0x20)
      returnSize := returndatasize()
      returnValue := mload(0)
    }
    return success && (returnSize == 0 ? address(token).code.length > 0 : returnValue == 1);
  }
}

0% src/dependencies/openzeppelin/SignatureChecker.sol

Lines covered: 0 / 14 (0%)

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.4.0) (utils/cryptography/SignatureChecker.sol)

pragma solidity ^0.8.24;

import {ECDSA} from './ECDSA.sol';
import {IERC1271} from './IERC1271.sol';
import {IERC7913SignatureVerifier} from './IERC7913.sol';
import {Bytes} from './Bytes.sol';

/**
 * @dev Signature verification helper that can be used instead of `ECDSA.recover` to seamlessly support:
 *
 * * ECDSA signatures from externally owned accounts (EOAs)
 * * ERC-1271 signatures from smart contract wallets like Argent and Safe Wallet (previously Gnosis Safe)
 * * ERC-7913 signatures from keys that do not have an Ethereum address of their own
 *
 * See https://eips.ethereum.org/EIPS/eip-1271[ERC-1271] and https://eips.ethereum.org/EIPS/eip-7913[ERC-7913].
 */
library SignatureChecker {
  using Bytes for bytes;

  /**
   * @dev Checks if a signature is valid for a given signer and data hash. If the signer has code, the
   * signature is validated against it using ERC-1271, otherwise it's validated using `ECDSA.recover`.
   *
   * NOTE: Unlike ECDSA signatures, contract signatures are revocable, and the outcome of this function can thus
   * change through time. It could return true at block N and false at block N+1 (or the opposite).
   *
   * NOTE: For an extended version of this function that supports ERC-7913 signatures, see {isValidSignatureNow-bytes-bytes32-bytes-}.
   */
  function isValidSignatureNow(
    address signer,
    bytes32 hash,
    bytes memory signature
  ) internal view returns (bool) {
    if (signer.code.length == 0) {
      (address recovered, ECDSA.RecoverError err, ) = ECDSA.tryRecover(hash, signature);
      return err == ECDSA.RecoverError.NoError && recovered == signer;
    } else {
      return isValidERC1271SignatureNow(signer, hash, signature);
    }
  }

  /**
   * @dev Checks if a signature is valid for a given signer and data hash. The signature is validated
   * against the signer smart contract using ERC-1271.
   *
   * NOTE: Unlike ECDSA signatures, contract signatures are revocable, and the outcome of this function can thus
   * change through time. It could return true at block N and false at block N+1 (or the opposite).
   */
  function isValidERC1271SignatureNow(
    address signer,
    bytes32 hash,
    bytes memory signature
  ) internal view returns (bool) {
    (bool success, bytes memory result) = signer.staticcall(
      abi.encodeCall(IERC1271.isValidSignature, (hash, signature))
    );
    return (success &&
      result.length >= 32 &&
      abi.decode(result, (bytes32)) == bytes32(IERC1271.isValidSignature.selector));
  }

  /**
   * @dev Verifies a signature for a given ERC-7913 signer and hash.
   *
   * The signer is a `bytes` object that is the concatenation of an address and optionally a key:
   * `verifier || key`. A signer must be at least 20 bytes long.
   *
   * Verification is done as follows:
   *
   * * If `signer.length < 20`: verification fails
   * * If `signer.length == 20`: verification is done using {isValidSignatureNow}
   * * Otherwise: verification is done using {IERC7913SignatureVerifier}
   *
   * NOTE: Unlike ECDSA signatures, contract signatures are revocable, and the outcome of this function can thus
   * change through time. It could return true at block N and false at block N+1 (or the opposite).
   */
  function isValidSignatureNow(
    bytes memory signer,
    bytes32 hash,
    bytes memory signature
  ) internal view returns (bool) {
    if (signer.length < 20) {
      return false;
    } else if (signer.length == 20) {
      return isValidSignatureNow(address(bytes20(signer)), hash, signature);
    } else {
      (bool success, bytes memory result) = address(bytes20(signer)).staticcall(
        abi.encodeCall(IERC7913SignatureVerifier.verify, (signer.slice(20), hash, signature))
      );
      return (success &&
        result.length >= 32 &&
        abi.decode(result, (bytes32)) == bytes32(IERC7913SignatureVerifier.verify.selector));
    }
  }

  /**
   * @dev Verifies multiple ERC-7913 `signatures` for a given `hash` using a set of `signers`.
   * Returns `false` if the number of signers and signatures is not the same.
   *
   * The signers should be ordered by their `keccak256` hash to ensure efficient duplication check. Unordered
   * signers are supported, but the uniqueness check will be more expensive.
   *
   * NOTE: Unlike ECDSA signatures, contract signatures are revocable, and the outcome of this function can thus
   * change through time. It could return true at block N and false at block N+1 (or the opposite).
   */
  function areValidSignaturesNow(
    bytes32 hash,
    bytes[] memory signers,
    bytes[] memory signatures
  ) internal view returns (bool) {
    if (signers.length != signatures.length) return false;

    bytes32 lastId = bytes32(0);

    for (uint256 i = 0; i < signers.length; ++i) {
      bytes memory signer = signers[i];

      // If one of the signatures is invalid, reject the batch
      if (!isValidSignatureNow(signer, hash, signatures[i])) return false;

      bytes32 id = keccak256(signer);
      // If the current signer ID is greater than all previous IDs, then this is a new signer.
      if (lastId < id) {
        lastId = id;
      } else {
        // If this signer id is not greater than all the previous ones, verify that it is not a duplicate of a previous one
        // This loop is never executed if the signers are ordered by id.
        for (uint256 j = 0; j < i; ++j) {
          if (id == keccak256(signers[j])) return false;
        }
      }
    }

    return true;
  }
}

0% src/dependencies/openzeppelin/SlotDerivation.sol

Lines covered: 0 / 6 (0%)

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.3.0) (utils/SlotDerivation.sol)
// This file was procedurally generated from scripts/generate/templates/SlotDerivation.js.

pragma solidity ^0.8.20;

/**
 * @dev Library for computing storage (and transient storage) locations from namespaces and deriving slots
 * corresponding to standard patterns. The derivation method for array and mapping matches the storage layout used by
 * the solidity language / compiler.
 *
 * See https://docs.soliditylang.org/en/v0.8.20/internals/layout_in_storage.html#mappings-and-dynamic-arrays[Solidity docs for mappings and dynamic arrays.].
 *
 * Example usage:
 * ```solidity
 * contract Example {
 *     // Add the library methods
 *     using StorageSlot for bytes32;
 *     using SlotDerivation for bytes32;
 *
 *     // Declare a namespace
 *     string private constant _NAMESPACE = "<namespace>"; // eg. OpenZeppelin.Slot
 *
 *     function setValueInNamespace(uint256 key, address newValue) internal {
 *         _NAMESPACE.erc7201Slot().deriveMapping(key).getAddressSlot().value = newValue;
 *     }
 *
 *     function getValueInNamespace(uint256 key) internal view returns (address) {
 *         return _NAMESPACE.erc7201Slot().deriveMapping(key).getAddressSlot().value;
 *     }
 * }
 * ```
 *
 * TIP: Consider using this library along with {StorageSlot}.
 *
 * NOTE: This library provides a way to manipulate storage locations in a non-standard way. Tooling for checking
 * upgrade safety will ignore the slots accessed through this library.
 *
 * _Available since v5.1._
 */
library SlotDerivation {
  /**
   * @dev Derive an ERC-7201 slot from a string (namespace).
   */
  function erc7201Slot(string memory namespace) internal pure returns (bytes32 slot) {
    assembly ('memory-safe') {
      mstore(0x00, sub(keccak256(add(namespace, 0x20), mload(namespace)), 1))
      slot := and(keccak256(0x00, 0x20), not(0xff))
    }
  }

  /**
   * @dev Add an offset to a slot to get the n-th element of a structure or an array.
   */
  function offset(bytes32 slot, uint256 pos) internal pure returns (bytes32 result) {
    unchecked {
      return bytes32(uint256(slot) + pos);
    }
  }

  /**
   * @dev Derive the location of the first element in an array from the slot where the length is stored.
   */
  function deriveArray(bytes32 slot) internal pure returns (bytes32 result) {
    assembly ('memory-safe') {
      mstore(0x00, slot)
      result := keccak256(0x00, 0x20)
    }
  }

  /**
   * @dev Derive the location of a mapping element from the key.
   */
  function deriveMapping(bytes32 slot, address key) internal pure returns (bytes32 result) {
    assembly ('memory-safe') {
      mstore(0x00, and(key, shr(96, not(0))))
      mstore(0x20, slot)
      result := keccak256(0x00, 0x40)
    }
  }

  /**
   * @dev Derive the location of a mapping element from the key.
   */
  function deriveMapping(bytes32 slot, bool key) internal pure returns (bytes32 result) {
    assembly ('memory-safe') {
      mstore(0x00, iszero(iszero(key)))
      mstore(0x20, slot)
      result := keccak256(0x00, 0x40)
    }
  }

  /**
   * @dev Derive the location of a mapping element from the key.
   */
  function deriveMapping(bytes32 slot, bytes32 key) internal pure returns (bytes32 result) {
    assembly ('memory-safe') {
      mstore(0x00, key)
      mstore(0x20, slot)
      result := keccak256(0x00, 0x40)
    }
  }

  /**
   * @dev Derive the location of a mapping element from the key.
   */
  function deriveMapping(bytes32 slot, uint256 key) internal pure returns (bytes32 result) {
    assembly ('memory-safe') {
      mstore(0x00, key)
      mstore(0x20, slot)
      result := keccak256(0x00, 0x40)
    }
  }

  /**
   * @dev Derive the location of a mapping element from the key.
   */
  function deriveMapping(bytes32 slot, int256 key) internal pure returns (bytes32 result) {
    assembly ('memory-safe') {
      mstore(0x00, key)
      mstore(0x20, slot)
      result := keccak256(0x00, 0x40)
    }
  }

  /**
   * @dev Derive the location of a mapping element from the key.
   */
  function deriveMapping(bytes32 slot, string memory key) internal pure returns (bytes32 result) {
    assembly ('memory-safe') {
      let length := mload(key)
      let begin := add(key, 0x20)
      let end := add(begin, length)
      let cache := mload(end)
      mstore(end, slot)
      result := keccak256(begin, add(length, 0x20))
      mstore(end, cache)
    }
  }

  /**
   * @dev Derive the location of a mapping element from the key.
   */
  function deriveMapping(bytes32 slot, bytes memory key) internal pure returns (bytes32 result) {
    assembly ('memory-safe') {
      let length := mload(key)
      let begin := add(key, 0x20)
      let end := add(begin, length)
      let cache := mload(end)
      mstore(end, slot)
      result := keccak256(begin, add(length, 0x20))
      mstore(end, cache)
    }
  }
}

0% src/dependencies/openzeppelin/StorageSlot.sol

Lines covered: 0 / 4 (0%)

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.1.0) (utils/StorageSlot.sol)
// This file was procedurally generated from scripts/generate/templates/StorageSlot.js.

pragma solidity ^0.8.20;

/**
 * @dev Library for reading and writing primitive types to specific storage slots.
 *
 * Storage slots are often used to avoid storage conflict when dealing with upgradeable contracts.
 * This library helps with reading and writing to such slots without the need for inline assembly.
 *
 * The functions in this library return Slot structs that contain a `value` member that can be used to read or write.
 *
 * Example usage to set ERC-1967 implementation slot:
 * ```solidity
 * contract ERC1967 {
 *     // Define the slot. Alternatively, use the SlotDerivation library to derive the slot.
 *     bytes32 internal constant _IMPLEMENTATION_SLOT = 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc;
 *
 *     function _getImplementation() internal view returns (address) {
 *         return StorageSlot.getAddressSlot(_IMPLEMENTATION_SLOT).value;
 *     }
 *
 *     function _setImplementation(address newImplementation) internal {
 *         require(newImplementation.code.length > 0);
 *         StorageSlot.getAddressSlot(_IMPLEMENTATION_SLOT).value = newImplementation;
 *     }
 * }
 * ```
 *
 * TIP: Consider using this library along with {SlotDerivation}.
 */
library StorageSlot {
  struct AddressSlot {
    address value;
  }

  struct BooleanSlot {
    bool value;
  }

  struct Bytes32Slot {
    bytes32 value;
  }

  struct Uint256Slot {
    uint256 value;
  }

  struct Int256Slot {
    int256 value;
  }

  struct StringSlot {
    string value;
  }

  struct BytesSlot {
    bytes value;
  }

  /**
   * @dev Returns an `AddressSlot` with member `value` located at `slot`.
   */
  function getAddressSlot(bytes32 slot) internal pure returns (AddressSlot storage r) {
    assembly ('memory-safe') {
      r.slot := slot
    }
  }

  /**
   * @dev Returns a `BooleanSlot` with member `value` located at `slot`.
   */
  function getBooleanSlot(bytes32 slot) internal pure returns (BooleanSlot storage r) {
    assembly ('memory-safe') {
      r.slot := slot
    }
  }

  /**
   * @dev Returns a `Bytes32Slot` with member `value` located at `slot`.
   */
  function getBytes32Slot(bytes32 slot) internal pure returns (Bytes32Slot storage r) {
    assembly ('memory-safe') {
      r.slot := slot
    }
  }

  /**
   * @dev Returns a `Uint256Slot` with member `value` located at `slot`.
   */
  function getUint256Slot(bytes32 slot) internal pure returns (Uint256Slot storage r) {
    assembly ('memory-safe') {
      r.slot := slot
    }
  }

  /**
   * @dev Returns a `Int256Slot` with member `value` located at `slot`.
   */
  function getInt256Slot(bytes32 slot) internal pure returns (Int256Slot storage r) {
    assembly ('memory-safe') {
      r.slot := slot
    }
  }

  /**
   * @dev Returns a `StringSlot` with member `value` located at `slot`.
   */
  function getStringSlot(bytes32 slot) internal pure returns (StringSlot storage r) {
    assembly ('memory-safe') {
      r.slot := slot
    }
  }

  /**
   * @dev Returns an `StringSlot` representation of the string storage pointer `store`.
   */
  function getStringSlot(string storage store) internal pure returns (StringSlot storage r) {
    assembly ('memory-safe') {
      r.slot := store.slot
    }
  }

  /**
   * @dev Returns a `BytesSlot` with member `value` located at `slot`.
   */
  function getBytesSlot(bytes32 slot) internal pure returns (BytesSlot storage r) {
    assembly ('memory-safe') {
      r.slot := slot
    }
  }

  /**
   * @dev Returns an `BytesSlot` representation of the bytes storage pointer `store`.
   */
  function getBytesSlot(bytes storage store) internal pure returns (BytesSlot storage r) {
    assembly ('memory-safe') {
      r.slot := store.slot
    }
  }
}

54% src/dependencies/openzeppelin/Time.sol

Lines covered: 12 / 22 (54%)

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.1.0) (utils/types/Time.sol)

pragma solidity ^0.8.20;

import {Math} from './Math.sol';
import {SafeCast} from './SafeCast.sol';

/**
 * @dev This library provides helpers for manipulating time-related objects.
 *
 * It uses the following types:
 * - `uint48` for timepoints
 * - `uint32` for durations
 *
 * While the library doesn't provide specific types for timepoints and duration, it does provide:
 * - a `Delay` type to represent duration that can be programmed to change value automatically at a given point
 * - additional helper functions
 */
library Time {
  using Time for *;

  /**
   * @dev Get the block timestamp as a Timepoint.
   */
  function timestamp() internal view returns (uint48) {
    return SafeCast.toUint48(block.timestamp);
  }

  /**
   * @dev Get the block number as a Timepoint.
   */
  function blockNumber() internal view returns (uint48) {
    return SafeCast.toUint48(block.number);
  }

  // ==================================================== Delay =====================================================
  /**
   * @dev A `Delay` is a uint32 duration that can be programmed to change value automatically at a given point in the
   * future. The "effect" timepoint describes when the transitions happens from the "old" value to the "new" value.
   * This allows updating the delay applied to some operation while keeping some guarantees.
   *
   * In particular, the {update} function guarantees that if the delay is reduced, the old delay still applies for
   * some time. For example if the delay is currently 7 days to do an upgrade, the admin should not be able to set
   * the delay to 0 and upgrade immediately. If the admin wants to reduce the delay, the old delay (7 days) should
   * still apply for some time.
   *
   *
   * The `Delay` type is 112 bits long, and packs the following:
   *
   * ```
   *   | [uint48]: effect date (timepoint)
   *   |           | [uint32]: value before (duration)
   *   ↓           ↓       ↓ [uint32]: value after (duration)
   * 0xAAAAAAAAAAAABBBBBBBBCCCCCCCC
   * ```
   *
   * NOTE: The {get} and {withUpdate} functions operate using timestamps. Block number based delays are not currently
   * supported.
   */
  type Delay is uint112;

  /**
   * @dev Wrap a duration into a Delay to add the one-step "update in the future" feature
   */
  function toDelay(uint32 duration) internal pure returns (Delay) {
    return Delay.wrap(duration);
  }

  /**
   * @dev Get the value at a given timepoint plus the pending value and effect timepoint if there is a scheduled
   * change after this timepoint. If the effect timepoint is 0, then the pending value should not be considered.
   */
  function _getFullAt(
    Delay self,
    uint48 timepoint
  ) private pure returns (uint32 valueBefore, uint32 valueAfter, uint48 effect) {
    (valueBefore, valueAfter, effect) = self.unpack();
    return effect <= timepoint ? (valueAfter, 0, 0) : (valueBefore, valueAfter, effect);
  }

  /**
   * @dev Get the current value plus the pending value and effect timepoint if there is a scheduled change. If the
   * effect timepoint is 0, then the pending value should not be considered.
   */
  function getFull(
    Delay self
  ) internal view returns (uint32 valueBefore, uint32 valueAfter, uint48 effect) {
    return _getFullAt(self, timestamp());
  }

  /**
   * @dev Get the current value.
   */
  function get(Delay self) internal view returns (uint32) {
    (uint32 delay, , ) = self.getFull();
    return delay;
  }

  /**
   * @dev Update a Delay object so that it takes a new duration after a timepoint that is automatically computed to
   * enforce the old delay at the moment of the update. Returns the updated Delay object and the timestamp when the
   * new delay becomes effective.
   */
  function withUpdate(
    Delay self,
    uint32 newValue,
    uint32 minSetback
  ) internal view returns (Delay updatedDelay, uint48 effect) {
    uint32 value = self.get();
    uint32 setback = uint32(Math.max(minSetback, value > newValue ? value - newValue : 0));
    effect = timestamp() + setback;
    return (pack(value, newValue, effect), effect);
  }

  /**
   * @dev Split a delay into its components: valueBefore, valueAfter and effect (transition timepoint).
   */
  function unpack(
    Delay self
  ) internal pure returns (uint32 valueBefore, uint32 valueAfter, uint48 effect) {
    uint112 raw = Delay.unwrap(self);

    valueAfter = uint32(raw);
    valueBefore = uint32(raw >> 32);
    effect = uint48(raw >> 64);

    return (valueBefore, valueAfter, effect);
  }

  /**
   * @dev pack the components into a Delay object.
   */
  function pack(
    uint32 valueBefore,
    uint32 valueAfter,
    uint48 effect
  ) internal pure returns (Delay) {
    return Delay.wrap((uint112(effect) << 64) | (uint112(valueBefore) << 32) | uint112(valueAfter));
  }
}

0% src/dependencies/openzeppelin/TransientSlot.sol

Lines covered: 0 / 5 (0%)

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.3.0) (utils/TransientSlot.sol)
// This file was procedurally generated from scripts/generate/templates/TransientSlot.js.

pragma solidity ^0.8.24;

/**
 * @dev Library for reading and writing value-types to specific transient storage slots.
 *
 * Transient slots are often used to store temporary values that are removed after the current transaction.
 * This library helps with reading and writing to such slots without the need for inline assembly.
 *
 *  * Example reading and writing values using transient storage:
 * ```solidity
 * contract Lock {
 *     using TransientSlot for *;
 *
 *     // Define the slot. Alternatively, use the SlotDerivation library to derive the slot.
 *     bytes32 internal constant _LOCK_SLOT = 0xf4678858b2b588224636b8522b729e7722d32fc491da849ed75b3fdf3c84f542;
 *
 *     modifier locked() {
 *         require(!_LOCK_SLOT.asBoolean().tload());
 *
 *         _LOCK_SLOT.asBoolean().tstore(true);
 *         _;
 *         _LOCK_SLOT.asBoolean().tstore(false);
 *     }
 * }
 * ```
 *
 * TIP: Consider using this library along with {SlotDerivation}.
 */
library TransientSlot {
  /**
   * @dev UDVT that represents a slot holding an address.
   */
  type AddressSlot is bytes32;

  /**
   * @dev Cast an arbitrary slot to a AddressSlot.
   */
  function asAddress(bytes32 slot) internal pure returns (AddressSlot) {
    return AddressSlot.wrap(slot);
  }

  /**
   * @dev UDVT that represents a slot holding a bool.
   */
  type BooleanSlot is bytes32;

  /**
   * @dev Cast an arbitrary slot to a BooleanSlot.
   */
  function asBoolean(bytes32 slot) internal pure returns (BooleanSlot) {
    return BooleanSlot.wrap(slot);
  }

  /**
   * @dev UDVT that represents a slot holding a bytes32.
   */
  type Bytes32Slot is bytes32;

  /**
   * @dev Cast an arbitrary slot to a Bytes32Slot.
   */
  function asBytes32(bytes32 slot) internal pure returns (Bytes32Slot) {
    return Bytes32Slot.wrap(slot);
  }

  /**
   * @dev UDVT that represents a slot holding a uint256.
   */
  type Uint256Slot is bytes32;

  /**
   * @dev Cast an arbitrary slot to a Uint256Slot.
   */
  function asUint256(bytes32 slot) internal pure returns (Uint256Slot) {
    return Uint256Slot.wrap(slot);
  }

  /**
   * @dev UDVT that represents a slot holding a int256.
   */
  type Int256Slot is bytes32;

  /**
   * @dev Cast an arbitrary slot to a Int256Slot.
   */
  function asInt256(bytes32 slot) internal pure returns (Int256Slot) {
    return Int256Slot.wrap(slot);
  }

  /**
   * @dev Load the value held at location `slot` in transient storage.
   */
  function tload(AddressSlot slot) internal view returns (address value) {
    assembly ('memory-safe') {
      value := tload(slot)
    }
  }

  /**
   * @dev Store `value` at location `slot` in transient storage.
   */
  function tstore(AddressSlot slot, address value) internal {
    assembly ('memory-safe') {
      tstore(slot, value)
    }
  }

  /**
   * @dev Load the value held at location `slot` in transient storage.
   */
  function tload(BooleanSlot slot) internal view returns (bool value) {
    assembly ('memory-safe') {
      value := tload(slot)
    }
  }

  /**
   * @dev Store `value` at location `slot` in transient storage.
   */
  function tstore(BooleanSlot slot, bool value) internal {
    assembly ('memory-safe') {
      tstore(slot, value)
    }
  }

  /**
   * @dev Load the value held at location `slot` in transient storage.
   */
  function tload(Bytes32Slot slot) internal view returns (bytes32 value) {
    assembly ('memory-safe') {
      value := tload(slot)
    }
  }

  /**
   * @dev Store `value` at location `slot` in transient storage.
   */
  function tstore(Bytes32Slot slot, bytes32 value) internal {
    assembly ('memory-safe') {
      tstore(slot, value)
    }
  }

  /**
   * @dev Load the value held at location `slot` in transient storage.
   */
  function tload(Uint256Slot slot) internal view returns (uint256 value) {
    assembly ('memory-safe') {
      value := tload(slot)
    }
  }

  /**
   * @dev Store `value` at location `slot` in transient storage.
   */
  function tstore(Uint256Slot slot, uint256 value) internal {
    assembly ('memory-safe') {
      tstore(slot, value)
    }
  }

  /**
   * @dev Load the value held at location `slot` in transient storage.
   */
  function tload(Int256Slot slot) internal view returns (int256 value) {
    assembly ('memory-safe') {
      value := tload(slot)
    }
  }

  /**
   * @dev Store `value` at location `slot` in transient storage.
   */
  function tstore(Int256Slot slot, int256 value) internal {
    assembly ('memory-safe') {
      tstore(slot, value)
    }
  }
}

0% src/dependencies/openzeppelin/TransparentUpgradeableProxy.sol

Lines covered: 0 / 16 (0%)

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.2.0) (proxy/transparent/TransparentUpgradeableProxy.sol)

pragma solidity ^0.8.22;

import {ERC1967Utils} from './ERC1967Utils.sol';
import {ERC1967Proxy} from './ERC1967Proxy.sol';
import {IERC1967} from './IERC1967.sol';
import {ProxyAdmin} from './ProxyAdmin.sol';

/**
 * @dev Interface for {TransparentUpgradeableProxy}. In order to implement transparency, {TransparentUpgradeableProxy}
 * does not implement this interface directly, and its upgradeability mechanism is implemented by an internal dispatch
 * mechanism. The compiler is unaware that these functions are implemented by {TransparentUpgradeableProxy} and will not
 * include them in the ABI so this interface must be used to interact with it.
 */
interface ITransparentUpgradeableProxy is IERC1967 {
  /// @dev See {UUPSUpgradeable-upgradeToAndCall}
  function upgradeToAndCall(address newImplementation, bytes calldata data) external payable;
}

/**
 * @dev This contract implements a proxy that is upgradeable through an associated {ProxyAdmin} instance.
 *
 * To avoid https://medium.com/nomic-labs-blog/malicious-backdoors-in-ethereum-proxies-62629adf3357[proxy selector
 * clashing], which can potentially be used in an attack, this contract uses the
 * https://blog.openzeppelin.com/the-transparent-proxy-pattern/[transparent proxy pattern]. This pattern implies two
 * things that go hand in hand:
 *
 * 1. If any account other than the admin calls the proxy, the call will be forwarded to the implementation, even if
 * that call matches the {ITransparentUpgradeableProxy-upgradeToAndCall} function exposed by the proxy itself.
 * 2. If the admin calls the proxy, it can call the `upgradeToAndCall` function but any other call won't be forwarded to
 * the implementation. If the admin tries to call a function on the implementation it will fail with an error indicating
 * the proxy admin cannot fallback to the target implementation.
 *
 * These properties mean that the admin account can only be used for upgrading the proxy, so it's best if it's a
 * dedicated account that is not used for anything else. This will avoid headaches due to sudden errors when trying to
 * call a function from the proxy implementation. For this reason, the proxy deploys an instance of {ProxyAdmin} and
 * allows upgrades only if they come through it. You should think of the `ProxyAdmin` instance as the administrative
 * interface of the proxy, including the ability to change who can trigger upgrades by transferring ownership.
 *
 * NOTE: The real interface of this proxy is that defined in `ITransparentUpgradeableProxy`. This contract does not
 * inherit from that interface, and instead `upgradeToAndCall` is implicitly implemented using a custom dispatch
 * mechanism in `_fallback`. Consequently, the compiler will not produce an ABI for this contract. This is necessary to
 * fully implement transparency without decoding reverts caused by selector clashes between the proxy and the
 * implementation.
 *
 * NOTE: This proxy does not inherit from {Context} deliberately. The {ProxyAdmin} of this contract won't send a
 * meta-transaction in any way, and any other meta-transaction setup should be made in the implementation contract.
 *
 * IMPORTANT: This contract avoids unnecessary storage reads by setting the admin only during construction as an
 * immutable variable, preventing any changes thereafter. However, the admin slot defined in ERC-1967 can still be
 * overwritten by the implementation logic pointed to by this proxy. In such cases, the contract may end up in an
 * undesirable state where the admin slot is different from the actual admin. Relying on the value of the admin slot
 * is generally fine if the implementation is trusted.
 *
 * WARNING: It is not recommended to extend this contract to add additional external functions. If you do so, the
 * compiler will not check that there are no selector conflicts, due to the note above. A selector clash between any new
 * function and the functions declared in {ITransparentUpgradeableProxy} will be resolved in favor of the new one. This
 * could render the `upgradeToAndCall` function inaccessible, preventing upgradeability and compromising transparency.
 */
contract TransparentUpgradeableProxy is ERC1967Proxy {
  // An immutable address for the admin to avoid unnecessary SLOADs before each call
  // at the expense of removing the ability to change the admin once it's set.
  // This is acceptable if the admin is always a ProxyAdmin instance or similar contract
  // with its own ability to transfer the permissions to another account.
  address private immutable _admin;

  /**
   * @dev The proxy caller is the current admin, and can't fallback to the proxy target.
   */
  error ProxyDeniedAdminAccess();

  /**
   * @dev Initializes an upgradeable proxy managed by an instance of a {ProxyAdmin} with an `initialOwner`,
   * backed by the implementation at `_logic`, and optionally initialized with `_data` as explained in
   * {ERC1967Proxy-constructor}.
   */
  constructor(
    address _logic,
    address initialOwner,
    bytes memory _data
  ) payable ERC1967Proxy(_logic, _data) {
    _admin = address(new ProxyAdmin(initialOwner));
    // Set the storage value and emit an event for ERC-1967 compatibility
    ERC1967Utils.changeAdmin(_proxyAdmin());
  }

  /**
   * @dev Returns the admin of this proxy.
   */
  function _proxyAdmin() internal view virtual returns (address) {
    return _admin;
  }

  /**
   * @dev If caller is the admin process the call internally, otherwise transparently fallback to the proxy behavior.
   */
  function _fallback() internal virtual override {
    if (msg.sender == _proxyAdmin()) {
      if (msg.sig != ITransparentUpgradeableProxy.upgradeToAndCall.selector) {
        revert ProxyDeniedAdminAccess();
      } else {
        _dispatchUpgradeToAndCall();
      }
    } else {
      super._fallback();
    }
  }

  /**
   * @dev Upgrade the implementation of the proxy. See {ERC1967Utils-upgradeToAndCall}.
   *
   * Requirements:
   *
   * - If `data` is empty, `msg.value` must be zero.
   */
  function _dispatchUpgradeToAndCall() private {
    (address newImplementation, bytes memory data) = abi.decode(msg.data[4:], (address, bytes));
    ERC1967Utils.upgradeToAndCall(newImplementation, data);
  }
}

47% src/dependencies/openzeppelin-upgradeable/AccessManagedUpgradeable.sol

Lines covered: 17 / 36 (47%)

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.4.0) (access/manager/AccessManaged.sol)

pragma solidity ^0.8.20;

import {AuthorityUtils} from 'src/dependencies/openzeppelin/AuthorityUtils.sol';
import {IAccessManager} from 'src/dependencies/openzeppelin/IAccessManager.sol';
import {IAccessManaged} from 'src/dependencies/openzeppelin/IAccessManaged.sol';
import {ContextUpgradeable} from './ContextUpgradeable.sol';
import {Initializable} from './Initializable.sol';

/**
 * @dev This contract module makes available a {restricted} modifier. Functions decorated with this modifier will be
 * permissioned according to an "authority": a contract like {AccessManager} that follows the {IAuthority} interface,
 * implementing a policy that allows certain callers to access certain functions.
 *
 * IMPORTANT: The `restricted` modifier should never be used on `internal` functions, judiciously used in `public`
 * functions, and ideally only used in `external` functions. See {restricted}.
 */
abstract contract AccessManagedUpgradeable is Initializable, ContextUpgradeable, IAccessManaged {
  /// @custom:storage-location erc7201:openzeppelin.storage.AccessManaged
  struct AccessManagedStorage {
    address _authority;
    bool _consumingSchedule;
  }

  // keccak256(abi.encode(uint256(keccak256("openzeppelin.storage.AccessManaged")) - 1)) & ~bytes32(uint256(0xff))
  bytes32 private constant AccessManagedStorageLocation =
    0xf3177357ab46d8af007ab3fdb9af81da189e1068fefdc0073dca88a2cab40a00;

  function _getAccessManagedStorage() private pure returns (AccessManagedStorage storage $) {
    assembly {
      $.slot := AccessManagedStorageLocation
    }
  }

  /**
   * @dev Initializes the contract connected to an initial authority.
   */
  function __AccessManaged_init(address initialAuthority) internal onlyInitializing {
    __AccessManaged_init_unchained(initialAuthority);
  }

  function __AccessManaged_init_unchained(address initialAuthority) internal onlyInitializing {
    _setAuthority(initialAuthority);
  }

  /**
   * @dev Restricts access to a function as defined by the connected Authority for this contract and the
   * caller and selector of the function that entered the contract.
   *
   * [IMPORTANT]
   * ====
   * In general, this modifier should only be used on `external` functions. It is okay to use it on `public`
   * functions that are used as external entry points and are not called internally. Unless you know what you're
   * doing, it should never be used on `internal` functions. Failure to follow these rules can have critical security
   * implications! This is because the permissions are determined by the function that entered the contract, i.e. the
   * function at the bottom of the call stack, and not the function where the modifier is visible in the source code.
   * ====
   *
   * [WARNING]
   * ====
   * Avoid adding this modifier to the https://docs.soliditylang.org/en/v0.8.20/contracts.html#receive-ether-function[`receive()`]
   * function or the https://docs.soliditylang.org/en/v0.8.20/contracts.html#fallback-function[`fallback()`]. These
   * functions are the only execution paths where a function selector cannot be unambiguously determined from the calldata
   * since the selector defaults to `0x00000000` in the `receive()` function and similarly in the `fallback()` function
   * if no calldata is provided. (See {_checkCanCall}).
   *
   * The `receive()` function will always panic whereas the `fallback()` may panic depending on the calldata length.
   * ====
   */
  modifier restricted() {
    _checkCanCall(_msgSender(), _msgData());
    _;
  }

  /// @inheritdoc IAccessManaged
  function authority() public view virtual returns (address) {
    AccessManagedStorage storage $ = _getAccessManagedStorage();
    return $._authority;
  }

  /// @inheritdoc IAccessManaged
  function setAuthority(address newAuthority) public virtual {
    address caller = _msgSender();
    if (caller != authority()) {
      revert AccessManagedUnauthorized(caller);
    }
    if (newAuthority.code.length == 0) {
      revert AccessManagedInvalidAuthority(newAuthority);
    }
    _setAuthority(newAuthority);
  }

  /// @inheritdoc IAccessManaged
  function isConsumingScheduledOp() public view returns (bytes4) {
    AccessManagedStorage storage $ = _getAccessManagedStorage();
    return $._consumingSchedule ? this.isConsumingScheduledOp.selector : bytes4(0);
  }

  /**
   * @dev Transfers control to a new authority. Internal function with no access restriction. Allows bypassing the
   * permissions set by the current authority.
   */
  function _setAuthority(address newAuthority) internal virtual {
    AccessManagedStorage storage $ = _getAccessManagedStorage();
    $._authority = newAuthority;
    emit AuthorityUpdated(newAuthority);
  }

  /**
   * @dev Reverts if the caller is not allowed to call the function identified by a selector. Panics if the calldata
   * is less than 4 bytes long.
   */
  function _checkCanCall(address caller, bytes calldata data) internal virtual {
    AccessManagedStorage storage $ = _getAccessManagedStorage();
    (bool immediate, uint32 delay) = AuthorityUtils.canCallWithDelay(
      authority(),
      caller,
      address(this),
      bytes4(data[0:4])
    );
    if (!immediate) {
      if (delay > 0) {
        $._consumingSchedule = true;
        IAccessManager(authority()).consumeScheduledOp(caller, data);
        $._consumingSchedule = false;
      } else {
        revert AccessManagedUnauthorized(caller);
      }
    }
  }
}

100% src/dependencies/openzeppelin-upgradeable/ContextUpgradeable.sol

Lines covered: 3 / 3 (100%)

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.1) (utils/Context.sol)

pragma solidity ^0.8.20;
import {Initializable} from './Initializable.sol';

/**
 * @dev Provides information about the current execution context, including the
 * sender of the transaction and its data. While these are generally available
 * via msg.sender and msg.data, they should not be accessed in such a direct
 * manner, since when dealing with meta-transactions the account sending and
 * paying for execution may not be the actual sender (as far as an application
 * is concerned).
 *
 * This contract is only required for intermediate, library-like contracts.
 */
abstract contract ContextUpgradeable is Initializable {
    function __Context_init() internal onlyInitializing {
    }

    function __Context_init_unchained() internal onlyInitializing {
    }
    function _msgSender() internal view virtual returns (address) {
        return msg.sender;
    }

    function _msgData() internal view virtual returns (bytes calldata) {
        return msg.data;
    }

    function _contextSuffixLength() internal view virtual returns (uint256) {
        return 0;
    }
}

0% src/dependencies/openzeppelin-upgradeable/Initializable.sol

Lines covered: 0 / 24 (0%)

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.3.0) (proxy/utils/Initializable.sol)

pragma solidity ^0.8.20;

/**
 * @dev This is a base contract to aid in writing upgradeable contracts, or any kind of contract that will be deployed
 * behind a proxy. Since proxied contracts do not make use of a constructor, it's common to move constructor logic to an
 * external initializer function, usually called `initialize`. It then becomes necessary to protect this initializer
 * function so it can only be called once. The {initializer} modifier provided by this contract will have this effect.
 *
 * The initialization functions use a version number. Once a version number is used, it is consumed and cannot be
 * reused. This mechanism prevents re-execution of each "step" but allows the creation of new initialization steps in
 * case an upgrade adds a module that needs to be initialized.
 *
 * For example:
 *
 * [.hljs-theme-light.nopadding]
 * ```solidity
 * contract MyToken is ERC20Upgradeable {
 *     function initialize() initializer public {
 *         __ERC20_init("MyToken", "MTK");
 *     }
 * }
 *
 * contract MyTokenV2 is MyToken, ERC20PermitUpgradeable {
 *     function initializeV2() reinitializer(2) public {
 *         __ERC20Permit_init("MyToken");
 *     }
 * }
 * ```
 *
 * TIP: To avoid leaving the proxy in an uninitialized state, the initializer function should be called as early as
 * possible by providing the encoded function call as the `_data` argument to {ERC1967Proxy-constructor}.
 *
 * CAUTION: When used with inheritance, manual care must be taken to not invoke a parent initializer twice, or to ensure
 * that all initializers are idempotent. This is not verified automatically as constructors are by Solidity.
 *
 * [CAUTION]
 * ====
 * Avoid leaving a contract uninitialized.
 *
 * An uninitialized contract can be taken over by an attacker. This applies to both a proxy and its implementation
 * contract, which may impact the proxy. To prevent the implementation contract from being used, you should invoke
 * the {_disableInitializers} function in the constructor to automatically lock it when it is deployed:
 *
 * [.hljs-theme-light.nopadding]
 * ```
 * /// @custom:oz-upgrades-unsafe-allow constructor
 * constructor() {
 *     _disableInitializers();
 * }
 * ```
 * ====
 */
abstract contract Initializable {
  /**
   * @dev Storage of the initializable contract.
   *
   * It's implemented on a custom ERC-7201 namespace to reduce the risk of storage collisions
   * when using with upgradeable contracts.
   *
   * @custom:storage-location erc7201:openzeppelin.storage.Initializable
   */
  struct InitializableStorage {
    /**
     * @dev Indicates that the contract has been initialized.
     */
    uint64 _initialized;
    /**
     * @dev Indicates that the contract is in the process of being initialized.
     */
    bool _initializing;
  }

  // keccak256(abi.encode(uint256(keccak256("openzeppelin.storage.Initializable")) - 1)) & ~bytes32(uint256(0xff))
  bytes32 private constant INITIALIZABLE_STORAGE =
    0xf0c57e16840df040f15088dc2f81fe391c3923bec73e23a9662efc9c229c6a00;

  /**
   * @dev The contract is already initialized.
   */
  error InvalidInitialization();

  /**
   * @dev The contract is not initializing.
   */
  error NotInitializing();

  /**
   * @dev Triggered when the contract has been initialized or reinitialized.
   */
  event Initialized(uint64 version);

  /**
   * @dev A modifier that defines a protected initializer function that can be invoked at most once. In its scope,
   * `onlyInitializing` functions can be used to initialize parent contracts.
   *
   * Similar to `reinitializer(1)`, except that in the context of a constructor an `initializer` may be invoked any
   * number of times. This behavior in the constructor can be useful during testing and is not expected to be used in
   * production.
   *
   * Emits an {Initialized} event.
   */
  modifier initializer() {
    // solhint-disable-next-line var-name-mixedcase
    InitializableStorage storage $ = _getInitializableStorage();

    // Cache values to avoid duplicated sloads
    bool isTopLevelCall = !$._initializing;
    uint64 initialized = $._initialized;

    // Allowed calls:
    // - initialSetup: the contract is not in the initializing state and no previous version was
    //                 initialized
    // - construction: the contract is initialized at version 1 (no reinitialization) and the
    //                 current contract is just being deployed
    bool initialSetup = initialized == 0 && isTopLevelCall;
    bool construction = initialized == 1 && address(this).code.length == 0;

    if (!initialSetup && !construction) {
      revert InvalidInitialization();
    }
    $._initialized = 1;
    if (isTopLevelCall) {
      $._initializing = true;
    }
    _;
    if (isTopLevelCall) {
      $._initializing = false;
      emit Initialized(1);
    }
  }

  /**
   * @dev A modifier that defines a protected reinitializer function that can be invoked at most once, and only if the
   * contract hasn't been initialized to a greater version before. In its scope, `onlyInitializing` functions can be
   * used to initialize parent contracts.
   *
   * A reinitializer may be used after the original initialization step. This is essential to configure modules that
   * are added through upgrades and that require initialization.
   *
   * When `version` is 1, this modifier is similar to `initializer`, except that functions marked with `reinitializer`
   * cannot be nested. If one is invoked in the context of another, execution will revert.
   *
   * Note that versions can jump in increments greater than 1; this implies that if multiple reinitializers coexist in
   * a contract, executing them in the right order is up to the developer or operator.
   *
   * WARNING: Setting the version to 2**64 - 1 will prevent any future reinitialization.
   *
   * Emits an {Initialized} event.
   */
  modifier reinitializer(uint64 version) {
    // solhint-disable-next-line var-name-mixedcase
    InitializableStorage storage $ = _getInitializableStorage();

    if ($._initializing || $._initialized >= version) {
      revert InvalidInitialization();
    }
    $._initialized = version;
    $._initializing = true;
    _;
    $._initializing = false;
    emit Initialized(version);
  }

  /**
   * @dev Modifier to protect an initialization function so that it can only be invoked by functions with the
   * {initializer} and {reinitializer} modifiers, directly or indirectly.
   */
  modifier onlyInitializing() {
    _checkInitializing();
    _;
  }

  /**
   * @dev Reverts if the contract is not in an initializing state. See {onlyInitializing}.
   */
  function _checkInitializing() internal view virtual {
    if (!_isInitializing()) {
      revert NotInitializing();
    }
  }

  /**
   * @dev Locks the contract, preventing any future reinitialization. This cannot be part of an initializer call.
   * Calling this in the constructor of a contract will prevent that contract from being initialized or reinitialized
   * to any version. It is recommended to use this to lock implementation contracts that are designed to be called
   * through proxies.
   *
   * Emits an {Initialized} event the first time it is successfully executed.
   */
  function _disableInitializers() internal virtual {
    // solhint-disable-next-line var-name-mixedcase
    InitializableStorage storage $ = _getInitializableStorage();

    if ($._initializing) {
      revert InvalidInitialization();
    }
    if ($._initialized != type(uint64).max) {
      $._initialized = type(uint64).max;
      emit Initialized(type(uint64).max);
    }
  }

  /**
   * @dev Returns the highest version that has been initialized. See {reinitializer}.
   */
  function _getInitializedVersion() internal view returns (uint64) {
    return _getInitializableStorage()._initialized;
  }

  /**
   * @dev Returns `true` if the contract is currently initializing. See {onlyInitializing}.
   */
  function _isInitializing() internal view returns (bool) {
    return _getInitializableStorage()._initializing;
  }

  /**
   * @dev Pointer to storage slot. Allows integrators to override it with a custom storage location.
   *
   * NOTE: Consider following the ERC-7201 formula to derive storage locations.
   */
  function _initializableStorageSlot() internal pure virtual returns (bytes32) {
    return INITIALIZABLE_STORAGE;
  }

  /**
   * @dev Returns a pointer to the storage namespace.
   */
  // solhint-disable-next-line var-name-mixedcase
  function _getInitializableStorage() private pure returns (InitializableStorage storage $) {
    bytes32 slot = _initializableStorageSlot();
    assembly {
      $.slot := slot
    }
  }
}

34% src/dependencies/solady/EIP712.sol

Lines covered: 16 / 47 (34%)

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.4;

/// @notice Contract for EIP-712 typed structured data hashing and signing.
/// @author Solady (https://github.com/vectorized/solady/blob/main/src/utils/EIP712.sol)
/// @author Modified from Solbase (https://github.com/Sol-DAO/solbase/blob/main/src/utils/EIP712.sol)
/// @author Modified from OpenZeppelin (https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/utils/cryptography/EIP712.sol)
///
/// @dev Note, this implementation:
/// - Uses `address(this)` for the `verifyingContract` field.
/// - Does NOT use the optional EIP-712 salt.
/// - Does NOT use any EIP-712 extensions.
/// This is for simplicity and to save gas.
/// If you need to customize, please fork / modify accordingly.
abstract contract EIP712 {
  /*´:°•.°+.*•´.*:˚.°*.˚•´.°:°•.°•.*•´.*:˚.°*.˚•´.°:°•.°+.*•´.*:*/
  /*                  CONSTANTS AND IMMUTABLES                  */
  /*.•°:°.´+˚.*°.˚:*.´•*.+°.•°:´*.´•*.•°.•°:°.´:•˚°.*°.˚:*.´+°.•*/

  /// @dev `keccak256("EIP712Domain(string name,string version,uint256 chainId,address verifyingContract)")`.
  bytes32 internal constant _DOMAIN_TYPEHASH =
    0x8b73c3c69bb8fe3d512ecc4cf759cc79239f7b179b0ffacaa9a75d522b39400f;

  uint256 private immutable _cachedThis;
  uint256 private immutable _cachedChainId;
  bytes32 private immutable _cachedNameHash;
  bytes32 private immutable _cachedVersionHash;
  bytes32 private immutable _cachedDomainSeparator;

  /*´:°•.°+.*•´.*:˚.°*.˚•´.°:°•.°•.*•´.*:˚.°*.˚•´.°:°•.°+.*•´.*:*/
  /*                        CONSTRUCTOR                         */
  /*.•°:°.´+˚.*°.˚:*.´•*.+°.•°:´*.´•*.•°.•°:°.´:•˚°.*°.˚:*.´+°.•*/

  /// @dev Cache the hashes for cheaper runtime gas costs.
  /// In the case of upgradeable contracts (i.e. proxies),
  /// or if the chain id changes due to a hard fork,
  /// the domain separator will be seamlessly calculated on-the-fly.
  constructor() {
    _cachedThis = uint256(uint160(address(this)));
    _cachedChainId = block.chainid;

    string memory name;
    string memory version;
    if (!_domainNameAndVersionMayChange()) (name, version) = _domainNameAndVersion();
    bytes32 nameHash = _domainNameAndVersionMayChange() ? bytes32(0) : keccak256(bytes(name));
    bytes32 versionHash = _domainNameAndVersionMayChange() ? bytes32(0) : keccak256(bytes(version));
    _cachedNameHash = nameHash;
    _cachedVersionHash = versionHash;

    bytes32 separator;
    if (!_domainNameAndVersionMayChange()) {
      /// @solidity memory-safe-assembly
      assembly {
        let m := mload(0x40) // Load the free memory pointer.
        mstore(m, _DOMAIN_TYPEHASH)
        mstore(add(m, 0x20), nameHash)
        mstore(add(m, 0x40), versionHash)
        mstore(add(m, 0x60), chainid())
        mstore(add(m, 0x80), address())
        separator := keccak256(m, 0xa0)
      }
    }
    _cachedDomainSeparator = separator;
  }

  /*´:°•.°+.*•´.*:˚.°*.˚•´.°:°•.°•.*•´.*:˚.°*.˚•´.°:°•.°+.*•´.*:*/
  /*                   FUNCTIONS TO OVERRIDE                    */
  /*.•°:°.´+˚.*°.˚:*.´•*.+°.•°:´*.´•*.•°.•°:°.´:•˚°.*°.˚:*.´+°.•*/

  /// @dev Please override this function to return the domain name and version.
  /// ```
  ///     function _domainNameAndVersion()
  ///         internal
  ///         pure
  ///         virtual
  ///         returns (string memory name, string memory version)
  ///     {
  ///         name = "Solady";
  ///         version = "1";
  ///     }
  /// ```
  ///
  /// Note: If the returned result may change after the contract has been deployed,
  /// you must override `_domainNameAndVersionMayChange()` to return true.
  function _domainNameAndVersion()
    internal
    view
    virtual
    returns (string memory name, string memory version);

  /// @dev Returns if `_domainNameAndVersion()` may change
  /// after the contract has been deployed (i.e. after the constructor).
  /// Default: false.
  function _domainNameAndVersionMayChange() internal pure virtual returns (bool result) {}

  /*´:°•.°+.*•´.*:˚.°*.˚•´.°:°•.°•.*•´.*:˚.°*.˚•´.°:°•.°+.*•´.*:*/
  /*                     HASHING OPERATIONS                     */
  /*.•°:°.´+˚.*°.˚:*.´•*.+°.•°:´*.´•*.•°.•°:°.´:•˚°.*°.˚:*.´+°.•*/

  /// @dev Returns the EIP-712 domain separator.
  function _domainSeparator() internal view virtual returns (bytes32 separator) {
    if (_domainNameAndVersionMayChange()) {
      separator = _buildDomainSeparator();
    } else {
      separator = _cachedDomainSeparator;
      if (_cachedDomainSeparatorInvalidated()) separator = _buildDomainSeparator();
    }
  }

  /// @dev Returns the hash of the fully encoded EIP-712 message for this domain,
  /// given `structHash`, as defined in
  /// https://eips.ethereum.org/EIPS/eip-712#definition-of-hashstruct.
  ///
  /// The hash can be used together with {ECDSA-recover} to obtain the signer of a message:
  /// ```
  ///     bytes32 digest = _hashTypedData(keccak256(abi.encode(
  ///         keccak256("Mail(address to,string contents)"),
  ///         mailTo,
  ///         keccak256(bytes(mailContents))
  ///     )));
  ///     address signer = ECDSA.recover(digest, signature);
  /// ```
  function _hashTypedData(bytes32 structHash) internal view virtual returns (bytes32 digest) {
    // We will use `digest` to store the domain separator to save a bit of gas.
    if (_domainNameAndVersionMayChange()) {
      digest = _buildDomainSeparator();
    } else {
      digest = _cachedDomainSeparator;
      if (_cachedDomainSeparatorInvalidated()) digest = _buildDomainSeparator();
    }
    /// @solidity memory-safe-assembly
    assembly {
      // Compute the digest.
      mstore(0x00, 0x1901000000000000) // Store "\x19\x01".
      mstore(0x1a, digest) // Store the domain separator.
      mstore(0x3a, structHash) // Store the struct hash.
      digest := keccak256(0x18, 0x42)
      // Restore the part of the free memory slot that was overwritten.
      mstore(0x3a, 0)
    }
  }

  /*´:°•.°+.*•´.*:˚.°*.˚•´.°:°•.°•.*•´.*:˚.°*.˚•´.°:°•.°+.*•´.*:*/
  /*                    EIP-5267 OPERATIONS                     */
  /*.•°:°.´+˚.*°.˚:*.´•*.+°.•°:´*.´•*.•°.•°:°.´:•˚°.*°.˚:*.´+°.•*/

  /// @dev See: https://eips.ethereum.org/EIPS/eip-5267
  function eip712Domain()
    public
    view
    virtual
    returns (
      bytes1 fields,
      string memory name,
      string memory version,
      uint256 chainId,
      address verifyingContract,
      bytes32 salt,
      uint256[] memory extensions
    )
  {
    fields = hex'0f'; // `0b01111`.
    (name, version) = _domainNameAndVersion();
    chainId = block.chainid;
    verifyingContract = address(this);
    salt = salt; // `bytes32(0)`.
    extensions = extensions; // `new uint256[](0)`.
  }

  /*´:°•.°+.*•´.*:˚.°*.˚•´.°:°•.°•.*•´.*:˚.°*.˚•´.°:°•.°+.*•´.*:*/
  /*                      PRIVATE HELPERS                       */
  /*.•°:°.´+˚.*°.˚:*.´•*.+°.•°:´*.´•*.•°.•°:°.´:•˚°.*°.˚:*.´+°.•*/

  /// @dev Returns the EIP-712 domain separator.
  function _buildDomainSeparator() private view returns (bytes32 separator) {
    // We will use `separator` to store the name hash to save a bit of gas.
    bytes32 versionHash;
    if (_domainNameAndVersionMayChange()) {
      (string memory name, string memory version) = _domainNameAndVersion();
      separator = keccak256(bytes(name));
      versionHash = keccak256(bytes(version));
    } else {
      separator = _cachedNameHash;
      versionHash = _cachedVersionHash;
    }
    /// @solidity memory-safe-assembly
    assembly {
      let m := mload(0x40) // Load the free memory pointer.
      mstore(m, _DOMAIN_TYPEHASH)
      mstore(add(m, 0x20), separator) // Name hash.
      mstore(add(m, 0x40), versionHash)
      mstore(add(m, 0x60), chainid())
      mstore(add(m, 0x80), address())
      separator := keccak256(m, 0xa0)
    }
  }

  /// @dev Returns if the cached domain separator has been invalidated.
  function _cachedDomainSeparatorInvalidated() private view returns (bool result) {
    uint256 cachedChainId = _cachedChainId;
    uint256 cachedThis = _cachedThis;
    /// @solidity memory-safe-assembly
    assembly {
      result := iszero(and(eq(chainid(), cachedChainId), eq(address(), cachedThis)))
    }
  }
}

94% src/dependencies/solady/LibBit.sol

Lines covered: 16 / 17 (94%)

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.4;

// trimmed https://github.com/Vectorized/solady/blob/ba711c9fa6a2dc7b2b7707f7fe136b5133379c03/src/utils/LibBit.sol

/// @notice Library for bit twiddling and boolean operations.
/// @author Solady (https://github.com/vectorized/solady/blob/main/src/utils/LibBit.sol)
/// @author Inspired by (https://graphics.stanford.edu/~seander/bithacks.html)
library LibBit {
  /// @dev Returns the number of set bits in `x`.
  function popCount(uint256 x) internal pure returns (uint256 c) {
    /// @solidity memory-safe-assembly
    assembly {
      let max := not(0)
      let isMax := eq(x, max)
      x := sub(x, and(shr(1, x), div(max, 3)))
      x := add(and(x, div(max, 5)), and(shr(2, x), div(max, 5)))
      x := and(add(x, shr(4, x)), div(max, 17))
      c := or(shl(8, isMax), shr(248, mul(x, div(max, 255))))
    }
  }

  /// @dev Find last set.
  /// Returns the index of the most significant bit of `x`,
  /// counting from the least significant bit position.
  /// If `x` is zero, returns 256.
  function fls(uint256 x) internal pure returns (uint256 r) {
    /// @solidity memory-safe-assembly
    assembly {
      r := or(shl(8, iszero(x)), shl(7, lt(0xffffffffffffffffffffffffffffffff, x)))
      r := or(r, shl(6, lt(0xffffffffffffffff, shr(r, x))))
      r := or(r, shl(5, lt(0xffffffff, shr(r, x))))
      r := or(r, shl(4, lt(0xffff, shr(r, x))))
      r := or(r, shl(3, lt(0xff, shr(r, x))))
      // forgefmt: disable-next-item
      r := or(
        r,
        byte(
          and(0x1f, shr(shr(r, x), 0x8421084210842108cc6318c6db6d54be)),
          0x0706060506020504060203020504030106050205030304010505030400000000
        )
      )
    }
  }
}

56% src/dependencies/weth/WETH9.sol

Lines covered: 18 / 32 (56%)

// Copyright (C) 2015, 2016, 2017 Dapphub

// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.

// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
// GNU General Public License for more details.

// You should have received a copy of the GNU General Public License
// along with this program.  If not, see <http://www.gnu.org/licenses/>.

pragma solidity ^0.8.20;

contract WETH9 {
  string public name = 'Wrapped Ether';
  string public symbol = 'WETH';
  uint8 public decimals = 18;

  event Approval(address indexed src, address indexed guy, uint256 wad);
  event Transfer(address indexed src, address indexed dst, uint256 wad);
  event Deposit(address indexed dst, uint256 wad);
  event Withdrawal(address indexed src, uint256 wad);

  mapping(address => uint256) public balanceOf;
  mapping(address => mapping(address => uint256)) public allowance;

  error InsufficientBalance();
  error InsufficientAllowance();

  receive() external payable {
    deposit();
  }

  function deposit() public payable {
    balanceOf[msg.sender] += msg.value;
    emit Deposit(msg.sender, msg.value);
  }

  function withdraw(uint256 wad) public {
    require(balanceOf[msg.sender] >= wad);
    balanceOf[msg.sender] -= wad;
    payable(msg.sender).transfer(wad);
    emit Withdrawal(msg.sender, wad);
  }

  function totalSupply() public view returns (uint256) {
    return address(this).balance;
  }

  function approve(address guy, uint256 wad) public returns (bool) {
    allowance[msg.sender][guy] = wad;
    emit Approval(msg.sender, guy, wad);
    return true;
  }

  function transfer(address dst, uint256 wad) public returns (bool) {
    return transferFrom(msg.sender, dst, wad);
  }

  function transferFrom(address src, address dst, uint256 wad) public returns (bool) {
    require(balanceOf[src] >= wad, InsufficientBalance());

    if (src != msg.sender && allowance[src][msg.sender] != type(uint256).max) {
      require(allowance[src][msg.sender] >= wad, InsufficientAllowance());
      allowance[src][msg.sender] -= wad;
    }

    balanceOf[src] -= wad;
    balanceOf[dst] += wad;

    emit Transfer(src, dst, wad);

    return true;
  }
}

/*
                    GNU GENERAL PUBLIC LICENSE
                       Version 3, 29 June 2007

 Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
 Everyone is permitted to copy and distribute verbatim copies
 of this license document, but changing it is not allowed.

                            Preamble

  The GNU General Public License is a free, copyleft license for
software and other kinds of works.

  The licenses for most software and other practical works are designed
to take away your freedom to share and change the works.  By contrast,
the GNU General Public License is intended to guarantee your freedom to
share and change all versions of a program--to make sure it remains free
software for all its users.  We, the Free Software Foundation, use the
GNU General Public License for most of our software; it applies also to
any other work released this way by its authors.  You can apply it to
your programs, too.

  When we speak of free software, we are referring to freedom, not
price.  Our General Public Licenses are designed to make sure that you
have the freedom to distribute copies of free software (and charge for
them if you wish), that you receive source code or can get it if you
want it, that you can change the software or use pieces of it in new
free programs, and that you know you can do these things.

  To protect your rights, we need to prevent others from denying you
these rights or asking you to surrender the rights.  Therefore, you have
certain responsibilities if you distribute copies of the software, or if
you modify it: responsibilities to respect the freedom of others.

  For example, if you distribute copies of such a program, whether
gratis or for a fee, you must pass on to the recipients the same
freedoms that you received.  You must make sure that they, too, receive
or can get the source code.  And you must show them these terms so they
know their rights.

  Developers that use the GNU GPL protect your rights with two steps:
(1) assert copyright on the software, and (2) offer you this License
giving you legal permission to copy, distribute and/or modify it.

  For the developers' and authors' protection, the GPL clearly explains
that there is no warranty for this free software.  For both users' and
authors' sake, the GPL requires that modified versions be marked as
changed, so that their problems will not be attributed erroneously to
authors of previous versions.

  Some devices are designed to deny users access to install or run
modified versions of the software inside them, although the manufacturer
can do so.  This is fundamentally incompatible with the aim of
protecting users' freedom to change the software.  The systematic
pattern of such abuse occurs in the area of products for individuals to
use, which is precisely where it is most unacceptable.  Therefore, we
have designed this version of the GPL to prohibit the practice for those
products.  If such problems arise substantially in other domains, we
stand ready to extend this provision to those domains in future versions
of the GPL, as needed to protect the freedom of users.

  Finally, every program is threatened constantly by software patents.
States should not allow patents to restrict development and use of
software on general-purpose computers, but in those that do, we wish to
avoid the special danger that patents applied to a free program could
make it effectively proprietary.  To prevent this, the GPL assures that
patents cannot be used to render the program non-free.

  The precise terms and conditions for copying, distribution and
modification follow.

                       TERMS AND CONDITIONS

  0. Definitions.

  "This License" refers to version 3 of the GNU General Public License.

  "Copyright" also means copyright-like laws that apply to other kinds of
works, such as semiconductor masks.

  "The Program" refers to any copyrightable work licensed under this
License.  Each licensee is addressed as "you".  "Licensees" and
"recipients" may be individuals or organizations.

  To "modify" a work means to copy from or adapt all or part of the work
in a fashion requiring copyright permission, other than the making of an
exact copy.  The resulting work is called a "modified version" of the
earlier work or a work "based on" the earlier work.

  A "covered work" means either the unmodified Program or a work based
on the Program.

  To "propagate" a work means to do anything with it that, without
permission, would make you directly or secondarily liable for
infringement under applicable copyright law, except executing it on a
computer or modifying a private copy.  Propagation includes copying,
distribution (with or without modification), making available to the
public, and in some countries other activities as well.

  To "convey" a work means any kind of propagation that enables other
parties to make or receive copies.  Mere interaction with a user through
a computer network, with no transfer of a copy, is not conveying.

  An interactive user interface displays "Appropriate Legal Notices"
to the extent that it includes a convenient and prominently visible
feature that (1) displays an appropriate copyright notice, and (2)
tells the user that there is no warranty for the work (except to the
extent that warranties are provided), that licensees may convey the
work under this License, and how to view a copy of this License.  If
the interface presents a list of user commands or options, such as a
menu, a prominent item in the list meets this criterion.

  1. Source Code.

  The "source code" for a work means the preferred form of the work
for making modifications to it.  "Object code" means any non-source
form of a work.

  A "Standard Interface" means an interface that either is an official
standard defined by a recognized standards body, or, in the case of
interfaces specified for a particular programming language, one that
is widely used among developers working in that language.

  The "System Libraries" of an executable work include anything, other
than the work as a whole, that (a) is included in the normal form of
packaging a Major Component, but which is not part of that Major
Component, and (b) serves only to enable use of the work with that
Major Component, or to implement a Standard Interface for which an
implementation is available to the public in source code form.  A
"Major Component", in this context, means a major essential component
(kernel, window system, and so on) of the specific operating system
(if any) on which the executable work runs, or a compiler used to
produce the work, or an object code interpreter used to run it.

  The "Corresponding Source" for a work in object code form means all
the source code needed to generate, install, and (for an executable
work) run the object code and to modify the work, including scripts to
control those activities.  However, it does not include the work's
System Libraries, or general-purpose tools or generally available free
programs which are used unmodified in performing those activities but
which are not part of the work.  For example, Corresponding Source
includes interface definition files associated with source files for
the work, and the source code for shared libraries and dynamically
linked subprograms that the work is specifically designed to require,
such as by intimate data communication or control flow between those
subprograms and other parts of the work.

  The Corresponding Source need not include anything that users
can regenerate automatically from other parts of the Corresponding
Source.

  The Corresponding Source for a work in source code form is that
same work.

  2. Basic Permissions.

  All rights granted under this License are granted for the term of
copyright on the Program, and are irrevocable provided the stated
conditions are met.  This License explicitly affirms your unlimited
permission to run the unmodified Program.  The output from running a
covered work is covered by this License only if the output, given its
content, constitutes a covered work.  This License acknowledges your
rights of fair use or other equivalent, as provided by copyright law.

  You may make, run and propagate covered works that you do not
convey, without conditions so long as your license otherwise remains
in force.  You may convey covered works to others for the sole purpose
of having them make modifications exclusively for you, or provide you
with facilities for running those works, provided that you comply with
the terms of this License in conveying all material for which you do
not control copyright.  Those thus making or running the covered works
for you must do so exclusively on your behalf, under your direction
and control, on terms that prohibit them from making any copies of
your copyrighted material outside their relationship with you.

  Conveying under any other circumstances is permitted solely under
the conditions stated below.  Sublicensing is not allowed; section 10
makes it unnecessary.

  3. Protecting Users' Legal Rights From Anti-Circumvention Law.

  No covered work shall be deemed part of an effective technological
measure under any applicable law fulfilling obligations under article
11 of the WIPO copyright treaty adopted on 20 December 1996, or
similar laws prohibiting or restricting circumvention of such
measures.

  When you convey a covered work, you waive any legal power to forbid
circumvention of technological measures to the extent such circumvention
is effected by exercising rights under this License with respect to
the covered work, and you disclaim any intention to limit operation or
modification of the work as a means of enforcing, against the work's
users, your or third parties' legal rights to forbid circumvention of
technological measures.

  4. Conveying Verbatim Copies.

  You may convey verbatim copies of the Program's source code as you
receive it, in any medium, provided that you conspicuously and
appropriately publish on each copy an appropriate copyright notice;
keep intact all notices stating that this License and any
non-permissive terms added in accord with section 7 apply to the code;
keep intact all notices of the absence of any warranty; and give all
recipients a copy of this License along with the Program.

  You may charge any price or no price for each copy that you convey,
and you may offer support or warranty protection for a fee.

  5. Conveying Modified Source Versions.

  You may convey a work based on the Program, or the modifications to
produce it from the Program, in the form of source code under the
terms of section 4, provided that you also meet all of these conditions:

    a) The work must carry prominent notices stating that you modified
    it, and giving a relevant date.

    b) The work must carry prominent notices stating that it is
    released under this License and any conditions added under section
    7.  This requirement modifies the requirement in section 4 to
    "keep intact all notices".

    c) You must license the entire work, as a whole, under this
    License to anyone who comes into possession of a copy.  This
    License will therefore apply, along with any applicable section 7
    additional terms, to the whole of the work, and all its parts,
    regardless of how they are packaged.  This License gives no
    permission to license the work in any other way, but it does not
    invalidate such permission if you have separately received it.

    d) If the work has interactive user interfaces, each must display
    Appropriate Legal Notices; however, if the Program has interactive
    interfaces that do not display Appropriate Legal Notices, your
    work need not make them do so.

  A compilation of a covered work with other separate and independent
works, which are not by their nature extensions of the covered work,
and which are not combined with it such as to form a larger program,
in or on a volume of a storage or distribution medium, is called an
"aggregate" if the compilation and its resulting copyright are not
used to limit the access or legal rights of the compilation's users
beyond what the individual works permit.  Inclusion of a covered work
in an aggregate does not cause this License to apply to the other
parts of the aggregate.

  6. Conveying Non-Source Forms.

  You may convey a covered work in object code form under the terms
of sections 4 and 5, provided that you also convey the
machine-readable Corresponding Source under the terms of this License,
in one of these ways:

    a) Convey the object code in, or embodied in, a physical product
    (including a physical distribution medium), accompanied by the
    Corresponding Source fixed on a durable physical medium
    customarily used for software interchange.

    b) Convey the object code in, or embodied in, a physical product
    (including a physical distribution medium), accompanied by a
    written offer, valid for at least three years and valid for as
    long as you offer spare parts or customer support for that product
    model, to give anyone who possesses the object code either (1) a
    copy of the Corresponding Source for all the software in the
    product that is covered by this License, on a durable physical
    medium customarily used for software interchange, for a price no
    more than your reasonable cost of physically performing this
    conveying of source, or (2) access to copy the
    Corresponding Source from a network server at no charge.

    c) Convey individual copies of the object code with a copy of the
    written offer to provide the Corresponding Source.  This
    alternative is allowed only occasionally and noncommercially, and
    only if you received the object code with such an offer, in accord
    with subsection 6b.

    d) Convey the object code by offering access from a designated
    place (gratis or for a charge), and offer equivalent access to the
    Corresponding Source in the same way through the same place at no
    further charge.  You need not require recipients to copy the
    Corresponding Source along with the object code.  If the place to
    copy the object code is a network server, the Corresponding Source
    may be on a different server (operated by you or a third party)
    that supports equivalent copying facilities, provided you maintain
    clear directions next to the object code saying where to find the
    Corresponding Source.  Regardless of what server hosts the
    Corresponding Source, you remain obligated to ensure that it is
    available for as long as needed to satisfy these requirements.

    e) Convey the object code using peer-to-peer transmission, provided
    you inform other peers where the object code and Corresponding
    Source of the work are being offered to the general public at no
    charge under subsection 6d.

  A separable portion of the object code, whose source code is excluded
from the Corresponding Source as a System Library, need not be
included in conveying the object code work.

  A "User Product" is either (1) a "consumer product", which means any
tangible personal property which is normally used for personal, family,
or household purposes, or (2) anything designed or sold for incorporation
into a dwelling.  In determining whether a product is a consumer product,
doubtful cases shall be resolved in favor of coverage.  For a particular
product received by a particular user, "normally used" refers to a
typical or common use of that class of product, regardless of the status
of the particular user or of the way in which the particular user
actually uses, or expects or is expected to use, the product.  A product
is a consumer product regardless of whether the product has substantial
commercial, industrial or non-consumer uses, unless such uses represent
the only significant mode of use of the product.

  "Installation Information" for a User Product means any methods,
procedures, authorization keys, or other information required to install
and execute modified versions of a covered work in that User Product from
a modified version of its Corresponding Source.  The information must
suffice to ensure that the continued functioning of the modified object
code is in no case prevented or interfered with solely because
modification has been made.

  If you convey an object code work under this section in, or with, or
specifically for use in, a User Product, and the conveying occurs as
part of a transaction in which the right of possession and use of the
User Product is transferred to the recipient in perpetuity or for a
fixed term (regardless of how the transaction is characterized), the
Corresponding Source conveyed under this section must be accompanied
by the Installation Information.  But this requirement does not apply
if neither you nor any third party retains the ability to install
modified object code on the User Product (for example, the work has
been installed in ROM).

  The requirement to provide Installation Information does not include a
requirement to continue to provide support service, warranty, or updates
for a work that has been modified or installed by the recipient, or for
the User Product in which it has been modified or installed.  Access to a
network may be denied when the modification itself materially and
adversely affects the operation of the network or violates the rules and
protocols for communication across the network.

  Corresponding Source conveyed, and Installation Information provided,
in accord with this section must be in a format that is publicly
documented (and with an implementation available to the public in
source code form), and must require no special password or key for
unpacking, reading or copying.

  7. Additional Terms.

  "Additional permissions" are terms that supplement the terms of this
License by making exceptions from one or more of its conditions.
Additional permissions that are applicable to the entire Program shall
be treated as though they were included in this License, to the extent
that they are valid under applicable law.  If additional permissions
apply only to part of the Program, that part may be used separately
under those permissions, but the entire Program remains governed by
this License without regard to the additional permissions.

  When you convey a copy of a covered work, you may at your option
remove any additional permissions from that copy, or from any part of
it.  (Additional permissions may be written to require their own
removal in certain cases when you modify the work.)  You may place
additional permissions on material, added by you to a covered work,
for which you have or can give appropriate copyright permission.

  Notwithstanding any other provision of this License, for material you
add to a covered work, you may (if authorized by the copyright holders of
that material) supplement the terms of this License with terms:

    a) Disclaiming warranty or limiting liability differently from the
    terms of sections 15 and 16 of this License; or

    b) Requiring preservation of specified reasonable legal notices or
    author attributions in that material or in the Appropriate Legal
    Notices displayed by works containing it; or

    c) Prohibiting misrepresentation of the origin of that material, or
    requiring that modified versions of such material be marked in
    reasonable ways as different from the original version; or

    d) Limiting the use for publicity purposes of names of licensors or
    authors of the material; or

    e) Declining to grant rights under trademark law for use of some
    trade names, trademarks, or service marks; or

    f) Requiring indemnification of licensors and authors of that
    material by anyone who conveys the material (or modified versions of
    it) with contractual assumptions of liability to the recipient, for
    any liability that these contractual assumptions directly impose on
    those licensors and authors.

  All other non-permissive additional terms are considered "further
restrictions" within the meaning of section 10.  If the Program as you
received it, or any part of it, contains a notice stating that it is
governed by this License along with a term that is a further
restriction, you may remove that term.  If a license document contains
a further restriction but permits relicensing or conveying under this
License, you may add to a covered work material governed by the terms
of that license document, provided that the further restriction does
not survive such relicensing or conveying.

  If you add terms to a covered work in accord with this section, you
must place, in the relevant source files, a statement of the
additional terms that apply to those files, or a notice indicating
where to find the applicable terms.

  Additional terms, permissive or non-permissive, may be stated in the
form of a separately written license, or stated as exceptions;
the above requirements apply either way.

  8. Termination.

  You may not propagate or modify a covered work except as expressly
provided under this License.  Any attempt otherwise to propagate or
modify it is void, and will automatically terminate your rights under
this License (including any patent licenses granted under the third
paragraph of section 11).

  However, if you cease all violation of this License, then your
license from a particular copyright holder is reinstated (a)
provisionally, unless and until the copyright holder explicitly and
finally terminates your license, and (b) permanently, if the copyright
holder fails to notify you of the violation by some reasonable means
prior to 60 days after the cessation.

  Moreover, your license from a particular copyright holder is
reinstated permanently if the copyright holder notifies you of the
violation by some reasonable means, this is the first time you have
received notice of violation of this License (for any work) from that
copyright holder, and you cure the violation prior to 30 days after
your receipt of the notice.

  Termination of your rights under this section does not terminate the
licenses of parties who have received copies or rights from you under
this License.  If your rights have been terminated and not permanently
reinstated, you do not qualify to receive new licenses for the same
material under section 10.

  9. Acceptance Not Required for Having Copies.

  You are not required to accept this License in order to receive or
run a copy of the Program.  Ancillary propagation of a covered work
occurring solely as a consequence of using peer-to-peer transmission
to receive a copy likewise does not require acceptance.  However,
nothing other than this License grants you permission to propagate or
modify any covered work.  These actions infringe copyright if you do
not accept this License.  Therefore, by modifying or propagating a
covered work, you indicate your acceptance of this License to do so.

  10. Automatic Licensing of Downstream Recipients.

  Each time you convey a covered work, the recipient automatically
receives a license from the original licensors, to run, modify and
propagate that work, subject to this License.  You are not responsible
for enforcing compliance by third parties with this License.

  An "entity transaction" is a transaction transferring control of an
organization, or substantially all assets of one, or subdividing an
organization, or merging organizations.  If propagation of a covered
work results from an entity transaction, each party to that
transaction who receives a copy of the work also receives whatever
licenses to the work the party's predecessor in interest had or could
give under the previous paragraph, plus a right to possession of the
Corresponding Source of the work from the predecessor in interest, if
the predecessor has it or can get it with reasonable efforts.

  You may not impose any further restrictions on the exercise of the
rights granted or affirmed under this License.  For example, you may
not impose a license fee, royalty, or other charge for exercise of
rights granted under this License, and you may not initiate litigation
(including a cross-claim or counterclaim in a lawsuit) alleging that
any patent claim is infringed by making, using, selling, offering for
sale, or importing the Program or any portion of it.

  11. Patents.

  A "contributor" is a copyright holder who authorizes use under this
License of the Program or a work on which the Program is based.  The
work thus licensed is called the contributor's "contributor version".

  A contributor's "essential patent claims" are all patent claims
owned or controlled by the contributor, whether already acquired or
hereafter acquired, that would be infringed by some manner, permitted
by this License, of making, using, or selling its contributor version,
but do not include claims that would be infringed only as a
consequence of further modification of the contributor version.  For
purposes of this definition, "control" includes the right to grant
patent sublicenses in a manner consistent with the requirements of
this License.

  Each contributor grants you a non-exclusive, worldwide, royalty-free
patent license under the contributor's essential patent claims, to
make, use, sell, offer for sale, import and otherwise run, modify and
propagate the contents of its contributor version.

  In the following three paragraphs, a "patent license" is any express
agreement or commitment, however denominated, not to enforce a patent
(such as an express permission to practice a patent or covenant not to
sue for patent infringement).  To "grant" such a patent license to a
party means to make such an agreement or commitment not to enforce a
patent against the party.

  If you convey a covered work, knowingly relying on a patent license,
and the Corresponding Source of the work is not available for anyone
to copy, free of charge and under the terms of this License, through a
publicly available network server or other readily accessible means,
then you must either (1) cause the Corresponding Source to be so
available, or (2) arrange to deprive yourself of the benefit of the
patent license for this particular work, or (3) arrange, in a manner
consistent with the requirements of this License, to extend the patent
license to downstream recipients.  "Knowingly relying" means you have
actual knowledge that, but for the patent license, your conveying the
covered work in a country, or your recipient's use of the covered work
in a country, would infringe one or more identifiable patents in that
country that you have reason to believe are valid.

  If, pursuant to or in connection with a single transaction or
arrangement, you convey, or propagate by procuring conveyance of, a
covered work, and grant a patent license to some of the parties
receiving the covered work authorizing them to use, propagate, modify
or convey a specific copy of the covered work, then the patent license
you grant is automatically extended to all recipients of the covered
work and works based on it.

  A patent license is "discriminatory" if it does not include within
the scope of its coverage, prohibits the exercise of, or is
conditioned on the non-exercise of one or more of the rights that are
specifically granted under this License.  You may not convey a covered
work if you are a party to an arrangement with a third party that is
in the business of distributing software, under which you make payment
to the third party based on the extent of your activity of conveying
the work, and under which the third party grants, to any of the
parties who would receive the covered work from you, a discriminatory
patent license (a) in connection with copies of the covered work
conveyed by you (or copies made from those copies), or (b) primarily
for and in connection with specific products or compilations that
contain the covered work, unless you entered into that arrangement,
or that patent license was granted, prior to 28 March 2007.

  Nothing in this License shall be construed as excluding or limiting
any implied license or other defenses to infringement that may
otherwise be available to you under applicable patent law.

  12. No Surrender of Others' Freedom.

  If conditions are imposed on you (whether by court order, agreement or
otherwise) that contradict the conditions of this License, they do not
excuse you from the conditions of this License.  If you cannot convey a
covered work so as to satisfy simultaneously your obligations under this
License and any other pertinent obligations, then as a consequence you may
not convey it at all.  For example, if you agree to terms that obligate you
to collect a royalty for further conveying from those to whom you convey
the Program, the only way you could satisfy both those terms and this
License would be to refrain entirely from conveying the Program.

  13. Use with the GNU Affero General Public License.

  Notwithstanding any other provision of this License, you have
permission to link or combine any covered work with a work licensed
under version 3 of the GNU Affero General Public License into a single
combined work, and to convey the resulting work.  The terms of this
License will continue to apply to the part which is the covered work,
but the special requirements of the GNU Affero General Public License,
section 13, concerning interaction through a network will apply to the
combination as such.

  14. Revised Versions of this License.

  The Free Software Foundation may publish revised and/or new versions of
the GNU General Public License from time to time.  Such new versions will
be similar in spirit to the present version, but may differ in detail to
address new problems or concerns.

  Each version is given a distinguishing version number.  If the
Program specifies that a certain numbered version of the GNU General
Public License "or any later version" applies to it, you have the
option of following the terms and conditions either of that numbered
version or of any later version published by the Free Software
Foundation.  If the Program does not specify a version number of the
GNU General Public License, you may choose any version ever published
by the Free Software Foundation.

  If the Program specifies that a proxy can decide which future
versions of the GNU General Public License can be used, that proxy's
public statement of acceptance of a version permanently authorizes you
to choose that version for the Program.

  Later license versions may give you additional or different
permissions.  However, no additional obligations are imposed on any
author or copyright holder as a result of your choosing to follow a
later version.

  15. Disclaimer of Warranty.

  THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
APPLICABLE LAW.  EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE.  THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
IS WITH YOU.  SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
ALL NECESSARY SERVICING, REPAIR OR CORRECTION.

  16. Limitation of Liability.

  IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
SUCH DAMAGES.

  17. Interpretation of Sections 15 and 16.

  If the disclaimer of warranty and limitation of liability provided
above cannot be given local legal effect according to their terms,
reviewing courts shall apply local law that most closely approximates
an absolute waiver of all civil liability in connection with the
Program, unless a warranty or assumption of liability accompanies a
copy of the Program in return for a fee.

                     END OF TERMS AND CONDITIONS

            How to Apply These Terms to Your New Programs

  If you develop a new program, and you want it to be of the greatest
possible use to the public, the best way to achieve this is to make it
free software which everyone can redistribute and change under these terms.

  To do so, attach the following notices to the program.  It is safest
to attach them to the start of each source file to most effectively
state the exclusion of warranty; and each file should have at least
the "copyright" line and a pointer to where the full notice is found.

    <one line to give the program's name and a brief idea of what it does.>
    Copyright (C) <year>  <name of author>

    This program is free software: you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation, either version 3 of the License, or
    (at your option) any later version.

    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with this program.  If not, see <http://www.gnu.org/licenses/>.

Also add information on how to contact you by electronic and paper mail.

  If the program does terminal interaction, make it output a short
notice like this when it starts in an interactive mode:

    <program>  Copyright (C) <year>  <name of author>
    This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
    This is free software, and you are welcome to redistribute it
    under certain conditions; type `show c' for details.

The hypothetical commands `show w' and `show c' should show the appropriate
parts of the General Public License.  Of course, your program's commands
might be different; for a GUI interface, you would use an "about box".

  You should also get your employer (if you work as a programmer) or school,
if any, to sign a "copyright disclaimer" for the program, if necessary.
For more information on this, and how to apply and follow the GNU GPL, see
<http://www.gnu.org/licenses/>.

  The GNU General Public License does not permit incorporating your program
into proprietary programs.  If your program is a subroutine library, you
may consider it more useful to permit linking proprietary applications with
the library.  If this is what you want to do, use the GNU Lesser General
Public License instead of this License.  But first, please read
<http://www.gnu.org/philosophy/why-not-lgpl.html>.

*/

72% src/hub/AssetInterestRateStrategy.sol

Lines covered: 39 / 54 (72%)

// SPDX-License-Identifier: UNLICENSED
// Copyright (c) 2025 Aave Labs
pragma solidity 0.8.28;

import {WadRayMath} from 'src/libraries/math/WadRayMath.sol';
import {IAssetInterestRateStrategy, IBasicInterestRateStrategy} from 'src/hub/interfaces/IAssetInterestRateStrategy.sol';

/// @title AssetInterestRateStrategy
/// @author Aave Labs
/// @notice Manages the kink-based interest rate strategy for an asset.
/// @dev Strategies are Hub-specific, due to the usage of asset identifier as index of the `_interestRateData` mapping.
contract AssetInterestRateStrategy is IAssetInterestRateStrategy {
  using WadRayMath for *;

  /// @inheritdoc IAssetInterestRateStrategy
  uint256 public constant MAX_BORROW_RATE = 1000_00;

  /// @inheritdoc IAssetInterestRateStrategy
  uint256 public constant MIN_OPTIMAL_RATIO = 1_00;

  /// @inheritdoc IAssetInterestRateStrategy
  uint256 public constant MAX_OPTIMAL_RATIO = 99_00;

  /// @inheritdoc IAssetInterestRateStrategy
  address public immutable HUB;

  /// @dev Map of asset identifiers to their interest rate data.
  mapping(uint256 assetId => InterestRateData) internal _interestRateData;

  /// @dev Constructor.
  /// @param hub_ The address of the associated Hub.
  constructor(address hub_) {
    require(hub_ != address(0), InvalidAddress());
    HUB = hub_;
  }

  /// @notice Sets the interest rate parameters for a specified asset.
  /// @param assetId The identifier of the asset.
  /// @param data The encoded parameters containing BPS data used to configure the interest rate of the asset.
  function setInterestRateData(uint256 assetId, bytes calldata data) external {
    require(HUB == msg.sender, OnlyHub());
    InterestRateData memory rateData = abi.decode(data, (InterestRateData));
    require(
      MIN_OPTIMAL_RATIO <= rateData.optimalUsageRatio &&
        rateData.optimalUsageRatio <= MAX_OPTIMAL_RATIO,
      InvalidOptimalUsageRatio()
    );
    require(rateData.variableRateSlope1 <= rateData.variableRateSlope2, Slope2MustBeGteSlope1());
    require(
      rateData.baseVariableBorrowRate + rateData.variableRateSlope1 + rateData.variableRateSlope2 <=
        MAX_BORROW_RATE,
      InvalidMaxRate()
    );

    _interestRateData[assetId] = rateData;

    emit UpdateRateData(
      HUB,
      assetId,
      rateData.optimalUsageRatio,
      rateData.baseVariableBorrowRate,
      rateData.variableRateSlope1,
      rateData.variableRateSlope2
    );
  }

  /// @inheritdoc IAssetInterestRateStrategy
  function getInterestRateData(uint256 assetId) external view returns (InterestRateData memory) {
    return _interestRateData[assetId];
  }

  /// @inheritdoc IAssetInterestRateStrategy
  function getOptimalUsageRatio(uint256 assetId) external view returns (uint256) {
    return _interestRateData[assetId].optimalUsageRatio;
  }

  /// @inheritdoc IAssetInterestRateStrategy
  function getBaseVariableBorrowRate(uint256 assetId) external view returns (uint256) {
    return _interestRateData[assetId].baseVariableBorrowRate;
  }

  /// @inheritdoc IAssetInterestRateStrategy
  function getVariableRateSlope1(uint256 assetId) external view returns (uint256) {
    return _interestRateData[assetId].variableRateSlope1;
  }

  /// @inheritdoc IAssetInterestRateStrategy
  function getVariableRateSlope2(uint256 assetId) external view returns (uint256) {
    return _interestRateData[assetId].variableRateSlope2;
  }

  /// @inheritdoc IAssetInterestRateStrategy
  function getMaxVariableBorrowRate(uint256 assetId) external view returns (uint256) {
    return
      _interestRateData[assetId].baseVariableBorrowRate +
      _interestRateData[assetId].variableRateSlope1 +
      _interestRateData[assetId].variableRateSlope2;
  }

  /// @inheritdoc IBasicInterestRateStrategy
  function calculateInterestRate(
    uint256 assetId,
    uint256 liquidity,
    uint256 drawn,
    uint256 /* deficit */,
    uint256 swept
  ) external view returns (uint256) {
    InterestRateData memory rateData = _interestRateData[assetId];
    require(rateData.optimalUsageRatio > 0, InterestRateDataNotSet(assetId));

    uint256 currentVariableBorrowRateRay = rateData.baseVariableBorrowRate.bpsToRay();
    if (drawn == 0) {
      return currentVariableBorrowRateRay;
    }

    uint256 usageRatioRay = drawn.rayDivUp(liquidity + drawn + swept);
    uint256 optimalUsageRatioRay = rateData.optimalUsageRatio.bpsToRay();

    if (usageRatioRay <= optimalUsageRatioRay) {
      currentVariableBorrowRateRay += rateData
        .variableRateSlope1
        .bpsToRay()
        .rayMulUp(usageRatioRay)
        .rayDivUp(optimalUsageRatioRay);
    } else {
      currentVariableBorrowRateRay +=
        rateData.variableRateSlope1.bpsToRay() +
        rateData
          .variableRateSlope2
          .bpsToRay()
          .rayMulUp(usageRatioRay - optimalUsageRatioRay)
          .rayDivUp(WadRayMath.RAY - optimalUsageRatioRay);
    }

    return currentVariableBorrowRateRay;
  }
}

60% src/hub/Hub.sol

Lines covered: 288 / 478 (60%)

// SPDX-License-Identifier: UNLICENSED
// Copyright (c) 2025 Aave Labs
pragma solidity 0.8.28;

import {EnumerableSet} from 'src/dependencies/openzeppelin/EnumerableSet.sol';
import {AccessManaged} from 'src/dependencies/openzeppelin/AccessManaged.sol';
import {SafeCast} from 'src/dependencies/openzeppelin/SafeCast.sol';
import {SafeERC20, IERC20} from 'src/dependencies/openzeppelin/SafeERC20.sol';
import {MathUtils} from 'src/libraries/math/MathUtils.sol';
import {PercentageMath} from 'src/libraries/math/PercentageMath.sol';
import {WadRayMath} from 'src/libraries/math/WadRayMath.sol';
import {AssetLogic} from 'src/hub/libraries/AssetLogic.sol';
import {SharesMath} from 'src/hub/libraries/SharesMath.sol';
import {Premium} from 'src/hub/libraries/Premium.sol';
import {IBasicInterestRateStrategy} from 'src/hub/interfaces/IBasicInterestRateStrategy.sol';
import {IHubBase, IHub} from 'src/hub/interfaces/IHub.sol';

/// @title Hub
/// @author Aave Labs
/// @notice A liquidity hub that manages assets and spokes.
contract Hub is IHub, AccessManaged {
  using EnumerableSet for EnumerableSet.AddressSet;
  using SafeCast for *;
  using SafeERC20 for IERC20;
  using MathUtils for *;
  using PercentageMath for *;
  using WadRayMath for uint256;
  using AssetLogic for Asset;
  using SharesMath for uint256;

  /// @inheritdoc IHub
  uint8 public constant MAX_ALLOWED_UNDERLYING_DECIMALS = 18;

  /// @inheritdoc IHub
  uint8 public constant MIN_ALLOWED_UNDERLYING_DECIMALS = 6;

  /// @inheritdoc IHub
  uint40 public constant MAX_ALLOWED_SPOKE_CAP = type(uint40).max;

  /// @inheritdoc IHub
  uint24 public constant MAX_RISK_PREMIUM_THRESHOLD = type(uint24).max;

  /// @dev Number of assets listed in the Hub.
  uint256 internal _assetCount;

  /// @dev Map of asset identifiers to Asset data.
  mapping(uint256 assetId => Asset) internal _assets;

  /// @dev Map of asset identifiers and spoke addresses to Spoke data.
  mapping(uint256 assetId => mapping(address spoke => SpokeData)) internal _spokes;

  /// @dev Map of asset identifiers to set of spoke addresses.
  mapping(uint256 assetId => EnumerableSet.AddressSet) internal _assetToSpokes;

  /// @dev Set of underlying addresses listed as assets in the Hub.
  EnumerableSet.AddressSet internal _underlyingAssets;

  /// @dev Constructor.
  /// @dev The authority contract must implement the `AccessManaged` interface for access control.
  /// @param authority_ The address of the authority contract which manages permissions.
  constructor(address authority_) AccessManaged(authority_) {
    require(authority_ != address(0), InvalidAddress());
  }

  /// @inheritdoc IHub
  function addAsset(
    address underlying,
    uint8 decimals,
    address feeReceiver,
    address irStrategy,
    bytes calldata irData
  ) external restricted returns (uint256) {
    require(
      underlying != address(0) && feeReceiver != address(0) && irStrategy != address(0),
      InvalidAddress()
    );
    require(
      MIN_ALLOWED_UNDERLYING_DECIMALS <= decimals && decimals <= MAX_ALLOWED_UNDERLYING_DECIMALS,
      InvalidAssetDecimals()
    );
    require(!_underlyingAssets.contains(underlying), UnderlyingAlreadyListed());

    uint256 assetId = _assetCount++;
    IBasicInterestRateStrategy(irStrategy).setInterestRateData(assetId, irData);
    uint256 drawnRate = IBasicInterestRateStrategy(irStrategy).calculateInterestRate({
      assetId: assetId,
      liquidity: 0,
      drawn: 0,
      deficit: 0,
      swept: 0
    });

    uint256 drawnIndex = WadRayMath.RAY;
    uint256 lastUpdateTimestamp = block.timestamp;
    _assets[assetId] = Asset({
      liquidity: 0,
      deficitRay: 0,
      swept: 0,
      addedShares: 0,
      drawnShares: 0,
      premiumShares: 0,
      premiumOffsetRay: 0,
      drawnIndex: drawnIndex.toUint120(),
      underlying: underlying,
      lastUpdateTimestamp: lastUpdateTimestamp.toUint40(),
      decimals: decimals,
      drawnRate: drawnRate.toUint96(),
      irStrategy: irStrategy,
      realizedFees: 0,
      reinvestmentController: address(0),
      feeReceiver: feeReceiver,
      liquidityFee: 0
    });
    _underlyingAssets.add(underlying);
    _addFeeReceiver(assetId, feeReceiver);

    emit AddAsset(assetId, underlying, decimals);
    emit UpdateAssetConfig(
      assetId,
      AssetConfig({
        feeReceiver: feeReceiver,
        liquidityFee: 0,
        irStrategy: irStrategy,
        reinvestmentController: address(0)
      })
    );
    emit UpdateAsset(assetId, drawnIndex, drawnRate, 0);

    return assetId;
  }

  /// @inheritdoc IHub
  function updateAssetConfig(
    uint256 assetId,
    AssetConfig calldata config,
    bytes calldata irData
  ) external restricted {
    require(assetId < _assetCount, AssetNotListed());
    Asset storage asset = _assets[assetId];
    asset.accrue();

    require(config.liquidityFee <= PercentageMath.PERCENTAGE_FACTOR, InvalidLiquidityFee());
    require(config.feeReceiver != address(0) && config.irStrategy != address(0), InvalidAddress());
    require(
      config.reinvestmentController != address(0) || asset.swept == 0,
      InvalidReinvestmentController()
    );

    if (config.irStrategy != asset.irStrategy) {
      asset.irStrategy = config.irStrategy;
      IBasicInterestRateStrategy(config.irStrategy).setInterestRateData(assetId, irData);
    } else {
      require(irData.length == 0, InvalidInterestRateStrategy());
    }

    address oldFeeReceiver = asset.feeReceiver;
    if (oldFeeReceiver != config.feeReceiver) {
      _mintFeeShares(asset, assetId);
      IHub.SpokeConfig memory spokeConfig;
      spokeConfig.active = _spokes[assetId][oldFeeReceiver].active;
      spokeConfig.paused = _spokes[assetId][oldFeeReceiver].paused;
      _updateSpokeConfig(assetId, oldFeeReceiver, spokeConfig);
      asset.feeReceiver = config.feeReceiver;
      _addFeeReceiver(assetId, config.feeReceiver);
    }

    asset.liquidityFee = config.liquidityFee;
    asset.reinvestmentController = config.reinvestmentController;

    asset.updateDrawnRate(assetId);

    emit UpdateAssetConfig(assetId, config);
  }

  /// @inheritdoc IHub
  function addSpoke(
    uint256 assetId,
    address spoke,
    SpokeConfig calldata config
  ) external restricted {
    require(assetId < _assetCount, AssetNotListed());
    require(spoke != address(0), InvalidAddress());
    _addSpoke(assetId, spoke);
    _updateSpokeConfig(assetId, spoke, config);
  }

  /// @inheritdoc IHub
  function updateSpokeConfig(
    uint256 assetId,
    address spoke,
    SpokeConfig calldata config
  ) external restricted {
    require(assetId < _assetCount, AssetNotListed());
    require(_assetToSpokes[assetId].contains(spoke), SpokeNotListed());
    _updateSpokeConfig(assetId, spoke, config);
  }

  /// @inheritdoc IHub
  function setInterestRateData(uint256 assetId, bytes calldata irData) external restricted {
    require(assetId < _assetCount, AssetNotListed());
    Asset storage asset = _assets[assetId];
    asset.accrue();
    IBasicInterestRateStrategy(asset.irStrategy).setInterestRateData(assetId, irData);
    asset.updateDrawnRate(assetId);
  }

  /// @inheritdoc IHub
  function mintFeeShares(uint256 assetId) external restricted returns (uint256) {
    Asset storage asset = _assets[assetId];
    asset.accrue();
    uint256 feeShares = _mintFeeShares(asset, assetId);
    asset.updateDrawnRate(assetId);
    return feeShares;
  }

  /// @inheritdoc IHubBase
  function add(uint256 assetId, uint256 amount) external returns (uint256) {
    Asset storage asset = _assets[assetId];
    SpokeData storage spoke = _spokes[assetId][msg.sender];

    asset.accrue();
    _validateAdd(asset, spoke, amount);

    uint256 liquidity = asset.liquidity + amount;
    uint256 balance = IERC20(asset.underlying).balanceOf(address(this));
    require(balance >= liquidity, InsufficientTransferred(liquidity.uncheckedSub(balance)));
    uint120 shares = asset.toAddedSharesDown(amount).toUint120();
    require(shares > 0, InvalidShares());
    asset.addedShares += shares;
    spoke.addedShares += shares;
    asset.liquidity = liquidity.toUint120();

    asset.updateDrawnRate(assetId);

    emit Add(assetId, msg.sender, shares, amount);

    return shares;
  }

  /// @inheritdoc IHubBase
  function remove(uint256 assetId, uint256 amount, address to) external returns (uint256) {
    Asset storage asset = _assets[assetId];
    SpokeData storage spoke = _spokes[assetId][msg.sender];

    asset.accrue();
    _validateRemove(spoke, amount, to);

    uint256 liquidity = asset.liquidity;
    require(amount <= liquidity, InsufficientLiquidity(liquidity));

    uint120 shares = asset.toAddedSharesUp(amount).toUint120();
    asset.addedShares -= shares;
    spoke.addedShares -= shares;
    asset.liquidity = liquidity.uncheckedSub(amount).toUint120();

    asset.updateDrawnRate(assetId);

    IERC20(asset.underlying).safeTransfer(to, amount);

    emit Remove(assetId, msg.sender, shares, amount);

    return shares;
  }

  /// @inheritdoc IHubBase
  function draw(uint256 assetId, uint256 amount, address to) external returns (uint256) {
    Asset storage asset = _assets[assetId];
    SpokeData storage spoke = _spokes[assetId][msg.sender];

    asset.accrue();
    _validateDraw(asset, spoke, amount, to);

    uint256 liquidity = asset.liquidity;
    require(amount <= liquidity, InsufficientLiquidity(liquidity));

    uint120 drawnShares = asset.toDrawnSharesUp(amount).toUint120();
    asset.drawnShares += drawnShares;
    spoke.drawnShares += drawnShares;
    asset.liquidity = liquidity.uncheckedSub(amount).toUint120();

    asset.updateDrawnRate(assetId);

    IERC20(asset.underlying).safeTransfer(to, amount);

    emit Draw(assetId, msg.sender, drawnShares, amount);

    return drawnShares;
  }

  /// @inheritdoc IHubBase
  function restore(
    uint256 assetId,
    uint256 drawnAmount,
    PremiumDelta calldata premiumDelta
  ) external returns (uint256) {
    Asset storage asset = _assets[assetId];
    SpokeData storage spoke = _spokes[assetId][msg.sender];

    asset.accrue();
    _validateRestore(asset, spoke, drawnAmount, premiumDelta.restoredPremiumRay);

    uint120 drawnShares = asset.toDrawnSharesDown(drawnAmount).toUint120();
    asset.drawnShares -= drawnShares;
    spoke.drawnShares -= drawnShares;
    _applyPremiumDelta(asset, spoke, premiumDelta);

    uint256 premiumAmount = premiumDelta.restoredPremiumRay.fromRayUp();
    uint256 liquidity = asset.liquidity + drawnAmount + premiumAmount;
    uint256 balance = IERC20(asset.underlying).balanceOf(address(this));
    require(balance >= liquidity, InsufficientTransferred(liquidity.uncheckedSub(balance)));
    asset.liquidity = liquidity.toUint120();

    asset.updateDrawnRate(assetId);

    emit Restore(assetId, msg.sender, drawnShares, premiumDelta, drawnAmount, premiumAmount);

    return drawnShares;
  }

  /// @inheritdoc IHubBase
  function reportDeficit(
    uint256 assetId,
    uint256 drawnAmount,
    PremiumDelta calldata premiumDelta
  ) external returns (uint256) {
    Asset storage asset = _assets[assetId];
    SpokeData storage spoke = _spokes[assetId][msg.sender];

    asset.accrue();
    _validateReportDeficit(asset, spoke, drawnAmount, premiumDelta.restoredPremiumRay);

    uint120 drawnShares = asset.toDrawnSharesDown(drawnAmount).toUint120();
    asset.drawnShares -= drawnShares;
    spoke.drawnShares -= drawnShares;
    _applyPremiumDelta(asset, spoke, premiumDelta);

    uint256 deficitAmountRay = uint256(drawnShares) *
      asset.drawnIndex +
      premiumDelta.restoredPremiumRay;
    asset.deficitRay += deficitAmountRay.toUint200();
    spoke.deficitRay += deficitAmountRay.toUint200();

    asset.updateDrawnRate(assetId);

    emit ReportDeficit(assetId, msg.sender, drawnShares, premiumDelta, deficitAmountRay);

    return drawnShares;
  }

  /// @inheritdoc IHub
  function eliminateDeficit(
    uint256 assetId,
    uint256 amount,
    address spoke
  ) external returns (uint256) {
    Asset storage asset = _assets[assetId];
    SpokeData storage callerSpoke = _spokes[assetId][msg.sender];
    SpokeData storage coveredSpoke = _spokes[assetId][spoke];

    asset.accrue();
    _validateEliminateDeficit(callerSpoke, amount);

    uint256 deficitRay = coveredSpoke.deficitRay;
    uint256 deficitAmountRay = (amount < deficitRay.fromRayUp()) ? amount.toRay() : deficitRay;

    uint120 shares = asset.toAddedSharesUp(deficitAmountRay.fromRayUp()).toUint120();
    asset.addedShares -= shares;
    callerSpoke.addedShares -= shares;
    asset.deficitRay = asset.deficitRay.uncheckedSub(deficitAmountRay).toUint200();
    coveredSpoke.deficitRay = deficitRay.uncheckedSub(deficitAmountRay).toUint200();

    asset.updateDrawnRate(assetId);

    emit EliminateDeficit(assetId, msg.sender, spoke, shares, deficitAmountRay);

    return shares;
  }

  /// @inheritdoc IHubBase
  function refreshPremium(uint256 assetId, PremiumDelta calldata premiumDelta) external {
    Asset storage asset = _assets[assetId];
    SpokeData storage spoke = _spokes[assetId][msg.sender];

    asset.accrue();
    require(spoke.active, SpokeNotActive());
    // no premium change allowed
    require(premiumDelta.restoredPremiumRay == 0, InvalidPremiumChange());
    _applyPremiumDelta(asset, spoke, premiumDelta);
    asset.updateDrawnRate(assetId);

    emit RefreshPremium(assetId, msg.sender, premiumDelta);
  }

  /// @inheritdoc IHubBase
  function payFeeShares(uint256 assetId, uint256 shares) external {
    Asset storage asset = _assets[assetId];
    address feeReceiver = _assets[assetId].feeReceiver;
    SpokeData storage receiver = _spokes[assetId][feeReceiver];
    SpokeData storage sender = _spokes[assetId][msg.sender];

    asset.accrue();
    _validatePayFeeShares(sender, shares);
    _transferShares(sender, receiver, shares);
    asset.updateDrawnRate(assetId);

    emit TransferShares(assetId, msg.sender, feeReceiver, shares);
  }

  /// @inheritdoc IHub
  function transferShares(uint256 assetId, uint256 shares, address toSpoke) external {
    Asset storage asset = _assets[assetId];
    SpokeData storage sender = _spokes[assetId][msg.sender];
    SpokeData storage receiver = _spokes[assetId][toSpoke];

    asset.accrue();
    _validateTransferShares(asset, sender, receiver, shares);
    _transferShares(sender, receiver, shares);
    asset.updateDrawnRate(assetId);

    emit TransferShares(assetId, msg.sender, toSpoke, shares);
  }

  /// @inheritdoc IHub
  function sweep(uint256 assetId, uint256 amount) external {
    require(assetId < _assetCount, AssetNotListed());
    Asset storage asset = _assets[assetId];

    asset.accrue();
    _validateSweep(asset, msg.sender, amount);

    uint256 liquidity = asset.liquidity;
    require(amount <= liquidity, InsufficientLiquidity(liquidity));

    asset.liquidity = liquidity.uncheckedSub(amount).toUint120();
    asset.swept += amount.toUint120();
    asset.updateDrawnRate(assetId);

    IERC20(asset.underlying).safeTransfer(msg.sender, amount);

    emit Sweep(assetId, msg.sender, amount);
  }

  /// @inheritdoc IHub
  function reclaim(uint256 assetId, uint256 amount) external {
    require(assetId < _assetCount, AssetNotListed());
    Asset storage asset = _assets[assetId];

    asset.accrue();
    _validateReclaim(asset, msg.sender, amount);

    asset.liquidity += amount.toUint120();
    asset.swept -= amount.toUint120();
    asset.updateDrawnRate(assetId);

    IERC20(asset.underlying).safeTransferFrom(msg.sender, address(this), amount);

    emit Reclaim(assetId, msg.sender, amount);
  }

  /// @inheritdoc IHub
  function isUnderlyingListed(address underlying) external view returns (bool) {
    return _underlyingAssets.contains(underlying);
  }

  /// @inheritdoc IHub
  function getAssetCount() external view returns (uint256) {
    return _assetCount;
  }

  /// @inheritdoc IHubBase
  function previewAddByAssets(uint256 assetId, uint256 assets) external view returns (uint256) {
    return _assets[assetId].toAddedSharesDown(assets);
  }

  /// @inheritdoc IHubBase
  function previewAddByShares(uint256 assetId, uint256 shares) external view returns (uint256) {
    return _assets[assetId].toAddedAssetsUp(shares);
  }

  /// @inheritdoc IHubBase
  function previewRemoveByAssets(uint256 assetId, uint256 assets) external view returns (uint256) {
    return _assets[assetId].toAddedSharesUp(assets);
  }

  /// @inheritdoc IHubBase
  function previewRemoveByShares(uint256 assetId, uint256 shares) external view returns (uint256) {
    return _assets[assetId].toAddedAssetsDown(shares);
  }

  /// @inheritdoc IHubBase
  function previewDrawByAssets(uint256 assetId, uint256 assets) external view returns (uint256) {
    return _assets[assetId].toDrawnSharesUp(assets);
  }

  /// @inheritdoc IHubBase
  function previewDrawByShares(uint256 assetId, uint256 shares) external view returns (uint256) {
    return _assets[assetId].toDrawnAssetsDown(shares);
  }

  /// @inheritdoc IHubBase
  function previewRestoreByAssets(uint256 assetId, uint256 assets) external view returns (uint256) {
    return _assets[assetId].toDrawnSharesDown(assets);
  }

  /// @inheritdoc IHubBase
  function previewRestoreByShares(uint256 assetId, uint256 shares) external view returns (uint256) {
    return _assets[assetId].toDrawnAssetsUp(shares);
  }

  /// @inheritdoc IHubBase
  function getAssetUnderlyingAndDecimals(uint256 assetId) external view returns (address, uint8) {
    Asset storage asset = _assets[assetId];
    return (asset.underlying, asset.decimals);
  }

  /// @inheritdoc IHubBase
  function getAssetDrawnIndex(uint256 assetId) external view returns (uint256) {
    return _assets[assetId].getDrawnIndex();
  }

  /// @inheritdoc IHubBase
  function getAddedAssets(uint256 assetId) external view returns (uint256) {
    return _assets[assetId].totalAddedAssets();
  }

  /// @inheritdoc IHubBase
  function getAddedShares(uint256 assetId) external view returns (uint256) {
    return _assets[assetId].addedShares;
  }

  /// @inheritdoc IHubBase
  function getAssetOwed(uint256 assetId) external view returns (uint256, uint256) {
    Asset storage asset = _assets[assetId];
    uint256 drawnIndex = asset.getDrawnIndex();
    return (asset.drawn(drawnIndex), asset.premium(drawnIndex));
  }

  /// @inheritdoc IHubBase
  function getAssetTotalOwed(uint256 assetId) external view returns (uint256) {
    Asset storage asset = _assets[assetId];
    return asset.totalOwed(asset.getDrawnIndex());
  }

  /// @inheritdoc IHubBase
  function getAssetPremiumRay(uint256 assetId) external view returns (uint256) {
    Asset storage asset = _assets[assetId];
    return
      Premium.calculatePremiumRay({
        premiumShares: asset.premiumShares,
        premiumOffsetRay: asset.premiumOffsetRay,
        drawnIndex: asset.getDrawnIndex()
      });
  }

  /// @inheritdoc IHubBase
  function getAssetDrawnShares(uint256 assetId) external view returns (uint256) {
    return _assets[assetId].drawnShares;
  }

  /// @inheritdoc IHubBase
  function getAssetPremiumData(uint256 assetId) external view returns (uint256, int256) {
    Asset storage asset = _assets[assetId];
    return (asset.premiumShares, asset.premiumOffsetRay);
  }

  /// @inheritdoc IHubBase
  function getAssetLiquidity(uint256 assetId) external view returns (uint256) {
    return _assets[assetId].liquidity;
  }

  /// @inheritdoc IHubBase
  function getAssetDeficitRay(uint256 assetId) external view returns (uint256) {
    return _assets[assetId].deficitRay;
  }

  /// @inheritdoc IHub
  function getAsset(uint256 assetId) external view returns (Asset memory) {
    return _assets[assetId];
  }

  /// @inheritdoc IHub
  function getAssetConfig(uint256 assetId) external view returns (AssetConfig memory) {
    Asset storage asset = _assets[assetId];
    return
      AssetConfig({
        feeReceiver: asset.feeReceiver,
        liquidityFee: asset.liquidityFee,
        irStrategy: asset.irStrategy,
        reinvestmentController: asset.reinvestmentController
      });
  }

  /// @inheritdoc IHub
  function getAssetAccruedFees(uint256 assetId) external view returns (uint256) {
    Asset storage asset = _assets[assetId];
    return asset.realizedFees + asset.getUnrealizedFees(asset.getDrawnIndex());
  }

  /// @inheritdoc IHub
  function getAssetSwept(uint256 assetId) external view returns (uint256) {
    return _assets[assetId].swept;
  }

  /// @inheritdoc IHub
  function getAssetDrawnRate(uint256 assetId) external view returns (uint256) {
    return _assets[assetId].drawnRate;
  }

  /// @inheritdoc IHub
  function getSpokeCount(uint256 assetId) external view returns (uint256) {
    return _assetToSpokes[assetId].length();
  }

  /// @inheritdoc IHubBase
  function getSpokeAddedAssets(uint256 assetId, address spoke) external view returns (uint256) {
    return _assets[assetId].toAddedAssetsDown(_spokes[assetId][spoke].addedShares);
  }

  /// @inheritdoc IHubBase
  function getSpokeAddedShares(uint256 assetId, address spoke) external view returns (uint256) {
    return _spokes[assetId][spoke].addedShares;
  }

  /// @inheritdoc IHubBase
  function getSpokeOwed(uint256 assetId, address spoke) external view returns (uint256, uint256) {
    Asset storage asset = _assets[assetId];
    SpokeData storage spokeData = _spokes[assetId][spoke];
    return (_getSpokeDrawn(asset, spokeData), _getSpokePremium(asset, spokeData));
  }

  /// @inheritdoc IHubBase
  function getSpokeTotalOwed(uint256 assetId, address spoke) external view returns (uint256) {
    Asset storage asset = _assets[assetId];
    SpokeData storage spokeData = _spokes[assetId][spoke];
    return _getSpokeDrawn(asset, spokeData) + _getSpokePremium(asset, spokeData);
  }

  /// @inheritdoc IHubBase
  function getSpokePremiumRay(uint256 assetId, address spoke) external view returns (uint256) {
    Asset storage asset = _assets[assetId];
    SpokeData storage spokeData = _spokes[assetId][spoke];
    return _getSpokePremiumRay(asset, spokeData);
  }

  /// @inheritdoc IHubBase
  function getSpokeDrawnShares(uint256 assetId, address spoke) external view returns (uint256) {
    return _spokes[assetId][spoke].drawnShares;
  }

  /// @inheritdoc IHubBase
  function getSpokePremiumData(
    uint256 assetId,
    address spoke
  ) external view returns (uint256, int256) {
    SpokeData storage spokeData = _spokes[assetId][spoke];
    return (spokeData.premiumShares, spokeData.premiumOffsetRay);
  }

  /// @inheritdoc IHubBase
  function getSpokeDeficitRay(uint256 assetId, address spoke) external view returns (uint256) {
    return _spokes[assetId][spoke].deficitRay;
  }

  /// @inheritdoc IHub
  function isSpokeListed(uint256 assetId, address spoke) external view returns (bool) {
    return _assetToSpokes[assetId].contains(spoke);
  }

  /// @inheritdoc IHub
  function getSpokeAddress(uint256 assetId, uint256 index) external view returns (address) {
    return _assetToSpokes[assetId].at(index);
  }

  /// @inheritdoc IHub
  function getSpoke(uint256 assetId, address spoke) external view returns (SpokeData memory) {
    return _spokes[assetId][spoke];
  }

  /// @inheritdoc IHub
  function getSpokeConfig(
    uint256 assetId,
    address spoke
  ) external view returns (SpokeConfig memory) {
    SpokeData storage spokeData = _spokes[assetId][spoke];
    return
      SpokeConfig({
        addCap: spokeData.addCap,
        drawCap: spokeData.drawCap,
        riskPremiumThreshold: spokeData.riskPremiumThreshold,
        active: spokeData.active,
        paused: spokeData.paused
      });
  }

  /// @notice Adds a new spoke to an asset with default feeReceiver configuration (maximum add cap, zero draw cap).
  function _addFeeReceiver(uint256 assetId, address feeReceiver) internal {
    _addSpoke(assetId, feeReceiver);
    _updateSpokeConfig(
      assetId,
      feeReceiver,
      SpokeConfig({
        addCap: MAX_ALLOWED_SPOKE_CAP,
        drawCap: 0,
        riskPremiumThreshold: 0,
        active: true,
        paused: false
      })
    );
  }

  /// @notice Adds a spoke to an asset.
  /// @dev Reverts with `SpokeAlreadyListed` if spoke is already listed for the given asset.
  function _addSpoke(uint256 assetId, address spoke) internal {
    require(_assetToSpokes[assetId].add(spoke), SpokeAlreadyListed());
    emit AddSpoke(assetId, spoke);
  }

  function _updateSpokeConfig(uint256 assetId, address spoke, SpokeConfig memory config) internal {
    SpokeData storage spokeData = _spokes[assetId][spoke];
    spokeData.addCap = config.addCap;
    spokeData.drawCap = config.drawCap;
    spokeData.riskPremiumThreshold = config.riskPremiumThreshold;
    spokeData.active = config.active;
    spokeData.paused = config.paused;
    emit UpdateSpokeConfig(assetId, spoke, config);
  }

  /// @dev Receiver `addCap` is validated in `_validateTransferShares`.
  function _transferShares(
    SpokeData storage sender,
    SpokeData storage receiver,
    uint256 shares
  ) internal {
    sender.addedShares -= shares.toUint120();
    receiver.addedShares += shares.toUint120();
  }

  /// @dev Applies premium deltas on asset & spoke premium owed.
  /// @dev Checks premium owed decreases by exactly `restoredPremiumRay`.
  /// @dev Checks updated risk premium is within allowed threshold.
  /// @dev Uses last stored index; asset accrual should have already occurred.
  function _applyPremiumDelta(
    Asset storage asset,
    SpokeData storage spoke,
    PremiumDelta calldata premiumDelta
  ) internal {
    uint256 drawnIndex = asset.drawnIndex;

    // asset premium change
    (asset.premiumShares, asset.premiumOffsetRay) = _validateApplyPremiumDelta(
      drawnIndex,
      asset.premiumShares,
      asset.premiumOffsetRay,
      premiumDelta
    );

    // spoke premium change
    (spoke.premiumShares, spoke.premiumOffsetRay) = _validateApplyPremiumDelta(
      drawnIndex,
      spoke.premiumShares,
      spoke.premiumOffsetRay,
      premiumDelta
    );

    uint24 riskPremiumThreshold = spoke.riskPremiumThreshold;
    require(
      riskPremiumThreshold == MAX_RISK_PREMIUM_THRESHOLD ||
        spoke.premiumShares <= spoke.drawnShares.percentMulUp(riskPremiumThreshold),
      InvalidPremiumChange()
    );
  }

  function _mintFeeShares(Asset storage asset, uint256 assetId) internal returns (uint256) {
    uint256 fees = asset.realizedFees;
    uint120 shares = asset.toAddedSharesDown(fees).toUint120();
    if (shares == 0) {
      return 0;
    }

    address feeReceiver = asset.feeReceiver;
    SpokeData storage feeReceiverSpoke = _spokes[assetId][feeReceiver];
    require(feeReceiverSpoke.active, SpokeNotActive());

    asset.addedShares += shares;
    feeReceiverSpoke.addedShares += shares;
    asset.realizedFees = 0;
    emit MintFeeShares(assetId, feeReceiver, shares, fees);

    return shares;
  }

  /// @dev Returns the spoke's drawn amount for a specified asset.
  function _getSpokeDrawn(
    Asset storage asset,
    SpokeData storage spoke
  ) internal view returns (uint256) {
    return asset.toDrawnAssetsUp(spoke.drawnShares);
  }

  /// @dev Returns the spoke's premium amount for a specified asset.
  function _getSpokePremium(
    Asset storage asset,
    SpokeData storage spoke
  ) internal view returns (uint256) {
    return _getSpokePremiumRay(asset, spoke).fromRayUp();
  }

  /// @dev Returns the spoke's premium amount with full precision for a specified asset.
  function _getSpokePremiumRay(
    Asset storage asset,
    SpokeData storage spoke
  ) internal view returns (uint256) {
    return
      Premium.calculatePremiumRay({
        premiumShares: spoke.premiumShares,
        premiumOffsetRay: spoke.premiumOffsetRay,
        drawnIndex: asset.getDrawnIndex()
      });
  }

  /// @dev Spoke with maximum cap have unlimited add capacity.
  function _validateAdd(
    Asset storage asset,
    SpokeData storage spoke,
    uint256 amount
  ) internal view {
    require(amount > 0, InvalidAmount());
    require(spoke.active, SpokeNotActive());
    require(!spoke.paused, SpokePaused());
    uint256 addCap = spoke.addCap;
    require(
      addCap == MAX_ALLOWED_SPOKE_CAP ||
        addCap * MathUtils.uncheckedExp(10, asset.decimals) >=
        asset.toAddedAssetsUp(spoke.addedShares) + amount,
      AddCapExceeded(addCap)
    );
  }

  function _validateRemove(SpokeData storage spoke, uint256 amount, address to) internal view {
    require(to != address(this), InvalidAddress());
    require(amount > 0, InvalidAmount());
    require(spoke.active, SpokeNotActive());
    require(!spoke.paused, SpokePaused());
  }

  /// @dev Spoke with maximum cap have unlimited draw capacity.
  function _validateDraw(
    Asset storage asset,
    SpokeData storage spoke,
    uint256 amount,
    address to
  ) internal view {
    require(to != address(this), InvalidAddress());
    require(amount > 0, InvalidAmount());
    require(spoke.active, SpokeNotActive());
    require(!spoke.paused, SpokePaused());
    uint256 drawCap = spoke.drawCap;
    uint256 owed = _getSpokeDrawn(asset, spoke) + _getSpokePremium(asset, spoke);
    require(
      drawCap == MAX_ALLOWED_SPOKE_CAP ||
        drawCap * MathUtils.uncheckedExp(10, asset.decimals) >=
        owed + amount + uint256(spoke.deficitRay).fromRayUp(),
      DrawCapExceeded(drawCap)
    );
  }

  function _validateRestore(
    Asset storage asset,
    SpokeData storage spoke,
    uint256 drawnAmount,
    uint256 premiumAmountRay
  ) internal view {
    require(drawnAmount > 0 || premiumAmountRay > 0, InvalidAmount());
    require(spoke.active, SpokeNotActive());
    require(!spoke.paused, SpokePaused());
    uint256 drawn = _getSpokeDrawn(asset, spoke);
    uint256 premiumRay = _getSpokePremiumRay(asset, spoke);
    require(drawnAmount <= drawn, SurplusDrawnRestored(drawn));
    require(premiumAmountRay <= premiumRay, SurplusPremiumRayRestored(premiumRay));
  }

  function _validateReportDeficit(
    Asset storage asset,
    SpokeData storage spoke,
    uint256 drawnAmount,
    uint256 premiumAmountRay
  ) internal view {
    require(spoke.active, SpokeNotActive());
    require(!spoke.paused, SpokePaused());
    require(drawnAmount > 0 || premiumAmountRay > 0, InvalidAmount());
    uint256 drawn = _getSpokeDrawn(asset, spoke);
    uint256 premiumRay = _getSpokePremiumRay(asset, spoke);
    require(drawnAmount <= drawn, SurplusDrawnDeficitReported(drawn));
    require(premiumAmountRay <= premiumRay, SurplusPremiumRayDeficitReported(premiumRay));
  }

  function _validateEliminateDeficit(SpokeData storage spoke, uint256 amount) internal view {
    require(spoke.active, SpokeNotActive());
    require(amount > 0, InvalidAmount());
  }

  function _validatePayFeeShares(SpokeData storage senderSpoke, uint256 feeShares) internal view {
    require(senderSpoke.active, SpokeNotActive());
    require(!senderSpoke.paused, SpokePaused());
    require(feeShares > 0, InvalidShares());
  }

  function _validateTransferShares(
    Asset storage asset,
    SpokeData storage sender,
    SpokeData storage receiver,
    uint256 shares
  ) internal view {
    require(sender.active && receiver.active, SpokeNotActive());
    require(!sender.paused && !receiver.paused, SpokePaused());
    require(shares > 0, InvalidShares());
    uint256 addCap = receiver.addCap;
    require(
      addCap == MAX_ALLOWED_SPOKE_CAP ||
        addCap * MathUtils.uncheckedExp(10, asset.decimals) >=
        asset.toAddedAssetsUp(receiver.addedShares + shares),
      AddCapExceeded(addCap)
    );
  }

  function _validateSweep(Asset storage asset, address caller, uint256 amount) internal view {
    // sufficient check to disallow when controller unset
    require(caller == asset.reinvestmentController, OnlyReinvestmentController());
    require(amount > 0, InvalidAmount());
  }

  function _validateReclaim(Asset storage asset, address caller, uint256 amount) internal view {
    // sufficient check to disallow when controller unset
    require(caller == asset.reinvestmentController, OnlyReinvestmentController());
    require(amount > 0, InvalidAmount());
  }

  /// @dev Validates applied premium delta for given premium data and returns updated premium data.
  function _validateApplyPremiumDelta(
    uint256 drawnIndex,
    uint256 premiumShares,
    int256 premiumOffsetRay,
    PremiumDelta calldata premiumDelta
  ) internal pure returns (uint120, int200) {
    uint256 premiumRayBefore = Premium.calculatePremiumRay({
      premiumShares: premiumShares,
      premiumOffsetRay: premiumOffsetRay,
      drawnIndex: drawnIndex
    });

    uint256 newPremiumShares = premiumShares.add(premiumDelta.sharesDelta);
    int256 newPremiumOffsetRay = premiumOffsetRay + premiumDelta.offsetRayDelta;

    uint256 premiumRayAfter = Premium.calculatePremiumRay({
      premiumShares: newPremiumShares,
      premiumOffsetRay: newPremiumOffsetRay,
      drawnIndex: drawnIndex
    });

    require(
      premiumRayAfter + premiumDelta.restoredPremiumRay == premiumRayBefore,
      InvalidPremiumChange()
    );
    return (newPremiumShares.toUint120(), newPremiumOffsetRay.toInt200());
  }
}

0% src/hub/HubConfigurator.sol

Lines covered: 0 / 140 (0%)

// SPDX-License-Identifier: UNLICENSED
// Copyright (c) 2025 Aave Labs
pragma solidity 0.8.28;

import {IERC20Metadata} from 'src/dependencies/openzeppelin/IERC20Metadata.sol';
import {Ownable2Step, Ownable} from 'src/dependencies/openzeppelin/Ownable2Step.sol';
import {SafeCast} from 'src/dependencies/openzeppelin/SafeCast.sol';
import {IHub} from 'src/hub/interfaces/IHub.sol';
import {IHubConfigurator} from 'src/hub/interfaces/IHubConfigurator.sol';

/// @title HubConfigurator
/// @author Aave Labs
/// @notice Handles administrative functions on the Hub.
/// @dev Must be granted permission by the Hub.
contract HubConfigurator is Ownable2Step, IHubConfigurator {
  using SafeCast for uint256;

  /// @dev Constructor.
  /// @param owner_ The address of the owner.
  constructor(address owner_) Ownable(owner_) {}

  /// @inheritdoc IHubConfigurator
  function addAsset(
    address hub,
    address underlying,
    address feeReceiver,
    uint256 liquidityFee,
    address irStrategy,
    bytes calldata irData
  ) external onlyOwner returns (uint256) {
    IHub targetHub = IHub(hub);
    uint256 assetId = targetHub.addAsset(
      underlying,
      IERC20Metadata(underlying).decimals(),
      feeReceiver,
      irStrategy,
      irData
    );
    _updateLiquidityFee(targetHub, assetId, liquidityFee);
    return assetId;
  }

  /// @inheritdoc IHubConfigurator
  function addAsset(
    address hub,
    address underlying,
    uint8 decimals,
    address feeReceiver,
    uint256 liquidityFee,
    address irStrategy,
    bytes calldata irData
  ) external onlyOwner returns (uint256) {
    IHub targetHub = IHub(hub);
    uint256 assetId = targetHub.addAsset(underlying, decimals, feeReceiver, irStrategy, irData);
    _updateLiquidityFee(targetHub, assetId, liquidityFee);
    return assetId;
  }

  /// @inheritdoc IHubConfigurator
  function updateLiquidityFee(
    address hub,
    uint256 assetId,
    uint256 liquidityFee
  ) external onlyOwner {
    _updateLiquidityFee(IHub(hub), assetId, liquidityFee);
  }

  /// @inheritdoc IHubConfigurator
  function updateFeeReceiver(address hub, uint256 assetId, address feeReceiver) external onlyOwner {
    IHub targetHub = IHub(hub);
    IHub.AssetConfig memory config = targetHub.getAssetConfig(assetId);
    config.feeReceiver = feeReceiver;
    targetHub.updateAssetConfig(assetId, config, new bytes(0));
  }

  /// @inheritdoc IHubConfigurator
  function updateFeeConfig(
    address hub,
    uint256 assetId,
    uint256 liquidityFee,
    address feeReceiver
  ) external onlyOwner {
    IHub targetHub = IHub(hub);
    IHub.AssetConfig memory config = targetHub.getAssetConfig(assetId);
    config.liquidityFee = liquidityFee.toUint16();
    config.feeReceiver = feeReceiver;
    targetHub.updateAssetConfig(assetId, config, new bytes(0));
  }

  /// @inheritdoc IHubConfigurator
  function updateInterestRateStrategy(
    address hub,
    uint256 assetId,
    address irStrategy,
    bytes calldata irData
  ) external onlyOwner {
    IHub targetHub = IHub(hub);
    IHub.AssetConfig memory config = targetHub.getAssetConfig(assetId);
    config.irStrategy = irStrategy;
    targetHub.updateAssetConfig(assetId, config, irData);
  }

  /// @inheritdoc IHubConfigurator
  function updateReinvestmentController(
    address hub,
    uint256 assetId,
    address reinvestmentController
  ) external onlyOwner {
    IHub targetHub = IHub(hub);
    IHub.AssetConfig memory config = targetHub.getAssetConfig(assetId);
    config.reinvestmentController = reinvestmentController;
    targetHub.updateAssetConfig(assetId, config, new bytes(0));
  }

  /// @inheritdoc IHubConfigurator
  function freezeAsset(address hub, uint256 assetId) external onlyOwner {
    IHub targetHub = IHub(hub);
    uint256 spokesCount = targetHub.getSpokeCount(assetId);

    for (uint256 i = 0; i < spokesCount; ++i) {
      address spoke = targetHub.getSpokeAddress(assetId, i);
      IHub.SpokeConfig memory config = targetHub.getSpokeConfig(assetId, spoke);
      config.addCap = 0;
      config.drawCap = 0;
      targetHub.updateSpokeConfig(assetId, spoke, config);
    }
  }

  /// @inheritdoc IHubConfigurator
  function deactivateAsset(address hub, uint256 assetId) external onlyOwner {
    IHub targetHub = IHub(hub);
    uint256 spokesCount = targetHub.getSpokeCount(assetId);
    for (uint256 i = 0; i < spokesCount; ++i) {
      address spoke = targetHub.getSpokeAddress(assetId, i);
      IHub.SpokeConfig memory config = targetHub.getSpokeConfig(assetId, spoke);
      config.active = false;
      targetHub.updateSpokeConfig(assetId, spoke, config);
    }
  }

  /// @inheritdoc IHubConfigurator
  function pauseAsset(address hub, uint256 assetId) external onlyOwner {
    IHub targetHub = IHub(hub);
    uint256 spokesCount = targetHub.getSpokeCount(assetId);
    for (uint256 i = 0; i < spokesCount; ++i) {
      address spoke = targetHub.getSpokeAddress(assetId, i);
      IHub.SpokeConfig memory config = targetHub.getSpokeConfig(assetId, spoke);
      config.paused = true;
      targetHub.updateSpokeConfig(assetId, spoke, config);
    }
  }

  /// @inheritdoc IHubConfigurator
  function addSpoke(
    address hub,
    address spoke,
    uint256 assetId,
    IHub.SpokeConfig calldata config
  ) external onlyOwner {
    IHub(hub).addSpoke(assetId, spoke, config);
  }

  /// @inheritdoc IHubConfigurator
  function addSpokeToAssets(
    address hub,
    address spoke,
    uint256[] calldata assetIds,
    IHub.SpokeConfig[] calldata configs
  ) external onlyOwner {
    uint256 assetCount = assetIds.length;
    require(assetCount == configs.length, MismatchedConfigs());
    for (uint256 i = 0; i < assetCount; ++i) {
      IHub(hub).addSpoke(assetIds[i], spoke, configs[i]);
    }
  }

  /// @inheritdoc IHubConfigurator
  function updateSpokeActive(
    address hub,
    uint256 assetId,
    address spoke,
    bool active
  ) external onlyOwner {
    IHub targetHub = IHub(hub);
    IHub.SpokeConfig memory config = targetHub.getSpokeConfig(assetId, spoke);
    config.active = active;
    targetHub.updateSpokeConfig(assetId, spoke, config);
  }

  /// @inheritdoc IHubConfigurator
  function updateSpokePaused(
    address hub,
    uint256 assetId,
    address spoke,
    bool paused
  ) external onlyOwner {
    IHub targetHub = IHub(hub);
    IHub.SpokeConfig memory config = targetHub.getSpokeConfig(assetId, spoke);
    config.paused = paused;
    targetHub.updateSpokeConfig(assetId, spoke, config);
  }

  /// @inheritdoc IHubConfigurator
  function updateSpokeSupplyCap(
    address hub,
    uint256 assetId,
    address spoke,
    uint256 addCap
  ) external onlyOwner {
    IHub targetHub = IHub(hub);
    IHub.SpokeConfig memory config = targetHub.getSpokeConfig(assetId, spoke);
    config.addCap = addCap.toUint40();
    targetHub.updateSpokeConfig(assetId, spoke, config);
  }

  /// @inheritdoc IHubConfigurator
  function updateSpokeDrawCap(
    address hub,
    uint256 assetId,
    address spoke,
    uint256 drawCap
  ) external onlyOwner {
    IHub targetHub = IHub(hub);
    IHub.SpokeConfig memory config = targetHub.getSpokeConfig(assetId, spoke);
    config.drawCap = drawCap.toUint40();
    targetHub.updateSpokeConfig(assetId, spoke, config);
  }

  /// @inheritdoc IHubConfigurator
  function updateSpokeRiskPremiumThreshold(
    address hub,
    uint256 assetId,
    address spoke,
    uint256 riskPremiumThreshold
  ) external onlyOwner {
    IHub targetHub = IHub(hub);
    IHub.SpokeConfig memory config = targetHub.getSpokeConfig(assetId, spoke);
    config.riskPremiumThreshold = riskPremiumThreshold.toUint24();
    targetHub.updateSpokeConfig(assetId, spoke, config);
  }

  /// @inheritdoc IHubConfigurator
  function updateSpokeCaps(
    address hub,
    uint256 assetId,
    address spoke,
    uint256 addCap,
    uint256 drawCap
  ) external onlyOwner {
    _updateSpokeCaps(IHub(hub), assetId, spoke, addCap, drawCap);
  }

  /// @inheritdoc IHubConfigurator
  function deactivateSpoke(address hub, address spoke) external onlyOwner {
    IHub targetHub = IHub(hub);
    uint256 assetCount = targetHub.getAssetCount();
    for (uint256 assetId = 0; assetId < assetCount; ++assetId) {
      if (targetHub.isSpokeListed(assetId, spoke)) {
        IHub.SpokeConfig memory config = targetHub.getSpokeConfig(assetId, spoke);
        config.active = false;
        targetHub.updateSpokeConfig(assetId, spoke, config);
      }
    }
  }

  /// @inheritdoc IHubConfigurator
  function pauseSpoke(address hub, address spoke) external onlyOwner {
    IHub targetHub = IHub(hub);
    uint256 assetCount = targetHub.getAssetCount();
    for (uint256 assetId = 0; assetId < assetCount; ++assetId) {
      if (targetHub.isSpokeListed(assetId, spoke)) {
        IHub.SpokeConfig memory config = targetHub.getSpokeConfig(assetId, spoke);
        config.paused = true;
        targetHub.updateSpokeConfig(assetId, spoke, config);
      }
    }
  }

  /// @inheritdoc IHubConfigurator
  function freezeSpoke(address hub, address spoke) external onlyOwner {
    IHub targetHub = IHub(hub);
    uint256 assetCount = targetHub.getAssetCount();
    for (uint256 assetId = 0; assetId < assetCount; ++assetId) {
      if (targetHub.isSpokeListed(assetId, spoke)) {
        IHub.SpokeConfig memory config = targetHub.getSpokeConfig(assetId, spoke);
        config.addCap = 0;
        config.drawCap = 0;
        targetHub.updateSpokeConfig(assetId, spoke, config);
      }
    }
  }

  /// @inheritdoc IHubConfigurator
  function updateInterestRateData(
    address hub,
    uint256 assetId,
    bytes calldata irData
  ) external onlyOwner {
    IHub(hub).setInterestRateData(assetId, irData);
  }

  /// @dev Updates spoke caps without changing the active flag.
  function _updateSpokeCaps(
    IHub hub,
    uint256 assetId,
    address spoke,
    uint256 addCap,
    uint256 drawCap
  ) internal {
    IHub.SpokeConfig memory config = hub.getSpokeConfig(assetId, spoke);
    config.addCap = addCap.toUint40();
    config.drawCap = drawCap.toUint40();
    hub.updateSpokeConfig(assetId, spoke, config);
  }

  function _updateLiquidityFee(IHub hub, uint256 assetId, uint256 liquidityFee) internal {
    IHub.AssetConfig memory config = hub.getAssetConfig(assetId);
    config.liquidityFee = liquidityFee.toUint16();
    hub.updateAssetConfig(assetId, config, new bytes(0));
  }
}

95% src/hub/libraries/AssetLogic.sol

Lines covered: 96 / 101 (95%)

// SPDX-License-Identifier: UNLICENSED
// Copyright (c) 2025 Aave Labs
pragma solidity ^0.8.20;

import {SafeCast} from 'src/dependencies/openzeppelin/SafeCast.sol';
import {MathUtils} from 'src/libraries/math/MathUtils.sol';
import {PercentageMath} from 'src/libraries/math/PercentageMath.sol';
import {WadRayMath} from 'src/libraries/math/WadRayMath.sol';
import {SharesMath} from 'src/hub/libraries/SharesMath.sol';
import {Premium} from 'src/hub/libraries/Premium.sol';
import {IBasicInterestRateStrategy} from 'src/hub/interfaces/IBasicInterestRateStrategy.sol';
import {IHub} from 'src/hub/interfaces/IHub.sol';

/// @title AssetLogic library
/// @author Aave Labs
/// @notice Implements the base logic and share price conversions for asset data.
library AssetLogic {
  using AssetLogic for IHub.Asset;
  using SafeCast for uint256;
  using MathUtils for uint256;
  using PercentageMath for uint256;
  using WadRayMath for *;
  using SharesMath for uint256;

  /// @notice Converts an amount of shares to the equivalent amount of drawn assets, rounding up.
  function toDrawnAssetsUp(
    IHub.Asset storage asset,
    uint256 shares
  ) internal view returns (uint256) {
    return shares.rayMulUp(asset.getDrawnIndex());
  }

  /// @notice Converts an amount of shares to the equivalent amount of drawn assets, rounding down.
  function toDrawnAssetsDown(
    IHub.Asset storage asset,
    uint256 shares
  ) internal view returns (uint256) {
    return shares.rayMulDown(asset.getDrawnIndex());
  }

  /// @notice Converts an amount of drawn assets to the equivalent amount of shares, rounding up.
  function toDrawnSharesUp(
    IHub.Asset storage asset,
    uint256 assets
  ) internal view returns (uint256) {
    return assets.rayDivUp(asset.getDrawnIndex());
  }

  /// @notice Converts an amount of drawn assets to the equivalent amount of shares, rounding down.
  function toDrawnSharesDown(
    IHub.Asset storage asset,
    uint256 assets
  ) internal view returns (uint256) {
    return assets.rayDivDown(asset.getDrawnIndex());
  }

  /// @notice Returns the total drawn assets amount for the specified asset.
  function drawn(IHub.Asset storage asset, uint256 drawnIndex) internal view returns (uint256) {
    return asset.drawnShares.rayMulUp(drawnIndex);
  }

  /// @notice Returns the total premium amount for the specified asset.
  function premium(IHub.Asset storage asset, uint256 drawnIndex) internal view returns (uint256) {
    return
      Premium
        .calculatePremiumRay({
          premiumShares: asset.premiumShares,
          drawnIndex: drawnIndex,
          premiumOffsetRay: asset.premiumOffsetRay
        })
        .fromRayUp();
  }

  /// @notice Returns the total amount owed for the specified asset, including drawn and premium.
  function totalOwed(IHub.Asset storage asset, uint256 drawnIndex) internal view returns (uint256) {
    return asset.drawn(drawnIndex) + asset.premium(drawnIndex);
  }

  /// @notice Returns the total added assets for the specified asset.
  function totalAddedAssets(IHub.Asset storage asset) internal view returns (uint256) {
    uint256 drawnIndex = asset.getDrawnIndex();

    uint256 aggregatedOwedRay = _calculateAggregatedOwedRay({
      drawnShares: asset.drawnShares,
      premiumShares: asset.premiumShares,
      premiumOffsetRay: asset.premiumOffsetRay,
      deficitRay: asset.deficitRay,
      drawnIndex: drawnIndex
    });

    return
      asset.liquidity +
      asset.swept +
      aggregatedOwedRay.fromRayUp() -
      asset.realizedFees -
      asset.getUnrealizedFees(drawnIndex);
  }

  /// @notice Converts an amount of shares to the equivalent amount of added assets, rounding up.
  function toAddedAssetsUp(
    IHub.Asset storage asset,
    uint256 shares
  ) internal view returns (uint256) {
    return shares.toAssetsUp(asset.totalAddedAssets(), asset.addedShares);
  }

  /// @notice Converts an amount of shares to the equivalent amount of added assets, rounding down.
  function toAddedAssetsDown(
    IHub.Asset storage asset,
    uint256 shares
  ) internal view returns (uint256) {
    return shares.toAssetsDown(asset.totalAddedAssets(), asset.addedShares);
  }

  /// @notice Converts an amount of added assets to the equivalent amount of shares, rounding up.
  function toAddedSharesUp(
    IHub.Asset storage asset,
    uint256 assets
  ) internal view returns (uint256) {
    return assets.toSharesUp(asset.totalAddedAssets(), asset.addedShares);
  }

  /// @notice Converts an amount of added assets to the equivalent amount of shares, rounding down.
  function toAddedSharesDown(
    IHub.Asset storage asset,
    uint256 assets
  ) internal view returns (uint256) {
    return assets.toSharesDown(asset.totalAddedAssets(), asset.addedShares);
  }

  /// @notice Updates the drawn rate of a specified asset.
  /// @dev Premium debt is not used in the interest rate calculation.
  /// @dev Uses last stored index; asset accrual should have already occurred.
  /// @dev Imprecision from downscaling `deficitRay` does not accumulate.
  function updateDrawnRate(IHub.Asset storage asset, uint256 assetId) internal {
    uint256 drawnIndex = asset.drawnIndex;
    uint256 newDrawnRate = IBasicInterestRateStrategy(asset.irStrategy).calculateInterestRate({
      assetId: assetId,
      liquidity: asset.liquidity,
      drawn: asset.drawn(drawnIndex),
      deficit: asset.deficitRay.fromRayUp(),
      swept: asset.swept
    });
    asset.drawnRate = newDrawnRate.toUint96();

    emit IHub.UpdateAsset(assetId, drawnIndex, newDrawnRate, asset.realizedFees);
  }

  /// @notice Accrues interest and fees for the specified asset.
  function accrue(IHub.Asset storage asset) internal {
    if (asset.lastUpdateTimestamp == block.timestamp) {
      return;
    }

    uint256 drawnIndex = asset.getDrawnIndex();
    asset.realizedFees += asset.getUnrealizedFees(drawnIndex).toUint120();
    asset.drawnIndex = drawnIndex.toUint120();
    asset.lastUpdateTimestamp = block.timestamp.toUint40();
  }

  /// @notice Calculates the drawn index of a specified asset based on the existing drawn rate and index.
  function getDrawnIndex(IHub.Asset storage asset) internal view returns (uint256) {
    uint256 previousIndex = asset.drawnIndex;
    uint40 lastUpdateTimestamp = asset.lastUpdateTimestamp;
    if (
      lastUpdateTimestamp == block.timestamp || (asset.drawnShares == 0 && asset.premiumShares == 0)
    ) {
      return previousIndex;
    }
    return
      previousIndex.rayMulUp(
        MathUtils.calculateLinearInterest(asset.drawnRate, lastUpdateTimestamp)
      );
  }

  /// @notice Calculates the amount of fees derived from the index growth due to interest accrual.
  /// @param drawnIndex The current drawn index.
  function getUnrealizedFees(
    IHub.Asset storage asset,
    uint256 drawnIndex
  ) internal view returns (uint256) {
    uint256 previousIndex = asset.drawnIndex;
    if (previousIndex == drawnIndex) {
      return 0;
    }

    uint256 liquidityFee = asset.liquidityFee;
    if (liquidityFee == 0) {
      return 0;
    }

    uint120 drawnShares = asset.drawnShares;
    uint120 premiumShares = asset.premiumShares;
    int256 premiumOffsetRay = asset.premiumOffsetRay;
    uint256 deficitRay = asset.deficitRay;

    uint256 aggregatedOwedRayAfter = _calculateAggregatedOwedRay({
      drawnShares: drawnShares,
      premiumShares: premiumShares,
      premiumOffsetRay: premiumOffsetRay,
      deficitRay: deficitRay,
      drawnIndex: drawnIndex
    });

    uint256 aggregatedOwedRayBefore = _calculateAggregatedOwedRay({
      drawnShares: drawnShares,
      premiumShares: premiumShares,
      premiumOffsetRay: premiumOffsetRay,
      deficitRay: deficitRay,
      drawnIndex: previousIndex
    });

    return
      (aggregatedOwedRayAfter.fromRayUp() - aggregatedOwedRayBefore.fromRayUp()).percentMulDown(
        liquidityFee
      );
  }

  /// @notice Calculates the aggregated owed amount for a specified asset, expressed in asset units and scaled by RAY.
  function _calculateAggregatedOwedRay(
    uint256 drawnShares,
    uint256 premiumShares,
    int256 premiumOffsetRay,
    uint256 deficitRay,
    uint256 drawnIndex
  ) internal pure returns (uint256) {
    uint256 premiumRay = Premium.calculatePremiumRay({
      premiumShares: premiumShares,
      premiumOffsetRay: premiumOffsetRay,
      drawnIndex: drawnIndex
    });
    return (drawnShares * drawnIndex) + premiumRay + deficitRay;
  }
}

75% src/hub/libraries/Premium.sol

Lines covered: 3 / 4 (75%)

// SPDX-License-Identifier: UNLICENSED
// Copyright (c) 2025 Aave Labs
pragma solidity ^0.8.20;

import {SafeCast} from 'src/dependencies/openzeppelin/SafeCast.sol';

/// @title Premium library
/// @author Aave Labs
/// @notice Implements the premium calculations.
library Premium {
  using SafeCast for *;

  /// @notice Calculates the premium debt with full precision.
  /// @param premiumShares The number of premium shares.
  /// @param premiumOffsetRay The premium offset, expressed in asset units and scaled by RAY.
  /// @param drawnIndex The current drawn index.
  /// @return The premium debt, expressed in asset units and scaled by RAY.
  function calculatePremiumRay(
    uint256 premiumShares,
    int256 premiumOffsetRay,
    uint256 drawnIndex
  ) internal pure returns (uint256) {
    return ((premiumShares * drawnIndex).toInt256() - premiumOffsetRay).toUint256();
  }
}

93% src/hub/libraries/SharesMath.sol

Lines covered: 14 / 15 (93%)

// SPDX-License-Identifier: UNLICENSED
// Copyright (c) 2025 Aave Labs
pragma solidity ^0.8.20;

import {MathUtils} from 'src/libraries/math/MathUtils.sol';

/// @title SharesMath library
/// @author Aave Labs
/// @notice Implements the logic to convert between assets and shares.
/// @dev Utilizes virtual assets and shares to mitigate share manipulation attacks.
library SharesMath {
  using MathUtils for uint256;

  uint256 internal constant VIRTUAL_ASSETS = 1e6;
  uint256 internal constant VIRTUAL_SHARES = 1e6;

  /// @notice Converts an amount of assets to the equivalent amount of shares, rounding down.
  function toSharesDown(
    uint256 assets,
    uint256 totalAssets,
    uint256 totalShares
  ) internal pure returns (uint256) {
    return assets.mulDivDown(totalShares + VIRTUAL_SHARES, totalAssets + VIRTUAL_ASSETS);
  }

  /// @notice Converts an amount of shares to the equivalent amount of assets, rounding down.
  function toAssetsDown(
    uint256 shares,
    uint256 totalAssets,
    uint256 totalShares
  ) internal pure returns (uint256) {
    return shares.mulDivDown(totalAssets + VIRTUAL_ASSETS, totalShares + VIRTUAL_SHARES);
  }

  /// @notice Converts an amount of assets to the equivalent amount of shares, rounding up.
  function toSharesUp(
    uint256 assets,
    uint256 totalAssets,
    uint256 totalShares
  ) internal pure returns (uint256) {
    return assets.mulDivUp(totalShares + VIRTUAL_SHARES, totalAssets + VIRTUAL_ASSETS);
  }

  /// @notice Converts an amount of shares to the equivalent amount of assets, rounding up.
  function toAssetsUp(
    uint256 shares,
    uint256 totalAssets,
    uint256 totalShares
  ) internal pure returns (uint256) {
    return shares.mulDivUp(totalAssets + VIRTUAL_ASSETS, totalShares + VIRTUAL_SHARES);
  }
}

81% src/libraries/math/MathUtils.sol

Lines covered: 26 / 32 (81%)

// SPDX-License-Identifier: UNLICENSED
// Copyright (c) 2025 Aave Labs
pragma solidity ^0.8.20;

/// @title MathUtils library
/// @author Aave Labs
library MathUtils {
  uint256 internal constant RAY = 1e27;
  /// @dev Ignoring leap years
  uint256 internal constant SECONDS_PER_YEAR = 365 days;

  /// @notice Calculates the interest accumulated using a linear interest rate formula.
  /// @dev Reverts if `lastUpdateTimestamp` is greater than `block.timestamp`.
  /// @param rate The interest rate in RAY units.
  /// @param lastUpdateTimestamp The timestamp to calculate interest rate from.
  /// @return result The interest rate linearly accumulated during the time delta in RAY units.
  function calculateLinearInterest(
    uint96 rate,
    uint40 lastUpdateTimestamp
  ) internal view returns (uint256 result) {
    assembly ('memory-safe') {
      if gt(lastUpdateTimestamp, timestamp()) {
        revert(0, 0)
      }
      result := sub(timestamp(), lastUpdateTimestamp)
      result := add(div(mul(rate, result), SECONDS_PER_YEAR), RAY)
    }
  }

  /// @notice Returns the smaller of two unsigned integers.
  function min(uint256 a, uint256 b) internal pure returns (uint256 result) {
    assembly ('memory-safe') {
      result := xor(b, mul(xor(a, b), lt(a, b)))
    }
  }

  /// @notice Returns the sum of an unsigned and signed integer.
  /// @dev Reverts on underflow.
  function add(uint256 a, int256 b) internal pure returns (uint256) {
    if (b >= 0) return a + uint256(b);
    return a - uint256(-b);
  }

  /// @notice Returns the sum of two unsigned integers.
  /// @dev Does not revert on overflow.
  function uncheckedAdd(uint256 a, uint256 b) internal pure returns (uint256) {
    unchecked {
      return a + b;
    }
  }

  /// @notice Returns the difference of two unsigned integers as a signed integer.
  /// @dev Does not ensure the `a` and `b` values are within the range of a signed integer.
  function signedSub(uint256 a, uint256 b) internal pure returns (int256) {
    return int256(a) - int256(b);
  }

  /// @notice Returns the difference of two unsigned integers.
  /// @dev Does not revert on underflow.
  function uncheckedSub(uint256 a, uint256 b) internal pure returns (uint256) {
    unchecked {
      return a - b;
    }
  }

  /// @notice Raises an unsigned integer to the power of an unsigned integer.
  /// @dev Does not revert on overflow.
  function uncheckedExp(uint256 a, uint256 b) internal pure returns (uint256) {
    unchecked {
      return a ** b;
    }
  }

  /// @notice Multiplies `a` and `b` in 256 bits and divides the result by `c`, rounding down.
  /// @dev Reverts if division by zero or overflow occurs on intermediate multiplication.
  /// @return d = floor(a * b / c).
  function mulDivDown(uint256 a, uint256 b, uint256 c) internal pure returns (uint256 d) {
    // to avoid overflow, a <= type(uint256).max / b
    assembly ('memory-safe') {
      if iszero(c) {
        revert(0, 0)
      }
      if iszero(or(iszero(b), iszero(gt(a, div(not(0), b))))) {
        revert(0, 0)
      }
      d := div(mul(a, b), c)
    }
  }

  /// @notice Multiplies `a` and `b` in 256 bits and divides the result by `c`, rounding up.
  /// @dev Reverts if division by zero or overflow occurs on intermediate multiplication.
  /// @return d = ceil(a * b / c).
  function mulDivUp(uint256 a, uint256 b, uint256 c) internal pure returns (uint256 d) {
    // to avoid overflow, a <= type(uint256).max / b
    assembly ('memory-safe') {
      if iszero(c) {
        revert(0, 0)
      }
      if iszero(or(iszero(b), iszero(gt(a, div(not(0), b))))) {
        revert(0, 0)
      }
      d := mul(a, b)
      // add 1 if (a * b) % c > 0 to round up the division of (a * b) by c
      d := add(div(d, c), gt(mod(d, c), 0))
    }
  }
}

45% src/libraries/math/PercentageMath.sol

Lines covered: 11 / 24 (45%)

// SPDX-License-Identifier: UNLICENSED
// Copyright (c) 2025 Aave Labs
pragma solidity ^0.8.20;

/// @title PercentageMath library
/// @author Aave Labs
/// @notice Provides functions to perform percentage calculations with explicit rounding.
/// @dev Percentages are defined by default with 2 decimals of precision (100.00). The precision is indicated by `PERCENTAGE_FACTOR`.
library PercentageMath {
  // Maximum percentage factor in BPS (100.00%)
  uint256 internal constant PERCENTAGE_FACTOR = 1e4;

  /// @notice Executes a percentage multiplication, rounded down.
  /// @dev Reverts if intermediate multiplication overflows.
  /// @return result = floor(value * percentage / PERCENTAGE_FACTOR)
  function percentMulDown(
    uint256 value,
    uint256 percentage
  ) internal pure returns (uint256 result) {
    // to avoid overflow, value <= type(uint256).max / percentage
    assembly ('memory-safe') {
      if iszero(or(iszero(percentage), iszero(gt(value, div(not(0), percentage))))) {
        revert(0, 0)
      }

      result := div(mul(value, percentage), PERCENTAGE_FACTOR)
    }
  }

  /// @notice Executes a percentage multiplication, rounded up.
  /// @dev Reverts if intermediate multiplication overflows.
  /// @return result = ceil(value * percentage / PERCENTAGE_FACTOR)
  function percentMulUp(uint256 value, uint256 percentage) internal pure returns (uint256 result) {
    // to avoid overflow, value <= type(uint256).max / percentage
    assembly ('memory-safe') {
      if iszero(or(iszero(percentage), iszero(gt(value, div(not(0), percentage))))) {
        revert(0, 0)
      }
      result := mul(value, percentage)

      // Add 1 if (value * percentage) % PERCENTAGE_FACTOR > 0 to round up the division of (value * percentage) by PERCENTAGE_FACTOR
      result := add(div(result, PERCENTAGE_FACTOR), gt(mod(result, PERCENTAGE_FACTOR), 0))
    }
  }

  /// @notice Executes a percentage division, rounded down.
  /// @dev Reverts if division by zero or intermediate multiplication overflows.
  /// @return result = floor(value * PERCENTAGE_FACTOR / percentage)
  function percentDivDown(
    uint256 value,
    uint256 percentage
  ) internal pure returns (uint256 result) {
    // to avoid overflow, value <= type(uint256).max / PERCENTAGE_FACTOR
    assembly ('memory-safe') {
      if or(iszero(percentage), iszero(iszero(gt(value, div(not(0), PERCENTAGE_FACTOR))))) {
        revert(0, 0)
      }

      result := div(mul(value, PERCENTAGE_FACTOR), percentage)
    }
  }

  /// @notice Executes a percentage division, rounded up.
  /// @dev Reverts if division by zero or intermediate multiplication overflows.
  /// @return result = ceil(value * PERCENTAGE_FACTOR / percentage)
  function percentDivUp(uint256 value, uint256 percentage) internal pure returns (uint256 result) {
    // to avoid overflow, value <= type(uint256).max / PERCENTAGE_FACTOR
    assembly ('memory-safe') {
      if or(iszero(percentage), iszero(iszero(gt(value, div(not(0), PERCENTAGE_FACTOR))))) {
        revert(0, 0)
      }
      result := mul(value, PERCENTAGE_FACTOR)

      // Add 1 if (value * PERCENTAGE_FACTOR) % percentage > 0 to round up the division of (value * PERCENTAGE_FACTOR) by percentage
      result := add(div(result, percentage), gt(mod(result, percentage), 0))
    }
  }

  /// @notice Truncates number from BPS precision, rounding down.
  function fromBpsDown(uint256 value) internal pure returns (uint256) {
    return value / PERCENTAGE_FACTOR;
  }
}

54% src/libraries/math/WadRayMath.sol

Lines covered: 34 / 62 (54%)

// SPDX-License-Identifier: UNLICENSED
// Copyright (c) 2025 Aave Labs
pragma solidity ^0.8.20;

/// @title WadRayMath library
/// @author Aave Labs
/// @notice Provides utility functions to work with WAD and RAY units with explicit rounding.
library WadRayMath {
  uint256 internal constant WAD = 1e18;
  uint256 internal constant RAY = 1e27;
  uint256 internal constant PERCENTAGE_FACTOR = 1e4;

  /// @notice Multiplies two WAD numbers, rounding down.
  /// @dev Reverts if intermediate multiplication overflows.
  /// @return c = floor(a * b / WAD) in WAD units.
  function wadMulDown(uint256 a, uint256 b) internal pure returns (uint256 c) {
    assembly ('memory-safe') {
      // to avoid overflow, a <= type(uint256).max / b
      if iszero(or(iszero(b), iszero(gt(a, div(not(0), b))))) {
        revert(0, 0)
      }

      c := div(mul(a, b), WAD)
    }
  }

  /// @notice Multiplies two WAD numbers, rounding up.
  /// @dev Reverts if intermediate multiplication overflows.
  /// @return c = ceil(a * b / WAD) in WAD units.
  function wadMulUp(uint256 a, uint256 b) internal pure returns (uint256 c) {
    assembly ('memory-safe') {
      // to avoid overflow, a <= type(uint256).max / b
      if iszero(or(iszero(b), iszero(gt(a, div(not(0), b))))) {
        revert(0, 0)
      }
      c := mul(a, b)
      // Add 1 if (a * b) % WAD > 0 to round up the division of (a * b) by WAD
      c := add(div(c, WAD), gt(mod(c, WAD), 0))
    }
  }

  /// @notice Divides two WAD numbers, rounding down.
  /// @dev Reverts if division by zero or intermediate multiplication overflows.
  /// @return c = floor(a * WAD / b) in WAD units.
  function wadDivDown(uint256 a, uint256 b) internal pure returns (uint256 c) {
    assembly ('memory-safe') {
      // to avoid overflow, a <= type(uint256).max / WAD
      if or(iszero(b), iszero(iszero(gt(a, div(not(0), WAD))))) {
        revert(0, 0)
      }

      c := div(mul(a, WAD), b)
    }
  }

  /// @notice Divides two WAD numbers, rounding up.
  /// @dev Reverts if division by zero or intermediate multiplication overflows.
  /// @return c = ceil(a * WAD / b) in WAD units.
  function wadDivUp(uint256 a, uint256 b) internal pure returns (uint256 c) {
    assembly ('memory-safe') {
      // to avoid overflow, a <= type(uint256).max / WAD
      if or(iszero(b), iszero(iszero(gt(a, div(not(0), WAD))))) {
        revert(0, 0)
      }
      c := mul(a, WAD)
      // Add 1 if (a * WAD) % b > 0 to round up the division of (a * WAD) by b
      c := add(div(c, b), gt(mod(c, b), 0))
    }
  }

  /// @notice Multiplies two RAY numbers, rounding down.
  /// @dev Reverts if intermediate multiplication overflows.
  /// @return c = floor(a * b / RAY) in RAY units.
  function rayMulDown(uint256 a, uint256 b) internal pure returns (uint256 c) {
    assembly ('memory-safe') {
      // to avoid overflow, a <= type(uint256).max / b
      if iszero(or(iszero(b), iszero(gt(a, div(not(0), b))))) {
        revert(0, 0)
      }

      c := div(mul(a, b), RAY)
    }
  }

  /// @notice Multiplies two RAY numbers, rounding up.
  /// @dev Reverts if intermediate multiplication overflows.
  /// @return c = ceil(a * b / RAY) in RAY units.
  function rayMulUp(uint256 a, uint256 b) internal pure returns (uint256 c) {
    assembly ('memory-safe') {
      // to avoid overflow, a <= type(uint256).max / b
      if iszero(or(iszero(b), iszero(gt(a, div(not(0), b))))) {
        revert(0, 0)
      }
      c := mul(a, b)
      // Add 1 if (a * b) % RAY > 0 to round up the division of (a * b) by RAY
      c := add(div(c, RAY), gt(mod(c, RAY), 0))
    }
  }

  /// @notice Divides two RAY numbers, rounding down.
  /// @dev Reverts if division by zero or intermediate multiplication overflows.
  /// @return c = floor(a * RAY / b) in RAY units.
  function rayDivDown(uint256 a, uint256 b) internal pure returns (uint256 c) {
    assembly ('memory-safe') {
      // to avoid overflow, a <= type(uint256).max / RAY
      if or(iszero(b), iszero(iszero(gt(a, div(not(0), RAY))))) {
        revert(0, 0)
      }

      c := div(mul(a, RAY), b)
    }
  }

  /// @notice Divides two RAY numbers, rounding up.
  /// @dev Reverts if division by zero or intermediate multiplication overflows.
  /// @return c = ceil(a * RAY / b) in RAY units.
  function rayDivUp(uint256 a, uint256 b) internal pure returns (uint256 c) {
    assembly ('memory-safe') {
      // to avoid overflow, a <= type(uint256).max / RAY
      if or(iszero(b), iszero(iszero(gt(a, div(not(0), RAY))))) {
        revert(0, 0)
      }
      c := mul(a, RAY)
      // Add 1 if (a * RAY) % b > 0 to round up the division of (a * RAY) by b
      c := add(div(c, b), gt(mod(c, b), 0))
    }
  }

  /// @notice Casts value to WAD, adding 18 digits of precision.
  /// @dev Reverts if intermediate multiplication overflows.
  /// @return b = a * WAD in WAD units.
  function toWad(uint256 a) internal pure returns (uint256 b) {
    assembly ('memory-safe') {
      b := mul(a, WAD)

      // to avoid overflow, b/WAD == a
      if iszero(eq(div(b, WAD), a)) {
        revert(0, 0)
      }
    }
  }

  /// @notice Casts value to RAY, adding 27 digits of precision.
  /// @dev Reverts if intermediate multiplication overflows.
  /// @return b = a * RAY in RAY units.
  function toRay(uint256 a) internal pure returns (uint256 b) {
    assembly ('memory-safe') {
      b := mul(a, RAY)

      // to avoid overflow, b/RAY == a
      if iszero(eq(div(b, RAY), a)) {
        revert(0, 0)
      }
    }
  }

  /// @notice Removes WAD precision from a given value, rounding down.
  /// @return b = a / WAD.
  function fromWadDown(uint256 a) internal pure returns (uint256 b) {
    assembly ('memory-safe') {
      b := div(a, WAD)
    }
  }

  /// @notice Removes RAY precision from a given value, rounding up.
  /// @return b = ceil(a / RAY).
  function fromRayUp(uint256 a) internal pure returns (uint256 b) {
    assembly ('memory-safe') {
      // add 1 if (a % RAY) > 0 to round up the division of a by RAY
      b := add(div(a, RAY), gt(mod(a, RAY), 0))
    }
  }

  /// @notice Converts value from basis points to WAD, rounding down.
  /// @dev Reverts if intermediate multiplication overflows.
  /// @return b = floor(a * WAD / PERCENTAGE_FACTOR) in WAD units.
  function bpsToWad(uint256 a) internal pure returns (uint256 b) {
    assembly ('memory-safe') {
      b := mul(a, WAD)

      // to avoid overflow, b/WAD == a
      if iszero(eq(div(b, WAD), a)) {
        revert(0, 0)
      }

      b := div(b, PERCENTAGE_FACTOR)
    }
  }

  /// @notice Converts value from basis points to RAY, rounding down.
  /// @dev Reverts if intermediate multiplication overflows.
  /// @return b = a * RAY / PERCENTAGE_FACTOR in RAY units.
  function bpsToRay(uint256 a) internal pure returns (uint256 b) {
    assembly ('memory-safe') {
      b := mul(a, RAY)

      // to avoid overflow, b/RAY == a
      if iszero(eq(div(b, RAY), a)) {
        revert(0, 0)
      }

      b := div(b, PERCENTAGE_FACTOR)
    }
  }
}

0% src/libraries/types/EIP712Types.sol

Lines covered: 0 / 1 (0%)

// SPDX-License-Identifier: UNLICENSED
// Copyright (c) 2025 Aave Labs
pragma solidity ^0.8.20;

/// @title EIP712Types library
/// @author Aave Labs
/// @notice Defines type structs used in EIP712-typed signatures.
library EIP712Types {
  struct SetUserPositionManager {
    address positionManager;
    address user;
    bool approve;
    uint256 nonce;
    uint256 deadline;
  }

  struct Permit {
    address owner;
    address spender;
    uint256 value;
    uint256 nonce;
    uint256 deadline;
  }

  struct Supply {
    address spoke;
    uint256 reserveId;
    uint256 amount;
    address onBehalfOf;
    uint256 nonce;
    uint256 deadline;
  }

  struct Withdraw {
    address spoke;
    uint256 reserveId;
    uint256 amount;
    address onBehalfOf;
    uint256 nonce;
    uint256 deadline;
  }

  struct Borrow {
    address spoke;
    uint256 reserveId;
    uint256 amount;
    address onBehalfOf;
    uint256 nonce;
    uint256 deadline;
  }

  struct Repay {
    address spoke;
    uint256 reserveId;
    uint256 amount;
    address onBehalfOf;
    uint256 nonce;
    uint256 deadline;
  }

  struct SetUsingAsCollateral {
    address spoke;
    uint256 reserveId;
    bool useAsCollateral;
    address onBehalfOf;
    uint256 nonce;
    uint256 deadline;
  }

  struct UpdateUserRiskPremium {
    address spoke;
    address user;
    uint256 nonce;
    uint256 deadline;
  }

  struct UpdateUserDynamicConfig {
    address spoke;
    address user;
    uint256 nonce;
    uint256 deadline;
  }
}

60% src/libraries/types/Roles.sol

Lines covered: 3 / 5 (60%)

// SPDX-License-Identifier: UNLICENSED
// Copyright (c) 2025 Aave Labs
pragma solidity ^0.8.20;

/// @title Roles library
/// @author Aave Labs
/// @notice Defines the different roles used by the protocol.
library Roles {
  uint64 public constant DEFAULT_ADMIN_ROLE = 0;
  uint64 public constant HUB_ADMIN_ROLE = 1;
  uint64 public constant SPOKE_ADMIN_ROLE = 2;
  uint64 public constant USER_POSITION_UPDATER_ROLE = 3;
}

0% src/misc/UnitPriceFeed.sol

Lines covered: 0 / 22 (0%)

// SPDX-License-Identifier: UNLICENSED
// Copyright (c) 2025 Aave Labs
pragma solidity 0.8.28;

import {AggregatorV3Interface} from 'src/dependencies/chainlink/AggregatorV3Interface.sol';

/// @title UnitPriceFeed contract
/// @author Aave Labs
/// @notice Price feed that returns the unit price (1), with decimals precision.
/// @dev This price feed can be set for reserves that use the base currency as collateral.
contract UnitPriceFeed is AggregatorV3Interface {
  /// @inheritdoc AggregatorV3Interface
  uint8 public immutable decimals;

  /// @inheritdoc AggregatorV3Interface
  string public description;

  int256 private immutable _units;

  /// @dev Constructor.
  /// @param decimals_ The number of decimals used to represent the unit price.
  /// @param description_ The description of the unit price feed.
  constructor(uint8 decimals_, string memory description_) {
    decimals = decimals_;
    description = description_;
    _units = int256(10 ** decimals_);
  }

  /// @inheritdoc AggregatorV3Interface
  function version() external pure returns (uint256) {
    return 1;
  }

  /// @inheritdoc AggregatorV3Interface
  function getRoundData(
    uint80 _roundId
  )
    external
    view
    returns (
      uint80 roundId,
      int256 answer,
      uint256 startedAt,
      uint256 updatedAt,
      uint80 answeredInRound
    )
  {
    if (_roundId <= uint80(block.timestamp)) {
      roundId = _roundId;
      answer = _units;
      startedAt = _roundId;
      updatedAt = _roundId;
      answeredInRound = _roundId;
    }
  }

  /// @inheritdoc AggregatorV3Interface
  function latestRoundData()
    external
    view
    returns (
      uint80 roundId,
      int256 answer,
      uint256 startedAt,
      uint256 updatedAt,
      uint80 answeredInRound
    )
  {
    roundId = uint80(block.timestamp);
    answer = _units;
    startedAt = block.timestamp;
    updatedAt = block.timestamp;
    answeredInRound = roundId;
  }
}

0% src/position-manager/GatewayBase.sol

Lines covered: 0 / 17 (0%)

// SPDX-License-Identifier: UNLICENSED
// Copyright (c) 2025 Aave Labs
pragma solidity 0.8.28;

import {Ownable2Step, Ownable} from 'src/dependencies/openzeppelin/Ownable2Step.sol';
import {Rescuable} from 'src/utils/Rescuable.sol';
import {ISpoke} from 'src/spoke/interfaces/ISpoke.sol';
import {IGatewayBase} from 'src/position-manager/interfaces/IGatewayBase.sol';

/// @title GatewayBase
/// @author Aave Labs
/// @notice Base implementation for gateway common functionalities.
abstract contract GatewayBase is IGatewayBase, Rescuable, Ownable2Step {
  mapping(address => bool) internal _registeredSpokes;

  /// @notice Modifier that checks if the specified spoke is registered.
  modifier onlyRegisteredSpoke(address spoke) {
    _isSpokeValid(spoke);
    _;
  }

  /// @dev Constructor.
  /// @param initialOwner_ The address of the initial owner.
  constructor(address initialOwner_) Ownable(initialOwner_) {}

  /// @inheritdoc IGatewayBase
  function registerSpoke(address spoke, bool active) external onlyOwner {
    require(spoke != address(0), InvalidAddress());
    _registeredSpokes[spoke] = active;
    emit SpokeRegistered(spoke, active);
  }

  /// @inheritdoc IGatewayBase
  function renouncePositionManagerRole(address spoke, address user) external onlyOwner {
    require(user != address(0), InvalidAddress());
    ISpoke(spoke).renouncePositionManagerRole(user);
  }

  /// @inheritdoc IGatewayBase
  function isSpokeRegistered(address spoke) external view returns (bool) {
    return _registeredSpokes[spoke];
  }

  /// @dev Verifies the specified spoke is registered.
  function _isSpokeValid(address spoke) internal view {
    require(_registeredSpokes[spoke], SpokeNotRegistered());
  }

  /// @return The underlying asset for `reserveId` on the specified spoke.
  function _getReserveUnderlying(address spoke, uint256 reserveId) internal view returns (address) {
    return ISpoke(spoke).getReserve(reserveId).underlying;
  }

  /// @dev The `owner()` is the allowed caller for Rescuable methods.
  function _rescueGuardian() internal view override returns (address) {
    return owner();
  }
}

0% src/position-manager/NativeTokenGateway.sol

Lines covered: 0 / 70 (0%)

// SPDX-License-Identifier: UNLICENSED
// Copyright (c) 2025 Aave Labs
pragma solidity 0.8.28;

import {ReentrancyGuardTransient} from 'src/dependencies/openzeppelin/ReentrancyGuardTransient.sol';
import {Address} from 'src/dependencies/openzeppelin/Address.sol';
import {SafeERC20, IERC20} from 'src/dependencies/openzeppelin/SafeERC20.sol';
import {GatewayBase} from 'src/position-manager/GatewayBase.sol';
import {ISpoke} from 'src/spoke/interfaces/ISpoke.sol';
import {INativeWrapper} from 'src/position-manager/interfaces/INativeWrapper.sol';
import {INativeTokenGateway} from 'src/position-manager/interfaces/INativeTokenGateway.sol';

/// @title NativeTokenGateway
/// @author Aave Labs
/// @notice Gateway to interact with a spoke using the native coin of a chain.
/// @dev Contract must be an active & approved user position manager in order to execute spoke actions on a user's behalf.
contract NativeTokenGateway is INativeTokenGateway, GatewayBase, ReentrancyGuardTransient {
  using SafeERC20 for *;

  INativeWrapper internal immutable _nativeWrapper;

  /// @dev Constructor.
  /// @param nativeWrapper_ The address of the native wrapper contract.
  /// @param initialOwner_ The address of the initial owner.
  constructor(address nativeWrapper_, address initialOwner_) GatewayBase(initialOwner_) {
    require(nativeWrapper_ != address(0), InvalidAddress());
    _nativeWrapper = INativeWrapper(payable(nativeWrapper_));
  }

  /// @dev Checks only 'nativeWrapper' can transfer native tokens.
  receive() external payable {
    require(msg.sender == address(_nativeWrapper), UnsupportedAction());
  }

  /// @dev Unsupported fallback function.
  fallback() external payable {
    revert UnsupportedAction();
  }

  /// @inheritdoc INativeTokenGateway
  function supplyNative(
    address spoke,
    uint256 reserveId,
    uint256 amount
  ) external payable nonReentrant onlyRegisteredSpoke(spoke) returns (uint256, uint256) {
    require(msg.value == amount, NativeAmountMismatch());
    return _supplyNative(spoke, reserveId, msg.sender, amount);
  }

  /// @inheritdoc INativeTokenGateway
  function supplyAsCollateralNative(
    address spoke,
    uint256 reserveId,
    uint256 amount
  ) external payable nonReentrant onlyRegisteredSpoke(spoke) returns (uint256, uint256) {
    require(msg.value == amount, NativeAmountMismatch());
    (uint256 suppliedShares, uint256 suppliedAmount) = _supplyNative(
      spoke,
      reserveId,
      msg.sender,
      amount
    );
    ISpoke(spoke).setUsingAsCollateral(reserveId, true, msg.sender);

    return (suppliedShares, suppliedAmount);
  }

  /// @inheritdoc INativeTokenGateway
  function withdrawNative(
    address spoke,
    uint256 reserveId,
    uint256 amount
  ) external onlyRegisteredSpoke(spoke) returns (uint256, uint256) {
    address underlying = _getReserveUnderlying(spoke, reserveId);
    _validateParams(underlying, amount);

    (uint256 withdrawnShares, uint256 withdrawnAmount) = ISpoke(spoke).withdraw(
      reserveId,
      amount,
      msg.sender
    );
    _nativeWrapper.withdraw(withdrawnAmount);
    Address.sendValue(payable(msg.sender), withdrawnAmount);

    return (withdrawnShares, withdrawnAmount);
  }

  /// @inheritdoc INativeTokenGateway
  function borrowNative(
    address spoke,
    uint256 reserveId,
    uint256 amount
  ) external onlyRegisteredSpoke(spoke) returns (uint256, uint256) {
    address underlying = _getReserveUnderlying(spoke, reserveId);
    _validateParams(underlying, amount);

    (uint256 borrowedShares, uint256 borrowedAmount) = ISpoke(spoke).borrow(
      reserveId,
      amount,
      msg.sender
    );
    _nativeWrapper.withdraw(borrowedAmount);
    Address.sendValue(payable(msg.sender), borrowedAmount);

    return (borrowedShares, borrowedAmount);
  }

  /// @inheritdoc INativeTokenGateway
  function repayNative(
    address spoke,
    uint256 reserveId,
    uint256 amount
  ) external payable nonReentrant onlyRegisteredSpoke(spoke) returns (uint256, uint256) {
    require(msg.value == amount, NativeAmountMismatch());
    address underlying = _getReserveUnderlying(spoke, reserveId);
    _validateParams(underlying, amount);

    uint256 userTotalDebt = ISpoke(spoke).getUserTotalDebt(reserveId, msg.sender);
    uint256 repayAmount = amount;
    uint256 leftovers;
    if (amount > userTotalDebt) {
      leftovers = amount - userTotalDebt;
      repayAmount = userTotalDebt;
    }

    _nativeWrapper.deposit{value: repayAmount}();
    _nativeWrapper.forceApprove(spoke, repayAmount);
    (uint256 repaidShares, uint256 repaidAmount) = ISpoke(spoke).repay(
      reserveId,
      repayAmount,
      msg.sender
    );

    if (leftovers > 0) {
      Address.sendValue(payable(msg.sender), leftovers);
    }

    return (repaidShares, repaidAmount);
  }

  /// @inheritdoc INativeTokenGateway
  function NATIVE_WRAPPER() external view returns (address) {
    return address(_nativeWrapper);
  }

  /// @dev `msg.value` verification must be done before calling this.
  function _supplyNative(
    address spoke,
    uint256 reserveId,
    address user,
    uint256 amount
  ) internal returns (uint256, uint256) {
    address underlying = _getReserveUnderlying(spoke, reserveId);
    _validateParams(underlying, amount);

    _nativeWrapper.deposit{value: amount}();
    _nativeWrapper.forceApprove(spoke, amount);
    return ISpoke(spoke).supply(reserveId, amount, user);
  }

  function _validateParams(address underlying, uint256 amount) internal view {
    require(address(_nativeWrapper) == underlying, NotNativeWrappedAsset());
    require(amount > 0, InvalidAmount());
  }
}

0% src/position-manager/SignatureGateway.sol

Lines covered: 0 / 111 (0%)

// SPDX-License-Identifier: UNLICENSED
// Copyright (c) 2025 Aave Labs
pragma solidity 0.8.28;

import {SignatureChecker} from 'src/dependencies/openzeppelin/SignatureChecker.sol';
import {SafeERC20, IERC20} from 'src/dependencies/openzeppelin/SafeERC20.sol';
import {IERC20Permit} from 'src/dependencies/openzeppelin/IERC20Permit.sol';
import {EIP712} from 'src/dependencies/solady/EIP712.sol';
import {MathUtils} from 'src/libraries/math/MathUtils.sol';
import {NoncesKeyed} from 'src/utils/NoncesKeyed.sol';
import {Multicall} from 'src/utils/Multicall.sol';
import {EIP712Hash, EIP712Types} from 'src/position-manager/libraries/EIP712Hash.sol';
import {GatewayBase} from 'src/position-manager/GatewayBase.sol';
import {ISpoke} from 'src/spoke/interfaces/ISpoke.sol';
import {ISignatureGateway} from 'src/position-manager/interfaces/ISignatureGateway.sol';

/// @title SignatureGateway
/// @author Aave Labs
/// @notice Gateway to consume EIP-712 typed intents for spoke actions on behalf of a user.
/// @dev Contract must be an active & approved user position manager to execute spoke actions on user's behalf.
/// @dev Uses keyed-nonces where each key's namespace nonce is consumed sequentially. Intents bundled through
/// multicall can be executed independently in order of signed nonce & deadline; does not guarantee batch atomicity.
contract SignatureGateway is ISignatureGateway, GatewayBase, NoncesKeyed, Multicall, EIP712 {
  using SafeERC20 for IERC20;
  using EIP712Hash for *;

  /// @dev Constructor.
  /// @param initialOwner_ The address of the initial owner.
  constructor(address initialOwner_) GatewayBase(initialOwner_) {}

  /// @inheritdoc ISignatureGateway
  function supplyWithSig(
    EIP712Types.Supply calldata params,
    bytes calldata signature
  ) external onlyRegisteredSpoke(params.spoke) returns (uint256, uint256) {
    require(block.timestamp <= params.deadline, InvalidSignature());
    address spoke = params.spoke;
    uint256 reserveId = params.reserveId;
    address user = params.onBehalfOf;
    bytes32 digest = _hashTypedData(params.hash());
    require(SignatureChecker.isValidSignatureNow(user, digest, signature), InvalidSignature());
    _useCheckedNonce(user, params.nonce);

    IERC20 underlying = IERC20(_getReserveUnderlying(spoke, reserveId));
    underlying.safeTransferFrom(user, address(this), params.amount);
    underlying.forceApprove(spoke, params.amount);

    return ISpoke(spoke).supply(reserveId, params.amount, user);
  }

  /// @inheritdoc ISignatureGateway
  function withdrawWithSig(
    EIP712Types.Withdraw calldata params,
    bytes calldata signature
  ) external onlyRegisteredSpoke(params.spoke) returns (uint256, uint256) {
    require(block.timestamp <= params.deadline, InvalidSignature());
    address spoke = params.spoke;
    uint256 reserveId = params.reserveId;
    address user = params.onBehalfOf;
    bytes32 digest = _hashTypedData(params.hash());
    require(SignatureChecker.isValidSignatureNow(user, digest, signature), InvalidSignature());
    _useCheckedNonce(user, params.nonce);

    IERC20 underlying = IERC20(_getReserveUnderlying(spoke, reserveId));
    (uint256 withdrawnShares, uint256 withdrawnAmount) = ISpoke(spoke).withdraw(
      reserveId,
      params.amount,
      user
    );
    underlying.safeTransfer(user, withdrawnAmount);

    return (withdrawnShares, withdrawnAmount);
  }

  /// @inheritdoc ISignatureGateway
  function borrowWithSig(
    EIP712Types.Borrow calldata params,
    bytes calldata signature
  ) external onlyRegisteredSpoke(params.spoke) returns (uint256, uint256) {
    require(block.timestamp <= params.deadline, InvalidSignature());
    address spoke = params.spoke;
    uint256 reserveId = params.reserveId;
    address user = params.onBehalfOf;
    bytes32 digest = _hashTypedData(params.hash());
    require(SignatureChecker.isValidSignatureNow(user, digest, signature), InvalidSignature());
    _useCheckedNonce(user, params.nonce);

    IERC20 underlying = IERC20(_getReserveUnderlying(spoke, reserveId));
    (uint256 borrowedShares, uint256 borrowedAmount) = ISpoke(spoke).borrow(
      reserveId,
      params.amount,
      user
    );
    underlying.safeTransfer(user, borrowedAmount);

    return (borrowedShares, borrowedAmount);
  }

  /// @inheritdoc ISignatureGateway
  function repayWithSig(
    EIP712Types.Repay calldata params,
    bytes calldata signature
  ) external onlyRegisteredSpoke(params.spoke) returns (uint256, uint256) {
    require(block.timestamp <= params.deadline, InvalidSignature());
    address spoke = params.spoke;
    uint256 reserveId = params.reserveId;
    address user = params.onBehalfOf;
    bytes32 digest = _hashTypedData(params.hash());
    require(SignatureChecker.isValidSignatureNow(user, digest, signature), InvalidSignature());
    _useCheckedNonce(user, params.nonce);

    IERC20 underlying = IERC20(_getReserveUnderlying(spoke, reserveId));
    uint256 repayAmount = MathUtils.min(
      params.amount,
      ISpoke(spoke).getUserTotalDebt(reserveId, user)
    );

    underlying.safeTransferFrom(user, address(this), repayAmount);
    underlying.forceApprove(spoke, repayAmount);

    return ISpoke(spoke).repay(reserveId, repayAmount, user);
  }

  /// @inheritdoc ISignatureGateway
  function setUsingAsCollateralWithSig(
    EIP712Types.SetUsingAsCollateral calldata params,
    bytes calldata signature
  ) external onlyRegisteredSpoke(params.spoke) {
    require(block.timestamp <= params.deadline, InvalidSignature());
    address user = params.onBehalfOf;
    bytes32 digest = _hashTypedData(params.hash());
    require(SignatureChecker.isValidSignatureNow(user, digest, signature), InvalidSignature());
    _useCheckedNonce(user, params.nonce);

    ISpoke(params.spoke).setUsingAsCollateral(params.reserveId, params.useAsCollateral, user);
  }

  /// @inheritdoc ISignatureGateway
  function updateUserRiskPremiumWithSig(
    EIP712Types.UpdateUserRiskPremium calldata params,
    bytes calldata signature
  ) external onlyRegisteredSpoke(params.spoke) {
    require(block.timestamp <= params.deadline, InvalidSignature());
    bytes32 digest = _hashTypedData(params.hash());
    require(
      SignatureChecker.isValidSignatureNow(params.user, digest, signature),
      InvalidSignature()
    );
    _useCheckedNonce(params.user, params.nonce);

    ISpoke(params.spoke).updateUserRiskPremium(params.user);
  }

  /// @inheritdoc ISignatureGateway
  function updateUserDynamicConfigWithSig(
    EIP712Types.UpdateUserDynamicConfig calldata params,
    bytes calldata signature
  ) external onlyRegisteredSpoke(params.spoke) {
    require(block.timestamp <= params.deadline, InvalidSignature());
    bytes32 digest = _hashTypedData(params.hash());
    require(
      SignatureChecker.isValidSignatureNow(params.user, digest, signature),
      InvalidSignature()
    );
    _useCheckedNonce(params.user, params.nonce);

    ISpoke(params.spoke).updateUserDynamicConfig(params.user);
  }

  /// @inheritdoc ISignatureGateway
  function setSelfAsUserPositionManagerWithSig(
    address spoke,
    EIP712Types.SetUserPositionManager calldata params,
    bytes calldata signature
  ) external onlyRegisteredSpoke(spoke) {
    try
      ISpoke(spoke).setUserPositionManagerWithSig(
        address(this),
        params.user,
        params.approve,
        params.nonce,
        params.deadline,
        signature
      )
    {} catch {}
  }

  /// @inheritdoc ISignatureGateway
  function permitReserve(
    address spoke,
    uint256 reserveId,
    address onBehalfOf,
    uint256 value,
    uint256 deadline,
    uint8 permitV,
    bytes32 permitR,
    bytes32 permitS
  ) external onlyRegisteredSpoke(spoke) {
    address underlying = _getReserveUnderlying(spoke, reserveId);
    try
      IERC20Permit(underlying).permit({
        owner: onBehalfOf,
        spender: address(this),
        value: value,
        deadline: deadline,
        v: permitV,
        r: permitR,
        s: permitS
      })
    {} catch {}
  }

  /// @inheritdoc ISignatureGateway
  function DOMAIN_SEPARATOR() external view returns (bytes32) {
    return _domainSeparator();
  }

  /// @inheritdoc ISignatureGateway
  function SUPPLY_TYPEHASH() external pure returns (bytes32) {
    return EIP712Hash.SUPPLY_TYPEHASH;
  }

  /// @inheritdoc ISignatureGateway
  function WITHDRAW_TYPEHASH() external pure returns (bytes32) {
    return EIP712Hash.WITHDRAW_TYPEHASH;
  }

  /// @inheritdoc ISignatureGateway
  function BORROW_TYPEHASH() external pure returns (bytes32) {
    return EIP712Hash.BORROW_TYPEHASH;
  }

  /// @inheritdoc ISignatureGateway
  function REPAY_TYPEHASH() external pure returns (bytes32) {
    return EIP712Hash.REPAY_TYPEHASH;
  }

  /// @inheritdoc ISignatureGateway
  function SET_USING_AS_COLLATERAL_TYPEHASH() external pure returns (bytes32) {
    return EIP712Hash.SET_USING_AS_COLLATERAL_TYPEHASH;
  }

  /// @inheritdoc ISignatureGateway
  function UPDATE_USER_RISK_PREMIUM_TYPEHASH() external pure returns (bytes32) {
    return EIP712Hash.UPDATE_USER_RISK_PREMIUM_TYPEHASH;
  }

  /// @inheritdoc ISignatureGateway
  function UPDATE_USER_DYNAMIC_CONFIG_TYPEHASH() external pure returns (bytes32) {
    return EIP712Hash.UPDATE_USER_DYNAMIC_CONFIG_TYPEHASH;
  }

  function _domainNameAndVersion() internal pure override returns (string memory, string memory) {
    return ('SignatureGateway', '1');
  }
}

0% src/position-manager/libraries/EIP712Hash.sol

Lines covered: 0 / 50 (0%)

// SPDX-License-Identifier: UNLICENSED
// Copyright (c) 2025 Aave Labs
pragma solidity ^0.8.20;

import {EIP712Types} from 'src/libraries/types/EIP712Types.sol';

/// @title EIP712Hash library
/// @author Aave Labs
/// @notice Helper methods to hash EIP712 typed data structs.
library EIP712Hash {
  bytes32 public constant SUPPLY_TYPEHASH =
    // keccak256('Supply(address spoke,uint256 reserveId,uint256 amount,address onBehalfOf,uint256 nonce,uint256 deadline)')
    0xe85497eb293c001e8483fe105efadd1d50aa0dadfc0570b27058031dfceab2e6;

  bytes32 public constant WITHDRAW_TYPEHASH =
    // keccak256('Withdraw(address spoke,uint256 reserveId,uint256 amount,address onBehalfOf,uint256 nonce,uint256 deadline)')
    0x0bc73eb58cf4068a29b9593ef18c0d26b3b4453bd2155424a90cb26a22f41d7f;

  bytes32 public constant BORROW_TYPEHASH =
    // keccak256('Borrow(address spoke,uint256 reserveId,uint256 amount,address onBehalfOf,uint256 nonce,uint256 deadline)')
    0xe248895a233688ba2a70b6f560472dbc27e35ece0d86914f7d43bf2f7df8025b;

  bytes32 public constant REPAY_TYPEHASH =
    // keccak256('Repay(address spoke,uint256 reserveId,uint256 amount,address onBehalfOf,uint256 nonce,uint256 deadline)')
    0xd23fe99a7aac398d03952a098faa8889259d062784bd80ea0f159e4af604c045;

  bytes32 public constant SET_USING_AS_COLLATERAL_TYPEHASH =
    // keccak256('SetUsingAsCollateral(address spoke,uint256 reserveId,bool useAsCollateral,address onBehalfOf,uint256 nonce,uint256 deadline)')
    0xd4350e1f25ecd62a35b50e8cd1e00bc34331ae8c728ee4dbb69ecf1023daecf7;

  bytes32 public constant UPDATE_USER_RISK_PREMIUM_TYPEHASH =
    // keccak256('UpdateUserRiskPremium(address spoke,address user,uint256 nonce,uint256 deadline)')
    0xb41e132023782c9b02febf1b9b7fe98c4a73f57ebc63ba44cd71f6365ea09eaf;

  bytes32 public constant UPDATE_USER_DYNAMIC_CONFIG_TYPEHASH =
    // keccak256('UpdateUserDynamicConfig(address spoke,address user,uint256 nonce,uint256 deadline)')
    0xba177b1f5b5e1e709f62c19f03c97988c57752ba561de58f383ebee4e8d0a71c;

  function hash(EIP712Types.Supply calldata params) internal pure returns (bytes32) {
    return
      keccak256(
        abi.encode(
          SUPPLY_TYPEHASH,
          params.spoke,
          params.reserveId,
          params.amount,
          params.onBehalfOf,
          params.nonce,
          params.deadline
        )
      );
  }

  function hash(EIP712Types.Withdraw calldata params) internal pure returns (bytes32) {
    return
      keccak256(
        abi.encode(
          WITHDRAW_TYPEHASH,
          params.spoke,
          params.reserveId,
          params.amount,
          params.onBehalfOf,
          params.nonce,
          params.deadline
        )
      );
  }

  function hash(EIP712Types.Borrow calldata params) internal pure returns (bytes32) {
    return
      keccak256(
        abi.encode(
          BORROW_TYPEHASH,
          params.spoke,
          params.reserveId,
          params.amount,
          params.onBehalfOf,
          params.nonce,
          params.deadline
        )
      );
  }

  function hash(EIP712Types.Repay calldata params) internal pure returns (bytes32) {
    return
      keccak256(
        abi.encode(
          REPAY_TYPEHASH,
          params.spoke,
          params.reserveId,
          params.amount,
          params.onBehalfOf,
          params.nonce,
          params.deadline
        )
      );
  }

  function hash(EIP712Types.SetUsingAsCollateral calldata params) internal pure returns (bytes32) {
    return
      keccak256(
        abi.encode(
          SET_USING_AS_COLLATERAL_TYPEHASH,
          params.spoke,
          params.reserveId,
          params.useAsCollateral,
          params.onBehalfOf,
          params.nonce,
          params.deadline
        )
      );
  }

  function hash(EIP712Types.UpdateUserRiskPremium calldata params) internal pure returns (bytes32) {
    return
      keccak256(
        abi.encode(
          UPDATE_USER_RISK_PREMIUM_TYPEHASH,
          params.spoke,
          params.user,
          params.nonce,
          params.deadline
        )
      );
  }

  function hash(
    EIP712Types.UpdateUserDynamicConfig calldata params
  ) internal pure returns (bytes32) {
    return
      keccak256(
        abi.encode(
          UPDATE_USER_DYNAMIC_CONFIG_TYPEHASH,
          params.spoke,
          params.user,
          params.nonce,
          params.deadline
        )
      );
  }
}

87% src/spoke/AaveOracle.sol

Lines covered: 29 / 33 (87%)

// SPDX-License-Identifier: UNLICENSED
// Copyright (c) 2025 Aave Labs
pragma solidity 0.8.28;

import {AggregatorV3Interface} from 'src/dependencies/chainlink/AggregatorV3Interface.sol';
import {IAaveOracle, IPriceOracle} from 'src/spoke/interfaces/IAaveOracle.sol';

/// @title AaveOracle
/// @author Aave Labs
/// @notice Provides reserve prices.
/// @dev Oracles are spoke-specific, due to the usage of reserve id as index of the `_sources` mapping.
contract AaveOracle is IAaveOracle {
  /// @inheritdoc IPriceOracle
  address public SPOKE;

  /// @inheritdoc IPriceOracle
  uint8 public immutable DECIMALS;

  /// @inheritdoc IAaveOracle
  string public DESCRIPTION;

  mapping(uint256 reserveId => AggregatorV3Interface) internal _sources;

  /// @dev Constructor.
  /// @dev `decimals` must match the spoke's decimals for compatibility.
  /// @param spoke_ The address of the spoke contract.
  /// @param decimals_ The number of decimals for the oracle.
  /// @param description_ The description of the oracle.
  constructor(address spoke_, uint8 decimals_, string memory description_) {
    require(spoke_ != address(0), InvalidAddress());
    SPOKE = spoke_;
    DECIMALS = decimals_;
    DESCRIPTION = description_;
  }

  // @audit FIXME: This is a hack to set the spoke after the oracle is deployed so that it does not rely on vm.computeCreateAddress.
  function setSpoke(address spoke) external {
    SPOKE = spoke;
  }

  /// @inheritdoc IAaveOracle
  function setReserveSource(uint256 reserveId, address source) external {
    require(msg.sender == SPOKE, OnlySpoke());
    AggregatorV3Interface targetSource = AggregatorV3Interface(source);
    require(targetSource.decimals() == DECIMALS, InvalidSourceDecimals(reserveId));
    _sources[reserveId] = targetSource;
    _getSourcePrice(reserveId);
    emit UpdateReserveSource(reserveId, source);
  }

  /// @inheritdoc IPriceOracle
  function getReservePrice(uint256 reserveId) external view returns (uint256) {
    return _getSourcePrice(reserveId);
  }

  /// @inheritdoc IAaveOracle
  function getReservesPrices(
    uint256[] calldata reserveIds
  ) external view returns (uint256[] memory) {
    uint256[] memory prices = new uint256[](reserveIds.length);
    for (uint256 i = 0; i < reserveIds.length; ++i) {
      prices[i] = _getSourcePrice(reserveIds[i]);
    }
    return prices;
  }

  /// @inheritdoc IAaveOracle
  function getReserveSource(uint256 reserveId) external view returns (address) {
    return address(_sources[reserveId]);
  }

  /// @dev Price of zero will revert with `InvalidPrice`.
  function _getSourcePrice(uint256 reserveId) internal view returns (uint256) {
    AggregatorV3Interface source = _sources[reserveId];
    require(address(source) != address(0), InvalidSource(reserveId));

    (, int256 price, , , ) = source.latestRoundData();
    require(price > 0, InvalidPrice(reserveId));

    return uint256(price);
  }
}

72% src/spoke/Spoke.sol

Lines covered: 332 / 461 (72%)

// SPDX-License-Identifier: UNLICENSED
// Copyright (c) 2025 Aave Labs
pragma solidity 0.8.28;

import {SafeCast} from 'src/dependencies/openzeppelin/SafeCast.sol';
import {SafeERC20, IERC20} from 'src/dependencies/openzeppelin/SafeERC20.sol';
import {IERC20Permit} from 'src/dependencies/openzeppelin/IERC20Permit.sol';
import {SignatureChecker} from 'src/dependencies/openzeppelin/SignatureChecker.sol';
import {AccessManagedUpgradeable} from 'src/dependencies/openzeppelin-upgradeable/AccessManagedUpgradeable.sol';
import {EIP712} from 'src/dependencies/solady/EIP712.sol';
import {MathUtils} from 'src/libraries/math/MathUtils.sol';
import {PercentageMath} from 'src/libraries/math/PercentageMath.sol';
import {WadRayMath} from 'src/libraries/math/WadRayMath.sol';
import {KeyValueList} from 'src/spoke/libraries/KeyValueList.sol';
import {LiquidationLogic} from 'src/spoke/libraries/LiquidationLogic.sol';
import {PositionStatusMap} from 'src/spoke/libraries/PositionStatusMap.sol';
import {ReserveFlags, ReserveFlagsMap} from 'src/spoke/libraries/ReserveFlagsMap.sol';
import {UserPositionDebt} from 'src/spoke/libraries/UserPositionDebt.sol';
import {NoncesKeyed} from 'src/utils/NoncesKeyed.sol';
import {Multicall} from 'src/utils/Multicall.sol';
import {IAaveOracle} from 'src/spoke/interfaces/IAaveOracle.sol';
import {IHubBase} from 'src/hub/interfaces/IHubBase.sol';
import {ISpokeBase, ISpoke} from 'src/spoke/interfaces/ISpoke.sol';

/// @title Spoke
/// @author Aave Labs
/// @notice Handles risk configuration & borrowing strategy for reserves and user positions.
/// @dev Each reserve can be associated with a separate Hub.
abstract contract Spoke is ISpoke, Multicall, NoncesKeyed, AccessManagedUpgradeable, EIP712 {
  using SafeCast for *;
  using SafeERC20 for IERC20;
  using MathUtils for *;
  using PercentageMath for *;
  using WadRayMath for *;
  using KeyValueList for KeyValueList.List;
  using LiquidationLogic for *;
  using PositionStatusMap for *;
  using ReserveFlagsMap for ReserveFlags;
  using UserPositionDebt for ISpoke.UserPosition;

  /// @inheritdoc ISpoke
  bytes32 public constant SET_USER_POSITION_MANAGER_TYPEHASH =
    // keccak256('SetUserPositionManager(address positionManager,address user,bool approve,uint256 nonce,uint256 deadline)')
    0x758d23a3c07218b7ea0b4f7f63903c4e9d5cbde72d3bcfe3e9896639025a0214;

  /// @inheritdoc ISpoke
  address public immutable ORACLE;

  /// @dev The maximum allowed value for an asset identifier (inclusive).
  uint256 internal constant MAX_ALLOWED_ASSET_ID = type(uint16).max;

  /// @dev The maximum allowed collateral risk value for a reserve, expressed in BPS (e.g. 100_00 is 100.00%).
  uint24 internal constant MAX_ALLOWED_COLLATERAL_RISK = 1000_00;

  /// @dev The maximum allowed value for a dynamic configuration key (inclusive).
  uint256 internal constant MAX_ALLOWED_DYNAMIC_CONFIG_KEY = type(uint24).max;

  /// @dev The minimum health factor below which a position is considered unhealthy and subject to liquidation.
  /// @dev Expressed in WAD (18 decimals) (e.g. 1e18 is 1.00).
  uint64 internal constant HEALTH_FACTOR_LIQUIDATION_THRESHOLD =
    LiquidationLogic.HEALTH_FACTOR_LIQUIDATION_THRESHOLD;

  /// @dev The maximum amount considered as dust for a user's collateral and debt balances after a liquidation.
  /// @dev Expressed in USD with 26 decimals.
  uint256 internal constant DUST_LIQUIDATION_THRESHOLD =
    LiquidationLogic.DUST_LIQUIDATION_THRESHOLD;

  /// @dev The number of decimals used by the oracle.
  uint8 internal constant ORACLE_DECIMALS = 8;

  /// @dev Number of reserves listed in the Spoke.
  uint256 internal _reserveCount;

  /// @dev Map of user addresses and reserve identifiers to user positions.
  mapping(address user => mapping(uint256 reserveId => UserPosition)) internal _userPositions;

  /// @dev Map of user addresses to their position status.
  mapping(address user => PositionStatus) internal _positionStatus;

  /// @dev Map of reserve identifiers to their Reserve data.
  mapping(uint256 reserveId => Reserve) internal _reserves;

  /// @dev Map of position manager addresses to their configuration data.
  mapping(address positionManager => PositionManagerConfig) internal _positionManager;

  /// @dev Map of reserve identifiers and dynamic configuration keys to the dynamic configuration data.
  mapping(uint256 reserveId => mapping(uint24 dynamicConfigKey => DynamicReserveConfig))
    internal _dynamicConfig;

  /// @dev Liquidation configuration for the Spoke.
  LiquidationConfig internal _liquidationConfig;

  /// @dev Map of hub addresses and asset identifiers to whether the reserve exists.
  mapping(address hub => mapping(uint256 assetId => bool)) internal _reserveExists;

  /// @notice Modifier that checks if the caller is an approved positionManager for `onBehalfOf`.
  modifier onlyPositionManager(address onBehalfOf) {
    require(_isPositionManager({user: onBehalfOf, manager: msg.sender}), Unauthorized());
    _;
  }

  /// @dev Constructor.
  /// @param oracle_ The address of the AaveOracle contract.
  constructor(address oracle_) {
    require(IAaveOracle(oracle_).DECIMALS() == ORACLE_DECIMALS, InvalidOracleDecimals());
    ORACLE = oracle_;
  }

  /// @dev To be overridden by the inheriting Spoke instance contract.
  function initialize(address authority) external virtual;

  /// @inheritdoc ISpoke
  function updateLiquidationConfig(LiquidationConfig calldata config) external restricted {
    require(
      config.targetHealthFactor >= HEALTH_FACTOR_LIQUIDATION_THRESHOLD &&
        config.liquidationBonusFactor <= PercentageMath.PERCENTAGE_FACTOR &&
        config.healthFactorForMaxBonus < HEALTH_FACTOR_LIQUIDATION_THRESHOLD,
      InvalidLiquidationConfig()
    );
    _liquidationConfig = config;
    emit UpdateLiquidationConfig(config);
  }

  /// @inheritdoc ISpoke
  function addReserve(
    address hub,
    uint256 assetId,
    address priceSource,
    ReserveConfig calldata config,
    DynamicReserveConfig calldata dynamicConfig
  ) external restricted returns (uint256) {
    require(hub != address(0), InvalidAddress());
    require(assetId <= MAX_ALLOWED_ASSET_ID, InvalidAssetId());
    require(!_reserveExists[hub][assetId], ReserveExists());

    _validateReserveConfig(config);
    _validateDynamicReserveConfig(dynamicConfig);
    uint256 reserveId = _reserveCount++;
    uint24 dynamicConfigKey; // 0 as first key to use

    (address underlying, uint8 decimals) = IHubBase(hub).getAssetUnderlyingAndDecimals(assetId);
    require(underlying != address(0), AssetNotListed());

    _updateReservePriceSource(reserveId, priceSource);

    _reserves[reserveId] = Reserve({
      underlying: underlying,
      hub: IHubBase(hub),
      assetId: assetId.toUint16(),
      decimals: decimals,
      dynamicConfigKey: dynamicConfigKey,
      collateralRisk: config.collateralRisk,
      flags: ReserveFlagsMap.create({
        initPaused: config.paused,
        initFrozen: config.frozen,
        initBorrowable: config.borrowable,
        initLiquidatable: config.liquidatable,
        initReceiveSharesEnabled: config.receiveSharesEnabled
      })
    });
    _dynamicConfig[reserveId][dynamicConfigKey] = dynamicConfig;
    _reserveExists[hub][assetId] = true;

    emit AddReserve(reserveId, assetId, hub);
    emit UpdateReserveConfig(reserveId, config);
    emit AddDynamicReserveConfig(reserveId, dynamicConfigKey, dynamicConfig);

    return reserveId;
  }

  /// @inheritdoc ISpoke
  function updateReserveConfig(
    uint256 reserveId,
    ReserveConfig calldata config
  ) external restricted {
    Reserve storage reserve = _getReserve(reserveId);
    _validateReserveConfig(config);
    reserve.collateralRisk = config.collateralRisk;
    reserve.flags = ReserveFlagsMap.create({
      initPaused: config.paused,
      initFrozen: config.frozen,
      initBorrowable: config.borrowable,
      initLiquidatable: config.liquidatable,
      initReceiveSharesEnabled: config.receiveSharesEnabled
    });
    emit UpdateReserveConfig(reserveId, config);
  }

  /// @inheritdoc ISpoke
  function updateReservePriceSource(uint256 reserveId, address priceSource) external restricted {
    require(reserveId < _reserveCount, ReserveNotListed());
    _updateReservePriceSource(reserveId, priceSource);
  }

  /// @inheritdoc ISpoke
  function addDynamicReserveConfig(
    uint256 reserveId,
    DynamicReserveConfig calldata dynamicConfig
  ) external restricted returns (uint24) {
    require(reserveId < _reserveCount, ReserveNotListed());
    uint24 dynamicConfigKey = _reserves[reserveId].dynamicConfigKey;
    require(dynamicConfigKey < MAX_ALLOWED_DYNAMIC_CONFIG_KEY, MaximumDynamicConfigKeyReached());
    _validateDynamicReserveConfig(dynamicConfig);
    dynamicConfigKey = dynamicConfigKey.uncheckedAdd(1).toUint24();
    _reserves[reserveId].dynamicConfigKey = dynamicConfigKey;
    _dynamicConfig[reserveId][dynamicConfigKey] = dynamicConfig;
    emit AddDynamicReserveConfig(reserveId, dynamicConfigKey, dynamicConfig);
    return dynamicConfigKey;
  }

  /// @inheritdoc ISpoke
  function updateDynamicReserveConfig(
    uint256 reserveId,
    uint24 dynamicConfigKey,
    DynamicReserveConfig calldata dynamicConfig
  ) external restricted {
    require(reserveId < _reserveCount, ReserveNotListed());
    _validateUpdateDynamicReserveConfig(_dynamicConfig[reserveId][dynamicConfigKey], dynamicConfig);
    _dynamicConfig[reserveId][dynamicConfigKey] = dynamicConfig;
    emit UpdateDynamicReserveConfig(reserveId, dynamicConfigKey, dynamicConfig);
  }

  /// @inheritdoc ISpoke
  function updatePositionManager(address positionManager, bool active) external restricted {
    _positionManager[positionManager].active = active;
    emit UpdatePositionManager(positionManager, active);
  }

  /// @inheritdoc ISpokeBase
  function supply(
    uint256 reserveId,
    uint256 amount,
    address onBehalfOf
  ) external onlyPositionManager(onBehalfOf) returns (uint256, uint256) {
    Reserve storage reserve = _getReserve(reserveId);
    UserPosition storage userPosition = _userPositions[onBehalfOf][reserveId];
    _validateSupply(reserve.flags);

    IERC20(reserve.underlying).safeTransferFrom(msg.sender, address(reserve.hub), amount);
    uint256 suppliedShares = reserve.hub.add(reserve.assetId, amount);
    userPosition.suppliedShares += suppliedShares.toUint120();

    emit Supply(reserveId, msg.sender, onBehalfOf, suppliedShares, amount);

    return (suppliedShares, amount);
  }

  /// @inheritdoc ISpokeBase
  function withdraw(
    uint256 reserveId,
    uint256 amount,
    address onBehalfOf
  ) external onlyPositionManager(onBehalfOf) returns (uint256, uint256) {
    Reserve storage reserve = _getReserve(reserveId);
    UserPosition storage userPosition = _userPositions[onBehalfOf][reserveId];
    _validateWithdraw(reserve.flags);
    IHubBase hub = reserve.hub;
    uint256 assetId = reserve.assetId;

    uint256 withdrawnAmount = MathUtils.min(
      amount,
      hub.previewRemoveByShares(assetId, userPosition.suppliedShares)
    );
    uint256 withdrawnShares = hub.remove(assetId, withdrawnAmount, msg.sender);

    userPosition.suppliedShares -= withdrawnShares.toUint120();

    if (_positionStatus[onBehalfOf].isUsingAsCollateral(reserveId)) {
      uint256 newRiskPremium = _refreshAndValidateUserAccountData(onBehalfOf).riskPremium;
      _notifyRiskPremiumUpdate(onBehalfOf, newRiskPremium);
    }

    emit Withdraw(reserveId, msg.sender, onBehalfOf, withdrawnShares, withdrawnAmount);

    return (withdrawnShares, withdrawnAmount);
  }

  /// @inheritdoc ISpokeBase
  function borrow(
    uint256 reserveId,
    uint256 amount,
    address onBehalfOf
  ) external onlyPositionManager(onBehalfOf) returns (uint256, uint256) {
    Reserve storage reserve = _getReserve(reserveId);
    UserPosition storage userPosition = _userPositions[onBehalfOf][reserveId];
    PositionStatus storage positionStatus = _positionStatus[onBehalfOf];
    _validateBorrow(reserve.flags);
    IHubBase hub = reserve.hub;

    uint256 drawnShares = hub.draw(reserve.assetId, amount, msg.sender);
    userPosition.drawnShares += drawnShares.toUint120();
    if (!positionStatus.isBorrowing(reserveId)) {
      positionStatus.setBorrowing(reserveId, true);
    }

    uint256 newRiskPremium = _refreshAndValidateUserAccountData(onBehalfOf).riskPremium;
    _notifyRiskPremiumUpdate(onBehalfOf, newRiskPremium);

    emit Borrow(reserveId, msg.sender, onBehalfOf, drawnShares, amount);

    return (drawnShares, amount);
  }

  /// @inheritdoc ISpokeBase
  function repay(
    uint256 reserveId,
    uint256 amount,
    address onBehalfOf
  ) external onlyPositionManager(onBehalfOf) returns (uint256, uint256) {
    Reserve storage reserve = _getReserve(reserveId);
    UserPosition storage userPosition = _userPositions[onBehalfOf][reserveId];
    _validateRepay(reserve.flags);

    uint256 drawnIndex = reserve.hub.getAssetDrawnIndex(reserve.assetId);
    (uint256 drawnDebtRestored, uint256 premiumDebtRayRestored) = userPosition
      .calculateRestoreAmount(drawnIndex, amount);
    uint256 restoredShares = drawnDebtRestored.rayDivDown(drawnIndex);

    IHubBase.PremiumDelta memory premiumDelta = userPosition.getPremiumDelta({
      drawnSharesTaken: restoredShares,
      drawnIndex: drawnIndex,
      riskPremium: _positionStatus[onBehalfOf].riskPremium,
      restoredPremiumRay: premiumDebtRayRestored
    });

    uint256 totalDebtRestored = drawnDebtRestored + premiumDebtRayRestored.fromRayUp();
    IERC20(reserve.underlying).safeTransferFrom(
      msg.sender,
      address(reserve.hub),
      totalDebtRestored
    );
    reserve.hub.restore(reserve.assetId, drawnDebtRestored, premiumDelta);

    userPosition.applyPremiumDelta(premiumDelta);
    userPosition.drawnShares -= restoredShares.toUint120();
    if (userPosition.drawnShares == 0) {
      PositionStatus storage positionStatus = _positionStatus[onBehalfOf];
      positionStatus.setBorrowing(reserveId, false);
    }

    emit Repay(reserveId, msg.sender, onBehalfOf, restoredShares, totalDebtRestored, premiumDelta);

    return (restoredShares, totalDebtRestored);
  }

  /// @inheritdoc ISpokeBase
  function liquidationCall(
    uint256 collateralReserveId,
    uint256 debtReserveId,
    address user,
    uint256 debtToCover,
    bool receiveShares
  ) external {
    Reserve storage collateralReserve = _getReserve(collateralReserveId);
    Reserve storage debtReserve = _getReserve(debtReserveId);
    DynamicReserveConfig storage collateralDynConfig = _dynamicConfig[collateralReserveId][
      _userPositions[user][collateralReserveId].dynamicConfigKey
    ];
    UserAccountData memory userAccountData = _calculateUserAccountData(user);

    uint256 drawnIndex = debtReserve.hub.getAssetDrawnIndex(debtReserve.assetId);
    (uint256 drawnDebt, uint256 premiumDebtRay) = _userPositions[user][debtReserveId].getDebt(
      drawnIndex
    );

    LiquidationLogic.LiquidateUserParams memory params = LiquidationLogic.LiquidateUserParams({
      collateralReserveId: collateralReserveId,
      debtReserveId: debtReserveId,
      oracle: ORACLE,
      user: user,
      debtToCover: debtToCover,
      healthFactor: userAccountData.healthFactor,
      drawnDebt: drawnDebt,
      premiumDebtRay: premiumDebtRay,
      drawnIndex: drawnIndex,
      totalDebtValue: userAccountData.totalDebtValue,
      activeCollateralCount: userAccountData.activeCollateralCount,
      borrowedCount: userAccountData.borrowedCount,
      liquidator: msg.sender,
      receiveShares: receiveShares
    });

    bool isUserInDeficit = LiquidationLogic.liquidateUser(
      collateralReserve,
      debtReserve,
      _userPositions,
      _positionStatus,
      _liquidationConfig,
      collateralDynConfig,
      params
    );

    uint256 newRiskPremium = 0;
    if (isUserInDeficit) {
      _reportDeficit(user);
    } else {
      newRiskPremium = _calculateUserAccountData(user).riskPremium;
    }
    _notifyRiskPremiumUpdate(user, newRiskPremium);
  }

  /// @inheritdoc ISpoke
  function setUsingAsCollateral(
    uint256 reserveId,
    bool usingAsCollateral,
    address onBehalfOf
  ) external onlyPositionManager(onBehalfOf) {
    _validateSetUsingAsCollateral(_getReserve(reserveId).flags, usingAsCollateral);
    PositionStatus storage positionStatus = _positionStatus[onBehalfOf];

    if (positionStatus.isUsingAsCollateral(reserveId) == usingAsCollateral) {
      return;
    }
    positionStatus.setUsingAsCollateral(reserveId, usingAsCollateral);

    if (usingAsCollateral) {
      _refreshDynamicConfig(onBehalfOf, reserveId);
    } else {
      uint256 newRiskPremium = _refreshAndValidateUserAccountData(onBehalfOf).riskPremium;
      _notifyRiskPremiumUpdate(onBehalfOf, newRiskPremium);
    }

    emit SetUsingAsCollateral(reserveId, msg.sender, onBehalfOf, usingAsCollateral);
  }

  /// @inheritdoc ISpoke
  function updateUserRiskPremium(address onBehalfOf) external {
    if (!_isPositionManager({user: onBehalfOf, manager: msg.sender})) {
      _checkCanCall(msg.sender, msg.data);
    }
    uint256 newRiskPremium = _calculateUserAccountData(onBehalfOf).riskPremium;
    _notifyRiskPremiumUpdate(onBehalfOf, newRiskPremium);
  }

  /// @inheritdoc ISpoke
  function updateUserDynamicConfig(address onBehalfOf) external {
    if (!_isPositionManager({user: onBehalfOf, manager: msg.sender})) {
      _checkCanCall(msg.sender, msg.data);
    }
    uint256 newRiskPremium = _refreshAndValidateUserAccountData(onBehalfOf).riskPremium;
    _notifyRiskPremiumUpdate(onBehalfOf, newRiskPremium);
  }

  /// @inheritdoc ISpoke
  function setUserPositionManager(address positionManager, bool approve) external {
    _setUserPositionManager({positionManager: positionManager, user: msg.sender, approve: approve});
  }

  /// @inheritdoc ISpoke
  function setUserPositionManagerWithSig(
    address positionManager,
    address user,
    bool approve,
    uint256 nonce,
    uint256 deadline,
    bytes calldata signature
  ) external {
    require(block.timestamp <= deadline, InvalidSignature());
    bytes32 digest = _hashTypedData(
      keccak256(
        abi.encode(
          SET_USER_POSITION_MANAGER_TYPEHASH,
          positionManager,
          user,
          approve,
          nonce,
          deadline
        )
      )
    );
    require(SignatureChecker.isValidSignatureNow(user, digest, signature), InvalidSignature());
    _useCheckedNonce(user, nonce);
    _setUserPositionManager({positionManager: positionManager, user: user, approve: approve});
  }

  /// @inheritdoc ISpoke
  function renouncePositionManagerRole(address onBehalfOf) external {
    if (!_positionManager[msg.sender].approval[onBehalfOf]) {
      return;
    }
    _positionManager[msg.sender].approval[onBehalfOf] = false;
    emit SetUserPositionManager(onBehalfOf, msg.sender, false);
  }

  /// @inheritdoc ISpoke
  function permitReserve(
    uint256 reserveId,
    address onBehalfOf,
    uint256 value,
    uint256 deadline,
    uint8 permitV,
    bytes32 permitR,
    bytes32 permitS
  ) external {
    Reserve storage reserve = _reserves[reserveId];
    address underlying = reserve.underlying;
    require(underlying != address(0), ReserveNotListed());
    try
      IERC20Permit(underlying).permit({
        owner: onBehalfOf,
        spender: address(this),
        value: value,
        deadline: deadline,
        v: permitV,
        r: permitR,
        s: permitS
      })
    {} catch {}
  }

  /// @inheritdoc ISpoke
  function getLiquidationConfig() external view returns (LiquidationConfig memory) {
    return _liquidationConfig;
  }

  /// @inheritdoc ISpoke
  function getReserveCount() external view returns (uint256) {
    return _reserveCount;
  }

  /// @inheritdoc ISpokeBase
  function getReserveSuppliedAssets(uint256 reserveId) external view returns (uint256) {
    Reserve storage reserve = _getReserve(reserveId);
    return reserve.hub.getSpokeAddedAssets(reserve.assetId, address(this));
  }

  /// @inheritdoc ISpokeBase
  function getReserveSuppliedShares(uint256 reserveId) external view returns (uint256) {
    Reserve storage reserve = _getReserve(reserveId);
    return reserve.hub.getSpokeAddedShares(reserve.assetId, address(this));
  }

  /// @inheritdoc ISpokeBase
  function getReserveDebt(uint256 reserveId) external view returns (uint256, uint256) {
    Reserve storage reserve = _getReserve(reserveId);
    return reserve.hub.getSpokeOwed(reserve.assetId, address(this));
  }

  /// @inheritdoc ISpokeBase
  function getReserveTotalDebt(uint256 reserveId) external view returns (uint256) {
    Reserve storage reserve = _getReserve(reserveId);
    return reserve.hub.getSpokeTotalOwed(reserve.assetId, address(this));
  }

  /// @inheritdoc ISpoke
  function getReserve(uint256 reserveId) external view returns (Reserve memory) {
    return _getReserve(reserveId);
  }

  /// @inheritdoc ISpoke
  function getReserveConfig(uint256 reserveId) external view returns (ReserveConfig memory) {
    Reserve storage reserve = _getReserve(reserveId);
    return
      ReserveConfig({
        collateralRisk: reserve.collateralRisk,
        paused: reserve.flags.paused(),
        frozen: reserve.flags.frozen(),
        borrowable: reserve.flags.borrowable(),
        liquidatable: reserve.flags.liquidatable(),
        receiveSharesEnabled: reserve.flags.receiveSharesEnabled()
      });
  }

  /// @inheritdoc ISpoke
  function getDynamicReserveConfig(
    uint256 reserveId,
    uint24 dynamicConfigKey
  ) external view returns (DynamicReserveConfig memory) {
    _getReserve(reserveId);
    return _dynamicConfig[reserveId][dynamicConfigKey];
  }

  /// @inheritdoc ISpoke
  function getUserReserveStatus(
    uint256 reserveId,
    address user
  ) external view returns (bool, bool) {
    _getReserve(reserveId);
    PositionStatus storage positionStatus = _positionStatus[user];
    return (positionStatus.isUsingAsCollateral(reserveId), positionStatus.isBorrowing(reserveId));
  }

  /// @inheritdoc ISpokeBase
  function getUserSuppliedAssets(uint256 reserveId, address user) external view returns (uint256) {
    Reserve storage reserve = _getReserve(reserveId);
    return
      reserve.hub.previewRemoveByShares(
        reserve.assetId,
        _userPositions[user][reserveId].suppliedShares
      );
  }

  /// @inheritdoc ISpokeBase
  function getUserSuppliedShares(uint256 reserveId, address user) external view returns (uint256) {
    _getReserve(reserveId);
    return _userPositions[user][reserveId].suppliedShares;
  }

  /// @inheritdoc ISpokeBase
  function getUserDebt(uint256 reserveId, address user) external view returns (uint256, uint256) {
    Reserve storage reserve = _getReserve(reserveId);
    UserPosition storage userPosition = _userPositions[user][reserveId];
    (uint256 drawnDebt, uint256 premiumDebtRay) = userPosition.getDebt(
      reserve.hub,
      reserve.assetId
    );
    return (drawnDebt, premiumDebtRay.fromRayUp());
  }

  /// @inheritdoc ISpokeBase
  function getUserTotalDebt(uint256 reserveId, address user) external view returns (uint256) {
    Reserve storage reserve = _getReserve(reserveId);
    UserPosition storage userPosition = _userPositions[user][reserveId];
    (uint256 drawnDebt, uint256 premiumDebtRay) = userPosition.getDebt(
      reserve.hub,
      reserve.assetId
    );
    return (drawnDebt + premiumDebtRay.fromRayUp());
  }

  /// @inheritdoc ISpokeBase
  function getUserPremiumDebtRay(uint256 reserveId, address user) external view returns (uint256) {
    Reserve storage reserve = _getReserve(reserveId);
    UserPosition storage userPosition = _userPositions[user][reserveId];
    (, uint256 premiumDebtRay) = userPosition.getDebt(reserve.hub, reserve.assetId);
    return premiumDebtRay;
  }

  /// @inheritdoc ISpoke
  function getUserPosition(
    uint256 reserveId,
    address user
  ) external view returns (UserPosition memory) {
    _getReserve(reserveId);
    return _userPositions[user][reserveId];
  }

  /// @inheritdoc ISpoke
  function getUserLastRiskPremium(address user) external view returns (uint256) {
    return _positionStatus[user].riskPremium;
  }

  /// @inheritdoc ISpoke
  function getUserAccountData(address user) external view returns (UserAccountData memory) {
    // SAFETY: function does not modify state when `refreshConfig` is false.
    return _castToView(_processUserAccountData)(user, false);
  }

  /// @inheritdoc ISpoke
  function getLiquidationBonus(
    uint256 reserveId,
    address user,
    uint256 healthFactor
  ) external view returns (uint256) {
    _getReserve(reserveId);
    return
      LiquidationLogic.calculateLiquidationBonus({
        healthFactorForMaxBonus: _liquidationConfig.healthFactorForMaxBonus,
        liquidationBonusFactor: _liquidationConfig.liquidationBonusFactor,
        healthFactor: healthFactor,
        maxLiquidationBonus: _dynamicConfig[reserveId][
          _userPositions[user][reserveId].dynamicConfigKey
        ].maxLiquidationBonus
      });
  }

  /// @inheritdoc ISpoke
  function isPositionManagerActive(address positionManager) external view returns (bool) {
    return _positionManager[positionManager].active;
  }

  /// @inheritdoc ISpoke
  function isPositionManager(address user, address positionManager) external view returns (bool) {
    return _isPositionManager(user, positionManager);
  }

  /// @inheritdoc ISpoke
  function DOMAIN_SEPARATOR() external view returns (bytes32) {
    return _domainSeparator();
  }

  /// @inheritdoc ISpoke
  function getLiquidationLogic() external pure returns (address) {
    return address(LiquidationLogic);
  }

  function _updateReservePriceSource(uint256 reserveId, address priceSource) internal {
    require(priceSource != address(0), InvalidAddress());
    IAaveOracle(ORACLE).setReserveSource(reserveId, priceSource);
    emit UpdateReservePriceSource(reserveId, priceSource);
  }

  function _setUserPositionManager(address positionManager, address user, bool approve) internal {
    PositionManagerConfig storage config = _positionManager[positionManager];
    // only allow approval when position manager is active for improved UX
    require(!approve || config.active, InactivePositionManager());
    config.approval[user] = approve;
    emit SetUserPositionManager(user, positionManager, approve);
  }

  /// @notice Calculates and validates the user account data.
  /// @dev It refreshes the dynamic config before calculation.
  /// @dev It checks that the health factor is above the liquidation threshold.
  function _refreshAndValidateUserAccountData(
    address user
  ) internal returns (UserAccountData memory) {
    UserAccountData memory accountData = _processUserAccountData(user, true);
    emit RefreshAllUserDynamicConfig(user);
    require(
      accountData.healthFactor >= HEALTH_FACTOR_LIQUIDATION_THRESHOLD,
      HealthFactorBelowThreshold()
    );
    return accountData;
  }

  /// @notice Calculates the user account data with the current user dynamic config.
  function _calculateUserAccountData(address user) internal returns (UserAccountData memory) {
    return _processUserAccountData(user, false); // does not modify state
  }

  /// @notice Process the user account data and updates dynamic config of the user if `refreshConfig` is true.
  function _processUserAccountData(
    address user,
    bool refreshConfig
  ) internal returns (UserAccountData memory accountData) {
    PositionStatus storage positionStatus = _positionStatus[user];

    uint256 reserveId = _reserveCount;
    KeyValueList.List memory collateralInfo = KeyValueList.init(
      positionStatus.collateralCount(reserveId)
    );
    bool borrowing;
    bool collateral;
    while (true) {
      (reserveId, borrowing, collateral) = positionStatus.next(reserveId);
      if (reserveId == PositionStatusMap.NOT_FOUND) break;

      UserPosition storage userPosition = _userPositions[user][reserveId];
      Reserve storage reserve = _reserves[reserveId];

      uint256 assetPrice = IAaveOracle(ORACLE).getReservePrice(reserveId);
      uint256 assetUnit = MathUtils.uncheckedExp(10, reserve.decimals);

      if (collateral) {
        uint256 collateralFactor = _dynamicConfig[reserveId][
          refreshConfig
            ? (userPosition.dynamicConfigKey = reserve.dynamicConfigKey)
            : userPosition.dynamicConfigKey
        ].collateralFactor;
        if (collateralFactor > 0) {
          uint256 suppliedShares = userPosition.suppliedShares;
          if (suppliedShares > 0) {
            // cannot round down to zero
            uint256 userCollateralValue = (reserve.hub.previewRemoveByShares(
              reserve.assetId,
              suppliedShares
            ) * assetPrice).wadDivDown(assetUnit);
            accountData.totalCollateralValue += userCollateralValue;
            collateralInfo.add(
              accountData.activeCollateralCount,
              reserve.collateralRisk,
              userCollateralValue
            );
            accountData.avgCollateralFactor += collateralFactor * userCollateralValue;
            accountData.activeCollateralCount = accountData.activeCollateralCount.uncheckedAdd(1);
          }
        }
      }

      if (borrowing) {
        (uint256 drawnDebt, uint256 premiumDebtRay) = userPosition.getDebt(
          reserve.hub,
          reserve.assetId
        );
        // we can simplify since there is no precision loss due to the division here
        accountData.totalDebtValue += ((drawnDebt + premiumDebtRay.fromRayUp()) * assetPrice)
          .wadDivUp(assetUnit);
        accountData.borrowedCount = accountData.borrowedCount.uncheckedAdd(1);
      }
    }

    if (accountData.totalDebtValue > 0) {
      // at this point, `avgCollateralFactor` is the collateral-weighted sum (scaled by `collateralFactor` in BPS)
      // health factor uses this directly for simplicity
      // the division by `totalCollateralValue` to compute the weighted average is done later
      accountData.healthFactor = accountData
        .avgCollateralFactor
        .wadDivDown(accountData.totalDebtValue)
        .fromBpsDown();
    } else {
      accountData.healthFactor = type(uint256).max;
    }

    if (accountData.totalCollateralValue > 0) {
      accountData.avgCollateralFactor = accountData
        .avgCollateralFactor
        .wadDivDown(accountData.totalCollateralValue)
        .fromBpsDown();
    }

    // sort by collateral risk in ASC, collateral value in DESC
    collateralInfo.sortByKey();

    // runs until either the collateral or debt is exhausted
    uint256 debtValueLeftToCover = accountData.totalDebtValue;

    for (uint256 index = 0; index < collateralInfo.length(); ++index) {
      if (debtValueLeftToCover == 0) {
        break;
      }

      (uint256 collateralRisk, uint256 userCollateralValue) = collateralInfo.get(index);
      userCollateralValue = userCollateralValue.min(debtValueLeftToCover);
      accountData.riskPremium += userCollateralValue * collateralRisk;
      debtValueLeftToCover = debtValueLeftToCover.uncheckedSub(userCollateralValue);
    }

    if (debtValueLeftToCover < accountData.totalDebtValue) {
      accountData.riskPremium /= accountData.totalDebtValue.uncheckedSub(debtValueLeftToCover);
    }

    return accountData;
  }

  function _refreshDynamicConfig(address user, uint256 reserveId) internal {
    _userPositions[user][reserveId].dynamicConfigKey = _reserves[reserveId].dynamicConfigKey;
    emit RefreshSingleUserDynamicConfig(user, reserveId);
  }

  /// @notice Refreshes premium for borrowed reserves of `user` with `newRiskPremium`.
  /// @dev Skips the refresh if the user risk premium remains zero.
  function _notifyRiskPremiumUpdate(address user, uint256 newRiskPremium) internal {
    PositionStatus storage positionStatus = _positionStatus[user];
    if (newRiskPremium == 0 && positionStatus.riskPremium == 0) {
      return;
    }
    positionStatus.riskPremium = newRiskPremium.toUint24();

    uint256 reserveId = _reserveCount;
    while ((reserveId = positionStatus.nextBorrowing(reserveId)) != PositionStatusMap.NOT_FOUND) {
      UserPosition storage userPosition = _userPositions[user][reserveId];
      Reserve storage reserve = _reserves[reserveId];
      uint256 assetId = reserve.assetId;
      IHubBase hub = reserve.hub;

      IHubBase.PremiumDelta memory premiumDelta = userPosition.getPremiumDelta({
        drawnSharesTaken: 0,
        drawnIndex: hub.getAssetDrawnIndex(assetId),
        riskPremium: newRiskPremium,
        restoredPremiumRay: 0
      });

      hub.refreshPremium(assetId, premiumDelta);
      userPosition.applyPremiumDelta(premiumDelta);
      emit RefreshPremiumDebt(reserveId, user, premiumDelta);
    }
    emit UpdateUserRiskPremium(user, newRiskPremium);
  }

  /// @notice Reports deficits for all debt reserves of the user, including the reserve being repaid during liquidation.
  /// @dev Deficit validation should already have occurred during liquidation.
  /// @dev It clears the user position, setting drawn debt, premium debt, and risk premium to zero.
  function _reportDeficit(address user) internal {
    PositionStatus storage positionStatus = _positionStatus[user];

    uint256 reserveId = _reserveCount;
    while ((reserveId = positionStatus.nextBorrowing(reserveId)) != PositionStatusMap.NOT_FOUND) {
      UserPosition storage userPosition = _userPositions[user][reserveId];
      Reserve storage reserve = _reserves[reserveId];
      IHubBase hub = reserve.hub;
      uint256 assetId = reserve.assetId;

      uint256 drawnIndex = hub.getAssetDrawnIndex(assetId);
      (uint256 drawnDebtReported, uint256 premiumDebtRay) = userPosition.getDebt(drawnIndex);
      uint256 deficitShares = drawnDebtReported.rayDivDown(drawnIndex);

      IHubBase.PremiumDelta memory premiumDelta = userPosition.getPremiumDelta({
        drawnSharesTaken: deficitShares,
        drawnIndex: drawnIndex,
        riskPremium: 0,
        restoredPremiumRay: premiumDebtRay
      });

      hub.reportDeficit(assetId, drawnDebtReported, premiumDelta);
      userPosition.applyPremiumDelta(premiumDelta);
      userPosition.drawnShares -= deficitShares.toUint120();
      positionStatus.setBorrowing(reserveId, false);

      emit ReportDeficit(reserveId, user, deficitShares, premiumDelta);
    }
  }

  function _getReserve(uint256 reserveId) internal view returns (Reserve storage) {
    Reserve storage reserve = _reserves[reserveId];
    require(address(reserve.hub) != address(0), ReserveNotListed());
    return reserve;
  }

  /// @dev CollateralFactor of historical config keys cannot be 0, which allows liquidations to proceed.
  function _validateUpdateDynamicReserveConfig(
    DynamicReserveConfig storage currentConfig,
    DynamicReserveConfig calldata newConfig
  ) internal view {
    // sufficient check since maxLiquidationBonus is always >= 100_00
    require(currentConfig.maxLiquidationBonus > 0, ConfigKeyUninitialized());
    require(newConfig.collateralFactor > 0, InvalidCollateralFactor());
    _validateDynamicReserveConfig(newConfig);
  }

  function _validateSupply(ReserveFlags flags) internal pure {
    require(!flags.paused(), ReservePaused());
    require(!flags.frozen(), ReserveFrozen());
  }

  function _validateWithdraw(ReserveFlags flags) internal pure {
    require(!flags.paused(), ReservePaused());
  }

  function _validateBorrow(ReserveFlags flags) internal pure {
    require(!flags.paused(), ReservePaused());
    require(!flags.frozen(), ReserveFrozen());
    require(flags.borrowable(), ReserveNotBorrowable());
    // health factor is checked at the end of borrow action
  }

  function _validateRepay(ReserveFlags flags) internal pure {
    require(!flags.paused(), ReservePaused());
  }

  function _validateSetUsingAsCollateral(ReserveFlags flags, bool usingAsCollateral) internal pure {
    require(!flags.paused(), ReservePaused());
    // can disable as collateral if the reserve is frozen
    require(!usingAsCollateral || !flags.frozen(), ReserveFrozen());
  }

  /// @notice Returns whether `manager` is active & approved positionManager for `user`.
  function _isPositionManager(address user, address manager) internal view returns (bool) {
    if (user == manager) return true;
    PositionManagerConfig storage config = _positionManager[manager];
    return config.active && config.approval[user];
  }

  function _validateReserveConfig(ReserveConfig calldata config) internal pure {
    require(config.collateralRisk <= MAX_ALLOWED_COLLATERAL_RISK, InvalidCollateralRisk());
  }

  /// @dev Enforces compatible `maxLiquidationBonus` and `collateralFactor` so at the moment debt is created
  /// there is enough collateral to cover liquidation.
  function _validateDynamicReserveConfig(DynamicReserveConfig calldata config) internal pure {
    require(
      config.collateralFactor < PercentageMath.PERCENTAGE_FACTOR &&
        config.maxLiquidationBonus >= PercentageMath.PERCENTAGE_FACTOR &&
        config.maxLiquidationBonus.percentMulUp(config.collateralFactor) <
        PercentageMath.PERCENTAGE_FACTOR,
      InvalidCollateralFactorAndMaxLiquidationBonus()
    );
    require(config.liquidationFee <= PercentageMath.PERCENTAGE_FACTOR, InvalidLiquidationFee());
  }

  function _domainNameAndVersion() internal pure override returns (string memory, string memory) {
    return ('Spoke', '1');
  }

  function _castToView(
    function(address, bool) internal returns (UserAccountData memory) fnIn
  )
    internal
    pure
    returns (function(address, bool) internal view returns (UserAccountData memory) fnOut)
  {
    assembly ('memory-safe') {
      fnOut := fnIn
    }
  }
}

0% src/spoke/SpokeConfigurator.sol

Lines covered: 0 / 128 (0%)

// SPDX-License-Identifier: UNLICENSED
// Copyright (c) 2025 Aave Labs
pragma solidity 0.8.28;

import {SafeCast} from 'src/dependencies/openzeppelin/SafeCast.sol';
import {Ownable2Step, Ownable} from 'src/dependencies/openzeppelin/Ownable2Step.sol';
import {ISpoke} from 'src/spoke/interfaces/ISpoke.sol';
import {ISpokeConfigurator} from 'src/spoke/interfaces/ISpokeConfigurator.sol';

/// @title SpokeConfigurator
/// @author Aave Labs
/// @notice Handles administrative functions on the spoke.
/// @dev Must be granted permission by the spoke.
contract SpokeConfigurator is Ownable2Step, ISpokeConfigurator {
  using SafeCast for uint256;

  mapping(address spoke => uint256) internal _maxReserves;

  /// @dev Constructor.
  /// @param owner_ The address of the owner.
  constructor(address owner_) Ownable(owner_) {}

  /// @inheritdoc ISpokeConfigurator
  function updateReservePriceSource(
    address spoke,
    uint256 reserveId,
    address priceSource
  ) external onlyOwner {
    ISpoke(spoke).updateReservePriceSource(reserveId, priceSource);
  }

  /// @inheritdoc ISpokeConfigurator
  function updateLiquidationTargetHealthFactor(
    address spoke,
    uint256 targetHealthFactor
  ) external onlyOwner {
    ISpoke targetSpoke = ISpoke(spoke);
    ISpoke.LiquidationConfig memory liquidationConfig = targetSpoke.getLiquidationConfig();
    liquidationConfig.targetHealthFactor = targetHealthFactor.toUint128();
    targetSpoke.updateLiquidationConfig(liquidationConfig);
  }

  /// @inheritdoc ISpokeConfigurator
  function updateHealthFactorForMaxBonus(
    address spoke,
    uint256 healthFactorForMaxBonus
  ) external onlyOwner {
    ISpoke targetSpoke = ISpoke(spoke);
    ISpoke.LiquidationConfig memory liquidationConfig = targetSpoke.getLiquidationConfig();
    liquidationConfig.healthFactorForMaxBonus = healthFactorForMaxBonus.toUint64();
    targetSpoke.updateLiquidationConfig(liquidationConfig);
  }

  /// @inheritdoc ISpokeConfigurator
  function updateLiquidationBonusFactor(
    address spoke,
    uint256 liquidationBonusFactor
  ) external onlyOwner {
    ISpoke targetSpoke = ISpoke(spoke);
    ISpoke.LiquidationConfig memory liquidationConfig = targetSpoke.getLiquidationConfig();
    liquidationConfig.liquidationBonusFactor = liquidationBonusFactor.toUint16();
    targetSpoke.updateLiquidationConfig(liquidationConfig);
  }

  /// @inheritdoc ISpokeConfigurator
  function updateLiquidationConfig(
    address spoke,
    ISpoke.LiquidationConfig calldata liquidationConfig
  ) external onlyOwner {
    ISpoke(spoke).updateLiquidationConfig(liquidationConfig);
  }

  /// @inheritdoc ISpokeConfigurator
  function updateMaxReserves(address spoke, uint256 maxReserves) external onlyOwner {
    _maxReserves[spoke] = maxReserves;
    emit UpdateMaxReserves(spoke, maxReserves);
  }

  /// @inheritdoc ISpokeConfigurator
  function addReserve(
    address spoke,
    address hub,
    uint256 assetId,
    address priceSource,
    ISpoke.ReserveConfig calldata config,
    ISpoke.DynamicReserveConfig calldata dynamicConfig
  ) external onlyOwner returns (uint256) {
    require(
      ISpoke(spoke).getReserveCount() < _maxReserves[spoke],
      MaximumReservesReached(spoke, _maxReserves[spoke])
    );
    return ISpoke(spoke).addReserve(hub, assetId, priceSource, config, dynamicConfig);
  }

  /// @inheritdoc ISpokeConfigurator
  function updatePaused(address spoke, uint256 reserveId, bool paused) external onlyOwner {
    ISpoke targetSpoke = ISpoke(spoke);
    ISpoke.ReserveConfig memory reserveConfig = targetSpoke.getReserveConfig(reserveId);
    reserveConfig.paused = paused;
    targetSpoke.updateReserveConfig(reserveId, reserveConfig);
  }

  /// @inheritdoc ISpokeConfigurator
  function updateFrozen(address spoke, uint256 reserveId, bool frozen) external onlyOwner {
    ISpoke targetSpoke = ISpoke(spoke);
    ISpoke.ReserveConfig memory reserveConfig = targetSpoke.getReserveConfig(reserveId);
    reserveConfig.frozen = frozen;
    targetSpoke.updateReserveConfig(reserveId, reserveConfig);
  }

  /// @inheritdoc ISpokeConfigurator
  function updateBorrowable(address spoke, uint256 reserveId, bool borrowable) external onlyOwner {
    ISpoke targetSpoke = ISpoke(spoke);
    ISpoke.ReserveConfig memory reserveConfig = targetSpoke.getReserveConfig(reserveId);
    reserveConfig.borrowable = borrowable;
    targetSpoke.updateReserveConfig(reserveId, reserveConfig);
  }

  /// @inheritdoc ISpokeConfigurator
  function updateLiquidatable(
    address spoke,
    uint256 reserveId,
    bool liquidatable
  ) external onlyOwner {
    ISpoke targetSpoke = ISpoke(spoke);
    ISpoke.ReserveConfig memory reserveConfig = targetSpoke.getReserveConfig(reserveId);
    reserveConfig.liquidatable = liquidatable;
    targetSpoke.updateReserveConfig(reserveId, reserveConfig);
  }

  /// @inheritdoc ISpokeConfigurator
  function updateReceiveSharesEnabled(
    address spoke,
    uint256 reserveId,
    bool receiveSharesEnabled
  ) external onlyOwner {
    ISpoke targetSpoke = ISpoke(spoke);
    ISpoke.ReserveConfig memory reserveConfig = targetSpoke.getReserveConfig(reserveId);
    reserveConfig.receiveSharesEnabled = receiveSharesEnabled;
    targetSpoke.updateReserveConfig(reserveId, reserveConfig);
  }

  /// @inheritdoc ISpokeConfigurator
  function updateCollateralRisk(
    address spoke,
    uint256 reserveId,
    uint256 collateralRisk
  ) external onlyOwner {
    ISpoke targetSpoke = ISpoke(spoke);
    ISpoke.ReserveConfig memory reserveConfig = targetSpoke.getReserveConfig(reserveId);
    reserveConfig.collateralRisk = collateralRisk.toUint24();
    targetSpoke.updateReserveConfig(reserveId, reserveConfig);
  }

  /// @inheritdoc ISpokeConfigurator
  function addCollateralFactor(
    address spoke,
    uint256 reserveId,
    uint16 collateralFactor
  ) external onlyOwner returns (uint24) {
    ISpoke targetSpoke = ISpoke(spoke);
    ISpoke.DynamicReserveConfig memory dynamicReserveConfig = targetSpoke.getDynamicReserveConfig(
      reserveId,
      _getReserveLastDynamicConfigKey(spoke, reserveId)
    );
    dynamicReserveConfig.collateralFactor = collateralFactor;
    return targetSpoke.addDynamicReserveConfig(reserveId, dynamicReserveConfig);
  }

  /// @inheritdoc ISpokeConfigurator
  function updateCollateralFactor(
    address spoke,
    uint256 reserveId,
    uint24 dynamicConfigKey,
    uint16 collateralFactor
  ) external onlyOwner {
    ISpoke targetSpoke = ISpoke(spoke);
    ISpoke.DynamicReserveConfig memory dynamicReserveConfig = targetSpoke.getDynamicReserveConfig(
      reserveId,
      dynamicConfigKey
    );
    dynamicReserveConfig.collateralFactor = collateralFactor;
    targetSpoke.updateDynamicReserveConfig(reserveId, dynamicConfigKey, dynamicReserveConfig);
  }

  /// @inheritdoc ISpokeConfigurator
  function addMaxLiquidationBonus(
    address spoke,
    uint256 reserveId,
    uint256 maxLiquidationBonus
  ) external onlyOwner returns (uint24) {
    ISpoke targetSpoke = ISpoke(spoke);
    ISpoke.DynamicReserveConfig memory dynamicReserveConfig = targetSpoke.getDynamicReserveConfig(
      reserveId,
      _getReserveLastDynamicConfigKey(spoke, reserveId)
    );
    dynamicReserveConfig.maxLiquidationBonus = maxLiquidationBonus.toUint32();
    return targetSpoke.addDynamicReserveConfig(reserveId, dynamicReserveConfig);
  }

  /// @inheritdoc ISpokeConfigurator
  function updateMaxLiquidationBonus(
    address spoke,
    uint256 reserveId,
    uint24 dynamicConfigKey,
    uint256 maxLiquidationBonus
  ) external onlyOwner {
    ISpoke targetSpoke = ISpoke(spoke);
    ISpoke.DynamicReserveConfig memory dynamicReserveConfig = targetSpoke.getDynamicReserveConfig(
      reserveId,
      dynamicConfigKey
    );
    dynamicReserveConfig.maxLiquidationBonus = maxLiquidationBonus.toUint32();
    targetSpoke.updateDynamicReserveConfig(reserveId, dynamicConfigKey, dynamicReserveConfig);
  }

  /// @inheritdoc ISpokeConfigurator
  function addLiquidationFee(
    address spoke,
    uint256 reserveId,
    uint256 liquidationFee
  ) external onlyOwner returns (uint24) {
    ISpoke targetSpoke = ISpoke(spoke);
    ISpoke.DynamicReserveConfig memory dynamicReserveConfig = targetSpoke.getDynamicReserveConfig(
      reserveId,
      _getReserveLastDynamicConfigKey(spoke, reserveId)
    );
    dynamicReserveConfig.liquidationFee = liquidationFee.toUint16();
    return targetSpoke.addDynamicReserveConfig(reserveId, dynamicReserveConfig);
  }

  /// @inheritdoc ISpokeConfigurator
  function updateLiquidationFee(
    address spoke,
    uint256 reserveId,
    uint24 dynamicConfigKey,
    uint256 liquidationFee
  ) external onlyOwner {
    ISpoke targetSpoke = ISpoke(spoke);
    ISpoke.DynamicReserveConfig memory dynamicReserveConfig = targetSpoke.getDynamicReserveConfig(
      reserveId,
      dynamicConfigKey
    );
    dynamicReserveConfig.liquidationFee = liquidationFee.toUint16();
    targetSpoke.updateDynamicReserveConfig(reserveId, dynamicConfigKey, dynamicReserveConfig);
  }

  /// @inheritdoc ISpokeConfigurator
  function addDynamicReserveConfig(
    address spoke,
    uint256 reserveId,
    ISpoke.DynamicReserveConfig calldata dynamicConfig
  ) external onlyOwner returns (uint24) {
    return ISpoke(spoke).addDynamicReserveConfig(reserveId, dynamicConfig);
  }

  /// @inheritdoc ISpokeConfigurator
  function updateDynamicReserveConfig(
    address spoke,
    uint256 reserveId,
    uint24 dynamicConfigKey,
    ISpoke.DynamicReserveConfig calldata dynamicConfig
  ) external onlyOwner {
    ISpoke(spoke).updateDynamicReserveConfig(reserveId, dynamicConfigKey, dynamicConfig);
  }

  /// @inheritdoc ISpokeConfigurator
  function pauseAllReserves(address spoke) external onlyOwner {
    ISpoke targetSpoke = ISpoke(spoke);
    uint256 reserveCount = targetSpoke.getReserveCount();
    for (uint256 reserveId = 0; reserveId < reserveCount; ++reserveId) {
      ISpoke.ReserveConfig memory reserveConfig = targetSpoke.getReserveConfig(reserveId);
      reserveConfig.paused = true;
      targetSpoke.updateReserveConfig(reserveId, reserveConfig);
    }
  }

  /// @inheritdoc ISpokeConfigurator
  function freezeAllReserves(address spoke) external onlyOwner {
    ISpoke targetSpoke = ISpoke(spoke);
    uint256 reserveCount = targetSpoke.getReserveCount();
    for (uint256 reserveId = 0; reserveId < reserveCount; ++reserveId) {
      ISpoke.ReserveConfig memory reserveConfig = targetSpoke.getReserveConfig(reserveId);
      reserveConfig.frozen = true;
      targetSpoke.updateReserveConfig(reserveId, reserveConfig);
    }
  }

  /// @inheritdoc ISpokeConfigurator
  function updatePositionManager(
    address spoke,
    address positionManager,
    bool active
  ) external onlyOwner {
    ISpoke(spoke).updatePositionManager(positionManager, active);
  }

  /// @inheritdoc ISpokeConfigurator
  function getMaxReserves(address spoke) external view returns (uint256) {
    return _maxReserves[spoke];
  }

  /// @dev Returns the last dynamic config key of the reserve for the specified Spoke.
  function _getReserveLastDynamicConfigKey(
    address spoke,
    uint256 reserveId
  ) internal view returns (uint24) {
    return ISpoke(spoke).getReserve(reserveId).dynamicConfigKey;
  }
}

12% src/spoke/TreasurySpoke.sol

Lines covered: 4 / 32 (12%)

// SPDX-License-Identifier: UNLICENSED
// Copyright (c) 2025 Aave Labs
pragma solidity 0.8.28;

import {Ownable2Step, Ownable} from 'src/dependencies/openzeppelin/Ownable2Step.sol';
import {SafeERC20, IERC20} from 'src/dependencies/openzeppelin/SafeERC20.sol';
import {MathUtils} from 'src/libraries/math/MathUtils.sol';
import {IHubBase} from 'src/hub/interfaces/IHubBase.sol';
import {ITreasurySpoke, ISpokeBase} from 'src/spoke/interfaces/ITreasurySpoke.sol';

/// @title TreasurySpoke
/// @author Aave Labs
/// @notice Spoke contract used as a treasury where accumulated fees are treated as supplied assets.
/// @dev Dedicated to a single user, controlled exclusively by the owner.
/// @dev Utilizes all assets from the Hub without restrictions, making reserve and asset identifiers aligned.
/// @dev Allows withdraw to claim fees and supply to invest back into the Hub via this dedicated spoke.
contract TreasurySpoke is ITreasurySpoke, Ownable2Step {
  using SafeERC20 for IERC20;

  /// @inheritdoc ITreasurySpoke
  IHubBase public immutable HUB;

  /// @dev Constructor.
  /// @param owner_ The address of the owner.
  /// @param hub_ The address of the Hub.
  constructor(address owner_, address hub_) Ownable(owner_) {
    require(hub_ != address(0), InvalidAddress());

    HUB = IHubBase(hub_);
  }

  /// @inheritdoc ITreasurySpoke
  function supply(
    uint256 reserveId,
    uint256 amount,
    address
  ) external onlyOwner returns (uint256, uint256) {
    (address underlying, ) = HUB.getAssetUnderlyingAndDecimals(reserveId);
    IERC20(underlying).safeTransferFrom(msg.sender, address(HUB), amount);
    uint256 shares = HUB.add(reserveId, amount);

    return (shares, amount);
  }

  /// @inheritdoc ITreasurySpoke
  function withdraw(
    uint256 reserveId,
    uint256 amount,
    address
  ) external onlyOwner returns (uint256, uint256) {
    // if amount to withdraw is greater than total supplied, withdraw all supplied assets
    uint256 withdrawnAmount = MathUtils.min(
      amount,
      HUB.getSpokeAddedAssets(reserveId, address(this))
    );
    uint256 withdrawnShares = HUB.remove(reserveId, withdrawnAmount, msg.sender);

    return (withdrawnShares, withdrawnAmount);
  }

  /// @inheritdoc ITreasurySpoke
  function transfer(address token, address to, uint256 amount) external onlyOwner {
    IERC20(token).safeTransfer(to, amount);
  }

  /// @inheritdoc ITreasurySpoke
  function getSuppliedAmount(uint256 reserveId) external view returns (uint256) {
    return HUB.getSpokeAddedAssets(reserveId, address(this));
  }

  /// @inheritdoc ITreasurySpoke
  function getSuppliedShares(uint256 reserveId) external view returns (uint256) {
    return HUB.getSpokeAddedShares(reserveId, address(this));
  }

  /// @inheritdoc ISpokeBase
  function borrow(uint256, uint256, address) external pure returns (uint256, uint256) {
    revert UnsupportedAction();
  }

  /// @inheritdoc ISpokeBase
  function repay(uint256, uint256, address) external pure returns (uint256, uint256) {
    revert UnsupportedAction();
  }

  /// @inheritdoc ISpokeBase
  function liquidationCall(uint256, uint256, address, uint256, bool) external pure {
    revert UnsupportedAction();
  }

  /// @inheritdoc ISpokeBase
  function getUserDebt(uint256, address) external pure returns (uint256, uint256) {}

  /// @inheritdoc ISpokeBase
  function getUserTotalDebt(uint256, address) external pure returns (uint256) {}

  /// @inheritdoc ISpokeBase
  function getUserPremiumDebtRay(uint256, address) external pure returns (uint256) {}

  /// @inheritdoc ISpokeBase
  function getReserveSuppliedAssets(uint256 reserveId) external view returns (uint256) {
    return HUB.getSpokeAddedAssets(reserveId, address(this));
  }

  /// @inheritdoc ISpokeBase
  function getReserveSuppliedShares(uint256 reserveId) external view returns (uint256) {
    return HUB.getSpokeAddedShares(reserveId, address(this));
  }

  /// @inheritdoc ISpokeBase
  function getUserSuppliedAssets(uint256, address) external pure returns (uint256) {}

  /// @inheritdoc ISpokeBase
  function getUserSuppliedShares(uint256, address) external pure returns (uint256) {}

  /// @inheritdoc ISpokeBase
  function getReserveDebt(uint256) external pure returns (uint256, uint256) {}

  /// @inheritdoc ISpokeBase
  function getReserveTotalDebt(uint256) external pure returns (uint256) {}
}

20% src/spoke/instances/SpokeInstance.sol

Lines covered: 2 / 10 (20%)

// SPDX-License-Identifier: UNLICENSED
// Copyright (c) 2025 Aave Labs
pragma solidity 0.8.28;

import {LiquidationLogic} from 'src/spoke/libraries/LiquidationLogic.sol';
import {Spoke} from 'src/spoke/Spoke.sol';

/// @title SpokeInstance
/// @author Aave Labs
/// @notice Implementation contract for the Spoke.
contract SpokeInstance is Spoke {
  uint64 public constant SPOKE_REVISION = 1;

  /// @dev Constructor.
  /// @dev During upgrade, must ensure that the new oracle is supporting existing assets on the spoke and the replaced oracle.
  /// @param oracle_ The address of the oracle.
  constructor(address oracle_) Spoke(oracle_) {
    // @audit FIXME: Remove _disableInitializers to fix echidna coverage https://github.com/crytic/echidna/issues/1116#issuecomment-3596746122
    // _disableInitializers();
  }

  /// @notice Initializer.
  /// @dev The authority contract must implement the `AccessManaged` interface for access control.
  /// @param authority The address of the authority contract which manages permissions.
  function initialize(address authority) external override reinitializer(SPOKE_REVISION) {
    emit UpdateOracle(ORACLE);
    require(authority != address(0), InvalidAddress());
    __AccessManaged_init(authority);
    if (_liquidationConfig.targetHealthFactor == 0) {
      _liquidationConfig.targetHealthFactor = HEALTH_FACTOR_LIQUIDATION_THRESHOLD;
      emit UpdateLiquidationConfig(_liquidationConfig);
    }
  }
}

96% src/spoke/libraries/KeyValueList.sol

Lines covered: 25 / 26 (96%)

// SPDX-License-Identifier: UNLICENSED
// Copyright (c) 2025 Aave Labs
pragma solidity ^0.8.20;

import {Arrays} from 'src/dependencies/openzeppelin/Arrays.sol';

/// @title KeyValueList Library
/// @author Aave Labs
/// @notice Library to pack key-value pairs in a list.
/// @dev The `sortByKey` helper sorts by ascending order of the `key` & in case of collision by descending order of the `value`.
/// @dev This is achieved by sorting the packed `key-value` pair in descending order, but storing the invert of the `key` (ie `_MAX_KEY - key`).
/// @dev Uninitialized keys are returned as (key: 0, value: 0) and are placed at the end of the list after sorting.
library KeyValueList {
  /// @notice Thrown when adding a key which can't be stored in `_KEY_BITS` or value in `_VALUE_BITS`.
  error MaxDataSizeExceeded();

  struct List {
    uint256[] _inner;
  }

  uint256 internal constant _KEY_BITS = 32;
  uint256 internal constant _VALUE_BITS = 224;
  uint256 internal constant _MAX_KEY = (1 << _KEY_BITS) - 1;
  uint256 internal constant _MAX_VALUE = (1 << _VALUE_BITS) - 1;
  uint256 internal constant _KEY_SHIFT = 256 - _KEY_BITS;

  /// @notice Allocates memory for a KeyValue list of `size` elements.
  function init(uint256 size) internal pure returns (List memory) {
    return List(new uint256[](size));
  }

  /// @notice Returns the length of the list.
  function length(List memory self) internal pure returns (uint256) {
    return self._inner.length;
  }

  /// @notice Inserts packed `key`, `value` at `idx`. Reverts if data exceeds maximum allowed size.
  /// @dev Reverts if `key` equals or exceeds the `_MAX_KEY` value and reverts if `value` equals or exceeds the `_MAX_VALUE` value.
  function add(List memory self, uint256 idx, uint256 key, uint256 value) internal pure {
    require(key < _MAX_KEY && value < _MAX_VALUE, MaxDataSizeExceeded());
    self._inner[idx] = pack(key, value);
  }

  /// @notice Returns the key-value pair at the given index.
  /// @dev Uninitialized keys are returned as (key: 0, value: 0).
  function get(List memory self, uint256 idx) internal pure returns (uint256, uint256) {
    return unpack(self._inner[idx]);
  }

  /// @notice Sorts the list in-place by ascending order of `key`, and descending order of `value` on collision.
  /// @dev All uninitialized keys are placed at the end of the list after sorting.
  /// @dev Since `key` is in the MSB, we can sort by the key by sorting the array in descending order
  /// (so the keys are in ascending order when unpacking, due to the inversion when packed).
  function sortByKey(List memory self) internal pure {
    Arrays.sort(self._inner, gtComparator);
  }

  /// @notice Packs a given `key`, `value` pair into a single word.
  /// @dev Bound checks are expected to be done before packing.
  function pack(uint256 key, uint256 value) internal pure returns (uint256) {
    return ((_MAX_KEY - key) << _KEY_SHIFT) | value;
  }

  /// @notice Unpacks `key` from a previously packed word containing `key` and `value`.
  /// @dev The key is stored in the most significant bits of the word.
  function unpackKey(uint256 data) internal pure returns (uint256) {
    return _MAX_KEY - (data >> _KEY_SHIFT);
  }

  /// @notice Unpacks `value` from a previously packed word containing `key` and `value`.
  /// @dev The value is stored in the least significant bits of the word.
  function unpackValue(uint256 data) internal pure returns (uint256) {
    return data & ((1 << _KEY_SHIFT) - 1);
  }

  /// @notice Unpacks both `key` and `value` from a previously packed word containing `key` and `value`.
  /// @dev Uninitialized keys are returned as (key: 0, value: 0).
  /// @param data The packed word containing `key` and `value`.
  function unpack(uint256 data) internal pure returns (uint256, uint256) {
    if (data == 0) return (0, 0);
    return (unpackKey(data), unpackValue(data));
  }

  /// @notice Comparator function performing greater-than comparison.
  /// @return True if `a` is greater than `b`.
  function gtComparator(uint256 a, uint256 b) internal pure returns (bool) {
    return a > b;
  }
}

98% src/spoke/libraries/LiquidationLogic.sol

Lines covered: 218 / 222 (98%)

// SPDX-License-Identifier: UNLICENSED
// Copyright (c) 2025 Aave Labs
pragma solidity ^0.8.20;

import {SafeCast} from 'src/dependencies/openzeppelin/SafeCast.sol';
import {SafeERC20, IERC20} from 'src/dependencies/openzeppelin/SafeERC20.sol';
import {MathUtils} from 'src/libraries/math/MathUtils.sol';
import {PercentageMath} from 'src/libraries/math/PercentageMath.sol';
import {WadRayMath} from 'src/libraries/math/WadRayMath.sol';
import {PositionStatusMap} from 'src/spoke/libraries/PositionStatusMap.sol';
import {UserPositionDebt} from 'src/spoke/libraries/UserPositionDebt.sol';
import {ReserveFlags, ReserveFlagsMap} from 'src/spoke/libraries/ReserveFlagsMap.sol';
import {IHubBase} from 'src/hub/interfaces/IHubBase.sol';
import {IAaveOracle} from 'src/spoke/interfaces/IAaveOracle.sol';
import {ISpoke, ISpokeBase} from 'src/spoke/interfaces/ISpoke.sol';

/// @title LiquidationLogic library
/// @author Aave Labs
/// @notice Implements the logic for liquidations.
library LiquidationLogic {
  using SafeCast for *;
  using SafeERC20 for IERC20;
  using MathUtils for *;
  using PercentageMath for uint256;
  using WadRayMath for uint256;
  using UserPositionDebt for ISpoke.UserPosition;
  using ReserveFlagsMap for ReserveFlags;
  using PositionStatusMap for ISpoke.PositionStatus;

  struct LiquidateUserParams {
    uint256 collateralReserveId;
    uint256 debtReserveId;
    address oracle;
    address user;
    uint256 debtToCover;
    uint256 healthFactor;
    uint256 drawnDebt;
    uint256 premiumDebtRay;
    uint256 drawnIndex;
    uint256 totalDebtValue;
    address liquidator;
    uint256 activeCollateralCount;
    uint256 borrowedCount;
    bool receiveShares;
  }

  struct LiquidateCollateralParams {
    uint256 collateralToLiquidate;
    uint256 collateralToLiquidator;
    address liquidator;
    bool receiveShares;
  }

  struct LiquidateDebtParams {
    uint256 debtReserveId;
    uint256 debtToLiquidate;
    uint256 premiumDebtRay;
    uint256 drawnIndex;
    address liquidator;
  }

  struct ValidateLiquidationCallParams {
    address user;
    address liquidator;
    ReserveFlags collateralReserveFlags;
    ReserveFlags debtReserveFlags;
    uint256 collateralReserveBalance;
    uint256 debtReserveBalance;
    uint256 debtToCover;
    uint256 collateralFactor;
    bool isUsingAsCollateral;
    uint256 healthFactor;
    bool receiveShares;
  }

  struct CalculateDebtToTargetHealthFactorParams {
    uint256 totalDebtValue;
    uint256 debtAssetUnit;
    uint256 debtAssetPrice;
    uint256 collateralFactor;
    uint256 liquidationBonus;
    uint256 healthFactor;
    uint256 targetHealthFactor;
  }

  struct CalculateDebtToLiquidateParams {
    uint256 debtReserveBalance;
    uint256 totalDebtValue;
    uint256 debtAssetUnit;
    uint256 debtAssetPrice;
    uint256 debtToCover;
    uint256 collateralFactor;
    uint256 liquidationBonus;
    uint256 healthFactor;
    uint256 targetHealthFactor;
  }

  struct CalculateLiquidationAmountsParams {
    uint256 collateralReserveBalance;
    uint256 collateralAssetUnit;
    uint256 collateralAssetPrice;
    uint256 debtReserveBalance;
    uint256 totalDebtValue;
    uint256 debtAssetUnit;
    uint256 debtAssetPrice;
    uint256 debtToCover;
    uint256 collateralFactor;
    uint256 healthFactorForMaxBonus;
    uint256 liquidationBonusFactor;
    uint256 maxLiquidationBonus;
    uint256 targetHealthFactor;
    uint256 healthFactor;
    uint256 liquidationFee;
  }

  struct LiquidationAmounts {
    uint256 collateralToLiquidate;
    uint256 collateralToLiquidator;
    uint256 debtToLiquidate;
  }

  // see ISpoke.HEALTH_FACTOR_LIQUIDATION_THRESHOLD docs
  uint64 public constant HEALTH_FACTOR_LIQUIDATION_THRESHOLD = 1e18;

  // see ISpoke.DUST_LIQUIDATION_THRESHOLD docs
  uint256 public constant DUST_LIQUIDATION_THRESHOLD = 1000e26;

  /// @notice Liquidates a user position.
  /// @param collateralReserve The collateral reserve to seize during liquidation.
  /// @param debtReserve The debt reserve to repay during liquidation.
  /// @param positions The mapping of positions per reserve per user.
  /// @param positionStatus The mapping of position status per user.
  /// @param liquidationConfig The liquidation config.
  /// @param collateralDynConfig The collateral dynamic config.
  /// @param params The liquidate user params.
  /// @return True if the liquidation results in deficit.
  function liquidateUser(
    ISpoke.Reserve storage collateralReserve,
    ISpoke.Reserve storage debtReserve,
    mapping(address user => mapping(uint256 reserveId => ISpoke.UserPosition)) storage positions,
    mapping(address user => ISpoke.PositionStatus) storage positionStatus,
    ISpoke.LiquidationConfig storage liquidationConfig,
    ISpoke.DynamicReserveConfig storage collateralDynConfig,
    LiquidateUserParams memory params
  ) external returns (bool) {
    uint256 collateralReserveBalance = collateralReserve.hub.previewRemoveByShares(
      collateralReserve.assetId,
      positions[params.user][params.collateralReserveId].suppliedShares
    );
    _validateLiquidationCall(
      ValidateLiquidationCallParams({
        user: params.user,
        liquidator: params.liquidator,
        collateralReserveFlags: collateralReserve.flags,
        debtReserveFlags: debtReserve.flags,
        collateralReserveBalance: collateralReserveBalance,
        debtReserveBalance: params.drawnDebt + params.premiumDebtRay.fromRayUp(),
        debtToCover: params.debtToCover,
        collateralFactor: collateralDynConfig.collateralFactor,
        isUsingAsCollateral: positionStatus[params.user].isUsingAsCollateral(
          params.collateralReserveId
        ),
        healthFactor: params.healthFactor,
        receiveShares: params.receiveShares
      })
    );

    LiquidationAmounts memory liquidationAmounts = _calculateLiquidationAmounts(
      CalculateLiquidationAmountsParams({
        collateralReserveBalance: collateralReserveBalance,
        collateralAssetUnit: MathUtils.uncheckedExp(10, collateralReserve.decimals),
        collateralAssetPrice: IAaveOracle(params.oracle).getReservePrice(
          params.collateralReserveId
        ),
        debtReserveBalance: params.drawnDebt + params.premiumDebtRay.fromRayUp(),
        totalDebtValue: params.totalDebtValue,
        debtAssetUnit: MathUtils.uncheckedExp(10, debtReserve.decimals),
        debtAssetPrice: IAaveOracle(params.oracle).getReservePrice(params.debtReserveId),
        debtToCover: params.debtToCover,
        collateralFactor: collateralDynConfig.collateralFactor,
        healthFactorForMaxBonus: liquidationConfig.healthFactorForMaxBonus,
        liquidationBonusFactor: liquidationConfig.liquidationBonusFactor,
        maxLiquidationBonus: collateralDynConfig.maxLiquidationBonus,
        targetHealthFactor: liquidationConfig.targetHealthFactor,
        healthFactor: params.healthFactor,
        liquidationFee: collateralDynConfig.liquidationFee
      })
    );

    (
      uint256 collateralSharesToLiquidate,
      uint256 collateralSharesToLiquidator,
      bool isCollateralPositionEmpty
    ) = _liquidateCollateral(
        collateralReserve,
        positions[params.user][params.collateralReserveId],
        positions[params.liquidator][params.collateralReserveId],
        LiquidateCollateralParams({
          collateralToLiquidate: liquidationAmounts.collateralToLiquidate,
          collateralToLiquidator: liquidationAmounts.collateralToLiquidator,
          liquidator: params.liquidator,
          receiveShares: params.receiveShares
        })
      );

    (
      uint256 drawnSharesToLiquidate,
      IHubBase.PremiumDelta memory premiumDelta,
      bool isDebtPositionEmpty
    ) = _liquidateDebt(
        debtReserve,
        positions[params.user][params.debtReserveId],
        positionStatus[params.user],
        LiquidateDebtParams({
          debtReserveId: params.debtReserveId,
          debtToLiquidate: liquidationAmounts.debtToLiquidate,
          premiumDebtRay: params.premiumDebtRay,
          drawnIndex: params.drawnIndex,
          liquidator: params.liquidator
        })
      );

    emit ISpokeBase.LiquidationCall(
      params.collateralReserveId,
      params.debtReserveId,
      params.user,
      params.liquidator,
      params.receiveShares,
      liquidationAmounts.debtToLiquidate,
      drawnSharesToLiquidate,
      premiumDelta,
      liquidationAmounts.collateralToLiquidate,
      collateralSharesToLiquidate,
      collateralSharesToLiquidator
    );

    return
      _evaluateDeficit({
        isCollateralPositionEmpty: isCollateralPositionEmpty,
        isDebtPositionEmpty: isDebtPositionEmpty,
        activeCollateralCount: params.activeCollateralCount,
        borrowedCount: params.borrowedCount
      });
  }

  /// @notice Calculates the liquidation bonus at a given health factor.
  /// @dev Liquidation Bonus is expressed as a BPS value greater than `PercentageMath.PERCENTAGE_FACTOR`.
  /// @param healthFactorForMaxBonus The health factor for max bonus.
  /// @param liquidationBonusFactor The liquidation bonus factor.
  /// @param healthFactor The health factor.
  /// @param maxLiquidationBonus The max liquidation bonus.
  /// @return The liquidation bonus.
  function calculateLiquidationBonus(
    uint256 healthFactorForMaxBonus,
    uint256 liquidationBonusFactor,
    uint256 healthFactor,
    uint256 maxLiquidationBonus
  ) internal pure returns (uint256) {
    if (healthFactor <= healthFactorForMaxBonus) {
      return maxLiquidationBonus;
    }

    uint256 minLiquidationBonus = (maxLiquidationBonus - PercentageMath.PERCENTAGE_FACTOR)
      .percentMulDown(liquidationBonusFactor) + PercentageMath.PERCENTAGE_FACTOR;

    // linear interpolation between min and max
    // denominator cannot be zero as healthFactorForMaxBonus is always < HEALTH_FACTOR_LIQUIDATION_THRESHOLD
    return
      minLiquidationBonus +
      (maxLiquidationBonus - minLiquidationBonus).mulDivDown(
        HEALTH_FACTOR_LIQUIDATION_THRESHOLD - healthFactor,
        HEALTH_FACTOR_LIQUIDATION_THRESHOLD - healthFactorForMaxBonus
      );
  }

  /// @dev Invoked by `liquidateUser` method.
  /// @return The total amount of collateral shares to be liquidated.
  /// @return The amount of collateral shares that the liquidator receives.
  /// @return True if the user collateral position becomes empty after removing.
  function _liquidateCollateral(
    ISpoke.Reserve storage collateralReserve,
    ISpoke.UserPosition storage collateralPosition,
    ISpoke.UserPosition storage liquidatorCollateralPosition,
    LiquidateCollateralParams memory params
  ) internal returns (uint256, uint256, bool) {
    IHubBase hub = collateralReserve.hub;
    uint256 assetId = collateralReserve.assetId;

    uint256 sharesToLiquidate = hub.previewRemoveByAssets(assetId, params.collateralToLiquidate);
    uint120 userSuppliedShares = collateralPosition.suppliedShares - sharesToLiquidate.toUint120();

    uint256 sharesToLiquidator;
    if (params.collateralToLiquidator > 0) {
      if (params.receiveShares) {
        sharesToLiquidator = hub.previewAddByAssets(assetId, params.collateralToLiquidator);
        if (sharesToLiquidator > 0) {
          liquidatorCollateralPosition.suppliedShares += sharesToLiquidator.toUint120();
        }
      } else {
        sharesToLiquidator = hub.remove(assetId, params.collateralToLiquidator, params.liquidator);
      }
    }

    collateralPosition.suppliedShares = userSuppliedShares;

    if (sharesToLiquidate > sharesToLiquidator) {
      hub.payFeeShares(assetId, sharesToLiquidate.uncheckedSub(sharesToLiquidator));
    }

    return (sharesToLiquidate, sharesToLiquidator, userSuppliedShares == 0);
  }

  /// @dev Invoked by `liquidateUser` method.
  /// @return The amount of drawn shares to be liquidated.
  /// @return A struct representing the changes to premium debt after liquidation.
  /// @return True if the debt position becomes zero after restoring.
  function _liquidateDebt(
    ISpoke.Reserve storage debtReserve,
    ISpoke.UserPosition storage debtPosition,
    ISpoke.PositionStatus storage positionStatus,
    LiquidateDebtParams memory params
  ) internal returns (uint256, IHubBase.PremiumDelta memory, bool) {
    uint256 premiumDebtToLiquidateRay = params.debtToLiquidate.toRay().min(params.premiumDebtRay);
    uint256 drawnDebtLiquidated = params.debtToLiquidate - premiumDebtToLiquidateRay.fromRayUp();
    uint256 drawnSharesLiquidated = drawnDebtLiquidated.rayDivDown(params.drawnIndex);

    IHubBase.PremiumDelta memory premiumDelta = debtPosition.getPremiumDelta({
      drawnSharesTaken: drawnSharesLiquidated,
      drawnIndex: params.drawnIndex,
      riskPremium: positionStatus.riskPremium,
      restoredPremiumRay: premiumDebtToLiquidateRay
    });

    IERC20(debtReserve.underlying).safeTransferFrom(
      params.liquidator,
      address(debtReserve.hub),
      params.debtToLiquidate
    );
    debtReserve.hub.restore(debtReserve.assetId, drawnDebtLiquidated, premiumDelta);

    debtPosition.applyPremiumDelta(premiumDelta);
    debtPosition.drawnShares -= drawnSharesLiquidated.toUint120();
    if (debtPosition.drawnShares == 0) {
      positionStatus.setBorrowing(params.debtReserveId, false);
      return (drawnSharesLiquidated, premiumDelta, true);
    }

    return (drawnSharesLiquidated, premiumDelta, false);
  }

  /// @notice Validates the liquidation call.
  /// @param params The validate liquidation call params.
  function _validateLiquidationCall(ValidateLiquidationCallParams memory params) internal pure {
    require(params.user != params.liquidator, ISpoke.SelfLiquidation());
    require(params.debtToCover > 0, ISpoke.InvalidDebtToCover());
    require(
      !params.collateralReserveFlags.paused() && !params.debtReserveFlags.paused(),
      ISpoke.ReservePaused()
    );
    require(params.collateralReserveBalance > 0, ISpoke.ReserveNotSupplied());
    require(params.debtReserveBalance > 0, ISpoke.ReserveNotBorrowed());
    require(params.collateralReserveFlags.liquidatable(), ISpoke.CollateralCannotBeLiquidated());
    require(
      params.healthFactor < HEALTH_FACTOR_LIQUIDATION_THRESHOLD,
      ISpoke.HealthFactorNotBelowThreshold()
    );
    require(
      params.collateralFactor > 0 && params.isUsingAsCollateral,
      ISpoke.ReserveNotEnabledAsCollateral()
    );
    if (params.receiveShares) {
      require(
        !params.collateralReserveFlags.frozen() &&
          params.collateralReserveFlags.receiveSharesEnabled(),
        ISpoke.CannotReceiveShares()
      );
    }
  }

  /// @notice Calculates the liquidation amounts.
  /// @dev Invoked by `liquidateUser` method.
  function _calculateLiquidationAmounts(
    CalculateLiquidationAmountsParams memory params
  ) internal pure returns (LiquidationAmounts memory) {
    uint256 liquidationBonus = calculateLiquidationBonus({
      healthFactorForMaxBonus: params.healthFactorForMaxBonus,
      liquidationBonusFactor: params.liquidationBonusFactor,
      healthFactor: params.healthFactor,
      maxLiquidationBonus: params.maxLiquidationBonus
    });

    // To prevent accumulation of dust, one of the following conditions is enforced:
    // 1. liquidate all debt
    // 2. liquidate all collateral
    // 3. leave at least `DUST_LIQUIDATION_THRESHOLD` of collateral and debt (in value terms)
    uint256 debtToLiquidate = _calculateDebtToLiquidate(
      CalculateDebtToLiquidateParams({
        debtReserveBalance: params.debtReserveBalance,
        totalDebtValue: params.totalDebtValue,
        debtAssetUnit: params.debtAssetUnit,
        debtAssetPrice: params.debtAssetPrice,
        debtToCover: params.debtToCover,
        collateralFactor: params.collateralFactor,
        liquidationBonus: liquidationBonus,
        healthFactor: params.healthFactor,
        targetHealthFactor: params.targetHealthFactor
      })
    );

    uint256 collateralToLiquidate = debtToLiquidate.mulDivDown(
      params.debtAssetPrice * params.collateralAssetUnit * liquidationBonus,
      params.debtAssetUnit * params.collateralAssetPrice * PercentageMath.PERCENTAGE_FACTOR
    );

    bool leavesCollateralDust = collateralToLiquidate < params.collateralReserveBalance &&
      (params.collateralReserveBalance - collateralToLiquidate).mulDivDown(
        params.collateralAssetPrice.toWad(),
        params.collateralAssetUnit
      ) <
      DUST_LIQUIDATION_THRESHOLD;

    if (
      collateralToLiquidate > params.collateralReserveBalance ||
      (leavesCollateralDust && debtToLiquidate < params.debtReserveBalance)
    ) {
      collateralToLiquidate = params.collateralReserveBalance;

      // - `debtToLiquidate` is decreased if `collateralToLiquidate > params.collateralReserveBalance` (if so, debt dust could remain).
      // - `debtToLiquidate` is increased if `(leavesCollateralDust && debtToLiquidate < params.debtReserveBalance)`, ensuring collateral reserve
      //   is fully liquidated (potentially bypassing the target health factor). Can only increase by at most `DUST_LIQUIDATION_THRESHOLD` (in
      //   value terms). Since debt dust condition was enforced, it is guaranteed that `debtToLiquidate` will never exceed `params.debtReserveBalance`.
      debtToLiquidate = collateralToLiquidate.mulDivUp(
        params.collateralAssetPrice * params.debtAssetUnit * PercentageMath.PERCENTAGE_FACTOR,
        params.debtAssetPrice * params.collateralAssetUnit * liquidationBonus
      );
    }

    // revert if the liquidator does not cover the necessary debt to prevent dust from remaining
    require(params.debtToCover >= debtToLiquidate, ISpoke.MustNotLeaveDust());

    uint256 collateralToLiquidator = collateralToLiquidate -
      collateralToLiquidate.mulDivDown(
        params.liquidationFee * (liquidationBonus - PercentageMath.PERCENTAGE_FACTOR),
        liquidationBonus * PercentageMath.PERCENTAGE_FACTOR
      );

    return
      LiquidationAmounts({
        collateralToLiquidate: collateralToLiquidate,
        collateralToLiquidator: collateralToLiquidator,
        debtToLiquidate: debtToLiquidate
      });
  }

  /// @notice Calculates the debt that should be liquidated.
  /// @dev Generally, it returns the minimum of `debtToCover`, `debtReserveBalance` and `debtToTarget`.
  /// If debt dust would be left behind, it returns `debtReserveBalance` to ensure the debt is fully cleared and no dust is left.
  function _calculateDebtToLiquidate(
    CalculateDebtToLiquidateParams memory params
  ) internal pure returns (uint256) {
    uint256 debtToLiquidate = params.debtReserveBalance;
    if (params.debtToCover < debtToLiquidate) {
      debtToLiquidate = params.debtToCover;
    }

    uint256 debtToTarget = _calculateDebtToTargetHealthFactor(
      CalculateDebtToTargetHealthFactorParams({
        totalDebtValue: params.totalDebtValue,
        debtAssetUnit: params.debtAssetUnit,
        debtAssetPrice: params.debtAssetPrice,
        collateralFactor: params.collateralFactor,
        liquidationBonus: params.liquidationBonus,
        healthFactor: params.healthFactor,
        targetHealthFactor: params.targetHealthFactor
      })
    );
    if (debtToTarget < debtToLiquidate) {
      debtToLiquidate = debtToTarget;
    }

    bool leavesDebtDust = debtToLiquidate < params.debtReserveBalance &&
      (params.debtReserveBalance - debtToLiquidate).mulDivDown(
        params.debtAssetPrice.toWad(),
        params.debtAssetUnit
      ) <
      DUST_LIQUIDATION_THRESHOLD;

    if (leavesDebtDust) {
      // target health factor is bypassed to prevent leaving dust
      debtToLiquidate = params.debtReserveBalance;
    }

    return debtToLiquidate;
  }

  /// @notice Calculates the amount of debt needed to be liquidated to restore a position to the target health factor.
  function _calculateDebtToTargetHealthFactor(
    CalculateDebtToTargetHealthFactorParams memory params
  ) internal pure returns (uint256) {
    uint256 liquidationPenalty = params.liquidationBonus.bpsToWad().percentMulUp(
      params.collateralFactor
    );

    // denominator cannot be zero as `liquidationPenalty` is always < PercentageMath.PERCENTAGE_FACTOR
    // `liquidationBonus.percentMulUp(collateralFactor) < PercentageMath.PERCENTAGE_FACTOR` is enforced in `_validateDynamicReserveConfig`
    // and targetHealthFactor is always >= HEALTH_FACTOR_LIQUIDATION_THRESHOLD
    return
      params.totalDebtValue.mulDivUp(
        params.debtAssetUnit * (params.targetHealthFactor - params.healthFactor),
        (params.targetHealthFactor - liquidationPenalty) * params.debtAssetPrice.toWad()
      );
  }

  /// @notice Returns if the liquidation results in deficit.
  function _evaluateDeficit(
    bool isCollateralPositionEmpty,
    bool isDebtPositionEmpty,
    uint256 activeCollateralCount,
    uint256 borrowedCount
  ) internal pure returns (bool) {
    if (!isCollateralPositionEmpty || activeCollateralCount > 1) {
      return false;
    }
    return !isDebtPositionEmpty || borrowedCount > 1;
  }
}

63% src/spoke/libraries/PositionStatusMap.sol

Lines covered: 46 / 72 (63%)

// SPDX-License-Identifier: UNLICENSED
// Copyright (c) 2025 Aave Labs
pragma solidity ^0.8.20;

import {LibBit} from 'src/dependencies/solady/LibBit.sol';
import {ISpoke} from 'src/spoke/interfaces/ISpoke.sol';

/// @title PositionStatusMap Library
/// @author Aave Labs
/// @notice Implements the bitmap logic to handle the user configuration.
library PositionStatusMap {
  using PositionStatusMap for *;
  using LibBit for uint256;

  uint256 internal constant NOT_FOUND = type(uint256).max;

  uint256 internal constant BORROWING_MASK =
    0x5555555555555555555555555555555555555555555555555555555555555555;
  uint256 internal constant COLLATERAL_MASK =
    0xAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA;

  /// @notice Sets if the user is borrowing the specified reserve.
  function setBorrowing(
    ISpoke.PositionStatus storage self,
    uint256 reserveId,
    bool borrowing
  ) internal {
    unchecked {
      uint256 bit = 1 << ((reserveId % 128) << 1);
      if (borrowing) {
        self.map[reserveId.bucketId()] |= bit;
      } else {
        self.map[reserveId.bucketId()] &= ~bit;
      }
    }
  }

  /// @notice Sets if the user is using as collateral the specified reserve.
  function setUsingAsCollateral(
    ISpoke.PositionStatus storage self,
    uint256 reserveId,
    bool usingAsCollateral
  ) internal {
    unchecked {
      uint256 bit = 1 << (((reserveId % 128) << 1) + 1);
      if (usingAsCollateral) {
        self.map[reserveId.bucketId()] |= bit;
      } else {
        self.map[reserveId.bucketId()] &= ~bit;
      }
    }
  }

  /// @notice Returns if a user is using the specified reserve for borrowing or as collateral.
  function isUsingAsCollateralOrBorrowing(
    ISpoke.PositionStatus storage self,
    uint256 reserveId
  ) internal view returns (bool) {
    unchecked {
      return (self.getBucketWord(reserveId) >> ((reserveId % 128) << 1)) & 3 != 0;
    }
  }

  /// @notice Returns if a user is using the specified reserve for borrowing.
  function isBorrowing(
    ISpoke.PositionStatus storage self,
    uint256 reserveId
  ) internal view returns (bool) {
    unchecked {
      return (self.getBucketWord(reserveId) >> ((reserveId % 128) << 1)) & 1 != 0;
    }
  }

  /// @notice Returns if a user is using the specified reserve as collateral.
  function isUsingAsCollateral(
    ISpoke.PositionStatus storage self,
    uint256 reserveId
  ) internal view returns (bool) {
    unchecked {
      return (self.getBucketWord(reserveId) >> (((reserveId % 128) << 1) + 1)) & 1 != 0;
    }
  }

  /// @notice Counts the number of reserves enabled as collateral.
  /// @dev Disregards potential dirty bits set after `reserveCount`.
  /// @param reserveCount The current `reserveCount`, to avoid reading uninitialized buckets.
  function collateralCount(
    ISpoke.PositionStatus storage self,
    uint256 reserveCount
  ) internal view returns (uint256) {
    unchecked {
      uint256 bucket = reserveCount.bucketId();
      uint256 count = self.map[bucket].isolateCollateralUntil(reserveCount).popCount();
      while (bucket != 0) {
        count += self.map[--bucket].isolateCollateral().popCount();
      }
      return count;
    }
  }

  /// @notice Finds the previous borrowing or collateralized reserve strictly before `fromReserveId`.
  /// @dev The search starts at `fromReserveId` (exclusive) and scans backward across buckets.
  /// @dev Returns `NOT_FOUND` if no borrowing or collateralized reserve exists before the bound.
  /// @dev Ignores dirty bits beyond the configured `reserveCount` within the last bucket.
  /// @param fromReserveId The identifier of the reserve to start searching from.
  /// @return reserveId The reserve identifier for the next reserve that is borrowed or used as collateral.
  /// @return borrowing True if the next reserveId is borrowed.
  /// @return collateral True if the next reserveId is used as collateral.
  function next(
    ISpoke.PositionStatus storage self,
    uint256 fromReserveId
  ) internal view returns (uint256, bool, bool) {
    unchecked {
      uint256 bucket = fromReserveId.bucketId();
      uint256 map = self.map[bucket];
      uint256 setBitId = map.isolateUntil(fromReserveId).fls();
      while (setBitId == 256 && bucket != 0) {
        map = self.map[--bucket];
        setBitId = map.fls();
      }
      if (setBitId == 256) {
        return (NOT_FOUND, false, false);
      } else {
        uint256 word = map >> ((setBitId >> 1) << 1);
        return (setBitId.fromBitId(bucket), word & 1 != 0, word & 2 != 0);
      }
    }
  }

  /// @notice Finds the previous borrowed reserve strictly before `fromReserveId`.
  /// @dev The search starts at `fromReserveId` (exclusive) and scans backward across buckets.
  /// @dev Returns `NOT_FOUND` if no borrowed reserve exists before the bound.
  /// @dev Ignores dirty bits beyond the configured `reserveCount` within the last bucket.
  /// @param fromReserveId The exclusive upper bound to start from (this reserveId is not considered).
  /// @return The previous borrowed reserveId, or `NOT_FOUND` if none is found.
  function nextBorrowing(
    ISpoke.PositionStatus storage self,
    uint256 fromReserveId
  ) internal view returns (uint256) {
    unchecked {
      uint256 bucket = fromReserveId.bucketId();
      uint256 setBitId = self.map[bucket].isolateBorrowingUntil(fromReserveId).fls();
      while (setBitId == 256 && bucket != 0) {
        setBitId = self.map[--bucket].isolateBorrowing().fls();
      }
      return setBitId == 256 ? NOT_FOUND : setBitId.fromBitId(bucket);
    }
  }

  /// @notice Finds the previous collateral reserve strictly before `fromReserveId`.
  /// @dev The search starts at `fromReserveId` (exclusive) and scans backward across buckets.
  /// @dev Returns `NOT_FOUND` if no collateral reserve exists before the bound.
  /// @dev Ignores dirty bits beyond the configured `reserveCount` within the last bucket.
  /// @param fromReserveId The exclusive upper bound to start from (this reserveId is not considered).
  /// @return The previous collateral reserveId, or `NOT_FOUND` if none is found.
  function nextCollateral(
    ISpoke.PositionStatus storage self,
    uint256 fromReserveId
  ) internal view returns (uint256) {
    unchecked {
      uint256 bucket = fromReserveId.bucketId();
      uint256 setBitId = self.map[bucket].isolateCollateralUntil(fromReserveId).fls();
      while (setBitId == 256 && bucket != 0) {
        setBitId = self.map[--bucket].isolateCollateral().fls();
      }
      return setBitId == 256 ? NOT_FOUND : setBitId.fromBitId(bucket);
    }
  }

  /// @notice Returns the word containing the reserve state in the bitmap.
  function getBucketWord(
    ISpoke.PositionStatus storage self,
    uint256 reserveId
  ) internal view returns (uint256) {
    return self.map[reserveId.bucketId()];
  }

  /// @notice Converts a reserveId to its corresponding bucketId.
  function bucketId(uint256 reserveId) internal pure returns (uint256 wordId) {
    assembly ('memory-safe') {
      wordId := shr(7, reserveId)
    }
  }

  /// @notice Converts a bit index to its corresponding reserve index in the bitmap.
  /// @dev BitId 0, 1 correspond to reserveId 0; BitId 2, 3 correspond to reserveId 1; etc.
  function fromBitId(uint256 bitId, uint256 bucket) internal pure returns (uint256 reserveId) {
    assembly ('memory-safe') {
      reserveId := add(shr(1, bitId), shl(7, bucket))
    }
  }

  /// @notice Isolates the borrowing bits from word.
  function isolateBorrowing(uint256 word) internal pure returns (uint256 ret) {
    assembly ('memory-safe') {
      ret := and(word, BORROWING_MASK)
    }
  }

  /// @notice Returns masked `word` containing only borrowing bits from the first reserve up to `reserveCount`.
  function isolateBorrowingUntil(
    uint256 word,
    uint256 reserveCount
  ) internal pure returns (uint256 ret) {
    // ret = word & (BORROWING_MASK >> (256 - ((reserveCount % 128) << 1)));
    assembly ('memory-safe') {
      ret := and(word, shr(sub(256, shl(1, mod(reserveCount, 128))), BORROWING_MASK))
    }
  }

  /// @notice Returns masked `word` containing bits from the first reserve up to `reserveCount`.
  function isolateUntil(uint256 word, uint256 reserveCount) internal pure returns (uint256 ret) {
    // ret = word & (type(uint256).max >> (256 - ((reserveCount % 128) << 1)));
    assembly ('memory-safe') {
      ret := and(word, shr(sub(256, shl(1, mod(reserveCount, 128))), not(0)))
    }
  }

  /// @notice Isolates the collateral bits from word.
  function isolateCollateral(uint256 word) internal pure returns (uint256 ret) {
    assembly ('memory-safe') {
      ret := and(word, COLLATERAL_MASK)
    }
  }

  /// @notice Returns masked `word` containing only collateral bits from the first reserve up to `reserveCount`.
  function isolateCollateralUntil(
    uint256 word,
    uint256 reserveCount
  ) internal pure returns (uint256 ret) {
    // ret = word & (COLLATERAL_MASK >> (256 - ((reserveCount % 128) << 1)));
    assembly ('memory-safe') {
      ret := and(word, shr(sub(256, shl(1, mod(reserveCount, 128))), COLLATERAL_MASK))
    }
  }
}

52% src/spoke/libraries/ReserveFlagsMap.sol

Lines covered: 19 / 36 (52%)

// SPDX-License-Identifier: UNLICENSED
// Copyright (c) 2025 Aave Labs
pragma solidity ^0.8.20;

import {ReserveFlags} from 'src/spoke/interfaces/ISpoke.sol';

/// @title ReserveFlags Library
/// @author Aave Labs
/// @notice Implements the bitmap logic to handle the Reserve flags configuration.
library ReserveFlagsMap {
  /// @dev Mask for the `paused` flag.
  uint8 internal constant PAUSED_MASK = 0x01;
  /// @dev Mask for the `frozen` flag.
  uint8 internal constant FROZEN_MASK = 0x02;
  /// @dev Mask for the `borrowable` flag.
  uint8 internal constant BORROWABLE_MASK = 0x04;
  /// @dev Mask for the `liquidatable` flag.
  uint8 internal constant LIQUIDATABLE_MASK = 0x08;
  /// @dev Mask for the `receiveSharesEnabled` flag.
  uint8 internal constant RECEIVE_SHARES_ENABLED_MASK = 0x10;

  /// @notice Initializes the ReserveFlags with the given values.
  /// @param initPaused The initial `paused` flag status.
  /// @param initFrozen The initial `frozen` flag status.
  /// @param initBorrowable The initial `borrowable` flag status.
  /// @param initLiquidatable The initial `liquidatable` flag status.
  /// @param initReceiveSharesEnabled The initial `receiveSharesEnabled` flag status.
  /// @return The initialized ReserveFlags.
  function create(
    bool initPaused,
    bool initFrozen,
    bool initBorrowable,
    bool initLiquidatable,
    bool initReceiveSharesEnabled
  ) internal pure returns (ReserveFlags) {
    uint8 flags = 0;
    flags = _setStatus(flags, PAUSED_MASK, initPaused);
    flags = _setStatus(flags, FROZEN_MASK, initFrozen);
    flags = _setStatus(flags, BORROWABLE_MASK, initBorrowable);
    flags = _setStatus(flags, LIQUIDATABLE_MASK, initLiquidatable);
    flags = _setStatus(flags, RECEIVE_SHARES_ENABLED_MASK, initReceiveSharesEnabled);
    return ReserveFlags.wrap(flags);
  }

  /// @notice Sets the new status for the `paused` flag.
  /// @param flags The current ReserveFlags.
  /// @param status The new status for the `paused` flag.
  /// @return The updated ReserveFlags.
  function setPaused(ReserveFlags flags, bool status) internal pure returns (ReserveFlags) {
    return ReserveFlags.wrap(_setStatus(ReserveFlags.unwrap(flags), PAUSED_MASK, status));
  }

  /// @notice Sets the new status for the `frozen` flag.
  /// @param flags The current ReserveFlags.
  /// @param status The new status for the `frozen` flag.
  /// @return The updated ReserveFlags.
  function setFrozen(ReserveFlags flags, bool status) internal pure returns (ReserveFlags) {
    return ReserveFlags.wrap(_setStatus(ReserveFlags.unwrap(flags), FROZEN_MASK, status));
  }

  /// @notice Sets the new status for the `borrowable` flag.
  /// @param flags The current ReserveFlags.
  /// @param status The new status for the `borrowable` flag.
  /// @return The updated ReserveFlags.
  function setBorrowable(ReserveFlags flags, bool status) internal pure returns (ReserveFlags) {
    return ReserveFlags.wrap(_setStatus(ReserveFlags.unwrap(flags), BORROWABLE_MASK, status));
  }

  /// @notice Sets the new status for the `liquidatable` flag.
  /// @param flags The current ReserveFlags.
  /// @param status The new status for the `liquidatable` flag.
  /// @return The updated ReserveFlags.
  function setLiquidatable(ReserveFlags flags, bool status) internal pure returns (ReserveFlags) {
    return ReserveFlags.wrap(_setStatus(ReserveFlags.unwrap(flags), LIQUIDATABLE_MASK, status));
  }

  /// @notice Sets the new status for the `receiveSharesEnabled` flag.
  /// @param flags The current ReserveFlags.
  /// @param status The new status for the `receiveSharesEnabled` flag.
  /// @return The updated ReserveFlags.
  function setReceiveSharesEnabled(
    ReserveFlags flags,
    bool status
  ) internal pure returns (ReserveFlags) {
    return
      ReserveFlags.wrap(
        _setStatus(ReserveFlags.unwrap(flags), RECEIVE_SHARES_ENABLED_MASK, status)
      );
  }

  /// @notice Returns the `paused` flag status.
  /// @param flags The current ReserveFlags.
  /// @return True if the flag is set.
  function paused(ReserveFlags flags) internal pure returns (bool) {
    return (ReserveFlags.unwrap(flags) & PAUSED_MASK) != 0;
  }

  /// @notice Returns the `frozen` flag status.
  /// @param flags The current ReserveFlags.
  /// @return True if the flag is set.
  function frozen(ReserveFlags flags) internal pure returns (bool) {
    return (ReserveFlags.unwrap(flags) & FROZEN_MASK) != 0;
  }

  /// @notice Returns the `borrowable` flag status.
  /// @param flags The current ReserveFlags.
  /// @return True if the flag is set.
  function borrowable(ReserveFlags flags) internal pure returns (bool) {
    return (ReserveFlags.unwrap(flags) & BORROWABLE_MASK) != 0;
  }

  /// @notice Returns the `liquidatable` flag status.
  /// @param flags The current ReserveFlags.
  /// @return True if the flag is set.
  function liquidatable(ReserveFlags flags) internal pure returns (bool) {
    return (ReserveFlags.unwrap(flags) & LIQUIDATABLE_MASK) != 0;
  }

  /// @notice Returns the `receiveSharesEnabled` flag status.
  /// @param flags The current ReserveFlags.
  /// @return True if the flag is set.
  function receiveSharesEnabled(ReserveFlags flags) internal pure returns (bool) {
    return (ReserveFlags.unwrap(flags) & RECEIVE_SHARES_ENABLED_MASK) != 0;
  }

  /// @notice Sets the new status for the given flag.
  function _setStatus(uint8 flags, uint8 mask, bool status) private pure returns (uint8) {
    return status ? flags | mask : flags & ~mask;
  }
}

95% src/spoke/libraries/UserPositionDebt.sol

Lines covered: 41 / 43 (95%)

// SPDX-License-Identifier: UNLICENSED
// Copyright (c) 2025 Aave Labs
pragma solidity ^0.8.20;

import {SafeCast} from 'src/dependencies/openzeppelin/SafeCast.sol';
import {PercentageMath} from 'src/libraries/math/PercentageMath.sol';
import {WadRayMath} from 'src/libraries/math/WadRayMath.sol';
import {MathUtils} from 'src/libraries/math/MathUtils.sol';
import {Premium} from 'src/hub/libraries/Premium.sol';
import {IHubBase} from 'src/hub/interfaces/IHubBase.sol';
import {ISpoke} from 'src/spoke/interfaces/ISpoke.sol';

/// @title User Debt library
/// @author Aave Labs
/// @notice Implements debt calculations for user positions.
library UserPositionDebt {
  using UserPositionDebt for ISpoke.UserPosition;
  using SafeCast for *;
  using PercentageMath for uint256;
  using WadRayMath for *;
  using MathUtils for *;

  /// @notice Applies the premium delta to the user position.
  /// @param userPosition The user position.
  /// @param premiumDelta The premium delta to apply.
  function applyPremiumDelta(
    ISpoke.UserPosition storage userPosition,
    IHubBase.PremiumDelta memory premiumDelta
  ) internal {
    userPosition.premiumShares = userPosition
      .premiumShares
      .add(premiumDelta.sharesDelta)
      .toUint120();
    userPosition.premiumOffsetRay = (userPosition.premiumOffsetRay + premiumDelta.offsetRayDelta)
      .toInt200();
  }

  /// @notice Calculates the premium delta for a user position given a new risk premium.
  /// @param userPosition The user position.
  /// @param drawnSharesTaken The amount of drawn shares taken from the user position.
  /// @param drawnIndex The current drawn index.
  /// @param riskPremium The new risk premium, expressed in BPS.
  /// @param restoredPremiumRay The amount of premium to be restored, expressed in asset units and scaled by RAY.
  /// @return The calculated premium delta.
  function getPremiumDelta(
    ISpoke.UserPosition storage userPosition,
    uint256 drawnSharesTaken,
    uint256 drawnIndex,
    uint256 riskPremium,
    uint256 restoredPremiumRay
  ) internal view returns (IHubBase.PremiumDelta memory) {
    uint256 oldPremiumShares = userPosition.premiumShares;
    int256 oldPremiumOffsetRay = userPosition.premiumOffsetRay;
    uint256 premiumDebtRay = Premium.calculatePremiumRay({
      premiumShares: oldPremiumShares,
      premiumOffsetRay: oldPremiumOffsetRay,
      drawnIndex: drawnIndex
    });
    uint256 newPremiumShares = (userPosition.drawnShares - drawnSharesTaken).percentMulUp(
      riskPremium
    );
    int256 newPremiumOffsetRay = (newPremiumShares * drawnIndex).signedSub(
      premiumDebtRay - restoredPremiumRay
    );

    return
      IHubBase.PremiumDelta({
        sharesDelta: newPremiumShares.signedSub(oldPremiumShares),
        offsetRayDelta: newPremiumOffsetRay - oldPremiumOffsetRay,
        restoredPremiumRay: restoredPremiumRay
      });
  }

  /// @dev Calculates the drawn debt and premium debt to restore for the given user position and amount.
  /// @param userPosition The user position.
  /// @param drawnIndex The drawn index of the reserve.
  /// @param amount The amount to restore.
  /// @return The amount of drawn debt to restore, expressed in asset units.
  /// @return The amount of premium debt to restore, expressed in asset units and scaled by RAY.
  function calculateRestoreAmount(
    ISpoke.UserPosition storage userPosition,
    uint256 drawnIndex,
    uint256 amount
  ) internal view returns (uint256, uint256) {
    (uint256 drawnDebt, uint256 premiumDebtRay) = userPosition.getDebt(drawnIndex);
    uint256 premiumDebt = premiumDebtRay.fromRayUp();
    if (amount >= drawnDebt + premiumDebt) {
      return (drawnDebt, premiumDebtRay);
    }

    if (amount < premiumDebt) {
      // amount.toRay() cannot overflow here
      uint256 amountRay = amount.toRay();
      return (0, amountRay);
    }
    return (amount - premiumDebt, premiumDebtRay);
  }

  /// @return The user's drawn debt, expressed in asset units.
  /// @return The user's premium debt, expressed in asset units and scaled by RAY.
  function getDebt(
    ISpoke.UserPosition storage userPosition,
    IHubBase hub,
    uint256 assetId
  ) internal view returns (uint256, uint256) {
    return userPosition.getDebt(hub.getAssetDrawnIndex(assetId));
  }

  /// @return The user's drawn debt, expressed in asset units.
  /// @return The user's premium debt, expressed in asset units and scaled by RAY.
  function getDebt(
    ISpoke.UserPosition storage userPosition,
    uint256 drawnIndex
  ) internal view returns (uint256, uint256) {
    uint256 premiumDebtRay = _calculatePremiumRay(userPosition, drawnIndex);
    return (userPosition.drawnShares.rayMulUp(drawnIndex), premiumDebtRay);
  }

  /// @dev Calculates the premium debt of a user position with full precision.
  /// @param userPosition The user position.
  /// @param drawnIndex The current drawn index.
  /// @return The premium debt, expressed in asset units and scaled by RAY.
  function _calculatePremiumRay(
    ISpoke.UserPosition storage userPosition,
    uint256 drawnIndex
  ) internal view returns (uint256) {
    return
      Premium.calculatePremiumRay({
        premiumShares: userPosition.premiumShares,
        premiumOffsetRay: userPosition.premiumOffsetRay,
        drawnIndex: drawnIndex
      });
  }
}

0% src/utils/Multicall.sol

Lines covered: 0 / 8 (0%)

// SPDX-License-Identifier: UNLICENSED
// Copyright (c) 2025 Aave Labs
pragma solidity ^0.8.20;

import {IMulticall} from 'src/interfaces/IMulticall.sol';

/// @title Multicall
/// @author Aave Labs
/// @notice This contract allows for batching multiple calls into a single call.
/// @dev Inspired by the OpenZeppelin Multicall contract.
abstract contract Multicall is IMulticall {
  /// @inheritdoc IMulticall
  function multicall(bytes[] calldata data) external returns (bytes[] memory) {
    bytes[] memory results = new bytes[](data.length);
    for (uint256 i; i < data.length; ++i) {
      (bool ok, bytes memory res) = address(this).delegatecall(data[i]);

      assembly ('memory-safe') {
        if iszero(ok) {
          revert(add(res, 32), mload(res)) // bubble up first revert
        }
      }

      results[i] = res;
    }
    return results;
  }
}

0% src/utils/NoncesKeyed.sol

Lines covered: 0 / 14 (0%)

// SPDX-License-Identifier: UNLICENSED
// Copyright (c) 2025 Aave Labs
pragma solidity ^0.8.20;

import {INoncesKeyed} from 'src/interfaces/INoncesKeyed.sol';

/// @notice Provides tracking nonces for addresses. Supports key-ed nonces, where nonces will only increment for each key.
/// @author Modified from OpenZeppelin https://github.com/OpenZeppelin/openzeppelin-contracts/blob/v5.2.0/contracts/utils/NoncesKeyed.sol
/// @dev Follows the https://eips.ethereum.org/EIPS/eip-4337#semi-abstracted-nonce-support[ERC-4337's semi-abstracted nonce system].
contract NoncesKeyed is INoncesKeyed {
  mapping(address owner => mapping(uint192 key => uint64 nonce)) private _nonces;

  /// @inheritdoc INoncesKeyed
  function useNonce(uint192 key) external returns (uint256) {
    return _useNonce(msg.sender, key);
  }

  /// @inheritdoc INoncesKeyed
  function nonces(address owner, uint192 key) external view returns (uint256) {
    return _pack(key, _nonces[owner][key]);
  }

  /// @notice Consumes the next unused nonce for an address and key.
  /// @dev Returns the current packed `keyNonce`. Consumed nonce is increased, so calling this function twice
  /// with the same arguments will return different (sequential) results.
  function _useNonce(address owner, uint192 key) internal returns (uint256) {
    // For each account, the nonce has an initial value of 0, can only be incremented by one, and cannot be
    // decremented or reset. This guarantees that the nonce never overflows.
    unchecked {
      // It is important to do x++ and not ++x here.
      return _pack(key, _nonces[owner][key]++);
    }
  }

  /// @dev Same as `_useNonce` but checking that `nonce` is the next valid for `owner` for specified packed `keyNonce`.
  function _useCheckedNonce(address owner, uint256 keyNonce) internal {
    (uint192 key, ) = _unpack(keyNonce);
    uint256 current = _useNonce(owner, key);
    require(keyNonce == current, InvalidAccountNonce(owner, current));
  }

  /// @dev Pack key and nonce into a keyNonce.
  function _pack(uint192 key, uint64 nonce) private pure returns (uint256) {
    return (uint256(key) << 64) | nonce;
  }

  /// @dev Unpack a keyNonce into its key and nonce components.
  function _unpack(uint256 keyNonce) private pure returns (uint192 key, uint64 nonce) {
    return (uint192(keyNonce >> 64), uint64(keyNonce));
  }
}

0% src/utils/Rescuable.sol

Lines covered: 0 / 9 (0%)

// SPDX-License-Identifier: UNLICENSED
// Copyright (c) 2025 Aave Labs
pragma solidity ^0.8.20;

import {SafeERC20, IERC20} from 'src/dependencies/openzeppelin/SafeERC20.sol';
import {Address} from 'src/dependencies/openzeppelin/Address.sol';
import {IRescuable} from 'src/interfaces/IRescuable.sol';

/// @title Rescuable
/// @author Aave Labs
/// @notice Contract that allows for the rescue of tokens and native assets.
abstract contract Rescuable is IRescuable {
  using SafeERC20 for IERC20;

  modifier onlyRescueGuardian() {
    _checkRescueGuardian();
    _;
  }

  /// @inheritdoc IRescuable
  function rescueToken(address token, address to, uint256 amount) external onlyRescueGuardian {
    IERC20(token).safeTransfer(to, amount);
  }

  /// @inheritdoc IRescuable
  function rescueNative(address to, uint256 amount) external onlyRescueGuardian {
    Address.sendValue(payable(to), amount);
  }

  /// @inheritdoc IRescuable
  function rescueGuardian() external view returns (address) {
    return _rescueGuardian();
  }

  function _rescueGuardian() internal view virtual returns (address);

  function _checkRescueGuardian() internal view virtual {
    require(_rescueGuardian() == msg.sender, OnlyRescueGuardian());
  }
}

31% tests/Base.t.sol

Lines covered: 436 / 1394 (31%)

// SPDX-License-Identifier: UNLICENSED
// Copyright (c) 2025 Aave Labs
pragma solidity ^0.8.0;

import {Test} from 'forge-std/Test.sol';
import {stdError} from 'forge-std/StdError.sol';
import {stdMath} from 'forge-std/StdMath.sol';
import {StdStorage, stdStorage} from 'forge-std/StdStorage.sol';
import {Vm, VmSafe} from 'forge-std/Vm.sol';
import {console2 as console} from 'forge-std/console2.sol';

// dependencies
import {AggregatorV3Interface} from 'src/dependencies/chainlink/AggregatorV3Interface.sol';
import {TransparentUpgradeableProxy, ITransparentUpgradeableProxy} from 'src/dependencies/openzeppelin/TransparentUpgradeableProxy.sol';
import {IERC20Metadata} from 'src/dependencies/openzeppelin/IERC20Metadata.sol';
import {SafeCast} from 'src/dependencies/openzeppelin/SafeCast.sol';
import {IERC20Errors} from 'src/dependencies/openzeppelin/IERC20Errors.sol';
import {IERC20} from 'src/dependencies/openzeppelin/IERC20.sol';
import {IERC5267} from 'src/dependencies/openzeppelin/IERC5267.sol';
import {AccessManager} from 'src/dependencies/openzeppelin/AccessManager.sol';
import {IAccessManager} from 'src/dependencies/openzeppelin/IAccessManager.sol';
import {IAccessManaged} from 'src/dependencies/openzeppelin/IAccessManaged.sol';
import {AuthorityUtils} from 'src/dependencies/openzeppelin/AuthorityUtils.sol';
import {Ownable2Step, Ownable} from 'src/dependencies/openzeppelin/Ownable2Step.sol';
import {Math} from 'src/dependencies/openzeppelin/Math.sol';
import {WETH9} from 'src/dependencies/weth/WETH9.sol';
import {LibBit} from 'src/dependencies/solady/LibBit.sol';

import {Initializable} from 'src/dependencies/openzeppelin-upgradeable/Initializable.sol';
import {IERC1967} from 'src/dependencies/openzeppelin/IERC1967.sol';

// shared
import {WadRayMath} from 'src/libraries/math/WadRayMath.sol';
import {MathUtils} from 'src/libraries/math/MathUtils.sol';
import {PercentageMath} from 'src/libraries/math/PercentageMath.sol';
import {EIP712Types} from 'src/libraries/types/EIP712Types.sol';
import {Roles} from 'src/libraries/types/Roles.sol';
import {Rescuable, IRescuable} from 'src/utils/Rescuable.sol';
import {NoncesKeyed, INoncesKeyed} from 'src/utils/NoncesKeyed.sol';
import {UnitPriceFeed} from 'src/misc/UnitPriceFeed.sol';
import {AccessManagerEnumerable} from 'src/access/AccessManagerEnumerable.sol';

// hub
import {HubConfigurator, IHubConfigurator} from 'src/hub/HubConfigurator.sol';
import {Hub, IHub, IHubBase} from 'src/hub/Hub.sol';
import {SharesMath} from 'src/hub/libraries/SharesMath.sol';
import {AssetInterestRateStrategy, IAssetInterestRateStrategy, IBasicInterestRateStrategy} from 'src/hub/AssetInterestRateStrategy.sol';

// spoke
import {Spoke, ISpoke, ISpokeBase} from 'src/spoke/Spoke.sol';
import {TreasurySpoke, ITreasurySpoke} from 'src/spoke/TreasurySpoke.sol';
import {IPriceOracle} from 'src/spoke/interfaces/IPriceOracle.sol';
import {AaveOracle} from 'src/spoke/AaveOracle.sol';
import {IAaveOracle} from 'src/spoke/interfaces/IAaveOracle.sol';
import {SpokeConfigurator, ISpokeConfigurator} from 'src/spoke/SpokeConfigurator.sol';
import {SpokeInstance} from 'src/spoke/instances/SpokeInstance.sol';
import {PositionStatusMap} from 'src/spoke/libraries/PositionStatusMap.sol';
import {ReserveFlags, ReserveFlagsMap} from 'src/spoke/libraries/ReserveFlagsMap.sol';
import {LiquidationLogic} from 'src/spoke/libraries/LiquidationLogic.sol';
import {KeyValueList} from 'src/spoke/libraries/KeyValueList.sol';

// position manager
import {GatewayBase, IGatewayBase} from 'src/position-manager/GatewayBase.sol';
import {NativeTokenGateway, INativeTokenGateway} from 'src/position-manager/NativeTokenGateway.sol';
import {SignatureGateway, ISignatureGateway} from 'src/position-manager/SignatureGateway.sol';

// test
import {Constants} from 'tests/Constants.sol';
import {Utils} from 'tests/Utils.sol';

// mocks
import {TestnetERC20} from 'tests/mocks/TestnetERC20.sol';
import {MockERC20} from 'tests/mocks/MockERC20.sol';
import {MockPriceFeed} from 'tests/mocks/MockPriceFeed.sol';
import {PositionStatusMapWrapper} from 'tests/mocks/PositionStatusMapWrapper.sol';
import {RescuableWrapper} from 'tests/mocks/RescuableWrapper.sol';
import {GatewayBaseWrapper} from 'tests/mocks/GatewayBaseWrapper.sol';
import {MockNoncesKeyed} from 'tests/mocks/MockNoncesKeyed.sol';
import {MockSpoke} from 'tests/mocks/MockSpoke.sol';
import {MockERC1271Wallet} from 'tests/mocks/MockERC1271Wallet.sol';
import {MockSpokeInstance} from 'tests/mocks/MockSpokeInstance.sol';
import {MockSkimSpoke} from 'tests/mocks/MockSkimSpoke.sol';

abstract contract Base is Test {
  using stdStorage for StdStorage;
  using WadRayMath for *;
  using SharesMath for uint256;
  using PercentageMath for uint256;
  using SafeCast for *;
  using MathUtils for uint256;
  using ReserveFlagsMap for ReserveFlags;

  bytes32 internal constant ERC1967_ADMIN_SLOT =
    0xb53127684a568b3173ae13b9f8a6016e243e63b6e8ee1178d6a717850b5d6103;
  bytes32 internal constant IMPLEMENTATION_SLOT =
    0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc;

  uint256 internal constant MAX_SUPPLY_AMOUNT = 1e30;
  uint256 internal constant MIN_TOKEN_DECIMALS_SUPPORTED = 6;
  uint256 internal constant MAX_TOKEN_DECIMALS_SUPPORTED = 18;
  uint256 internal constant MAX_SUPPLY_ASSET_UNITS =
    MAX_SUPPLY_AMOUNT / 10 ** MAX_TOKEN_DECIMALS_SUPPORTED;
  uint256 internal MAX_SUPPLY_AMOUNT_USDX;
  uint256 internal MAX_SUPPLY_AMOUNT_DAI;
  uint256 internal MAX_SUPPLY_AMOUNT_WBTC;
  uint256 internal MAX_SUPPLY_AMOUNT_WETH;
  uint256 internal MAX_SUPPLY_AMOUNT_USDY;
  uint256 internal MAX_SUPPLY_AMOUNT_USDZ;
  uint256 internal constant MAX_SUPPLY_IN_BASE_CURRENCY = 1e39;
  uint24 internal constant MIN_COLLATERAL_RISK_BPS = 1;
  uint24 internal constant MAX_COLLATERAL_RISK_BPS = 1000_00;
  uint256 internal constant MAX_BORROW_RATE = 1000_00; // matches AssetInterestRateStrategy
  uint256 internal constant MIN_OPTIMAL_RATIO = 1_00; // 1.00% in BPS, matches AssetInterestRateStrategy
  uint256 internal constant MAX_OPTIMAL_RATIO = 99_00; // 99.00% in BPS, matches AssetInterestRateStrategy
  uint256 internal constant MAX_SKIP_TIME = 10_000 days;
  uint32 internal constant MIN_LIQUIDATION_BONUS = uint32(PercentageMath.PERCENTAGE_FACTOR); // 100% == 0% bonus
  uint32 internal constant MAX_LIQUIDATION_BONUS = 150_00; // 50% bonus
  uint16 internal constant MAX_LIQUIDATION_BONUS_FACTOR = uint16(PercentageMath.PERCENTAGE_FACTOR); // 100%
  uint16 internal constant MAX_LIQUIDATION_FEE = 100_00;
  uint16 internal constant MIN_LIQUIDATION_FEE = 0;
  uint128 internal constant HEALTH_FACTOR_LIQUIDATION_THRESHOLD = 1e18;
  uint128 internal constant MIN_CLOSE_FACTOR = 1e18;
  uint128 internal constant MAX_CLOSE_FACTOR = 2e18;
  uint256 internal constant MAX_COLLATERAL_FACTOR = 100_00;
  uint256 internal constant MAX_ASSET_PRICE = 1e8 * 1e8; // $100M per token
  uint256 internal constant MAX_LIQUIDATION_PROTOCOL_FEE_PERCENTAGE =
    PercentageMath.PERCENTAGE_FACTOR;
  IHubBase.PremiumDelta internal ZERO_PREMIUM_DELTA = ZERO_PREMIUM_DELTA;

  IAaveOracle internal oracle1;
  IAaveOracle internal oracle2;
  IAaveOracle internal oracle3;
  IHub internal hub1;
  ITreasurySpoke internal treasurySpoke;
  ISpoke internal spoke1;
  ISpoke internal spoke2;
  ISpoke internal spoke3;
  AssetInterestRateStrategy internal irStrategy;
  IAccessManager internal accessManager;

  address internal alice = makeAddr('alice');
  address internal bob = makeAddr('bob');
  address internal carol = makeAddr('carol');
  address internal derl = makeAddr('derl');

  address internal ADMIN = makeAddr('ADMIN');
  address internal HUB_ADMIN = makeAddr('HUB_ADMIN');
  address internal SPOKE_ADMIN = makeAddr('SPOKE_ADMIN');
  address internal USER_POSITION_UPDATER = makeAddr('USER_POSITION_UPDATER');
  address internal TREASURY_ADMIN = makeAddr('TREASURY_ADMIN');
  address internal LIQUIDATOR = makeAddr('LIQUIDATOR');
  address internal POSITION_MANAGER = makeAddr('POSITION_MANAGER');

  TokenList internal tokenList;
  uint256 internal wethAssetId = 0;
  uint256 internal usdxAssetId = 1;
  uint256 internal daiAssetId = 2;
  uint256 internal wbtcAssetId = 3;
  uint256 internal usdyAssetId = 4;
  uint256 internal usdzAssetId = 5;

  uint256 internal mintAmount_WETH = MAX_SUPPLY_AMOUNT;
  uint256 internal mintAmount_USDX = MAX_SUPPLY_AMOUNT;
  uint256 internal mintAmount_DAI = MAX_SUPPLY_AMOUNT;
  uint256 internal mintAmount_WBTC = MAX_SUPPLY_AMOUNT;
  uint256 internal mintAmount_USDY = MAX_SUPPLY_AMOUNT;
  uint256 internal mintAmount_USDZ = MAX_SUPPLY_AMOUNT;

  Decimals internal _decimals = Decimals({usdx: 6, usdy: 18, dai: 18, wbtc: 8, weth: 18, usdz: 18});

  bool internal deployed = false;

  struct Decimals {
    uint8 usdx;
    uint8 dai;
    uint8 wbtc;
    uint8 usdy;
    uint8 weth;
    uint8 usdz;
  }

  struct TokenList {
    WETH9 weth;
    TestnetERC20 usdx;
    TestnetERC20 dai;
    TestnetERC20 wbtc;
    TestnetERC20 usdy;
    TestnetERC20 usdz;
  }

  struct SpokeInfo {
    ReserveInfo weth;
    ReserveInfo wbtc;
    ReserveInfo dai;
    ReserveInfo usdx;
    ReserveInfo usdy;
    ReserveInfo usdz;
    uint256 MAX_ALLOWED_ASSET_ID;
  }

  struct ReserveInfo {
    uint256 reserveId;
    ISpoke.ReserveConfig reserveConfig;
    ISpoke.DynamicReserveConfig dynReserveConfig;
  }

  struct DrawnAccounting {
    uint256 totalOwed;
    uint256 drawn;
    uint256 premium;
  }

  // TODO: Seems this should be replaced with DrawnAccounting struct
  struct Debts {
    uint256 drawnDebt;
    uint256 premiumDebt;
    uint256 totalDebt;
  }

  struct AssetPosition {
    uint256 assetId;
    uint256 addedShares;
    uint256 addedAmount;
    uint256 drawnShares;
    uint256 drawn;
    uint256 premiumShares;
    int256 premiumOffsetRay;
    uint256 premium;
    uint40 lastUpdateTimestamp;
    uint256 liquidity;
    uint256 drawnIndex;
    uint256 drawnRate;
  }

  struct SpokePosition {
    uint256 reserveId;
    uint256 assetId;
    uint256 addedShares;
    uint256 addedAmount;
    uint256 drawnShares;
    uint256 drawn;
    uint256 premiumShares;
    int256 premiumOffsetRay;
    uint256 premium;
  }

  struct Reserve {
    uint256 reserveId;
    IHub hub;
    uint16 assetId;
    uint8 decimals;
    uint24 dynamicConfigKey; // key of the last reserve config
    bool paused;
    bool frozen;
    bool borrowable;
    bool receiveSharesEnabled;
    uint24 collateralRisk;
  }

  mapping(ISpoke => SpokeInfo) internal spokeInfo;

  function setUp() public virtual {
    deployFixtures();
  }

  function _getProxyAdminAddress(address proxy) internal view returns (address) {
    bytes32 slotData = vm.load(proxy, ERC1967_ADMIN_SLOT);
    return address(uint160(uint256(slotData)));
  }

  function _getImplementationAddress(address proxy) internal view returns (address) {
    bytes32 slotData = vm.load(proxy, IMPLEMENTATION_SLOT);
    return address(uint160(uint256(slotData)));
  }

  function deployFixtures() internal virtual {
    if (deployed) return;

    vm.startPrank(ADMIN);
    accessManager = IAccessManager(address(new AccessManagerEnumerable(ADMIN)));
    hub1 = new Hub(address(accessManager));
    irStrategy = new AssetInterestRateStrategy(address(hub1));
    (spoke1, oracle1) = _deploySpokeWithOracle(ADMIN, address(accessManager), 'Spoke 1 (USD)');
    (spoke2, oracle2) = _deploySpokeWithOracle(ADMIN, address(accessManager), 'Spoke 2 (USD)');
    (spoke3, oracle3) = _deploySpokeWithOracle(ADMIN, address(accessManager), 'Spoke 3 (USD)');
    treasurySpoke = ITreasurySpoke(new TreasurySpoke(TREASURY_ADMIN, address(hub1)));
    vm.stopPrank();

    vm.label(address(spoke1), 'spoke1');
    vm.label(address(spoke2), 'spoke2');
    vm.label(address(spoke3), 'spoke3');

    setUpRoles(hub1, spoke1, accessManager);
    setUpRoles(hub1, spoke2, accessManager);
    setUpRoles(hub1, spoke3, accessManager);

    deployed = true; 
  }

  function setUpRoles(IHub targetHub, ISpoke spoke, IAccessManager manager) internal virtual {
    vm.startPrank(ADMIN);
    // Grant roles with 0 delay
    manager.grantRole(Roles.HUB_ADMIN_ROLE, ADMIN, 0);
    manager.grantRole(Roles.HUB_ADMIN_ROLE, HUB_ADMIN, 0);

    manager.grantRole(Roles.SPOKE_ADMIN_ROLE, ADMIN, 0);
    manager.grantRole(Roles.SPOKE_ADMIN_ROLE, SPOKE_ADMIN, 0);

    manager.grantRole(Roles.USER_POSITION_UPDATER_ROLE, ADMIN, 0);
    manager.grantRole(Roles.USER_POSITION_UPDATER_ROLE, SPOKE_ADMIN, 0);
    manager.grantRole(Roles.USER_POSITION_UPDATER_ROLE, USER_POSITION_UPDATER, 0);

    // Grant responsibilities to roles
    {
      bytes4[] memory selectors = new bytes4[](7);
      selectors[0] = ISpoke.updateLiquidationConfig.selector;
      selectors[1] = ISpoke.addReserve.selector;
      selectors[2] = ISpoke.updateReserveConfig.selector;
      selectors[3] = ISpoke.updateDynamicReserveConfig.selector;
      selectors[4] = ISpoke.addDynamicReserveConfig.selector;
      selectors[5] = ISpoke.updatePositionManager.selector;
      selectors[6] = ISpoke.updateReservePriceSource.selector;
      manager.setTargetFunctionRole(address(spoke), selectors, Roles.SPOKE_ADMIN_ROLE);
    }

    {
      bytes4[] memory selectors = new bytes4[](2);
      selectors[0] = ISpoke.updateUserDynamicConfig.selector;
      selectors[1] = ISpoke.updateUserRiskPremium.selector;
      manager.setTargetFunctionRole(address(spoke), selectors, Roles.USER_POSITION_UPDATER_ROLE);
    }

    {
      bytes4[] memory selectors = new bytes4[](6);
      selectors[0] = IHub.addAsset.selector;
      selectors[1] = IHub.updateAssetConfig.selector;
      selectors[2] = IHub.addSpoke.selector;
      selectors[3] = IHub.updateSpokeConfig.selector;
      selectors[4] = IHub.setInterestRateData.selector;
      selectors[5] = IHub.mintFeeShares.selector;
      manager.setTargetFunctionRole(address(targetHub), selectors, Roles.HUB_ADMIN_ROLE);
    }
    vm.stopPrank();
  }

  function initEnvironment() internal {
    deployMintAndApproveTokenList();
    configureTokenList();
  }

  function deployMintAndApproveTokenList() internal {
    tokenList = TokenList(
      new WETH9(),
      new TestnetERC20('USDX', 'USDX', _decimals.usdx),
      new TestnetERC20('DAI', 'DAI', _decimals.dai),
      new TestnetERC20('WBTC', 'WBTC', _decimals.wbtc),
      new TestnetERC20('USDY', 'USDY', _decimals.usdy),
      new TestnetERC20('USDZ', 'USDZ', _decimals.usdz)
    );

    vm.label(address(tokenList.weth), 'WETH');
    vm.label(address(tokenList.usdx), 'USDX');
    vm.label(address(tokenList.dai), 'DAI');
    vm.label(address(tokenList.wbtc), 'WBTC');
    vm.label(address(tokenList.usdy), 'USDY');

    MAX_SUPPLY_AMOUNT_USDX = MAX_SUPPLY_ASSET_UNITS * 10 ** tokenList.usdx.decimals();
    MAX_SUPPLY_AMOUNT_WETH = MAX_SUPPLY_ASSET_UNITS * 10 ** tokenList.weth.decimals();
    MAX_SUPPLY_AMOUNT_DAI = MAX_SUPPLY_ASSET_UNITS * 10 ** tokenList.dai.decimals();
    MAX_SUPPLY_AMOUNT_WBTC = MAX_SUPPLY_ASSET_UNITS * 10 ** tokenList.wbtc.decimals();
    MAX_SUPPLY_AMOUNT_USDY = MAX_SUPPLY_ASSET_UNITS * 10 ** tokenList.usdy.decimals();
    MAX_SUPPLY_AMOUNT_USDZ = MAX_SUPPLY_ASSET_UNITS * 10 ** tokenList.usdz.decimals();

    address[7] memory users = [
      alice,
      bob,
      carol,
      derl,
      LIQUIDATOR,
      TREASURY_ADMIN,
      POSITION_MANAGER
    ];

    address[4] memory spokes = [
      address(spoke1),
      address(spoke2),
      address(spoke3),
      address(treasurySpoke)
    ];

    for (uint256 x; x < users.length; ++x) {
      tokenList.usdx.mint(users[x], mintAmount_USDX);
      tokenList.dai.mint(users[x], mintAmount_DAI);
      tokenList.wbtc.mint(users[x], mintAmount_WBTC);
      tokenList.usdy.mint(users[x], mintAmount_USDY);
      tokenList.usdz.mint(users[x], mintAmount_USDZ);
      // deal(address(tokenList.weth), users[x], mintAmount_WETH);
      vm.deal(address(this), mintAmount_WETH);
      tokenList.weth.deposit{value: mintAmount_WETH}();
      tokenList.weth.transfer(users[x], mintAmount_WETH);

      vm.startPrank(users[x]);
      for (uint256 y; y < spokes.length; ++y) {
        tokenList.weth.approve(spokes[y], UINT256_MAX);
        tokenList.usdx.approve(spokes[y], UINT256_MAX);
        tokenList.dai.approve(spokes[y], UINT256_MAX);
        tokenList.wbtc.approve(spokes[y], UINT256_MAX);
        tokenList.usdy.approve(spokes[y], UINT256_MAX);
        tokenList.usdz.approve(spokes[y], UINT256_MAX);
      }
      vm.stopPrank();
    }
  }

  function spokeMintAndApprove() internal {
    uint256 spokeMintAmount_USDX = 100e6 * 10 ** tokenList.usdx.decimals();
    uint256 spokeMintAmount_DAI = 1e60;
    uint256 spokeMintAmount_WBTC = 100e6 * 10 ** tokenList.wbtc.decimals();
    uint256 spokeMintAmount_WETH = 100e6 * 10 ** tokenList.weth.decimals();
    uint256 spokeMintAmount_USDY = 100e6 * 10 ** tokenList.usdy.decimals();
    uint256 spokeMintAmount_USDZ = 100e6 * 10 ** tokenList.usdz.decimals();
    address[3] memory spokes = [address(spoke1), address(spoke2), address(spoke3)];

    for (uint256 x; x < spokes.length; ++x) {
      tokenList.usdx.mint(spokes[x], spokeMintAmount_USDX);
      tokenList.dai.mint(spokes[x], spokeMintAmount_DAI);
      tokenList.wbtc.mint(spokes[x], spokeMintAmount_WBTC);
      tokenList.usdy.mint(spokes[x], spokeMintAmount_USDY);
      tokenList.usdz.mint(spokes[x], spokeMintAmount_USDZ);
      deal(address(tokenList.weth), spokes[x], spokeMintAmount_WETH);

      vm.startPrank(spokes[x]);
      tokenList.weth.approve(address(hub1), UINT256_MAX);
      tokenList.usdx.approve(address(hub1), UINT256_MAX);
      tokenList.dai.approve(address(hub1), UINT256_MAX);
      tokenList.wbtc.approve(address(hub1), UINT256_MAX);
      tokenList.usdy.approve(address(hub1), UINT256_MAX);
      tokenList.usdz.approve(address(hub1), UINT256_MAX);
      vm.stopPrank();
    }
  }

  function configureTokenList() internal {
    IHub.SpokeConfig memory spokeConfig = IHub.SpokeConfig({
      active: true,
      paused: false,
      addCap: Constants.MAX_ALLOWED_SPOKE_CAP,
      drawCap: Constants.MAX_ALLOWED_SPOKE_CAP,
      riskPremiumThreshold: Constants.MAX_ALLOWED_COLLATERAL_RISK
    });

    bytes memory encodedIrData = abi.encode(
      IAssetInterestRateStrategy.InterestRateData({
        optimalUsageRatio: 90_00, // 90.00%
        baseVariableBorrowRate: 5_00, // 5.00%
        variableRateSlope1: 5_00, // 5.00%
        variableRateSlope2: 5_00 // 5.00%
      })
    );

    // Add all assets to the Hub
    vm.startPrank(ADMIN);
    // add WETH
    hub1.addAsset(
      address(tokenList.weth),
      tokenList.weth.decimals(),
      address(treasurySpoke),
      address(irStrategy),
      encodedIrData
    );
    hub1.updateAssetConfig(
      wethAssetId,
      IHub.AssetConfig({
        liquidityFee: 10_00,
        feeReceiver: address(treasurySpoke),
        irStrategy: address(irStrategy),
        reinvestmentController: address(0)
      }),
      new bytes(0)
    );
    // add USDX
    hub1.addAsset(
      address(tokenList.usdx),
      tokenList.usdx.decimals(),
      address(treasurySpoke),
      address(irStrategy),
      encodedIrData
    );
    hub1.updateAssetConfig(
      usdxAssetId,
      IHub.AssetConfig({
        liquidityFee: 5_00,
        feeReceiver: address(treasurySpoke),
        irStrategy: address(irStrategy),
        reinvestmentController: address(0)
      }),
      new bytes(0)
    );
    // add DAI
    hub1.addAsset(
      address(tokenList.dai),
      tokenList.dai.decimals(),
      address(treasurySpoke),
      address(irStrategy),
      encodedIrData
    );
    hub1.updateAssetConfig(
      daiAssetId,
      IHub.AssetConfig({
        liquidityFee: 5_00,
        feeReceiver: address(treasurySpoke),
        irStrategy: address(irStrategy),
        reinvestmentController: address(0)
      }),
      new bytes(0)
    );
    // add WBTC
    hub1.addAsset(
      address(tokenList.wbtc),
      tokenList.wbtc.decimals(),
      address(treasurySpoke),
      address(irStrategy),
      encodedIrData
    );
    hub1.updateAssetConfig(
      wbtcAssetId,
      IHub.AssetConfig({
        liquidityFee: 10_00,
        feeReceiver: address(treasurySpoke),
        irStrategy: address(irStrategy),
        reinvestmentController: address(0)
      }),
      new bytes(0)
    );
    // add USDY
    hub1.addAsset(
      address(tokenList.usdy),
      tokenList.usdy.decimals(),
      address(treasurySpoke),
      address(irStrategy),
      encodedIrData
    );
    hub1.updateAssetConfig(
      usdyAssetId,
      IHub.AssetConfig({
        liquidityFee: 10_00,
        feeReceiver: address(treasurySpoke),
        irStrategy: address(irStrategy),
        reinvestmentController: address(0)
      }),
      new bytes(0)
    );
    // add USDZ
    hub1.addAsset(
      address(tokenList.usdz),
      tokenList.usdz.decimals(),
      address(treasurySpoke),
      address(irStrategy),
      encodedIrData
    );
    hub1.updateAssetConfig(
      hub1.getAssetCount() - 1,
      IHub.AssetConfig({
        liquidityFee: 5_00,
        feeReceiver: address(treasurySpoke),
        irStrategy: address(irStrategy),
        reinvestmentController: address(0)
      }),
      new bytes(0)
    );

    // Liquidation configs
    spoke1.updateLiquidationConfig(
      ISpoke.LiquidationConfig({
        targetHealthFactor: 1.05e18,
        healthFactorForMaxBonus: 0.7e18,
        liquidationBonusFactor: 20_00
      })
    );
    spoke2.updateLiquidationConfig(
      ISpoke.LiquidationConfig({
        targetHealthFactor: 1.04e18,
        healthFactorForMaxBonus: 0.8e18,
        liquidationBonusFactor: 15_00
      })
    );
    spoke3.updateLiquidationConfig(
      ISpoke.LiquidationConfig({
        targetHealthFactor: 1.03e18,
        healthFactorForMaxBonus: 0.9e18,
        liquidationBonusFactor: 10_00
      })
    );

    // Spoke 1 reserve configs
    spokeInfo[spoke1].weth.reserveConfig = _getDefaultReserveConfig(15_00);
    spokeInfo[spoke1].weth.dynReserveConfig = ISpoke.DynamicReserveConfig({
      collateralFactor: 80_00,
      maxLiquidationBonus: 105_00,
      liquidationFee: 10_00
    });
    spokeInfo[spoke1].wbtc.reserveConfig = _getDefaultReserveConfig(15_00);
    spokeInfo[spoke1].wbtc.dynReserveConfig = ISpoke.DynamicReserveConfig({
      collateralFactor: 75_00,
      maxLiquidationBonus: 103_00,
      liquidationFee: 15_00
    });
    spokeInfo[spoke1].dai.reserveConfig = _getDefaultReserveConfig(20_00);
    spokeInfo[spoke1].dai.dynReserveConfig = ISpoke.DynamicReserveConfig({
      collateralFactor: 78_00,
      maxLiquidationBonus: 102_00,
      liquidationFee: 10_00
    });
    spokeInfo[spoke1].usdx.reserveConfig = _getDefaultReserveConfig(50_00);
    spokeInfo[spoke1].usdx.dynReserveConfig = ISpoke.DynamicReserveConfig({
      collateralFactor: 78_00,
      maxLiquidationBonus: 101_00,
      liquidationFee: 12_00
    });
    spokeInfo[spoke1].usdy.reserveConfig = _getDefaultReserveConfig(50_00);
    spokeInfo[spoke1].usdy.dynReserveConfig = ISpoke.DynamicReserveConfig({
      collateralFactor: 78_00,
      maxLiquidationBonus: 101_50,
      liquidationFee: 15_00
    });

    spokeInfo[spoke1].weth.reserveId = spoke1.addReserve(
      address(hub1),
      wethAssetId,
      _deployMockPriceFeed(spoke1, 2000e8),
      spokeInfo[spoke1].weth.reserveConfig,
      spokeInfo[spoke1].weth.dynReserveConfig
    );
    spokeInfo[spoke1].wbtc.reserveId = spoke1.addReserve(
      address(hub1),
      wbtcAssetId,
      _deployMockPriceFeed(spoke1, 50_000e8),
      spokeInfo[spoke1].wbtc.reserveConfig,
      spokeInfo[spoke1].wbtc.dynReserveConfig
    );
    spokeInfo[spoke1].dai.reserveId = spoke1.addReserve(
      address(hub1),
      daiAssetId,
      _deployMockPriceFeed(spoke1, 1e8),
      spokeInfo[spoke1].dai.reserveConfig,
      spokeInfo[spoke1].dai.dynReserveConfig
    );
    spokeInfo[spoke1].usdx.reserveId = spoke1.addReserve(
      address(hub1),
      usdxAssetId,
      _deployMockPriceFeed(spoke1, 1e8),
      spokeInfo[spoke1].usdx.reserveConfig,
      spokeInfo[spoke1].usdx.dynReserveConfig
    );
    spokeInfo[spoke1].usdy.reserveId = spoke1.addReserve(
      address(hub1),
      usdyAssetId,
      _deployMockPriceFeed(spoke1, 1e8),
      spokeInfo[spoke1].usdy.reserveConfig,
      spokeInfo[spoke1].usdy.dynReserveConfig
    );

    hub1.addSpoke(wethAssetId, address(spoke1), spokeConfig);
    hub1.addSpoke(wbtcAssetId, address(spoke1), spokeConfig);
    hub1.addSpoke(daiAssetId, address(spoke1), spokeConfig);
    hub1.addSpoke(usdxAssetId, address(spoke1), spokeConfig);
    hub1.addSpoke(usdyAssetId, address(spoke1), spokeConfig);

    // Spoke 2 reserve configs
    spokeInfo[spoke2].wbtc.reserveConfig = _getDefaultReserveConfig(0);
    spokeInfo[spoke2].wbtc.dynReserveConfig = ISpoke.DynamicReserveConfig({
      collateralFactor: 80_00,
      maxLiquidationBonus: 105_00,
      liquidationFee: 10_00
    });
    spokeInfo[spoke2].weth.reserveConfig = _getDefaultReserveConfig(10_00);
    spokeInfo[spoke2].weth.dynReserveConfig = ISpoke.DynamicReserveConfig({
      collateralFactor: 76_00,
      maxLiquidationBonus: 103_00,
      liquidationFee: 15_00
    });
    spokeInfo[spoke2].dai.reserveConfig = _getDefaultReserveConfig(20_00);
    spokeInfo[spoke2].dai.dynReserveConfig = ISpoke.DynamicReserveConfig({
      collateralFactor: 72_00,
      maxLiquidationBonus: 102_00,
      liquidationFee: 10_00
    });
    spokeInfo[spoke2].usdx.reserveConfig = _getDefaultReserveConfig(50_00);
    spokeInfo[spoke2].usdx.dynReserveConfig = ISpoke.DynamicReserveConfig({
      collateralFactor: 72_00,
      maxLiquidationBonus: 101_00,
      liquidationFee: 12_00
    });
    spokeInfo[spoke2].usdy.reserveConfig = _getDefaultReserveConfig(50_00);
    spokeInfo[spoke2].usdy.dynReserveConfig = ISpoke.DynamicReserveConfig({
      collateralFactor: 72_00,
      maxLiquidationBonus: 101_50,
      liquidationFee: 15_00
    });
    spokeInfo[spoke2].usdz.reserveConfig = _getDefaultReserveConfig(100_00);
    spokeInfo[spoke2].usdz.dynReserveConfig = ISpoke.DynamicReserveConfig({
      collateralFactor: 70_00,
      maxLiquidationBonus: 106_00,
      liquidationFee: 10_00
    });

    spokeInfo[spoke2].wbtc.reserveId = spoke2.addReserve(
      address(hub1),
      wbtcAssetId,
      _deployMockPriceFeed(spoke2, 50_000e8),
      spokeInfo[spoke2].wbtc.reserveConfig,
      spokeInfo[spoke2].wbtc.dynReserveConfig
    );
    spokeInfo[spoke2].weth.reserveId = spoke2.addReserve(
      address(hub1),
      wethAssetId,
      _deployMockPriceFeed(spoke2, 2000e8),
      spokeInfo[spoke2].weth.reserveConfig,
      spokeInfo[spoke2].weth.dynReserveConfig
    );
    spokeInfo[spoke2].dai.reserveId = spoke2.addReserve(
      address(hub1),
      daiAssetId,
      _deployMockPriceFeed(spoke2, 1e8),
      spokeInfo[spoke2].dai.reserveConfig,
      spokeInfo[spoke2].dai.dynReserveConfig
    );
    spokeInfo[spoke2].usdx.reserveId = spoke2.addReserve(
      address(hub1),
      usdxAssetId,
      _deployMockPriceFeed(spoke2, 1e8),
      spokeInfo[spoke2].usdx.reserveConfig,
      spokeInfo[spoke2].usdx.dynReserveConfig
    );
    spokeInfo[spoke2].usdy.reserveId = spoke2.addReserve(
      address(hub1),
      usdyAssetId,
      _deployMockPriceFeed(spoke2, 1e8),
      spokeInfo[spoke2].usdy.reserveConfig,
      spokeInfo[spoke2].usdy.dynReserveConfig
    );
    spokeInfo[spoke2].usdz.reserveId = spoke2.addReserve(
      address(hub1),
      usdzAssetId,
      _deployMockPriceFeed(spoke2, 1e8),
      spokeInfo[spoke2].usdz.reserveConfig,
      spokeInfo[spoke2].usdz.dynReserveConfig
    );

    hub1.addSpoke(wbtcAssetId, address(spoke2), spokeConfig);
    hub1.addSpoke(wethAssetId, address(spoke2), spokeConfig);
    hub1.addSpoke(daiAssetId, address(spoke2), spokeConfig);
    hub1.addSpoke(usdxAssetId, address(spoke2), spokeConfig);
    hub1.addSpoke(usdyAssetId, address(spoke2), spokeConfig);
    hub1.addSpoke(usdzAssetId, address(spoke2), spokeConfig);

    // Spoke 3 reserve configs
    spokeInfo[spoke3].dai.reserveConfig = _getDefaultReserveConfig(0);
    spokeInfo[spoke3].dai.dynReserveConfig = ISpoke.DynamicReserveConfig({
      collateralFactor: 75_00,
      maxLiquidationBonus: 104_00,
      liquidationFee: 11_00
    });
    spokeInfo[spoke3].usdx.reserveConfig = _getDefaultReserveConfig(10_00);
    spokeInfo[spoke3].usdx.dynReserveConfig = ISpoke.DynamicReserveConfig({
      collateralFactor: 75_00,
      maxLiquidationBonus: 103_00,
      liquidationFee: 15_00
    });
    spokeInfo[spoke3].weth.reserveConfig = _getDefaultReserveConfig(20_00);
    spokeInfo[spoke3].weth.dynReserveConfig = ISpoke.DynamicReserveConfig({
      collateralFactor: 79_00,
      maxLiquidationBonus: 102_00,
      liquidationFee: 10_00
    });
    spokeInfo[spoke3].wbtc.reserveConfig = _getDefaultReserveConfig(50_00);
    spokeInfo[spoke3].wbtc.dynReserveConfig = ISpoke.DynamicReserveConfig({
      collateralFactor: 77_00,
      maxLiquidationBonus: 101_00,
      liquidationFee: 12_00
    });

    spokeInfo[spoke3].dai.reserveId = spoke3.addReserve(
      address(hub1),
      daiAssetId,
      _deployMockPriceFeed(spoke3, 1e8),
      spokeInfo[spoke3].dai.reserveConfig,
      spokeInfo[spoke3].dai.dynReserveConfig
    );
    spokeInfo[spoke3].usdx.reserveId = spoke3.addReserve(
      address(hub1),
      usdxAssetId,
      _deployMockPriceFeed(spoke3, 1e8),
      spokeInfo[spoke3].usdx.reserveConfig,
      spokeInfo[spoke3].usdx.dynReserveConfig
    );
    spokeInfo[spoke3].weth.reserveId = spoke3.addReserve(
      address(hub1),
      wethAssetId,
      _deployMockPriceFeed(spoke3, 2000e8),
      spokeInfo[spoke3].weth.reserveConfig,
      spokeInfo[spoke3].weth.dynReserveConfig
    );
    spokeInfo[spoke3].wbtc.reserveId = spoke3.addReserve(
      address(hub1),
      wbtcAssetId,
      _deployMockPriceFeed(spoke3, 50_000e8),
      spokeInfo[spoke3].wbtc.reserveConfig,
      spokeInfo[spoke3].wbtc.dynReserveConfig
    );

    hub1.addSpoke(daiAssetId, address(spoke3), spokeConfig);
    hub1.addSpoke(usdxAssetId, address(spoke3), spokeConfig);
    hub1.addSpoke(wethAssetId, address(spoke3), spokeConfig);
    hub1.addSpoke(wbtcAssetId, address(spoke3), spokeConfig);

    vm.stopPrank();
  }

  /* @dev Configures Hub 2 with the following assetIds:
   * 0: WETH
   * 1: USDX
   * 2: DAI
   * 3: WBTC
   */
  function hub2Fixture() internal returns (IHub, AssetInterestRateStrategy) {
    IAccessManager accessManager2 = IAccessManager(address(new AccessManagerEnumerable(ADMIN)));
    IHub hub2 = new Hub(address(accessManager2));
    vm.label(address(hub2), 'Hub2');
    AssetInterestRateStrategy hub2IrStrategy = new AssetInterestRateStrategy(address(hub2));

    // Configure IR Strategy for hub 2
    bytes memory encodedIrData = abi.encode(
      IAssetInterestRateStrategy.InterestRateData({
        optimalUsageRatio: 90_00, // 90.00%
        baseVariableBorrowRate: 5_00, // 5.00%
        variableRateSlope1: 5_00, // 5.00%
        variableRateSlope2: 5_00 // 5.00%
      })
    );

    vm.startPrank(ADMIN);

    // Add assets to the second hub
    // Add WETH
    hub2.addAsset(
      address(tokenList.weth),
      tokenList.weth.decimals(),
      address(treasurySpoke),
      address(hub2IrStrategy),
      encodedIrData
    );

    // Add USDX
    hub2.addAsset(
      address(tokenList.usdx),
      tokenList.usdx.decimals(),
      address(treasurySpoke),
      address(hub2IrStrategy),
      encodedIrData
    );

    // Add DAI
    hub2.addAsset(
      address(tokenList.dai),
      tokenList.dai.decimals(),
      address(treasurySpoke),
      address(hub2IrStrategy),
      encodedIrData
    );

    // Add WBTC
    hub2.addAsset(
      address(tokenList.wbtc),
      tokenList.wbtc.decimals(),
      address(treasurySpoke),
      address(hub2IrStrategy),
      encodedIrData
    );
    vm.stopPrank();

    setUpRoles(hub2, spoke1, accessManager2);

    return (hub2, hub2IrStrategy);
  }

  /* @dev Configures Hub 3 with the following assetIds:
   * 0: DAI
   * 1: USDX
   * 2: WBTC
   * 3: WETH
   */
  function hub3Fixture() internal returns (IHub, AssetInterestRateStrategy) {
    IAccessManager accessManager3 = IAccessManager(address(new AccessManagerEnumerable(ADMIN)));
    IHub hub3 = new Hub(address(accessManager3));
    AssetInterestRateStrategy hub3IrStrategy = new AssetInterestRateStrategy(address(hub3));

    // Configure IR Strategy for hub 3
    bytes memory encodedIrData = abi.encode(
      IAssetInterestRateStrategy.InterestRateData({
        optimalUsageRatio: 90_00, // 90.00%
        baseVariableBorrowRate: 5_00, // 5.00%
        variableRateSlope1: 5_00, // 5.00%
        variableRateSlope2: 5_00 // 5.00%
      })
    );

    vm.startPrank(ADMIN);
    // Add DAI
    hub3.addAsset(
      address(tokenList.dai),
      tokenList.dai.decimals(),
      address(treasurySpoke),
      address(hub3IrStrategy),
      encodedIrData
    );

    // Add USDX
    hub3.addAsset(
      address(tokenList.usdx),
      tokenList.usdx.decimals(),
      address(treasurySpoke),
      address(hub3IrStrategy),
      encodedIrData
    );

    // Add WBTC
    hub3.addAsset(
      address(tokenList.wbtc),
      tokenList.wbtc.decimals(),
      address(treasurySpoke),
      address(hub3IrStrategy),
      encodedIrData
    );

    // Add WETH
    hub3.addAsset(
      address(tokenList.weth),
      tokenList.weth.decimals(),
      address(treasurySpoke),
      address(hub3IrStrategy),
      encodedIrData
    );

    vm.stopPrank();

    setUpRoles(hub3, spoke1, accessManager3);

    return (hub3, hub3IrStrategy);
  }

  function updateAssetFeeReceiver(
    IHub hub,
    uint256 assetId,
    address newFeeReceiver
  ) internal pausePrank {
    IHub.AssetConfig memory config = hub.getAssetConfig(assetId);
    config.feeReceiver = newFeeReceiver;

    vm.prank(HUB_ADMIN);
    hub.updateAssetConfig(assetId, config, new bytes(0));

    assertEq(hub.getAssetConfig(assetId), config);
  }

  function updateAssetReinvestmentController(
    IHub hub,
    uint256 assetId,
    address newReinvestmentController
  ) internal pausePrank {
    IHub.AssetConfig memory config = hub.getAssetConfig(assetId);
    config.reinvestmentController = newReinvestmentController;

    vm.prank(HUB_ADMIN);
    hub.updateAssetConfig(assetId, config, new bytes(0));

    assertEq(hub.getAssetConfig(assetId), config);
  }

  function updateReserveFrozenFlag(
    ISpoke spoke,
    uint256 reserveId,
    bool newFrozenFlag
  ) internal pausePrank {
    ISpoke.ReserveConfig memory config = spoke.getReserveConfig(reserveId);
    config.frozen = newFrozenFlag;

    vm.prank(SPOKE_ADMIN);
    spoke.updateReserveConfig(reserveId, config);

    assertEq(spoke.getReserveConfig(reserveId), config);
  }

  function _updateReservePausedFlag(
    ISpoke spoke,
    uint256 reserveId,
    bool paused
  ) internal pausePrank {
    ISpoke.ReserveConfig memory config = spoke.getReserveConfig(reserveId);
    config.paused = paused;

    vm.prank(SPOKE_ADMIN);
    spoke.updateReserveConfig(reserveId, config);

    assertEq(spoke.getReserveConfig(reserveId), config);
  }

  function _updateReserveReceiveSharesEnabledFlag(
    ISpoke spoke,
    uint256 reserveId,
    bool receiveSharesEnabled
  ) internal pausePrank {
    ISpoke.ReserveConfig memory config = spoke.getReserveConfig(reserveId);
    config.receiveSharesEnabled = receiveSharesEnabled;

    vm.prank(SPOKE_ADMIN);
    spoke.updateReserveConfig(reserveId, config);

    assertEq(spoke.getReserveConfig(reserveId), config);
  }

  function _updateLiquidationConfig(
    ISpoke spoke,
    ISpoke.LiquidationConfig memory config
  ) internal pausePrank {
    vm.prank(SPOKE_ADMIN);
    spoke.updateLiquidationConfig(config);

    assertEq(spoke.getLiquidationConfig(), config);
  }

  function _updateMaxLiquidationBonus(
    ISpoke spoke,
    uint256 reserveId,
    uint32 newMaxLiquidationBonus
  ) internal pausePrank returns (uint24) {
    ISpoke.DynamicReserveConfig memory config = _getLatestDynamicReserveConfig(spoke, reserveId);
    config.maxLiquidationBonus = newMaxLiquidationBonus;

    vm.prank(SPOKE_ADMIN);
    uint24 dynamicConfigKey = spoke.addDynamicReserveConfig(reserveId, config);

    assertEq(_getLatestDynamicReserveConfig(spoke, reserveId), config);
    return dynamicConfigKey;
  }

  function _updateLiquidationFee(
    ISpoke spoke,
    uint256 reserveId,
    uint16 newLiquidationFee
  ) internal pausePrank returns (uint24) {
    ISpoke.DynamicReserveConfig memory config = _getLatestDynamicReserveConfig(spoke, reserveId);
    config.liquidationFee = newLiquidationFee;

    vm.prank(SPOKE_ADMIN);
    uint24 dynamicConfigKey = spoke.addDynamicReserveConfig(reserveId, config);

    assertEq(_getLatestDynamicReserveConfig(spoke, reserveId), config);
    return dynamicConfigKey;
  }

  function _updateCollateralFactorAndLiquidationBonus(
    ISpoke spoke,
    uint256 reserveId,
    uint256 newCollateralFactor,
    uint256 newLiquidationBonus
  ) internal pausePrank returns (uint24) {
    ISpoke.DynamicReserveConfig memory config = _getLatestDynamicReserveConfig(spoke, reserveId);
    config.collateralFactor = newCollateralFactor.toUint16();
    config.maxLiquidationBonus = newLiquidationBonus.toUint32();

    vm.prank(SPOKE_ADMIN);
    uint24 dynamicConfigKey = spoke.addDynamicReserveConfig(reserveId, config);

    assertEq(_getLatestDynamicReserveConfig(spoke, reserveId), config);
    return dynamicConfigKey;
  }

  function _updateCollateralFactor(
    ISpoke spoke,
    uint256 reserveId,
    uint256 newCollateralFactor
  ) internal pausePrank returns (uint24) {
    ISpoke.DynamicReserveConfig memory config = _getLatestDynamicReserveConfig(spoke, reserveId);
    config.collateralFactor = newCollateralFactor.toUint16();
    vm.prank(SPOKE_ADMIN);
    uint24 dynamicConfigKey = spoke.addDynamicReserveConfig(reserveId, config);

    assertEq(_getLatestDynamicReserveConfig(spoke, reserveId), config);
    return dynamicConfigKey;
  }

  function _updateCollateralFactorAtKey(
    ISpoke spoke,
    uint256 reserveId,
    uint24 dynamicConfigKey,
    uint256 newCollateralFactor
  ) internal pausePrank {
    ISpoke.DynamicReserveConfig memory config = spoke.getDynamicReserveConfig(
      reserveId,
      dynamicConfigKey
    );
    config.collateralFactor = newCollateralFactor.toUint16();
    vm.prank(SPOKE_ADMIN);
    spoke.updateDynamicReserveConfig(reserveId, dynamicConfigKey, config);

    assertEq(_getLatestDynamicReserveConfig(spoke, reserveId), config);
  }

  function updateReserveBorrowableFlag(
    ISpoke spoke,
    uint256 reserveId,
    bool newBorrowable
  ) internal pausePrank {
    ISpoke.ReserveConfig memory config = spoke.getReserveConfig(reserveId);
    config.borrowable = newBorrowable;
    vm.prank(SPOKE_ADMIN);
    spoke.updateReserveConfig(reserveId, config);

    assertEq(spoke.getReserveConfig(reserveId), config);
  }

  function _updateCollateralRisk(
    ISpoke spoke,
    uint256 reserveId,
    uint24 newCollateralRisk
  ) internal pausePrank {
    ISpoke.ReserveConfig memory config = spoke.getReserveConfig(reserveId);
    config.collateralRisk = newCollateralRisk;
    vm.prank(SPOKE_ADMIN);
    spoke.updateReserveConfig(reserveId, config);

    assertEq(spoke.getReserveConfig(reserveId), config);
  }

  function updateLiquidityFee(IHub hub, uint256 assetId, uint256 liquidityFee) internal pausePrank {
    IHub.AssetConfig memory config = hub.getAssetConfig(assetId);
    config.liquidityFee = liquidityFee.toUint16();
    vm.prank(HUB_ADMIN);
    hub.updateAssetConfig(assetId, config, new bytes(0));

    assertEq(hub.getAssetConfig(assetId), config);
  }

  function _updateTargetHealthFactor(
    ISpoke spoke,
    uint128 newTargetHealthFactor
  ) internal pausePrank {
    ISpoke.LiquidationConfig memory liqConfig = spoke.getLiquidationConfig();
    liqConfig.targetHealthFactor = newTargetHealthFactor;
    vm.prank(SPOKE_ADMIN);
    spoke.updateLiquidationConfig(liqConfig);

    assertEq(spoke.getLiquidationConfig(), liqConfig);
  }

  function getTargetHealthFactor(ISpoke spoke) internal view returns (uint256) {
    ISpoke.LiquidationConfig memory liqConfig = spoke.getLiquidationConfig();
    return liqConfig.targetHealthFactor;
  }

  /// @dev pseudo random randomizer
  function randomizer(uint256 min, uint256 max) internal returns (uint256) {
    return vm.randomUint(min, max);
  }

  function _randomNonceKey() internal returns (uint192) {
    return uint192(vm.randomUint());
  }

  function _randomNonce() internal returns (uint64) {
    return uint64(vm.randomUint());
  }

  // assumes spoke has usdx supported
  function _usdxReserveId(ISpoke spoke) internal view returns (uint256) {
    return spokeInfo[spoke].usdx.reserveId;
  }

  // assumes spoke has usdy supported
  function _usdyReserveId(ISpoke spoke) internal view returns (uint256) {
    return spokeInfo[spoke].usdy.reserveId;
  }

  // assumes spoke has dai supported
  function _daiReserveId(ISpoke spoke) internal view returns (uint256) {
    return spokeInfo[spoke].dai.reserveId;
  }

  // assumes spoke has weth supported
  function _wethReserveId(ISpoke spoke) internal view returns (uint256) {
    return spokeInfo[spoke].weth.reserveId;
  }

  // assumes spoke has wbtc supported
  function _wbtcReserveId(ISpoke spoke) internal view returns (uint256) {
    return spokeInfo[spoke].wbtc.reserveId;
  }

  // assumes spoke has usdz supported
  function _usdzReserveId(ISpoke spoke) internal view returns (uint256) {
    return spokeInfo[spoke].usdz.reserveId;
  }

  function _updateSpokePaused(
    IHub hub,
    uint256 assetId,
    address spoke,
    bool paused
  ) internal pausePrank {
    IHub.SpokeConfig memory spokeConfig = hub.getSpokeConfig(assetId, spoke);
    spokeConfig.paused = paused;
    vm.prank(HUB_ADMIN);
    hub.updateSpokeConfig(assetId, spoke, spokeConfig);

    assertEq(hub.getSpokeConfig(assetId, spoke), spokeConfig);
  }

  function updateSpokeActive(
    IHub hub,
    uint256 assetId,
    address spoke,
    bool newActive
  ) internal pausePrank {
    IHub.SpokeConfig memory spokeConfig = hub.getSpokeConfig(assetId, spoke);
    spokeConfig.active = newActive;
    vm.prank(HUB_ADMIN);
    hub.updateSpokeConfig(assetId, spoke, spokeConfig);

    assertEq(hub.getSpokeConfig(assetId, spoke), spokeConfig);
  }

  function updateDrawCap(
    IHub hub,
    uint256 assetId,
    address spoke,
    uint40 newDrawCap
  ) internal pausePrank {
    IHub.SpokeConfig memory spokeConfig = hub.getSpokeConfig(assetId, spoke);
    spokeConfig.drawCap = newDrawCap;
    vm.prank(HUB_ADMIN);
    hub.updateSpokeConfig(assetId, spoke, spokeConfig);

    assertEq(hub.getSpokeConfig(assetId, spoke), spokeConfig);
  }

  function _updateSpokeRiskPremiumThreshold(
    IHub hub,
    uint256 assetId,
    address spoke,
    uint24 newRiskPremiumThreshold
  ) internal pausePrank {
    IHub.SpokeConfig memory spokeConfig = hub.getSpokeConfig(assetId, spoke);
    spokeConfig.riskPremiumThreshold = newRiskPremiumThreshold;
    vm.prank(HUB_ADMIN);
    hub.updateSpokeConfig(assetId, spoke, spokeConfig);

    assertEq(hub.getSpokeConfig(assetId, spoke), spokeConfig);
  }

  function getUserInfo(
    ISpoke spoke,
    address user,
    uint256 reserveId
  ) internal view returns (ISpoke.UserPosition memory) {
    return spoke.getUserPosition(reserveId, user);
  }

  function getUserDebt(
    ISpoke spoke,
    address user,
    uint256 reserveId
  ) internal view returns (Debts memory data) {
    (data.drawnDebt, data.premiumDebt) = spoke.getUserDebt(reserveId, user);
    data.totalDebt = data.drawnDebt + data.premiumDebt;
  }

  function _isUsingAsCollateral(
    ISpoke spoke,
    uint256 reserveId,
    address user
  ) internal view returns (bool) {
    (bool res, ) = spoke.getUserReserveStatus(reserveId, user);
    return res;
  }

  function _isBorrowing(
    ISpoke spoke,
    uint256 reserveId,
    address user
  ) internal view returns (bool) {
    (, bool res) = spoke.getUserReserveStatus(reserveId, user);
    return res;
  }

  function getReserveInfo(
    ISpoke spoke,
    uint256 reserveId
  ) internal view returns (ISpoke.Reserve memory) {
    return spoke.getReserve(reserveId);
  }

  function _getReserveLastDynamicConfigKey(
    ISpoke spoke,
    uint256 reserveId
  ) internal view returns (uint24) {
    return spoke.getReserve(reserveId).dynamicConfigKey;
  }

  function _getLatestDynamicReserveConfig(
    ISpoke spoke,
    uint256 reserveId
  ) internal view returns (ISpoke.DynamicReserveConfig memory) {
    return
      spoke.getDynamicReserveConfig(reserveId, _getReserveLastDynamicConfigKey(spoke, reserveId));
  }

  function getSpokeInfo(
    uint256 assetId,
    address spoke
  ) internal view returns (IHub.SpokeData memory) {
    return hub1.getSpoke(assetId, spoke);
  }

  function getAssetInfo(uint256 assetId) internal view returns (IHub.Asset memory) {
    return hub1.getAsset(assetId);
  }

  function getAssetByReserveId(
    ISpoke spoke,
    uint256 reserveId
  ) internal view returns (uint256, IERC20) {
    ISpoke.Reserve memory reserve = spoke.getReserve(reserveId);
    (address underlying, ) = reserve.hub.getAssetUnderlyingAndDecimals(reserve.assetId);
    return (reserve.assetId, IERC20(underlying));
  }

  function getAssetUnderlyingByReserveId(
    ISpoke spoke,
    uint256 reserveId
  ) internal view returns (IERC20) {
    ISpoke.Reserve memory reserve = spoke.getReserve(reserveId);
    (address underlying, ) = reserve.hub.getAssetUnderlyingAndDecimals(reserve.assetId);
    return IERC20(underlying);
  }

  function getTotalWithdrawable(
    ISpoke spoke,
    uint256 reserveId,
    address user
  ) internal view returns (uint256) {
    return spoke.getUserSuppliedAssets(reserveId, user);
  }

  /// @dev Helper function to calculate asset amount corresponding to single added share
  function minimumAssetsPerAddedShare(IHub hub, uint256 assetId) internal view returns (uint256) {
    return hub.previewAddByShares(assetId, 1);
  }

  /// @dev Helper function to calculate asset amount corresponding to single drawn share
  function minimumAssetsPerDrawnShare(IHub hub, uint256 assetId) internal view returns (uint256) {
    return hub.previewRestoreByShares(assetId, 1);
  }

  /// @dev Helper function to calculate expected supplied assets based on amount to supply and current exchange rate
  /// taking potential donation into account
  function calculateEffectiveAddedAssets(
    uint256 assetsAmount,
    uint256 totalAddedAssets,
    uint256 totalAddedShares
  ) internal pure returns (uint256) {
    uint256 sharesAmount = assetsAmount.toSharesDown(totalAddedAssets, totalAddedShares);
    return
      sharesAmount.toAssetsDown(totalAddedAssets + assetsAmount, totalAddedShares + sharesAmount);
  }

  function getAddExRate(uint256 assetId) internal view returns (uint256) {
    return hub1.previewRemoveByShares(assetId, MAX_SUPPLY_AMOUNT);
  }

  function getDebtExRate(uint256 assetId) internal view returns (uint256) {
    return hub1.previewRestoreByShares(assetId, MAX_SUPPLY_AMOUNT);
  }

  function getAssetDrawnRate(IHub hub, uint256 assetId) internal view returns (uint256) {
    return hub.getAsset(assetId).drawnRate;
  }

  /// @dev Helper function to ensure supply exchange rate is monotonically increasing
  function _checkSupplyRateIncreasing(
    uint256 oldRate,
    uint256 newRate,
    string memory label
  ) internal pure {
    assertGe(newRate, oldRate, string.concat('supply rate monotonically increasing ', label));
  }

  function _checkDebtRateConstant(
    uint256 oldRate,
    uint256 newRate,
    string memory label
  ) internal pure {
    assertEq(newRate, oldRate, string.concat('debt rate should be constant ', label));
  }

  /// returns the USD value of the reserve normalized by it's decimals, in terms of WAD
  function _getValue(
    ISpoke spoke,
    uint256 reserveId,
    uint256 amount
  ) internal view returns (uint256) {
    return
      (amount * IPriceOracle(spoke.ORACLE()).getReservePrice(reserveId)).wadDivDown(
        10 ** _underlying(spoke, reserveId).decimals()
      );
  }

  /// returns the USD value of the reserve normalized by it's decimals, in terms of WAD
  function _getDebtValue(
    ISpoke spoke,
    uint256 reserveId,
    uint256 amount
  ) internal view returns (uint256) {
    return
      (amount * IPriceOracle(spoke.ORACLE()).getReservePrice(reserveId)).wadDivUp(
        10 ** _underlying(spoke, reserveId).decimals()
      );
  }

  /// @notice Convert 1 asset amount to equivalent amount in another asset.
  /// @notice Will contain precision loss due to conversion split into two steps.
  /// @return Converted amount of toAsset.
  function _convertAssetAmount(
    ISpoke spoke,
    uint256 reserveId,
    uint256 amount,
    uint256 toReserveId
  ) internal view returns (uint256) {
    return
      _convertValueToAmount(spoke, toReserveId, _convertAmountToValue(spoke, reserveId, amount));
  }

  /// @dev Helper function to calculate the amount of base and premium debt to restore
  // @return drawnRestored amount of drawn debt to restore
  // @return premiumRestored amount of premium debt to restore
  function _calculateExactRestoreAmount(
    uint256 drawn,
    uint256 premium,
    uint256 restoreAmount,
    uint256 assetId
  ) internal view returns (uint256, uint256) {
    if (restoreAmount <= premium) {
      return (0, restoreAmount);
    }
    uint256 drawnRestored = _min(drawn, restoreAmount - premium);
    // round drawn debt to nearest whole share
    drawnRestored = hub1.previewRestoreByShares(
      assetId,
      hub1.previewRestoreByAssets(assetId, drawnRestored)
    );
    return (drawnRestored, premium);
  }

  function _calculateExactRestoreAmount(
    ISpoke spoke,
    uint256 reserveId,
    address user,
    uint256 repayAmount
  ) internal view returns (uint256 baseRestored, uint256 premiumRestored) {
    (uint256 userDrawnDebt, uint256 userPremiumDebt) = spoke.getUserDebt(reserveId, user);
    return
      _calculateExactRestoreAmount(
        userDrawnDebt,
        userPremiumDebt,
        repayAmount,
        _spokeAssetId(spoke, reserveId)
      );
  }

  function _calculateRestoreAmounts(
    uint256 restoreAmount,
    uint256 drawn,
    uint256 premium
  ) internal pure returns (uint256 baseAmount, uint256 premiumAmount) {
    if (restoreAmount <= premium) {
      return (0, restoreAmount);
    }

    return (drawn.min(restoreAmount - premium), premium);
  }

  function _calculateRestoreAmounts(
    ISpoke spoke,
    uint256 reserveId,
    address user,
    uint256 repayAmount
  ) internal view returns (uint256 baseAmount, uint256 premiumAmount) {
    (uint256 userDrawnDebt, uint256 userPremiumDebt) = spoke.getUserDebt(reserveId, user);
    return _calculateRestoreAmounts(repayAmount, userDrawnDebt, userPremiumDebt);
  }

  function _getExpectedPremiumDelta(
    uint256 drawnIndex,
    uint256 oldPremiumShares,
    int256 oldPremiumOffsetRay,
    uint256 drawnShares,
    uint256 riskPremium,
    uint256 restoredPremiumRay
  ) internal pure returns (IHubBase.PremiumDelta memory) {
    uint256 premiumDebtRay = _calculatePremiumDebtRay(
      oldPremiumShares,
      oldPremiumOffsetRay,
      drawnIndex
    );

    uint256 newPremiumShares = drawnShares.percentMulUp(riskPremium);
    int256 newPremiumOffsetRay = _calculatePremiumAssetsRay(newPremiumShares, drawnIndex).signedSub(
      premiumDebtRay - restoredPremiumRay
    );

    return
      IHubBase.PremiumDelta({
        sharesDelta: newPremiumShares.toInt256() - oldPremiumShares.toInt256(),
        offsetRayDelta: newPremiumOffsetRay - oldPremiumOffsetRay,
        restoredPremiumRay: restoredPremiumRay
      });
  }

  function _getExpectedPremiumDelta(
    IHub hub,
    uint256 assetId,
    uint256 oldPremiumShares,
    int256 oldPremiumOffsetRay,
    uint256 drawnShares,
    uint256 riskPremium,
    uint256 restoredPremiumRay
  ) internal view returns (IHubBase.PremiumDelta memory) {
    return
      _getExpectedPremiumDelta({
        drawnIndex: hub.getAssetDrawnIndex(assetId),
        oldPremiumShares: oldPremiumShares,
        oldPremiumOffsetRay: oldPremiumOffsetRay,
        drawnShares: drawnShares,
        riskPremium: riskPremium,
        restoredPremiumRay: restoredPremiumRay
      });
  }

  function _getExpectedPremiumDelta(
    ISpoke spoke,
    address user,
    uint256 reserveId,
    uint256 repayAmount
  ) internal view virtual returns (IHubBase.PremiumDelta memory) {
    Debts memory userDebt = getUserDebt(spoke, user, reserveId);
    (, uint256 premiumAmountToRestore) = _calculateRestoreAmounts(
      repayAmount,
      userDebt.drawnDebt,
      userDebt.premiumDebt
    );

    ISpoke.UserPosition memory userPosition = spoke.getUserPosition(reserveId, user);
    uint256 assetId = spoke.getReserve(reserveId).assetId;
    uint256 premiumDebtRay = _calculatePremiumDebtRay(
      hub1,
      assetId,
      userPosition.premiumShares,
      userPosition.premiumOffsetRay
    );

    uint256 restoredPremiumRay = (premiumAmountToRestore * WadRayMath.RAY).min(premiumDebtRay);

    return
      _getExpectedPremiumDelta({
        hub: hub1,
        assetId: assetId,
        oldPremiumShares: userPosition.premiumShares,
        oldPremiumOffsetRay: userPosition.premiumOffsetRay,
        drawnShares: 0, // risk premium is 0, so drawn shares do not matter here (otherwise they need to be updated with restored drawn shares amount)
        riskPremium: 0,
        restoredPremiumRay: restoredPremiumRay
      });
  }

  // in restore actions, premiumDelta is first reset to last user RP
  function _getExpectedPremiumDeltaForRestore(
    ISpoke spoke,
    address user,
    uint256 reserveId,
    uint256 repayAmount
  ) internal view virtual returns (IHubBase.PremiumDelta memory) {
    Debts memory userDebt = getUserDebt(spoke, user, reserveId);
    (uint256 drawnDebtToRestore, uint256 premiumAmountToRestore) = _calculateRestoreAmounts(
      repayAmount,
      userDebt.drawnDebt,
      userDebt.premiumDebt
    );

    {
      ISpoke.UserPosition memory userPosition = spoke.getUserPosition(reserveId, user);
      uint256 assetId = spoke.getReserve(reserveId).assetId;
      IHub hub = IHub(address(spoke.getReserve(reserveId).hub));
      uint256 premiumDebtRay = _calculatePremiumDebtRay(
        hub,
        assetId,
        userPosition.premiumShares,
        userPosition.premiumOffsetRay
      );

      uint256 restoredPremiumRay = (premiumAmountToRestore * WadRayMath.RAY).min(premiumDebtRay);
      uint256 restoredShares = drawnDebtToRestore.rayDivDown(hub.getAssetDrawnIndex(reserveId));
      uint256 riskPremium = _getUserLastRiskPremium(spoke, user);

      return
        _getExpectedPremiumDelta({
          hub: hub,
          assetId: assetId,
          oldPremiumShares: userPosition.premiumShares,
          oldPremiumOffsetRay: userPosition.premiumOffsetRay,
          drawnShares: userPosition.drawnShares - restoredShares,
          riskPremium: riskPremium,
          restoredPremiumRay: restoredPremiumRay
        });
    }
  }

  /// @dev Helper function to check consistent supplied amounts within accounting
  function _checkSuppliedAmounts(
    uint256 assetId,
    uint256 reserveId,
    ISpoke spoke,
    address user,
    uint256 expectedSuppliedAmount,
    string memory label
  ) internal view {
    uint256 expectedSuppliedShares = hub1.previewAddByAssets(assetId, expectedSuppliedAmount);
    assertEq(
      hub1.getAddedShares(assetId),
      expectedSuppliedShares,
      string(abi.encodePacked('asset supplied shares ', label))
    );
    assertEq(
      hub1.getAddedAssets(assetId) - _calculateBurntInterest(hub1, assetId),
      expectedSuppliedAmount,
      string(abi.encodePacked('asset supplied amount ', label))
    );
    assertEq(
      hub1.getSpokeAddedShares(assetId, address(spoke)),
      expectedSuppliedShares,
      string(abi.encodePacked('spoke supplied shares ', label))
    );
    assertEq(
      hub1.getSpokeAddedAssets(assetId, address(spoke)),
      expectedSuppliedAmount,
      string(abi.encodePacked('spoke supplied amount ', label))
    );
    assertEq(
      spoke.getReserveSuppliedShares(reserveId),
      expectedSuppliedShares,
      string(abi.encodePacked('reserve supplied shares ', label))
    );
    assertEq(
      spoke.getReserveSuppliedAssets(reserveId),
      expectedSuppliedAmount,
      string(abi.encodePacked('reserve supplied amount ', label))
    );
    assertEq(
      spoke.getUserSuppliedShares(reserveId, user),
      expectedSuppliedShares,
      string(abi.encodePacked('user supplied shares ', label))
    );
    assertEq(
      spoke.getUserSuppliedAssets(reserveId, user),
      expectedSuppliedAmount,
      string(abi.encodePacked('user supplied amount ', label))
    );
  }

  function _assertUserDebt(
    ISpoke spoke,
    uint256 reserveId,
    address user,
    uint256 expectedDrawnDebt,
    uint256 expectedPremiumDebt,
    string memory label
  ) internal view {
    (uint256 actualDrawnDebt, uint256 actualPremiumDebt) = spoke.getUserDebt(reserveId, user);
    assertApproxEqAbs(
      actualDrawnDebt,
      expectedDrawnDebt,
      1,
      string.concat('user drawn debt ', label)
    );
    assertApproxEqAbs(
      actualPremiumDebt,
      expectedPremiumDebt,
      3,
      string.concat('user premium debt ', label)
    );
    assertApproxEqAbs(
      spoke.getUserTotalDebt(reserveId, user),
      expectedDrawnDebt + expectedPremiumDebt,
      3,
      string.concat('user total debt ', label)
    );
  }

  function _assertReserveDebt(
    ISpoke spoke,
    uint256 reserveId,
    uint256 expectedDrawnDebt,
    uint256 expectedPremiumDebt,
    string memory label
  ) internal view {
    (uint256 actualDrawnDebt, uint256 actualPremiumDebt) = spoke.getReserveDebt(reserveId);
    assertApproxEqAbs(
      actualDrawnDebt,
      expectedDrawnDebt,
      1,
      string.concat('reserve drawn debt ', label)
    );
    assertApproxEqAbs(
      actualPremiumDebt,
      expectedPremiumDebt,
      3,
      string.concat('reserve premium debt ', label)
    );
    assertApproxEqAbs(
      spoke.getReserveTotalDebt(reserveId),
      expectedDrawnDebt + expectedPremiumDebt,
      3,
      string.concat('reserve total debt ', label)
    );
  }

  function _assertSpokeDebt(
    ISpoke spoke,
    uint256 reserveId,
    uint256 expectedDrawnDebt,
    uint256 expectedPremiumDebt,
    string memory label
  ) internal view {
    uint256 assetId = spoke.getReserve(reserveId).assetId;
    (uint256 actualDrawnDebt, uint256 actualPremiumDebt) = hub1.getSpokeOwed(
      assetId,
      address(spoke)
    );
    assertApproxEqAbs(
      actualDrawnDebt,
      expectedDrawnDebt,
      1,
      string.concat('spoke drawn debt ', label)
    );
    assertApproxEqAbs(
      actualPremiumDebt,
      expectedPremiumDebt,
      3,
      string.concat('spoke premium debt ', label)
    );
    assertApproxEqAbs(
      hub1.getSpokeTotalOwed(assetId, address(spoke)),
      expectedDrawnDebt + expectedPremiumDebt,
      3,
      string.concat('spoke total debt ', label)
    );
  }

  function _assertAssetDebt(
    ISpoke spoke,
    uint256 reserveId,
    uint256 expectedDrawnDebt,
    uint256 expectedPremiumDebt,
    string memory label
  ) internal view {
    uint256 assetId = spoke.getReserve(reserveId).assetId;
    (uint256 actualDrawnDebt, uint256 actualPremiumDebt) = hub1.getAssetOwed(assetId);
    assertApproxEqAbs(
      actualDrawnDebt,
      expectedDrawnDebt,
      1,
      string.concat('asset drawn debt ', label)
    );
    assertApproxEqAbs(
      actualPremiumDebt,
      expectedPremiumDebt,
      3,
      string.concat('asset premium debt ', label)
    );
    assertApproxEqAbs(
      hub1.getAssetTotalOwed(assetId),
      expectedDrawnDebt + expectedPremiumDebt,
      3,
      string.concat('asset total debt ', label)
    );
  }

  function _assertSingleUserProtocolDebt(
    ISpoke spoke,
    uint256 reserveId,
    address user,
    uint256 expectedDrawnDebt,
    uint256 expectedPremiumDebt,
    string memory label
  ) internal view {
    _assertUserDebt(spoke, reserveId, user, expectedDrawnDebt, expectedPremiumDebt, label);

    _assertReserveDebt(spoke, reserveId, expectedDrawnDebt, expectedPremiumDebt, label);

    _assertSpokeDebt(spoke, reserveId, expectedDrawnDebt, expectedPremiumDebt, label);

    _assertAssetDebt(spoke, reserveId, expectedDrawnDebt, expectedPremiumDebt, label);
  }

  function _assertUserSupply(
    ISpoke spoke,
    uint256 reserveId,
    address user,
    uint256 expectedSuppliedAmount,
    string memory label
  ) internal view {
    assertApproxEqAbs(
      spoke.getUserSuppliedAssets(reserveId, user),
      expectedSuppliedAmount,
      3,
      string.concat('user supplied amount ', label)
    );
  }

  function _assertReserveSupply(
    ISpoke spoke,
    uint256 reserveId,
    uint256 expectedSuppliedAmount,
    string memory label
  ) internal view {
    assertApproxEqAbs(
      spoke.getReserveSuppliedAssets(reserveId),
      expectedSuppliedAmount,
      3,
      string.concat('reserve supplied amount ', label)
    );
  }

  function _assertSpokeSupply(
    ISpoke spoke,
    uint256 reserveId,
    uint256 expectedSuppliedAmount,
    string memory label
  ) internal view {
    uint256 assetId = spoke.getReserve(reserveId).assetId;
    assertApproxEqAbs(
      hub1.getSpokeAddedAssets(assetId, address(spoke)),
      expectedSuppliedAmount,
      3,
      string.concat('spoke supplied amount ', label)
    );
  }

  function _assertAssetSupply(
    ISpoke spoke,
    uint256 reserveId,
    uint256 expectedSuppliedAmount,
    string memory label
  ) internal view {
    uint256 assetId = spoke.getReserve(reserveId).assetId;
    assertApproxEqAbs(
      hub1.getAddedAssets(assetId) - _calculateBurntInterest(hub1, assetId),
      expectedSuppliedAmount,
      3,
      string.concat('asset supplied amount ', label)
    );
  }

  function _assertSingleUserProtocolSupply(
    ISpoke spoke,
    uint256 reserveId,
    address user,
    uint256 expectedSuppliedAmount,
    string memory label
  ) internal view {
    _assertUserSupply(spoke, reserveId, user, expectedSuppliedAmount, label);

    _assertReserveSupply(spoke, reserveId, expectedSuppliedAmount, label);

    _assertSpokeSupply(spoke, reserveId, expectedSuppliedAmount, label);

    _assertAssetSupply(spoke, reserveId, expectedSuppliedAmount, label);
  }

  function _convertAmountToValue(
    ISpoke spoke,
    uint256 reserveId,
    uint256 amount
  ) internal view returns (uint256) {
    return
      _convertAmountToValue(
        amount,
        IPriceOracle(spoke.ORACLE()).getReservePrice(reserveId),
        10 ** _underlying(spoke, reserveId).decimals()
      );
  }

  function _convertAmountToValue(
    uint256 amount,
    uint256 assetPrice,
    uint256 assetUnit
  ) internal pure returns (uint256) {
    return (amount * assetPrice).wadDivUp(assetUnit);
  }

  function _convertValueToAmount(
    ISpoke spoke,
    uint256 reserveId,
    uint256 valueAmount
  ) internal view returns (uint256) {
    return
      _convertValueToAmount(
        valueAmount,
        IPriceOracle(spoke.ORACLE()).getReservePrice(reserveId),
        10 ** _underlying(spoke, reserveId).decimals()
      );
  }

  function _convertValueToAmount(
    uint256 valueAmount,
    uint256 assetPrice,
    uint256 assetUnit
  ) internal pure returns (uint256) {
    return ((valueAmount * assetUnit) / assetPrice).fromWadDown();
  }

  /**
   * @notice Returns the required debt amount to ensure user position is ~ a certain health factor.
   * @param desiredHf The desired health factor to be at.
   */
  function _getRequiredDebtAmountForHf(
    ISpoke spoke,
    address user,
    uint256 reserveId,
    uint256 desiredHf
  ) internal view returns (uint256 requiredDebtAmount) {
    uint256 requiredDebtAmountValue = _getRequiredDebtValueForHf(spoke, user, desiredHf);
    return _convertValueToAmount(spoke, reserveId, requiredDebtAmountValue);
  }

  /**
   * @notice Returns the required debt in value terms to ensure user position is below a certain health factor.
   */
  function _getRequiredDebtValueForHf(
    ISpoke spoke,
    address user,
    uint256 desiredHf
  ) internal view returns (uint256 requiredDebtValue) {
    ISpoke.UserAccountData memory userAccountData = spoke.getUserAccountData(user);

    requiredDebtValue =
      userAccountData.totalCollateralValue.wadMulUp(userAccountData.avgCollateralFactor).wadDivUp(
        desiredHf
      ) -
      userAccountData.totalDebtValue;
  }

  function _getUserHealthFactor(ISpoke spoke, address user) internal view returns (uint256) {
    return spoke.getUserAccountData(user).healthFactor;
  }

  function _getUserLastRiskPremium(ISpoke spoke, address user) internal view returns (uint256) {
    return spoke.getUserLastRiskPremium(user);
  }

  function _getUserRiskPremium(ISpoke spoke, address user) internal view returns (uint256) {
    return spoke.getUserAccountData(user).riskPremium;
  }

  function _approxRelFromBps(uint256 bps) internal pure returns (uint256) {
    return (bps * 1e18) / 100_00;
  }

  function _min(uint256 a, uint256 b) internal pure returns (uint256) {
    return a < b ? a : b;
  }

  function _max(uint256 a, uint256 b) internal pure returns (uint256) {
    return a > b ? a : b;
  }

  function _getTargetHealthFactor(ISpoke spoke) internal view returns (uint128) {
    return spoke.getLiquidationConfig().targetHealthFactor;
  }

  function _calcMinimumCollAmount(
    ISpoke spoke,
    uint256 collReserveId,
    uint256 debtReserveId,
    uint256 debtAmount
  ) internal view returns (uint256) {
    if (debtAmount == 0) return 1;
    IPriceOracle oracle = IPriceOracle(spoke.ORACLE());
    ISpoke.Reserve memory collData = spoke.getReserve(collReserveId);
    ISpoke.DynamicReserveConfig memory collDynConf = _getLatestDynamicReserveConfig(
      spoke,
      collReserveId
    );

    uint256 collPrice = oracle.getReservePrice(collReserveId);
    uint256 collAssetUnits = 10 ** hub1.getAsset(collData.assetId).decimals;

    ISpoke.Reserve memory debtData = spoke.getReserve(debtReserveId);
    uint256 debtAssetUnits = 10 ** hub1.getAsset(debtData.assetId).decimals;
    uint256 debtPrice = oracle.getReservePrice(debtReserveId);

    uint256 normalizedDebtAmount = (debtAmount * debtPrice).wadDivDown(debtAssetUnits);
    uint256 normalizedCollPrice = collPrice.wadDivDown(collAssetUnits);

    return
      normalizedDebtAmount.wadDivUp(
        normalizedCollPrice.toWad().percentMulDown(collDynConf.collateralFactor)
      );
  }

  /// @dev Calculate expected debt index based on input params
  function _calculateExpectedDrawnIndex(
    uint256 initialDrawnIndex,
    uint96 borrowRate,
    uint40 startTime
  ) internal view returns (uint256) {
    return initialDrawnIndex.rayMulUp(MathUtils.calculateLinearInterest(borrowRate, startTime));
  }

  /// @dev Calculate expected debt index and drawn debt based on input params
  function calculateExpectedDebt(
    uint256 initialDrawnShares,
    uint256 initialDrawnIndex,
    uint96 borrowRate,
    uint40 startTime
  ) internal view returns (uint256 newDrawnIndex, uint256 newDrawnDebt) {
    newDrawnIndex = _calculateExpectedDrawnIndex(initialDrawnIndex, borrowRate, startTime);
    newDrawnDebt = initialDrawnShares.rayMulUp(newDrawnIndex);
  }

  /// @dev Calculate expected drawn debt based on specified borrow rate
  function _calculateExpectedDrawnDebt(
    uint256 initialDebt,
    uint96 borrowRate,
    uint40 startTime
  ) internal view returns (uint256) {
    return MathUtils.calculateLinearInterest(borrowRate, startTime).rayMulUp(initialDebt);
  }

  /// @dev Calculate expected premium debt based on change in drawn debt and user rp
  function _calculateExpectedPremiumDebt(
    uint256 initialDrawnDebt,
    uint256 currentDrawnDebt,
    uint256 userRiskPremium
  ) internal pure returns (uint256) {
    return (currentDrawnDebt - initialDrawnDebt).percentMulUp(userRiskPremium);
  }

  /// @dev Helper function to get asset drawn debt
  function getAssetDrawnDebt(uint256 assetId) internal view returns (uint256) {
    (uint256 drawn, ) = hub1.getAssetOwed(assetId);
    return drawn;
  }

  /// @dev Helper function to calculate burnt interest in assets terms (originated from virtual shares and assets)
  function _calculateBurntInterest(IHub hub, uint256 assetId) internal view returns (uint256) {
    return
      hub.getAddedAssets(assetId) - hub.previewRemoveByShares(assetId, hub.getAddedShares(assetId));
  }

  function _calculatePremiumDebt(
    IHub hub,
    uint256 assetId,
    uint256 premiumShares,
    int256 premiumOffsetRay
  ) internal view returns (uint256) {
    return _calculatePremiumDebtRay(hub, assetId, premiumShares, premiumOffsetRay).fromRayUp();
  }

  function _calculatePremiumDebtRay(
    IHub hub,
    uint256 assetId,
    uint256 premiumShares,
    int256 premiumOffsetRay
  ) internal view returns (uint256) {
    uint256 drawnIndex = hub.getAssetDrawnIndex(assetId);
    return _calculatePremiumDebtRay(premiumShares, premiumOffsetRay, drawnIndex);
  }

  function _calculatePremiumDebtRay(
    uint256 premiumShares,
    int256 premiumOffsetRay,
    uint256 drawnIndex
  ) internal pure returns (uint256) {
    return ((premiumShares * drawnIndex).toInt256() - premiumOffsetRay).toUint256();
  }

  function _calculatePremiumDebtRay(
    ISpoke spoke,
    uint256 reserveId,
    uint256 premiumShares,
    int256 premiumOffsetRay
  ) internal view returns (uint256) {
    IHub hub = _hub(spoke, reserveId);
    uint256 assetId = spoke.getReserve(reserveId).assetId;
    return _calculatePremiumDebtRay(hub, assetId, premiumShares, premiumOffsetRay);
  }

  function _calculatePremiumDebtRay(
    ISpoke spoke,
    uint256 reserveId,
    address user
  ) internal view returns (uint256) {
    ISpoke.UserPosition memory userPosition = spoke.getUserPosition(reserveId, user);
    return
      _calculatePremiumDebtRay(
        spoke,
        reserveId,
        userPosition.premiumShares,
        userPosition.premiumOffsetRay
      );
  }

  function _calculatePremiumAssetsRay(
    uint256 premiumShares,
    uint256 drawnIndex
  ) internal pure returns (uint256) {
    return premiumShares * drawnIndex;
  }

  function _calculatePremiumAssetsRay(
    IHub hub,
    uint256 assetId,
    uint256 premiumShares
  ) internal view returns (uint256) {
    return _calculatePremiumAssetsRay(premiumShares, hub.getAssetDrawnIndex(assetId));
  }

  /// @dev Helper function to withdraw fees from the treasury spoke
  function _withdrawLiquidityFees(IHub hub, uint256 assetId, uint256 amount) internal {
    Utils.mintFeeShares(hub, assetId, ADMIN);
    uint256 fees = hub.getSpokeAddedAssets(assetId, address(treasurySpoke));

    if (amount > fees) {
      amount = fees;
    }
    if (amount == 0) {
      return; // nothing to withdraw
    }
    vm.prank(TREASURY_ADMIN);
    treasurySpoke.withdraw(assetId, amount, address(treasurySpoke));
  }

  function _assumeValidSupplier(address user) internal view {
    vm.assume(
      user != address(0) &&
        user != address(hub1) &&
        user != address(spoke1) &&
        user != address(spoke2) &&
        user != address(spoke3) &&
        user != _getProxyAdminAddress(address(spoke1)) &&
        user != _getProxyAdminAddress(address(spoke2)) &&
        user != _getProxyAdminAddress(address(spoke3))
    );
  }

  function _getAssetLiquidityFee(uint256 assetId) internal view returns (uint256) {
    return hub1.getAssetConfig(assetId).liquidityFee;
  }

  function _getFeeReceiver(IHub hub, uint256 assetId) internal view returns (address) {
    return hub.getAssetConfig(assetId).feeReceiver;
  }

  function _getFeeReceiver(ISpoke spoke, uint256 reserveId) internal view returns (address) {
    return _getFeeReceiver(_hub(spoke, reserveId), spoke.getReserve(reserveId).assetId);
  }

  function _getCollateralRisk(ISpoke spoke, uint256 reserveId) internal view returns (uint24) {
    return spoke.getReserveConfig(reserveId).collateralRisk;
  }

  function _getCollateralFactor(ISpoke spoke, uint256 reserveId) internal view returns (uint16) {
    return _getLatestDynamicReserveConfig(spoke, reserveId).collateralFactor;
  }

  function _getCollateralFactor(
    ISpoke spoke,
    uint256 reserveId,
    address user
  ) internal view returns (uint16) {
    uint24 dynamicConfigKey = spoke.getUserPosition(reserveId, user).dynamicConfigKey;
    return spoke.getDynamicReserveConfig(reserveId, dynamicConfigKey).collateralFactor;
  }

  function _getCollateralFactor(
    ISpoke spoke,
    function(ISpoke) internal view returns (uint256) reserveId
  ) internal view returns (uint16) {
    return _getLatestDynamicReserveConfig(spoke, reserveId(spoke)).collateralFactor;
  }

  function _hasRole(
    IAccessManager authority,
    uint64 role,
    address account
  ) internal view returns (bool) {
    (bool hasRole, ) = authority.hasRole(role, account);
    return hasRole;
  }

  function _randomBps() internal returns (uint16) {
    return vm.randomUint(0, PercentageMath.PERCENTAGE_FACTOR).toUint16();
  }

  function _hub(ISpoke spoke, uint256 reserveId) internal view returns (IHub) {
    return IHub(address(spoke.getReserve(reserveId).hub));
  }

  function _spokeAssetId(ISpoke spoke, uint256 reserveId) internal view returns (uint256) {
    return spoke.getReserve(reserveId).assetId;
  }

  function _underlying(ISpoke spoke, uint256 reserveId) internal view returns (TestnetERC20) {
    return TestnetERC20(spoke.getReserve(reserveId).underlying);
  }

  function _approveAllUnderlying(ISpoke spoke, address owner, address spender) internal {
    for (uint256 reserveId; reserveId < spoke.getReserveCount(); ++reserveId) {
      TestnetERC20 underlying = _underlying(spoke, reserveId);
      vm.prank(owner);
      underlying.approve(spender, UINT256_MAX);
    }
  }

  function _deploySpokeWithOracle(
    address /*proxyAdminOwner*/,
    address _accessManager,
    string memory _oracleDesc
  ) internal returns (ISpoke, IAaveOracle) {
    // address deployer = makeAddr('deployer');
    // address predictedSpoke = vm.computeCreateAddress(deployer, vm.getNonce(deployer));
    IAaveOracle oracle = new AaveOracle(address(1), 8, _oracleDesc);
    SpokeInstance spokeImpl = new SpokeInstance(address(oracle));
    spokeImpl.initialize(_accessManager);
    ISpoke spoke = ISpoke(
      spokeImpl
      // _proxify(
      //   deployer,
      //   spokeImpl,
      //   proxyAdminOwner,
      //   abi.encodeCall(Spoke.initialize, (_accessManager))
      // )
    );
    AaveOracle(address(oracle)).setSpoke(address(spoke));
    // assertEq(address(spoke), predictedSpoke, 'predictedSpoke');
    _assertEq(spoke.ORACLE(), address(oracle));
    _assertEq(oracle.SPOKE(), address(spoke));
    return (spoke, oracle);
  }

  function _getDefaultReserveConfig(
    uint24 collateralRisk
  ) internal pure returns (ISpoke.ReserveConfig memory) {
    return
      ISpoke.ReserveConfig({
        paused: false,
        frozen: false,
        borrowable: true,
        liquidatable: true,
        receiveSharesEnabled: true,
        collateralRisk: collateralRisk
      });
  }

  function _proxify(
    address deployer,
    address impl,
    address proxyAdminOwner,
    bytes memory initData
  ) internal returns (address) {
    vm.prank(deployer);
    TransparentUpgradeableProxy proxy = new TransparentUpgradeableProxy(
      impl,
      proxyAdminOwner,
      initData
    );
    return address(proxy);
  }

  function assertEq(IHubBase.PremiumDelta memory a, IHubBase.PremiumDelta memory b) internal pure {
    assertEq(a.sharesDelta, b.sharesDelta, 'sharesDelta');
    assertEq(a.offsetRayDelta, b.offsetRayDelta, 'offsetRayDelta');
    assertEq(a.restoredPremiumRay, b.restoredPremiumRay, 'restoredPremiumRay');
    assertEq(abi.encode(a), abi.encode(b));
  }

  function assertEq(IHub.AssetConfig memory a, IHub.AssetConfig memory b) internal pure {
    assertEq(a.feeReceiver, b.feeReceiver, 'feeReceiver');
    assertEq(a.liquidityFee, b.liquidityFee, 'liquidityFee');
    assertEq(a.irStrategy, b.irStrategy, 'irStrategy');
    assertEq(a.reinvestmentController, b.reinvestmentController, 'reinvestmentController');
    assertEq(abi.encode(a), abi.encode(b));
  }

  function assertEq(IHub.SpokeConfig memory a, IHub.SpokeConfig memory b) internal pure {
    assertEq(a.addCap, b.addCap, 'addCap');
    assertEq(a.drawCap, b.drawCap, 'drawCap');
    assertEq(a.riskPremiumThreshold, b.riskPremiumThreshold, 'riskPremiumThreshold');
    assertEq(a.active, b.active, 'active');
    assertEq(a.paused, b.paused, 'paused');
    assertEq(abi.encode(a), abi.encode(b));
  }

  function assertEq(
    ISpoke.LiquidationConfig memory a,
    ISpoke.LiquidationConfig memory b
  ) internal pure {
    assertEq(a.targetHealthFactor, b.targetHealthFactor, 'targetHealthFactor');
    assertEq(a.liquidationBonusFactor, b.liquidationBonusFactor, 'liquidationBonusFactor');
    assertEq(a.healthFactorForMaxBonus, b.healthFactorForMaxBonus, 'healthFactorForMaxBonus');
    assertEq(abi.encode(a), abi.encode(b));
  }

  function assertEq(ISpoke.ReserveConfig memory a, ISpoke.ReserveConfig memory b) internal pure {
    assertEq(a.paused, b.paused, 'paused');
    assertEq(a.frozen, b.frozen, 'frozen');
    assertEq(a.borrowable, b.borrowable, 'borrowable');
    assertEq(a.receiveSharesEnabled, b.receiveSharesEnabled, 'receiveSharesEnabled');
    assertEq(a.collateralRisk, b.collateralRisk, 'collateralRisk');
    assertEq(abi.encode(a), abi.encode(b));
  }

  function assertEq(
    ISpoke.DynamicReserveConfig memory a,
    ISpoke.DynamicReserveConfig memory b
  ) internal pure {
    assertEq(a.collateralFactor, b.collateralFactor, 'collateralFactor');
    assertEq(a.maxLiquidationBonus, b.maxLiquidationBonus, 'maxLiquidationBonus');
    assertEq(a.liquidationFee, b.liquidationFee, 'liquidationFee');
    assertEq(abi.encode(a), abi.encode(b));
  }

  function assertEq(
    IAssetInterestRateStrategy.InterestRateData memory a,
    IAssetInterestRateStrategy.InterestRateData memory b
  ) internal pure {
    assertEq(a.optimalUsageRatio, b.optimalUsageRatio, 'optimalUsageRatio');
    assertEq(a.baseVariableBorrowRate, b.baseVariableBorrowRate, 'baseVariableBorrowRate');
    assertEq(a.variableRateSlope1, b.variableRateSlope1, 'variableRateSlope1');
    assertEq(a.variableRateSlope2, b.variableRateSlope2, 'variableRateSlope2');
    assertEq(abi.encode(a), abi.encode(b));
  }

  function _assertEq(address a, address b, string memory errorMessage) internal pure {
    if (a != b) {
      console.log('a', a);
      console.log('b', b);
      console.log('errorMessage', errorMessage);
    }
    require(a == b, errorMessage);
  }

  function _assertEq(address a, address b) internal pure {
    _assertEq(a, b, "address mismatch");
  }

  function _calculateExpectedFees(
    uint256 drawnIncrease,
    uint256 premiumIncrease,
    uint256 liquidityFee
  ) internal pure returns (uint256) {
    return (drawnIncrease + premiumIncrease).percentMulDown(liquidityFee);
  }

  function _calculateExpectedFeesAmount(
    uint256 initialDrawnShares,
    uint256 initialPremiumShares,
    uint256 liquidityFee,
    uint256 indexDelta
  ) internal pure returns (uint256 feesAmount) {
    return
      indexDelta.rayMulUp(initialDrawnShares + initialPremiumShares).percentMulDown(liquidityFee);
  }

  /// @dev Get the liquidation bonus for a given reserve at a user HF
  function _getLiquidationBonus(
    ISpoke spoke,
    uint256 reserveId,
    address user,
    uint256 healthFactor
  ) internal view returns (uint256) {
    return spoke.getLiquidationBonus(reserveId, user, healthFactor);
  }

  /**
   * @notice Returns the required debt amount in value terms to ensure user position is above a certain health factor.
   * @return requiredDebt The required additional debt amount in value terms.
   */
  function _getRequiredDebtForGtHf(
    ISpoke spoke,
    address user,
    uint256 desiredHf
  ) internal view returns (uint256) {
    ISpoke.UserAccountData memory userAccountData = spoke.getUserAccountData(user);

    return
      userAccountData
        .totalCollateralValue
        .percentMulDown(userAccountData.avgCollateralFactor.fromWadDown())
        .percentMulDown(99_00)
        .wadDivDown(desiredHf) - userAccountData.totalDebtValue;
    // buffer to force debt lower (ie making sure resultant debt creates HF that is gt desired)
  }

  /// @dev Borrow to be below a certain healthy health factor
  /// @dev This function validates HF and does not mock price, thus it will cache user RP properly
  function _borrowToBeAboveHealthyHf(
    ISpoke spoke,
    address user,
    uint256 reserveId,
    uint256 desiredHf
  ) internal returns (uint256, uint256) {
    uint256 requiredDebtInBase = _getRequiredDebtForGtHf(spoke, user, desiredHf);
    uint256 requiredDebtAmount = _convertValueToAmount(spoke, reserveId, requiredDebtInBase) - 1;

    vm.assume(requiredDebtAmount < MAX_SUPPLY_AMOUNT);

    vm.prank(user);
    spoke.borrow(reserveId, requiredDebtAmount, user);

    uint256 finalHf = _getUserHealthFactor(spoke, user);
    assertGt(finalHf, desiredHf, 'should borrow so that HF is above desiredHf');
    return (finalHf, requiredDebtAmount);
  }

  function _mockDecimals(address underlying, uint8 decimals) internal {
    vm.mockCall(
      underlying,
      abi.encodeWithSelector(IERC20Metadata.decimals.selector),
      abi.encode(decimals)
    );
  }

  function _mockInterestRateBps(uint256 interestRateBps) internal {
    _mockInterestRateBps(address(irStrategy), interestRateBps);
  }

  function _mockInterestRateBps(address interestRateStrategy, uint256 interestRateBps) internal {
    vm.mockCall(
      interestRateStrategy,
      IBasicInterestRateStrategy.calculateInterestRate.selector,
      abi.encode(interestRateBps.bpsToRay())
    );
  }

  function _mockInterestRateBps(
    uint256 interestRateBps,
    uint256 assetId,
    uint256 liquidity,
    uint256 drawn,
    uint256 deficit,
    uint256 swept
  ) internal {
    _mockInterestRateBps(
      address(irStrategy),
      interestRateBps,
      assetId,
      liquidity,
      drawn,
      deficit,
      swept
    );
  }

  function _mockInterestRateBps(
    address interestRateStrategy,
    uint256 interestRateBps,
    uint256 assetId,
    uint256 liquidity,
    uint256 drawn,
    uint256 deficit,
    uint256 swept
  ) internal {
    vm.mockCall(
      interestRateStrategy,
      abi.encodeCall(
        IBasicInterestRateStrategy.calculateInterestRate,
        (assetId, liquidity, drawn, deficit, swept)
      ),
      abi.encode(interestRateBps.bpsToRay())
    );
  }

  function _mockInterestRateRay(uint256 interestRateRay) internal {
    _mockInterestRateRay(address(irStrategy), interestRateRay);
  }

  function _mockInterestRateRay(address interestRateStrategy, uint256 interestRateRay) internal {
    vm.mockCall(
      interestRateStrategy,
      IBasicInterestRateStrategy.calculateInterestRate.selector,
      abi.encode(interestRateRay)
    );
  }

  function _mockInterestRateRay(
    uint256 interestRateRay,
    uint256 assetId,
    uint256 liquidity,
    uint256 drawn
  ) internal {
    _mockInterestRateRay(address(irStrategy), interestRateRay, assetId, liquidity, drawn, 0, 0);
  }

  function _mockInterestRateRay(
    address interestRateStrategy,
    uint256 interestRateRay,
    uint256 assetId,
    uint256 liquidity,
    uint256 drawn,
    uint256 deficit,
    uint256 swept
  ) internal {
    vm.mockCall(
      interestRateStrategy,
      abi.encodeCall(
        IBasicInterestRateStrategy.calculateInterestRate,
        (assetId, liquidity, drawn, deficit, swept)
      ),
      abi.encode(interestRateRay)
    );
  }

  function _mockReservePrice(ISpoke spoke, uint256 reserveId, uint256 price) internal {
    require(price > 0, 'mockReservePrice: price must be positive');
    AaveOracle oracle = AaveOracle(spoke.ORACLE());
    address mockPriceFeed = address(
      new MockPriceFeed(oracle.DECIMALS(), oracle.DESCRIPTION(), price)
    );
    vm.prank(address(ADMIN));
    spoke.updateReservePriceSource(reserveId, mockPriceFeed);
  }

  function _mockReservePriceByPercent(
    ISpoke spoke,
    uint256 reserveId,
    uint256 percentage
  ) internal {
    uint256 initialPrice = IPriceOracle(spoke.ORACLE()).getReservePrice(reserveId);
    uint256 newPrice = initialPrice.percentMulDown(percentage);
    _mockReservePrice(spoke, reserveId, newPrice);
  }

  function _deployMockPriceFeed(ISpoke spoke, uint256 price) internal returns (address) {
    AaveOracle oracle = AaveOracle(spoke.ORACLE());
    return address(new MockPriceFeed(oracle.DECIMALS(), oracle.DESCRIPTION(), price));
  }

  function _assertBorrowRateSynced(
    IHub targetHub,
    uint256 assetId,
    string memory operation
  ) internal view {
    IHub.Asset memory asset = targetHub.getAsset(assetId);
    (uint256 drawn, ) = hub1.getAssetOwed(assetId);

    vm.assertEq(
      asset.drawnRate,
      IBasicInterestRateStrategy(asset.irStrategy).calculateInterestRate(
        assetId,
        asset.liquidity,
        drawn,
        asset.deficitRay,
        asset.swept
      ),
      string.concat('base borrow rate after ', operation)
    );
  }

  function _assertHubLiquidity(IHub targetHub, uint256 assetId, string memory label) internal view {
    IHub.Asset memory asset = targetHub.getAsset(assetId);
    uint256 currentHubBalance = IERC20(asset.underlying).balanceOf(address(targetHub));
    assertEq(
      targetHub.getAssetLiquidity(assetId),
      currentHubBalance,
      string.concat('hub liquidity ', label)
    );
  }

  function _assertEventNotEmitted(bytes32 eventSignature) internal {
    Vm.Log[] memory entries = vm.getRecordedLogs();
    for (uint256 i; i < entries.length; i++) {
      assertNotEq(entries[i].topics[0], eventSignature);
    }
    vm.recordLogs();
  }

  function _assertEventsNotEmitted(bytes32 event1Sig, bytes32 event2Sig) internal {
    Vm.Log[] memory entries = vm.getRecordedLogs();
    for (uint256 i; i < entries.length; i++) {
      assertNotEq(entries[i].topics[0], event1Sig);
      assertNotEq(entries[i].topics[0], event2Sig);
    }
    vm.recordLogs();
  }

  function _assertEventsNotEmitted(
    bytes32 event1Sig,
    bytes32 event2Sig,
    bytes32 event3Sig
  ) internal {
    Vm.Log[] memory entries = vm.getRecordedLogs();
    for (uint256 i; i < entries.length; i++) {
      assertNotEq(entries[i].topics[0], event1Sig);
      assertNotEq(entries[i].topics[0], event2Sig);
      assertNotEq(entries[i].topics[0], event3Sig);
    }
    vm.recordLogs();
  }

  function _assertDynamicConfigRefreshEventsNotEmitted() internal {
    _assertEventsNotEmitted(
      ISpoke.RefreshAllUserDynamicConfig.selector,
      ISpoke.RefreshSingleUserDynamicConfig.selector
    );
  }

  // @dev Helper function to get asset position, valid if no time has passed since last action
  function getAssetPosition(
    IHub hub,
    uint256 assetId
  ) internal view returns (AssetPosition memory) {
    IHub.Asset memory assetData = hub.getAsset(assetId);
    (uint256 drawn, uint256 premium) = hub.getAssetOwed(assetId);
    return
      AssetPosition({
        assetId: assetId,
        liquidity: assetData.liquidity,
        addedShares: assetData.addedShares,
        addedAmount: hub.getAddedAssets(assetId) - _calculateBurntInterest(hub, assetId),
        drawnShares: assetData.drawnShares,
        drawn: drawn,
        premiumShares: assetData.premiumShares,
        premiumOffsetRay: assetData.premiumOffsetRay,
        premium: premium,
        lastUpdateTimestamp: assetData.lastUpdateTimestamp.toUint40(),
        drawnIndex: assetData.drawnIndex,
        drawnRate: assetData.drawnRate
      });
  }

  function getSpokePosition(
    ISpoke spoke,
    function(ISpoke) internal view returns (uint256) reserveIdFn
  ) internal view returns (SpokePosition memory) {
    return getSpokePosition(spoke, reserveIdFn(spoke));
  }

  function getSpokePosition(
    ISpoke spoke,
    uint256 reserveId
  ) internal view returns (SpokePosition memory) {
    uint256 assetId = spoke.getReserve(reserveId).assetId;
    IHub.SpokeData memory spokeData = hub1.getSpoke(assetId, address(spoke));
    (uint256 drawn, uint256 premium) = hub1.getSpokeOwed(assetId, address(spoke));
    return
      SpokePosition({
        reserveId: reserveId,
        assetId: assetId,
        addedShares: spokeData.addedShares,
        addedAmount: hub1.getSpokeAddedAssets(assetId, address(spoke)),
        drawnShares: spokeData.drawnShares,
        drawn: drawn,
        premiumShares: spokeData.premiumShares,
        premiumOffsetRay: spokeData.premiumOffsetRay,
        premium: premium
      });
  }

  function _getReserve(ISpoke spoke, uint256 reserveId) internal view returns (Reserve memory) {
    ISpoke.Reserve memory reserve = spoke.getReserve(reserveId);
    return
      Reserve({
        reserveId: reserveId,
        hub: _hub(spoke, reserveId),
        assetId: reserve.assetId,
        decimals: reserve.decimals,
        dynamicConfigKey: reserve.dynamicConfigKey,
        paused: reserve.flags.paused(),
        frozen: reserve.flags.frozen(),
        borrowable: reserve.flags.borrowable(),
        receiveSharesEnabled: reserve.flags.receiveSharesEnabled(),
        collateralRisk: reserve.collateralRisk
      });
  }

  function assertEq(SpokePosition memory a, AssetPosition memory b) internal pure {
    assertEq(a.assetId, b.assetId, 'assetId');
    assertEq(a.addedShares, b.addedShares, 'addedShares');
    assertEq(a.addedAmount, b.addedAmount, 'addedAmount');
    assertEq(a.drawnShares, b.drawnShares, 'drawnShares');
    assertEq(a.drawn, b.drawn, 'drawnDebt');
    assertEq(a.premiumShares, b.premiumShares, 'premiumShares');
    assertEq(a.premiumOffsetRay, b.premiumOffsetRay, 'premiumOffsetRay');
    assertEq(a.premium, b.premium, 'premium');
  }

  function assertEq(SpokePosition memory a, SpokePosition memory b) internal pure {
    assertEq(a.reserveId, b.reserveId, 'reserveId');
    assertEq(a.assetId, b.assetId, 'assetId');
    assertEq(a.addedShares, b.addedShares, 'addedShares');
    assertEq(a.addedAmount, b.addedAmount, 'addedAmount');
    assertEq(a.drawnShares, b.drawnShares, 'drawnShares');
    assertEq(a.drawn, b.drawn, 'drawn');
    assertEq(a.premiumShares, b.premiumShares, 'premiumShares');
    assertEq(a.premiumOffsetRay, b.premiumOffsetRay, 'premiumOffsetRay');
    assertEq(a.premium, b.premium, 'premium');
    assertEq(abi.encode(a), abi.encode(b)); // sanity check
  }

  modifier pausePrank() {
    (VmSafe.CallerMode callerMode, address msgSender, address txOrigin) = vm.readCallers();
    if (callerMode == VmSafe.CallerMode.RecurrentPrank) vm.stopPrank();
    _;
    if (callerMode == VmSafe.CallerMode.RecurrentPrank) vm.startPrank(msgSender, txOrigin);
  }

  function makeEntity(string memory id, bytes32 key) internal returns (address) {
    return makeAddr(string.concat(id, '-', vm.toString(uint256(key))));
  }

  function makeUser(uint256 i) internal returns (address) {
    return makeEntity('user', bytes32(i));
  }

  function makeUser() internal returns (address) {
    return makeEntity('user', vm.randomBytes8());
  }

  function makeSpoke() internal returns (address) {
    return makeEntity('spoke', vm.randomBytes8());
  }

  function _getTypedDataHash(
    TestnetERC20 token,
    EIP712Types.Permit memory permit
  ) internal view returns (bytes32) {
    return
      keccak256(
        abi.encodePacked(
          '\x19\x01',
          token.DOMAIN_SEPARATOR(),
          vm.eip712HashStruct('Permit', abi.encode(permit))
        )
      );
  }

  function _getTypedDataHash(
    ISpoke spoke,
    EIP712Types.SetUserPositionManager memory setUserPositionManager
  ) internal view returns (bytes32) {
    return
      keccak256(
        abi.encodePacked(
          '\x19\x01',
          spoke.DOMAIN_SEPARATOR(),
          vm.eip712HashStruct('SetUserPositionManager', abi.encode(setUserPositionManager))
        )
      );
  }

  /**
   * @dev Warps after to a random time after a randomly generated deadline.
   * @return The randomly generated deadline.
   */
  function _warpAfterRandomDeadline() internal returns (uint256) {
    uint256 deadline = vm.randomUint(0, MAX_SKIP_TIME - 1);
    vm.warp(vm.randomUint(deadline + 1, MAX_SKIP_TIME));
    return deadline;
  }

  /**
   * @dev Warps to a random time before a randomly generated deadline.
   * @return The randomly generated deadline.
   */
  function _warpBeforeRandomDeadline() internal returns (uint256) {
    uint256 deadline = vm.randomUint(1, MAX_SKIP_TIME);
    vm.warp(vm.randomUint(0, deadline - 1));
    return deadline;
  }

  /**
   * @dev Burns random nonces from 1 at the specified key lifetime.
   */
  function _burnRandomNoncesAtKey(
    INoncesKeyed verifier,
    address user,
    uint192 key
  ) internal returns (uint256) {
    uint256 currentKeyNonce = verifier.nonces(user, key);
    (, uint64 nonce) = _unpackNonce(currentKeyNonce);

    uint64 toBurn = vm.randomUint(1, 100).toUint64();
    for (uint256 i; i < toBurn; ++i) {
      vm.prank(user);
      verifier.useNonce(key);
    }
    uint256 newKeyNonce = _packNonce(key, nonce + toBurn);

    // doesn't work because of the assumption in StdStorage.checkSlotMutatesCall :(
    // stdstore
    //   .target(verifier)
    //   .sig(INoncesKeyed.nonces.selector)
    //   .with_key(user)
    //   .with_key(key)
    //   .checked_write(newNonce);

    assertEq(verifier.nonces(user, key), newKeyNonce);
    return newKeyNonce;
  }

  function _burnRandomNoncesAtKey(INoncesKeyed verifier, address user) internal returns (uint256) {
    return _burnRandomNoncesAtKey(verifier, user, _randomNonceKey());
  }

  function _getRandomInvalidNonceAtKey(
    INoncesKeyed verifier,
    address user,
    uint192 key
  ) internal returns (uint256) {
    (uint192 currentKey, uint64 currentNonce) = _unpackNonce(verifier.nonces(user, key));
    assertEq(currentKey, key);
    uint64 nonce = _randomNonce();
    while (currentNonce == nonce) nonce = _randomNonce();
    return _packNonce(key, nonce);
  }

  function _assertNonceIncrement(
    INoncesKeyed verifier,
    address who,
    uint256 prevKeyNonce
  ) internal view {
    (uint192 nonceKey, uint64 nonce) = _unpackNonce(prevKeyNonce);
    // prettier-ignore
    unchecked { ++nonce; }
    assertEq(verifier.nonces(who, nonceKey), _packNonce(nonceKey, nonce));
  }

  /// @dev Pack key and nonce into a keyNonce
  function _packNonce(uint192 key, uint64 nonce) internal pure returns (uint256) {
    return (uint256(key) << 64) | nonce;
  }

  /// @dev Unpack a keyNonce into its key and nonce components
  function _unpackNonce(uint256 keyNonce) internal pure returns (uint192 key, uint64 nonce) {
    return (uint192(keyNonce >> 64), uint64(keyNonce));
  }

  function _bpsToRay(uint256 bps) internal pure returns (uint256) {
    return (bps * WadRayMath.RAY) / PercentageMath.PERCENTAGE_FACTOR;
  }

  /// @dev Calculate expected fees based on previous drawn index
  function _calcUnrealizedFees(IHub hub, uint256 assetId) internal view returns (uint256) {
    IHub.Asset memory asset = hub.getAsset(assetId);
    uint256 previousIndex = asset.drawnIndex;
    uint256 drawnIndex = asset.drawnIndex.rayMulUp(
      MathUtils.calculateLinearInterest(asset.drawnRate, uint40(asset.lastUpdateTimestamp))
    );

    uint256 aggregatedOwedRayAfter = (((uint256(asset.drawnShares) + asset.premiumShares) *
      drawnIndex).toInt256() - asset.premiumOffsetRay).toUint256() + asset.deficitRay;
    uint256 aggregatedOwedRayBefore = (((uint256(asset.drawnShares) + asset.premiumShares) *
      previousIndex).toInt256() - asset.premiumOffsetRay).toUint256() + asset.deficitRay;

    return
      (aggregatedOwedRayAfter.fromRayUp() - aggregatedOwedRayBefore.fromRayUp()).percentMulDown(
        asset.liquidityFee
      );
  }

  function _getExpectedFeeReceiverAddedAssets(
    IHub hub,
    uint256 assetId
  ) internal view returns (uint256) {
    uint256 expectedFees = hub.getAsset(assetId).realizedFees + _calcUnrealizedFees(hub, assetId);
    assertEq(expectedFees, hub.getAssetAccruedFees(assetId), 'asset accrued fees');
    return hub.getSpokeAddedAssets(assetId, hub.getAsset(assetId).feeReceiver) + expectedFees;
  }

  function _getAddedAssetsWithFees(IHub hub, uint256 assetId) internal view returns (uint256) {
    return
      hub.getAddedAssets(assetId) +
      hub.getAsset(assetId).realizedFees +
      _calcUnrealizedFees(hub, assetId);
  }
}

15% tests/Constants.sol

Lines covered: 2 / 13 (15%)

// SPDX-License-Identifier: UNLICENSED
// Copyright (c) 2025 Aave Labs
pragma solidity ^0.8.0;

library Constants {
  /// @dev Hub Constants
  uint8 public constant MAX_ALLOWED_UNDERLYING_DECIMALS = 18;
  uint8 public constant MIN_ALLOWED_UNDERLYING_DECIMALS = 6;
  uint40 public constant MAX_ALLOWED_SPOKE_CAP = type(uint40).max;
  uint24 public constant MAX_RISK_PREMIUM_THRESHOLD = type(uint24).max; // 167772.15%

  /// @dev Spoke Constants
  uint8 public constant ORACLE_DECIMALS = 8;
  uint64 public constant HEALTH_FACTOR_LIQUIDATION_THRESHOLD = 1e18;
  uint256 public constant DUST_LIQUIDATION_THRESHOLD = 1000e26;
  uint24 public constant MAX_ALLOWED_COLLATERAL_RISK = 1000_00; // 1000.00%
  uint256 public constant MAX_ALLOWED_DYNAMIC_CONFIG_KEY = type(uint24).max;
  bytes32 public constant SET_USER_POSITION_MANAGER_TYPEHASH =
    // keccak256('SetUserPositionManager(address positionManager,address user,bool approve,uint256 nonce,uint256 deadline)')
    0x758d23a3c07218b7ea0b4f7f63903c4e9d5cbde72d3bcfe3e9896639025a0214;
  uint256 public constant MAX_ALLOWED_ASSET_ID = type(uint16).max;
}

66% tests/mocks/MockPriceFeed.sol

Lines covered: 10 / 15 (66%)

// SPDX-License-Identifier: UNLICENSED
// Copyright (c) 2025 Aave Labs
pragma solidity ^0.8.0;

import {AggregatorV3Interface} from 'src/dependencies/chainlink/AggregatorV3Interface.sol';

contract MockPriceFeed is AggregatorV3Interface {
  uint8 public immutable override decimals;
  string public override description;

  int256 private immutable _price;

  error OperationNotSupported();

  constructor(uint8 decimals_, string memory description_, uint256 price_) {
    decimals = decimals_;
    description = description_;
    _price = int256(price_);
  }

  function version() external pure override returns (uint256) {
    return 1;
  }

  function getRoundData(
    uint80
  ) external pure override returns (uint80, int256, uint256, uint256, uint80) {
    revert OperationNotSupported();
  }

  function latestRoundData()
    external
    view
    virtual
    override
    returns (
      uint80 roundId,
      int256 answer,
      uint256 startedAt,
      uint256 updatedAt,
      uint80 answeredInRound
    )
  {
    roundId = uint80(block.timestamp);
    answer = _price;
    startedAt = block.timestamp;
    updatedAt = block.timestamp;
    answeredInRound = roundId;
  }
}

33% tests/mocks/TestnetERC20.sol

Lines covered: 12 / 36 (33%)

// SPDX-License-Identifier: UNLICENSED
// Copyright (c) 2025 Aave Labs
pragma solidity ^0.8.0;

import {ERC20} from 'src/dependencies/openzeppelin/ERC20.sol';
import {IERC20Permit} from 'src/dependencies/openzeppelin/IERC20Permit.sol';

/**
 * @title TestnetERC20
 * @dev ERC20 minting logic
 */
contract TestnetERC20 is IERC20Permit, ERC20 {
  bytes public constant EIP712_REVISION = bytes('1');
  bytes32 internal constant EIP712_DOMAIN =
    keccak256('EIP712Domain(string name,string version,uint256 chainId,address verifyingContract)');
  bytes32 public constant PERMIT_TYPEHASH =
    keccak256('Permit(address owner,address spender,uint256 value,uint256 nonce,uint256 deadline)');

  // Map of address nonces (address => nonce)
  mapping(address => uint256) internal _nonces;

  bytes32 public DOMAIN_SEPARATOR;

  uint8 private _decimals;

  constructor(string memory name_, string memory symbol_, uint8 decimals_) ERC20(name_, symbol_) {
    uint256 chainId = block.chainid;

    DOMAIN_SEPARATOR = keccak256(
      abi.encode(
        EIP712_DOMAIN,
        keccak256(bytes(name_)),
        keccak256(EIP712_REVISION),
        chainId,
        address(this)
      )
    );
    _setupDecimals(decimals_);
  }

  /// @inheritdoc IERC20Permit
  function permit(
    address owner,
    address spender,
    uint256 value,
    uint256 deadline,
    uint8 v,
    bytes32 r,
    bytes32 s
  ) external override {
    require(owner != address(0), 'INVALID_OWNER');
    //solium-disable-next-line
    require(block.timestamp <= deadline, 'INVALID_EXPIRATION');
    uint256 currentValidNonce = _nonces[owner];
    bytes32 digest = keccak256(
      abi.encodePacked(
        '\x19\x01',
        DOMAIN_SEPARATOR,
        keccak256(abi.encode(PERMIT_TYPEHASH, owner, spender, value, currentValidNonce, deadline))
      )
    );
    require(owner == ecrecover(digest, v, r, s), 'INVALID_SIGNATURE');
    _nonces[owner] = currentValidNonce + 1;
    _approve(owner, spender, value);
  }

  /**
   * @dev Function to mint tokens
   * @param value The amount of tokens to mint.
   * @return A boolean that indicates if the operation was successful.
   */
  function mint(uint256 value) public virtual returns (bool) {
    _mint(_msgSender(), value);
    return true;
  }

  /**
   * @dev Function to mint tokens to address
   * @param account The account to mint tokens.
   * @param value The amount of tokens to mint.
   * @return A boolean that indicates if the operation was successful.
   */
  function mint(address account, uint256 value) public virtual returns (bool) {
    _mint(account, value);
    return true;
  }

  function nonces(address owner) public view returns (uint256) {
    return _nonces[owner];
  }

  function decimals() public view virtual override returns (uint8) {
    return _decimals;
  }

  /**
   * @dev Sets {decimals} to a value other than the default one of 18.
   *
   * WARNING: This function should only be called from the constructor. Most
   * applications that interact with token contracts will not expect
   * {decimals} to ever change, and may work incorrectly if it does.
   */
  function _setupDecimals(uint8 decimals_) internal {
    _decimals = decimals_;
  }
}

100% tests/recon/BeforeAfter.sol

Lines covered: 32 / 32 (100%)

// SPDX-License-Identifier: GPL-2.0
pragma solidity ^0.8.0;

import {Setup} from "./Setup.sol";
import {ISpoke} from "src/spoke/interfaces/ISpoke.sol";
import {LiquidationLogic} from "src/spoke/libraries/LiquidationLogic.sol";


// ghost variables for tracking state variable values before and after function calls
abstract contract BeforeAfter is Setup {
    enum Operation {
        None,
        SetPrice
    }

    struct Vars {
        bool isAnyUserLiquidatable;
        Operation operation;
    }

    Vars internal _before;
    Vars internal _after;

    mapping(uint256 assetId => uint256 maxDrawnIndexSeen) internal ghost_maxDrawnIndexSeen;
    mapping(uint256 assetId => uint256 maxSupplySharePriceAssetsSeen) internal ghost_maxSupplySharePriceAssetsSeen;
    mapping(uint256 assetId => uint256 maxSupplySharePriceSharesSeen) internal ghost_maxSupplySharePriceSharesSeen;

    /// === MODIFIERS === ///
    /// Prank admin and actor
    
    modifier asAdmin {
        vm.startPrank(ADMIN);
        __before();
        _;
        __after();
        vm.stopPrank();
    }

    modifier asActor {
        vm.startPrank(address(_getActor()));
        __before();
        _;
        __after();
        vm.stopPrank();
    }

    function __before() internal {
        __snapshot(_before);
    }

    function __after() internal {
        __snapshot(_after);
    }

    function __snapshot(Vars storage vars) internal {
        vars.isAnyUserLiquidatable = false;
        vars.operation = Operation.None;

        address[] memory actors = _getActors();
        for(uint256 i = 0; i < actors.length; i++) {
            address actor = actors[i];
            ISpoke.UserAccountData memory actorAccountData = iSpoke.getUserAccountData(actor);
            vars.isAnyUserLiquidatable = vars.isAnyUserLiquidatable || (actorAccountData.healthFactor < LiquidationLogic.HEALTH_FACTOR_LIQUIDATION_THRESHOLD);
        }
    }

    function _updateMonotonicGhosts(uint256 assetId) internal {
        uint256 currentDrawnIndex = iHub.getAssetDrawnIndex(assetId);
        if (currentDrawnIndex > ghost_maxDrawnIndexSeen[assetId]) {
            ghost_maxDrawnIndexSeen[assetId] = currentDrawnIndex;
        }

        uint256 addedShares = iHub.getAddedShares(assetId);
        if (addedShares > 0) {
            uint256 addedAssets = iHub.getAddedAssets(assetId);
            uint256 maxAssets = ghost_maxSupplySharePriceAssetsSeen[assetId];
            uint256 maxShares = ghost_maxSupplySharePriceSharesSeen[assetId];
            if (maxShares == 0 || maxAssets * addedShares <= addedAssets * maxShares) {
                ghost_maxSupplySharePriceAssetsSeen[assetId] = addedAssets;
                ghost_maxSupplySharePriceSharesSeen[assetId] = addedShares;
            }
        }
    }
}

100% tests/recon/CryticTester.sol

Lines covered: 2 / 2 (100%)

// SPDX-License-Identifier: GPL-2.0
pragma solidity ^0.8.0;

import {CryticAsserts} from "@chimera/CryticAsserts.sol";

import {TargetFunctions} from "./TargetFunctions.sol";

// echidna tests/recon/CryticTester.sol --contract CryticTester --config echidna.yaml --format text --workers 32 --test-limit 1000000000
// medusa fuzz
contract CryticTester is TargetFunctions, CryticAsserts {
    constructor() payable {
        setup();
    }
}

97% tests/recon/Properties.sol

Lines covered: 141 / 144 (97%)

// SPDX-License-Identifier: GPL-2.0
pragma solidity ^0.8.0;

import {Asserts} from "@chimera/Asserts.sol";
import {BeforeAfter} from "./BeforeAfter.sol";

/// @notice Invariants are written to support both Echidna property mode (bool) and optimization mode (int256).
/// @dev Default is property mode; to switch, run:
///      `sed -i '' -e 's/OPTIMIZATION_MODE = false/OPTIMIZATION_MODE = true/' -e 's/public returns (bool)/public returns (int256 maxViolation)/g' -e 's/return maxViolation <= 0;/return maxViolation;/g' tests/recon/Properties.sol`
///      This keeps the same invariant logic but changes the return type and value so fuzzers can optimize on a
///      signed percentage target where <= 0 is success and > 0 is a violation, while skipping assertions.
abstract contract Properties is BeforeAfter, Asserts {
    int256 internal constant PERCENT = int256(1e18);
    bool internal constant OPTIMIZATION_MODE = false;

    /// @dev Avoids Low likelihood scenarios in Audit Contest
    uint256 internal constant MIN_TOTAL_SUPPLIED = 1e6;

    string constant ASSERTION_LIQUIDATION_CALL_DOS = "!!! iSpoke_liquidationCall DoS";
    string constant ASSERTION_REPAY_DOS = "!!! iSpoke_repay DoS";
    string constant ASSERTION_SUPPLY_DOS = "!!! iSpoke_supply DoS";
    string constant ASSERTION_WITHDRAW_DOS = "!!! iSpoke_withdraw DoS";
    string constant ASSERTION_MINT_FEE_SHARES_PPS_CHANGE = "!!! iHub_mintFeeShares PPS change";
    string constant ASSERTION_CANARY = "!!! canary assertion";

    /// @dev Avoids invalidated issues by only implementing pre-vetted list of Audit Contest invariants
    /// @dev Reference https://audits.sherlock.xyz/contests/1209
    string constant INVARIANT_1_TOTAL_BORROWED_LESS_THAN_SUPPLIED_V0 =
        "Invariant 1: Total borrowed assets <= total supplied assets (v0)";
    string constant INVARIANT_1_TOTAL_BORROWED_LESS_THAN_SUPPLIED_V1 =
        "Invariant 1: Total borrowed assets <= total supplied assets (v1)";
    string constant INVARIANT_1_TOTAL_BORROWED_LESS_THAN_SUPPLIED_V2 =
        "Invariant 1: Total borrowed assets <= total supplied assets (v2)";
    string constant INVARIANT_2_TOTAL_BORROWED_SHARES_MATCHES_SPOKE_SUM =
        "Invariant 2: Total borrowed shares == sum of Spoke debt shares";
    string constant INVARIANT_3_HUB_ADDED_ASSETS_GREATER_THAN_SPOKE_SUM =
        "Invariant 3: Hub added assets >= sum of Spoke added assets (converted from shares)";
    string constant INVARIANT_4_HUB_ADDED_SHARES_MATCHES_SPOKE_SUM =
        "Invariant 4: Hub added shares == sum of Spoke added shares";
    string constant INVARIANT_5_SUPPLY_SHARE_PRICE_AND_DRAWN_INDEX_MONOTONIC =
        "Invariant 5: Supply share price and drawn index cannot decrease";

    /// @dev Add extra 'Holy grail' property
    string constant INVARIANT_HOLY_GRAIL_SHOULD_NOT_BECOME_LIQUIDATABLE =
        "Holy grail: Users should not become liquidatable except by price change";
    string constant INVARIANT_CANARY_GLOBAL_INVARIANT_FAILURE = "Canary invariant";

    function _relativeDiff(int256 diff, uint256 denom) internal pure returns (int256) {
        if (denom == 0) {
            if (diff == 0) {
                return 0;
            }
            return diff > 0 ? type(int256).max : type(int256).min;
        }
        return (diff * PERCENT) / int256(denom);
    }

    function _abs(int256 value) internal pure returns (int256) {
        return value < 0 ? -value : value;
    }

    /// @notice Invariant 1: Total borrowed assets <= total supplied assets (v0)
    /// @dev Uses definition assumed by the auditors
    function invariant_totalBorrowedLessThanSupplied_v0() public returns (bool) {
        uint256 assetCount = iHub.getAssetCount();
        int256 maxViolation = type(int256).min;

        for (uint256 i = 0; i < assetCount; i++) {
            uint256 totalBorrowed = iHub.getAssetTotalOwed(i);
            uint256 totalSupplied = iHub.getAddedShares(i);

            int256 diff = totalBorrowed >= totalSupplied
                ? int256(totalBorrowed - totalSupplied)
                : -int256(totalSupplied - totalBorrowed);
            int256 relativeDiff = _relativeDiff(diff, totalSupplied);
            if (relativeDiff > maxViolation) {
                maxViolation = relativeDiff;
            }
        }
        if (!OPTIMIZATION_MODE) {
            t(maxViolation <= 0, INVARIANT_1_TOTAL_BORROWED_LESS_THAN_SUPPLIED_V0);
        }
        return maxViolation <= 0;
    }

    /// @notice Invariant 1: Total borrowed assets <= total supplied assets (v1)
    /// @dev Uses definition provided by the protocol team
    function invariant_totalBorrowedLessThanSupplied_v1() public returns (bool) {
        uint256 assetCount = iHub.getAssetCount();
        int256 maxViolation = type(int256).min;

        for (uint256 i = 0; i < assetCount; i++) {
            uint256 totalBorrowed = iHub.getAssetTotalOwed(i);
            uint256 totalSupplied = iHub.previewRemoveByShares(i, iHub.getAddedShares(i)) + iHub.getAssetAccruedFees(i);

            if (totalSupplied <= MIN_TOTAL_SUPPLIED) {
                continue;
            }

            int256 diff = totalBorrowed >= totalSupplied
                ? int256(totalBorrowed - totalSupplied)
                : -int256(totalSupplied - totalBorrowed);
            int256 relativeDiff = _relativeDiff(diff, totalSupplied);
            if (relativeDiff > maxViolation) {
                maxViolation = relativeDiff;
            }
        }
        if (!OPTIMIZATION_MODE) {
            t(maxViolation <= 0, INVARIANT_1_TOTAL_BORROWED_LESS_THAN_SUPPLIED_V1);
        }
        return maxViolation <= 0;
    }

    /// @notice Invariant 1: Total borrowed assets <= total supplied assets (v2)
    /// @dev Uses definition provided by the protocol team with auditors fix
    function invariant_totalBorrowedLessThanSupplied_v2() public returns (bool) {
        uint256 assetCount = iHub.getAssetCount();
        int256 maxViolation = type(int256).min;

        for (uint256 i = 0; i < assetCount; i++) {
            uint256 totalBorrowed = iHub.getAssetTotalOwed(i);
            uint256 totalSupplied = iHub.getAddedAssets(i) + iHub.getAssetAccruedFees(i);

            if (totalSupplied <= MIN_TOTAL_SUPPLIED) {
                continue;
            }

            int256 diff = totalBorrowed >= totalSupplied
                ? int256(totalBorrowed - totalSupplied)
                : -int256(totalSupplied - totalBorrowed);
            int256 relativeDiff = _relativeDiff(diff, totalSupplied);
            if (relativeDiff > maxViolation) {
                maxViolation = relativeDiff;
            }
        }
        if (!OPTIMIZATION_MODE) {
            t(maxViolation <= 0, INVARIANT_1_TOTAL_BORROWED_LESS_THAN_SUPPLIED_V2);
        }
        return maxViolation <= 0;
    }

    /// @notice Invariant 2: Total borrowed shares == sum of Spoke debt shares
    function invariant_totalBorrowedSharesMatchesSpokeSum() public returns (bool) {
        uint256 assetCount = iHub.getAssetCount();
        int256 maxViolation = type(int256).min;

        for (uint256 i = 0; i < assetCount; i++) {
            uint256 hubDrawnShares = iHub.getAssetDrawnShares(i);
            uint256 spokesCount = iHub.getSpokeCount(i);

            uint256 sumSpokeDrawnShares = 0;
            for (uint256 j = 0; j < spokesCount; j++) {
                address spoke = iHub.getSpokeAddress(i, j);
                sumSpokeDrawnShares += iHub.getSpokeDrawnShares(i, spoke);
            }

            int256 diff = hubDrawnShares >= sumSpokeDrawnShares
                ? int256(hubDrawnShares - sumSpokeDrawnShares)
                : -int256(sumSpokeDrawnShares - hubDrawnShares);
            int256 relativeDiff = _relativeDiff(_abs(diff), sumSpokeDrawnShares);
            if (relativeDiff > maxViolation) {
                maxViolation = relativeDiff;
            }
        }
        if (!OPTIMIZATION_MODE) {
            t(maxViolation <= 0, INVARIANT_2_TOTAL_BORROWED_SHARES_MATCHES_SPOKE_SUM);
        }
        return maxViolation <= 0;
    }

    /// @notice Invariant 3: Hub added assets >= sum of Spoke added assets (converted from shares)
    function invariant_hubAddedAssetsGreaterThanSpokeSum() public returns (bool) {
        uint256 assetCount = iHub.getAssetCount();
        int256 maxViolation = type(int256).min;

        for (uint256 i = 0; i < assetCount; i++) {
            uint256 addedShares = iHub.getAddedShares(i);
            uint256 hubAddedAssets = iHub.previewRemoveByShares(i, addedShares);
            uint256 spokesCount = iHub.getSpokeCount(i);

            uint256 sumSpokeAddedAssets = 0;
            for (uint256 j = 0; j < spokesCount; j++) {
                address spoke = iHub.getSpokeAddress(i, j);
                sumSpokeAddedAssets += iHub.getSpokeAddedAssets(i, spoke);
            }

            int256 diff = sumSpokeAddedAssets >= hubAddedAssets
                ? int256(sumSpokeAddedAssets - hubAddedAssets)
                : -int256(hubAddedAssets - sumSpokeAddedAssets);
            int256 relativeDiff = _relativeDiff(diff, sumSpokeAddedAssets);
            if (relativeDiff > maxViolation) {
                maxViolation = relativeDiff;
            }
        }
        if (!OPTIMIZATION_MODE) {
            t(maxViolation <= 0, INVARIANT_3_HUB_ADDED_ASSETS_GREATER_THAN_SPOKE_SUM);
        }
        return maxViolation <= 0;
    }

    /// @notice Invariant 4: Hub added shares == sum of Spoke added shares
    function invariant_hubAddedSharesMatchesSpokeSum() public returns (bool) {
        uint256 assetCount = iHub.getAssetCount();
        int256 maxViolation = type(int256).min;

        for (uint256 i = 0; i < assetCount; i++) {
            uint256 hubAddedShares = iHub.getAddedShares(i);
            uint256 spokesCount = iHub.getSpokeCount(i);

            uint256 sumSpokeAddedShares = 0;
            for (uint256 j = 0; j < spokesCount; j++) {
                address spoke = iHub.getSpokeAddress(i, j);
                sumSpokeAddedShares += iHub.getSpokeAddedShares(i, spoke);
            }

            int256 diff = hubAddedShares >= sumSpokeAddedShares
                ? int256(hubAddedShares - sumSpokeAddedShares)
                : -int256(sumSpokeAddedShares - hubAddedShares);
            int256 relativeDiff = _relativeDiff(_abs(diff), sumSpokeAddedShares);
            if (relativeDiff > maxViolation) {
                maxViolation = relativeDiff;
            }
        }
        if (!OPTIMIZATION_MODE) {
            t(maxViolation <= 0, INVARIANT_4_HUB_ADDED_SHARES_MATCHES_SPOKE_SUM);
        }
        return maxViolation <= 0;
    }

    /// @notice Invariant 5: Supply share price and drawn index cannot decrease
    function invariant_supplySharePriceAndDrawnIndexMonotonic() public returns (bool) {
        uint256 assetCount = iHub.getAssetCount();
        int256 maxViolation = type(int256).min;

        for (uint256 i = 0; i < assetCount; i++) {
            uint256 currentDrawnIndex = iHub.getAssetDrawnIndex(i);
            uint256 maxDrawnIndexSeen = ghost_maxDrawnIndexSeen[i];

            if (maxDrawnIndexSeen > 0) {
                int256 diff = currentDrawnIndex >= maxDrawnIndexSeen
                    ? -int256(currentDrawnIndex - maxDrawnIndexSeen)
                    : int256(maxDrawnIndexSeen - currentDrawnIndex);
                int256 relativeDiff = _relativeDiff(diff, maxDrawnIndexSeen);
                if (relativeDiff > maxViolation) {
                    maxViolation = relativeDiff;
                }
            }

            uint256 addedShares = iHub.getAddedShares(i);
            if (addedShares > 0) {
                uint256 addedAssets = iHub.getAddedAssets(i);
                uint256 maxAssets = ghost_maxSupplySharePriceAssetsSeen[i];
                uint256 maxShares = ghost_maxSupplySharePriceSharesSeen[i];

                if (maxShares > 0) {
                    uint256 lhs = addedAssets * maxShares;
                    uint256 rhs = maxAssets * addedShares;
                    int256 diff = lhs >= rhs ? -int256(lhs - rhs) : int256(rhs - lhs);
                    int256 relativeDiff = _relativeDiff(diff, rhs);
                    if (relativeDiff > maxViolation) {
                        maxViolation = relativeDiff;
                    }
                }
            }

            _updateMonotonicGhosts(i);
        }
        if (!OPTIMIZATION_MODE) {
            t(maxViolation <= 0, INVARIANT_5_SUPPLY_SHARE_PRICE_AND_DRAWN_INDEX_MONOTONIC);
        }
        return maxViolation <= 0;
    }

    /// @dev Reference https://www.certora.com/blog/the-holy-grail
    function invariant_shouldNotBecomeLiquidatable() public returns (bool) {
        int256 maxViolation = type(int256).min;
        if (_after.operation != Operation.SetPrice) {
            int256 diff = (_before.isAnyUserLiquidatable || !_after.isAnyUserLiquidatable) ? int256(0) : PERCENT;
            if (diff > maxViolation) {
                maxViolation = diff;
            }
        }
        if (!OPTIMIZATION_MODE) {
            t(maxViolation <= 0, INVARIANT_HOLY_GRAIL_SHOULD_NOT_BECOME_LIQUIDATABLE);
        }
        return maxViolation <= 0;
    }

    /// @dev Canary assertion helper. A failing input is expected to be discovered during fuzzing.
    function assert_canary_ASSERTION_CANARY(uint256 entropy) public {
        t(entropy > 0, ASSERTION_CANARY);
    }

    /// @dev Canary global invariant expected to fail immediately.
    function invariant_canary() public returns (bool) {
        int256 maxViolation = PERCENT;
        if (!OPTIMIZATION_MODE) {
            t(maxViolation <= 0, INVARIANT_CANARY_GLOBAL_INVARIANT_FAILURE);
        }
        return maxViolation <= 0;
    }
}

100% tests/recon/Setup.sol

Lines covered: 29 / 29 (100%)

// SPDX-License-Identifier: GPL-2.0
pragma solidity ^0.8.0;

// Chimera deps
import {BaseSetup} from "@chimera/BaseSetup.sol";
import {vm} from "@chimera/Hevm.sol";

// Managers
import {ActorManager} from "@recon/ActorManager.sol";
import {AssetManager} from "@recon/AssetManager.sol";

// Helpers
import {Utils as ReconUtils} from "@recon/Utils.sol";

// Your deps
import "src/spoke/interfaces/IAaveOracle.sol";
import "src/hub/interfaces/IHub.sol";
import "src/spoke/interfaces/ISpoke.sol";

import "tests/Base.t.sol";

abstract contract Setup is BaseSetup, ActorManager, AssetManager, ReconUtils, Base {
    mapping(address underlying => uint256 maxAmount) internal _maxByUnderlying;

    IAaveOracle iAaveOracle;
    IHub iHub;
    ISpoke iSpoke;
    
    /// === Setup === ///
    /// This contains all calls to be performed in the tester constructor, both for Echidna and Foundry
    function setup() internal virtual override {
        deployFixtures();
        initEnvironment();

        iAaveOracle = oracle1;
        iHub = hub1;
        iSpoke = spoke1;

        _addAsset(address(tokenList.weth));
        _maxByUnderlying[address(tokenList.weth)] = 10e3 * 10 ** tokenList.weth.decimals();
        _addAsset(address(tokenList.usdx));
        _maxByUnderlying[address(tokenList.usdx)] = 100e3 * 10 ** tokenList.usdx.decimals();
        _addAsset(address(tokenList.dai));
        _maxByUnderlying[address(tokenList.dai)] = 100e3 * 10 ** tokenList.dai.decimals();
        _addAsset(address(tokenList.wbtc));
        _maxByUnderlying[address(tokenList.wbtc)] = 10e3 * 10 ** tokenList.wbtc.decimals();
        _addAsset(address(tokenList.usdy));
        _maxByUnderlying[address(tokenList.usdy)] = 100e3 * 10 ** tokenList.usdy.decimals();
        _addAsset(address(tokenList.usdz));
        _maxByUnderlying[address(tokenList.usdz)] = 100e3 * 10 ** tokenList.usdz.decimals();

        _switchAsset(0);

        _addActor(alice);
        _addActor(bob);
        _addActor(LIQUIDATOR);

        _switchActor(0);
    }

    /// === HELPERS === ///
    /// Get the max amount for a given reserve based on its underlying token decimals (avoids Low likelihood scenarios in Audit Contest)
    function _max(uint256 reserveId) internal view returns (uint256) {
        ISpoke.Reserve memory reserve = iSpoke.getReserve(reserveId);
        address underlying = reserve.underlying;
        uint256 maxAmount = _maxByUnderlying[underlying];
        require(maxAmount > 0, "Max not set for underlying");
        return maxAmount;
    }
}

100% tests/recon/targets/IAaveOracleTargets.sol

Lines covered: 17 / 17 (100%)

// SPDX-License-Identifier: GPL-2.0
pragma solidity ^0.8.0;

import {BaseTargetFunctions} from "@chimera/BaseTargetFunctions.sol";
import {BeforeAfter} from "../BeforeAfter.sol";
import {Properties} from "../Properties.sol";
// Chimera deps
import {vm} from "@chimera/Hevm.sol";

// Helpers
import {Panic} from "@recon/Panic.sol";

import "src/spoke/interfaces/IAaveOracle.sol";
import "src/dependencies/chainlink/AggregatorV3Interface.sol";
import "src/spoke/AaveOracle.sol";
import "tests/mocks/MockPriceFeed.sol";

abstract contract IAaveOracleTargets is
    BaseTargetFunctions,
    Properties
{
    /// Price can change by up to 100x or 1/100x (avoids Low likelihood scenarios in Audit Contest)
    uint256 private constant MAX_PRICE_CHANGE_FACTOR = 100;
    mapping(uint256 reserveId => uint256 originalPrice) private _originalPrices;
    /// CUSTOM TARGET FUNCTIONS - Add your own target functions here ///


    /// AUTO GENERATED TARGET FUNCTIONS - WARNING: DO NOT DELETE OR MODIFY THIS LINE ///

    function iAaveOracle_setReserveSource(uint256 reserveId, address source) private asActor {
        iAaveOracle.setReserveSource(reserveId, source);
    }

    function iAaveOracle_setPrice(uint256 reserveId, uint256 price) public asAdmin {
        uint256 reserveCount = iSpoke.getReserveCount();
        require(reserveCount > 0);

        reserveId = between(reserveId, 0, reserveCount - 1);

        uint256 basePrice = _getOriginalPrice(reserveId);

        price = between(price, basePrice / MAX_PRICE_CHANGE_FACTOR, basePrice * MAX_PRICE_CHANGE_FACTOR);
        AaveOracle oracle = AaveOracle(iSpoke.ORACLE());
        address mockPriceFeed = address(
            new MockPriceFeed(oracle.DECIMALS(), oracle.DESCRIPTION(), price)
        );
        iSpoke.updateReservePriceSource(reserveId, mockPriceFeed);
        _after.operation = Operation.SetPrice;
    }

    function _getOriginalPrice(uint256 reserveId) private returns (uint256 originalPrice) {
        originalPrice = _originalPrices[reserveId];
        if (originalPrice == 0) {
            (, int256 answer,,,) = AggregatorV3Interface(iAaveOracle.getReserveSource(reserveId)).latestRoundData();
            originalPrice = uint256(answer);
            _originalPrices[reserveId] = originalPrice;
        }
    }
}

100% tests/recon/targets/IHubTargets.sol

Lines covered: 32 / 32 (100%)

// SPDX-License-Identifier: GPL-2.0
pragma solidity ^0.8.0;

import {BaseTargetFunctions} from "@chimera/BaseTargetFunctions.sol";
import {BeforeAfter} from "../BeforeAfter.sol";
import {Properties} from "../Properties.sol";
// Chimera deps
import {vm} from "@chimera/Hevm.sol";

// Helpers
import {Panic} from "@recon/Panic.sol";

import "src/hub/interfaces/IHub.sol";
import "src/hub/interfaces/IAssetInterestRateStrategy.sol";

abstract contract IHubTargets is BaseTargetFunctions, Properties {
    /// CUSTOM TARGET FUNCTIONS - Add your own target functions here ///

    /// AUTO GENERATED TARGET FUNCTIONS - WARNING: DO NOT DELETE OR MODIFY THIS LINE ///

    function iHub_add(uint256 assetId, uint256 amount) private asActor {
        iHub.add(assetId, amount);
    }

    function iHub_addAsset(
        address underlying,
        uint8 decimals,
        address feeReceiver,
        address irStrategy,
        bytes memory irData
    ) private asActor {
        iHub.addAsset(underlying, decimals, feeReceiver, irStrategy, irData);
    }

    function iHub_addSpoke(uint256 assetId, address spoke, IHub.SpokeConfig memory params) private asActor {
        iHub.addSpoke(assetId, spoke, params);
    }

    function iHub_draw(uint256 assetId, uint256 amount, address to) private asActor {
        iHub.draw(assetId, amount, to);
    }

    function iHub_eliminateDeficit(uint256 assetId, uint256 amount, address spoke) private asActor {
        iHub.eliminateDeficit(assetId, amount, spoke);
    }

    function iHub_mintFeeShares_ASSERTION_MINT_FEE_SHARES_PPS_CHANGE(uint256 assetId) public asAdmin {
        uint256 assetCount = iHub.getAssetCount();
        require(assetCount > 0);

        assetId = between(assetId, 0, assetCount - 1);
        uint256 oldPPS = _pps(assetId);
        iHub.mintFeeShares(assetId);
        uint256 newPPS = _pps(assetId);

        uint256 diff = oldPPS > newPPS ? oldPPS - newPPS : newPPS - oldPPS;
        uint256 relativeDiff = (diff * 1e18) / oldPPS;

        lte(relativeDiff, 1, ASSERTION_MINT_FEE_SHARES_PPS_CHANGE);
    }

    function _pps(uint256 assetId) private view returns (uint256) {
        return iHub.getAddedAssets(assetId) * 1e18 / iHub.getAddedShares(assetId);
    }

    function iHub_payFeeShares(uint256 assetId, uint256 shares) private asActor {
        iHub.payFeeShares(assetId, shares);
    }

    function iHub_reclaim(uint256 assetId, uint256 amount) private asActor {
        iHub.reclaim(assetId, amount);
    }

    function iHub_refreshPremium(uint256 assetId, IHubBase.PremiumDelta memory premiumDelta) private asActor {
        iHub.refreshPremium(assetId, premiumDelta);
    }

    function iHub_remove(uint256 assetId, uint256 amount, address to) private asActor {
        iHub.remove(assetId, amount, to);
    }

    function iHub_reportDeficit(uint256 assetId, uint256 drawnAmount, IHubBase.PremiumDelta memory premiumDelta)
        private
        asActor
    {
        iHub.reportDeficit(assetId, drawnAmount, premiumDelta);
    }

    function iHub_restore(uint256 assetId, uint256 drawnAmount, IHubBase.PremiumDelta memory premiumDelta)
        private
        asActor
    {
        iHub.restore(assetId, drawnAmount, premiumDelta);
    }

    function iHub_setAuthority(address) private asActor {
        iHub.setAuthority(address(0));
    }

    function iHub_setInterestRateData(uint256 assetId, bytes memory irData) private asActor {
        iHub.setInterestRateData(assetId, irData);
    }

    function iHub_setInterestRateData(uint256 assetId, IAssetInterestRateStrategy.InterestRateData memory irData)
        public
        asAdmin
    {
        uint256 assetCount = iHub.getAssetCount();
        require(assetCount > 0);

        assetId = between(assetId, 0, assetCount - 1);
        iHub.setInterestRateData(assetId, abi.encode(irData));
    }

    function iHub_sweep(uint256 assetId, uint256 amount) private asActor {
        iHub.sweep(assetId, amount);
    }

    function iHub_transferShares(uint256 assetId, uint256 shares, address toSpoke) private asActor {
        iHub.transferShares(assetId, shares, toSpoke);
    }

    function iHub_updateAssetConfig(uint256 assetId, IHub.AssetConfig memory config, bytes memory irData)
        private
        asActor
    {
        iHub.updateAssetConfig(assetId, config, irData);
    }

    function iHub_updateAssetConfig(
        uint256 assetId,
        IHub.AssetConfig memory config,
        IAssetInterestRateStrategy.InterestRateData memory irData
    ) public asAdmin {
        uint256 assetCount = iHub.getAssetCount();
        require(assetCount > 0);

        assetId = between(assetId, 0, assetCount - 1);

        iHub.updateAssetConfig(assetId, config, abi.encode(irData));
    }

    function iHub_updateSpokeConfig(uint256 assetId, address spoke, IHub.SpokeConfig memory config) private asActor {
        iHub.updateSpokeConfig(assetId, spoke, config);
    }

    function iHub_updateSpokeConfig(uint256 assetId, uint256 spokeId, IHub.SpokeConfig memory config) public asAdmin {
        uint256 assetCount = iHub.getAssetCount();
        require(assetCount > 0);

        assetId = between(assetId, 0, assetCount - 1);

        uint256 spokeCount = iHub.getSpokeCount(assetId);
        require(spokeCount > 0);

        spokeId = between(spokeId, 0, spokeCount - 1);

        address spoke = iHub.getSpokeAddress(assetId, spokeId);
        iHub.updateSpokeConfig(assetId, spoke, config);
    }
}

100% tests/recon/targets/ISpokeTargets.sol

Lines covered: 117 / 117 (100%)

// SPDX-License-Identifier: GPL-2.0
pragma solidity ^0.8.0;

import {BaseTargetFunctions} from "@chimera/BaseTargetFunctions.sol";
import {BeforeAfter} from "../BeforeAfter.sol";
import {Properties} from "../Properties.sol";
// Chimera deps
import {vm} from "@chimera/Hevm.sol";

// Helpers
import {Panic} from "@recon/Panic.sol";

import "src/hub/interfaces/IHub.sol";
import "src/spoke/interfaces/ISpoke.sol";
import "src/spoke/interfaces/IAaveOracle.sol";
import "src/dependencies/openzeppelin/Ownable.sol";
import "src/dependencies/openzeppelin/IERC20Errors.sol";
import "src/dependencies/weth/WETH9.sol";
import "src/spoke/libraries/LiquidationLogic.sol";

abstract contract ISpokeTargets is BaseTargetFunctions, Properties {
    /// CUSTOM TARGET FUNCTIONS - Add your own target functions here ///

    /// AUTO GENERATED TARGET FUNCTIONS - WARNING: DO NOT DELETE OR MODIFY THIS LINE ///

    function iSpoke_addDynamicReserveConfig(uint256 reserveId, ISpoke.DynamicReserveConfig memory dynamicConfig)
        public
        asAdmin
    {
        uint256 reserveCount = iSpoke.getReserveCount();
        require(reserveCount > 0);

        reserveId = between(reserveId, 0, reserveCount - 1);
        iSpoke.addDynamicReserveConfig(reserveId, dynamicConfig);
    }

    function iSpoke_addReserve(
        address hub,
        uint256 assetId,
        address priceSource,
        ISpoke.ReserveConfig memory config,
        ISpoke.DynamicReserveConfig memory dynamicConfig
    ) private asActor {
        iSpoke.addReserve(hub, assetId, priceSource, config, dynamicConfig);
    }

    function iSpoke_borrow(uint256 reserveId, uint256 amount, address onBehalfOf) private asActor {
        iSpoke.borrow(reserveId, amount, onBehalfOf);
    }

    function iSpoke_borrow(uint256 reserveId, uint256 amount) public asActor {
        uint256 reserveCount = iSpoke.getReserveCount();
        require(reserveCount > 0);

        reserveId = between(reserveId, 0, reserveCount - 1);
        amount = between(amount, 0, _max(reserveId));

        iSpoke.borrow(reserveId, amount, _getActor());
    }

    function iSpoke_liquidationCall(
        uint256 collateralReserveId,
        uint256 debtReserveId,
        address user,
        uint256 debtToCover,
        bool receiveShares
    ) private asActor {
        iSpoke.liquidationCall(collateralReserveId, debtReserveId, user, debtToCover, receiveShares);
    }

    function iSpoke_liquidationCall_ASSERTION_LIQUIDATION_CALL_DOS(uint256 collateralReserveId, uint256 debtReserveId, uint256 userId, uint256 debtToCover, bool receiveShares) public asActor {
        uint256 reserveCount = iSpoke.getReserveCount();
        require(reserveCount > 1);
        address[] memory actors = _getActors();
        require(actors.length > 0);

        collateralReserveId = between(collateralReserveId, 0, reserveCount - 1);
        debtReserveId = between(debtReserveId, 0, reserveCount - 1);
        debtToCover = between(debtToCover, 0, _max(debtReserveId));
        userId = between(userId, 0, actors.length - 1);
        address user = actors[userId];

        try iSpoke.liquidationCall(collateralReserveId, debtReserveId, user, debtToCover, receiveShares) {}
        catch (bytes memory err) {
            t(
                bytes4(err) == ISpoke.ReserveNotListed.selector || bytes4(err) == ISpoke.SelfLiquidation.selector
                    || bytes4(err) == ISpoke.InvalidDebtToCover.selector
                    || bytes4(err) == IERC20Errors.ERC20InsufficientAllowance.selector
                    || bytes4(err) == IERC20Errors.ERC20InsufficientBalance.selector
                    || bytes4(err) == WETH9.InsufficientAllowance.selector
                    || bytes4(err) == WETH9.InsufficientBalance.selector || bytes4(err) == ISpoke.ReservePaused.selector
                    || bytes4(err) == ISpoke.ReserveNotSupplied.selector
                    || bytes4(err) == ISpoke.ReserveNotBorrowed.selector
                    || bytes4(err) == ISpoke.CollateralCannotBeLiquidated.selector
                    || bytes4(err) == ISpoke.HealthFactorNotBelowThreshold.selector
                    || bytes4(err) == ISpoke.ReserveNotEnabledAsCollateral.selector
                    || bytes4(err) == ISpoke.CannotReceiveShares.selector || bytes4(err) == ISpoke.MustNotLeaveDust.selector
                    || bytes4(err) == IHub.InvalidAmount.selector || bytes4(err) == IHub.SpokeNotActive.selector
                    || bytes4(err) == IHub.SpokePaused.selector
                    || (bytes4(err) == IHub.InsufficientLiquidity.selector && !receiveShares)
                    || bytes4(err) == IAaveOracle.InvalidPrice.selector,
                ASSERTION_LIQUIDATION_CALL_DOS
            );
            require(false);
        }
    }

    function iSpoke_multicall(bytes[] memory data) private asActor {
        iSpoke.multicall(data);
    }

    function iSpoke_permitReserve(
        uint256 reserveId,
        address onBehalfOf,
        uint256 value,
        uint256 deadline,
        uint8 permitV,
        bytes32 permitR,
        bytes32 permitS
    ) private asActor {
        iSpoke.permitReserve(reserveId, onBehalfOf, value, deadline, permitV, permitR, permitS);
    }

    function iSpoke_renouncePositionManagerRole(address user) private asActor {
        iSpoke.renouncePositionManagerRole(user);
    }

    function iSpoke_repay(uint256 reserveId, uint256 amount, address onBehalfOf) private asActor {
        iSpoke.repay(reserveId, amount, onBehalfOf);
    }

    function iSpoke_repay_ASSERTION_REPAY_DOS(uint256 reserveId, uint256 amount) public asActor {
        uint256 reserveCount = iSpoke.getReserveCount();
        require(reserveCount > 1);

        reserveId = between(reserveId, 0, reserveCount - 1);
        amount = between(amount, 0, _max(reserveId));

        uint256 value0;
        uint256 value1;
        try iSpoke.repay(reserveId, amount, _getActor()) returns (uint256 tempValue0, uint256 tempValue1) {
            value0 = tempValue0;
            value1 = tempValue1;
        } catch (bytes memory err) {
            t(
                bytes4(err) == ISpoke.Unauthorized.selector || bytes4(err) == ISpoke.ReserveNotListed.selector
                    || bytes4(err) == ISpoke.ReservePaused.selector
                    || bytes4(err) == IERC20Errors.ERC20InsufficientAllowance.selector
                    || bytes4(err) == IERC20Errors.ERC20InsufficientBalance.selector
                    || bytes4(err) == WETH9.InsufficientAllowance.selector
                    || bytes4(err) == WETH9.InsufficientBalance.selector || bytes4(err) == IHub.InvalidAmount.selector
                    || bytes4(err) == IHub.SpokeNotActive.selector || bytes4(err) == IHub.SpokePaused.selector
                    || bytes4(err) == IHub.SurplusDrawnRestored.selector
                    || bytes4(err) == IHub.SurplusPremiumRayRestored.selector
                    || bytes4(err) == IAaveOracle.InvalidPrice.selector,
                ASSERTION_REPAY_DOS
            );
            require(false);
        }
    }

    function iSpoke_setAuthority(address) private asActor {
        iSpoke.setAuthority(address(0));
    }

    function iSpoke_setUserPositionManager(address positionManager, bool approve) private asActor {
        iSpoke.setUserPositionManager(positionManager, approve);
    }

    function iSpoke_setUserPositionManagerWithSig(
        address positionManager,
        address user,
        bool approve,
        uint256 nonce,
        uint256 deadline,
        bytes memory signature
    ) private asActor {
        iSpoke.setUserPositionManagerWithSig(positionManager, user, approve, nonce, deadline, signature);
    }

    function iSpoke_setUsingAsCollateral(uint256 reserveId, bool usingAsCollateral, address onBehalfOf)
        private
        asActor
    {
        iSpoke.setUsingAsCollateral(reserveId, usingAsCollateral, onBehalfOf);
    }

    function iSpoke_setUsingAsCollateral(uint256 reserveId, bool usingAsCollateral) public asActor {
        uint256 reserveCount = iSpoke.getReserveCount();
        require(reserveCount > 1);

        reserveId = between(reserveId, 0, reserveCount - 1);
        iSpoke.setUsingAsCollateral(reserveId, usingAsCollateral, _getActor());
    }

    function iSpoke_supply(uint256 reserveId, uint256 amount, address onBehalfOf) private asActor {
        iSpoke.supply(reserveId, amount, onBehalfOf);
    }

    function iSpoke_supply_ASSERTION_SUPPLY_DOS(uint256 reserveId, uint256 amount) public asActor {
        uint256 reserveCount = iSpoke.getReserveCount();
        require(reserveCount > 1);

        reserveId = between(reserveId, 0, reserveCount - 1);
        amount = between(amount, 0, _max(reserveId));

        uint256 value0;
        uint256 value1;
        try iSpoke.supply(reserveId, amount, _getActor()) returns (uint256 tempValue0, uint256 tempValue1) {
            value0 = tempValue0;
            value1 = tempValue1;
        } catch (bytes memory err) {
            t(
                bytes4(err) == ISpoke.ReserveNotListed.selector || bytes4(err) == ISpoke.ReservePaused.selector
                    || bytes4(err) == IERC20Errors.ERC20InsufficientAllowance.selector
                    || bytes4(err) == IERC20Errors.ERC20InsufficientBalance.selector
                    || bytes4(err) == WETH9.InsufficientAllowance.selector
                    || bytes4(err) == WETH9.InsufficientBalance.selector || bytes4(err) == ISpoke.ReserveFrozen.selector
                    || bytes4(err) == IHub.InvalidShares.selector || bytes4(err) == IHub.InvalidAmount.selector
                    || bytes4(err) == IHub.SpokeNotActive.selector || bytes4(err) == IHub.AddCapExceeded.selector
                    || bytes4(err) == IHub.SpokePaused.selector,
                ASSERTION_SUPPLY_DOS
            );
            require(false);
        }
    }

    function iSpoke_updateDynamicReserveConfig(
        uint256 reserveId,
        uint24 dynamicConfigKey,
        ISpoke.DynamicReserveConfig memory dynamicConfig
    ) public asAdmin {
        uint256 reserveCount = iSpoke.getReserveCount();
        require(reserveCount > 0);

        reserveId = between(reserveId, 0, reserveCount - 1);

        dynamicConfigKey = uint24(between(dynamicConfigKey, 0, uint256(iSpoke.getReserve(reserveId).dynamicConfigKey)));
        iSpoke.updateDynamicReserveConfig(reserveId, dynamicConfigKey, dynamicConfig);
    }

    function iSpoke_updateLiquidationConfig(ISpoke.LiquidationConfig memory config) public asAdmin {
        iSpoke.updateLiquidationConfig(config);
    }

    function iSpoke_updatePositionManager(address positionManager, bool active) private asActor {
        iSpoke.updatePositionManager(positionManager, active);
    }

    function iSpoke_updateReserveConfig(uint256 reserveId, ISpoke.ReserveConfig memory params) public asAdmin {
        uint256 reserveCount = iSpoke.getReserveCount();
        require(reserveCount > 0);

        reserveId = between(reserveId, 0, reserveCount - 1);
        iSpoke.updateReserveConfig(reserveId, params);
    }

    function iSpoke_updateReservePriceSource(uint256 reserveId, address priceSource) private asActor {
        iSpoke.updateReservePriceSource(reserveId, priceSource);
    }

    function iSpoke_updateUserDynamicConfig(address onBehalfOf) private asActor {
        iSpoke.updateUserDynamicConfig(onBehalfOf);
    }

    function iSpoke_updateUserDynamicConfig() public asActor {
        iSpoke.updateUserDynamicConfig(_getActor());
    }

    function iSpoke_updateUserRiskPremium(address onBehalfOf) private asActor {
        iSpoke.updateUserRiskPremium(onBehalfOf);
    }

    function iSpoke_updateUserRiskPremium() public asActor {
        iSpoke.updateUserRiskPremium(_getActor());
    }

    function iSpoke_useNonce(uint192 key) private asActor {
        iSpoke.useNonce(key);
    }

    function iSpoke_withdraw(uint256 reserveId, uint256 amount, address onBehalfOf) private asActor {
        iSpoke.withdraw(reserveId, amount, onBehalfOf);
    }

    function iSpoke_withdraw_ASSERTION_WITHDRAW_DOS(uint256 reserveId, uint256 amount) public asActor {
        uint256 reserveCount = iSpoke.getReserveCount();
        require(reserveCount > 1);

        reserveId = between(reserveId, 0, reserveCount - 1);
        amount = between(amount, 0, _max(reserveId));

        uint256 value0;
        uint256 value1;
        try iSpoke.withdraw(reserveId, amount, _getActor()) returns (uint256 tempValue0, uint256 tempValue1) {
            value0 = tempValue0;
            value1 = tempValue1;
        } catch (bytes memory err) {
            t(
                bytes4(err) == ISpoke.Unauthorized.selector || bytes4(err) == ISpoke.ReserveNotListed.selector
                    || bytes4(err) == ISpoke.ReservePaused.selector || bytes4(err) == IHub.InvalidAddress.selector
                    || bytes4(err) == IHub.InvalidAmount.selector || bytes4(err) == IHub.SpokeNotActive.selector
                    || bytes4(err) == IHub.SpokePaused.selector || bytes4(err) == IHub.InsufficientLiquidity.selector
                    || bytes4(err) == ISpoke.HealthFactorBelowThreshold.selector
                    || bytes4(err) == Ownable.OwnableUnauthorizedAccount.selector,
                ASSERTION_WITHDRAW_DOS
            );
            require(false);
        }
    }
}

100% tests/recon/targets/ManagersTargets.sol

Lines covered: 16 / 16 (100%)

// SPDX-License-Identifier: GPL-2.0
pragma solidity ^0.8.0;

import {BaseTargetFunctions} from "@chimera/BaseTargetFunctions.sol";
import {BeforeAfter} from "../BeforeAfter.sol";
import {Properties} from "../Properties.sol";
import {vm} from "@chimera/Hevm.sol";

import {MockERC20} from "@recon/MockERC20.sol";


// Target functions that are effectively inherited from the Actor and AssetManagers
// Once properly standardized, managers will expose these by default
// Keeping them out makes your project more custom
abstract contract ManagersTargets is
    BaseTargetFunctions,
    Properties
{
    // == ACTOR HANDLERS == //
    
    /// @dev Start acting as another actor
    /// @dev Skip address(this) as it is not seeded by Setup
    /// @dev Separate ADMIN from regular users to discard 'admin is trusted' scenarios
    function switchActor(uint256 entropy) public {
        uint256 actorCount = _getActors().length;
        require(actorCount > 1);
        entropy = between(entropy, 1, actorCount - 1);
        _switchActor(entropy);
    }


    /// @dev Starts using a new asset
    function switch_asset(uint256 entropy) public {
        uint256 assetCount = _getAssets().length;
        require(assetCount > 0);
        entropy = between(entropy, 0, assetCount - 1);
        _switchAsset(entropy);
    }

    function switch_spoke(uint256 entropy) public {
        uint256 index = between(entropy, 0, 2);
        iSpoke = index == 0 ? spoke1 : index == 1 ? spoke2 : spoke3;
    }

    function switch_oracle(uint256 entropy) public {
        uint256 index = between(entropy, 0, 2);
        iAaveOracle = index == 0 ? oracle1 : index == 1 ? oracle2 : oracle3;
    }

    /// @dev Deploy a new token and add it to the list of assets, then set it as the current asset
    function add_new_asset(uint8 decimals) private returns (address) {
        address newAsset = _newAsset(decimals);
        return newAsset;
    }

    /// === GHOST UPDATING HANDLERS ===///
    /// We `updateGhosts` cause you never know (e.g. donations)
    /// If you don't want to track donations, remove the `updateGhosts`

    /// @dev Approve to arbitrary address, uses Actor by default
    /// NOTE: You're almost always better off setting approvals in `Setup`
    function asset_approve(address to, uint128 amt) private asActor {
        MockERC20(_getAsset()).approve(to, amt);
    }

    /// @dev Mint to arbitrary address, uses owner by default, even though MockERC20 doesn't check
    function asset_mint(address to, uint128 amt) private asAdmin {
        MockERC20(_getAsset()).mint(to, amt);
    }
}

1		// SPDX-License-Identifier: MIT
2		pragma solidity ^0.8.0;
3
4		import {Asserts} from "./Asserts.sol";
5
6	0	contract CryticAsserts is Asserts {
7		event Log(string);
8
9		function gt(uint256 a, uint256 b, string memory reason) internal virtual override {
10		if (!(a > b)) {
11		emit Log(reason);
12		assert(false);
13		}
14		}
15
16		function gte(uint256 a, uint256 b, string memory reason) internal virtual override {
17		if (!(a >= b)) {
18		emit Log(reason);
19		assert(false);
20		}
21		}
22
23		function lt(uint256 a, uint256 b, string memory reason) internal virtual override {
24		if (!(a < b)) {
25		emit Log(reason);
26		assert(false);
27		}
28		}
29
30	1×	function lte(uint256 a, uint256 b, string memory reason) internal virtual override {
31	6×	if (!(a <= b)) {
32	17×	emit Log(reason);
33	3×	assert(false);
34		}
35		}
36
37		function eq(uint256 a, uint256 b, string memory reason) internal virtual override {
38		if (!(a == b)) {
39		emit Log(reason);
40		assert(false);
41		}
42		}
43
44	2×	function t(bool b, string memory reason) internal virtual override {
45	6×	if (!b) {
46	34×	emit Log(reason);
47	6×	assert(false);
48		}
49		}
50
51	18×	function between(uint256 value, uint256 low, uint256 high) internal virtual override returns (uint256) {
52	30×	if (value < low \|\| value > high) {
53	52×	uint256 ans = low + (value % (high - low + 1));
54	6×	return ans;
55		}
56	2×	return value;
57		}
58
59		function between(int256 value, int256 low, int256 high) internal virtual override returns (int256) {
60		if (value < low \|\| value > high) {
61		int256 range = high - low + 1;
62		int256 clamped = (value - low) % (range);
63		if (clamped < 0) clamped += range;
64		int256 ans = low + clamped;
65		return ans;
66		}
67		return value;
68		}
69
70		function precondition(bool p) internal virtual override {
71		require(p);
72		}
73		}

1		// SPDX-License-Identifier: MIT
2		pragma solidity >=0.6.2 <0.9.0;
3
4		import {StdStorage} from "./StdStorage.sol";
5		import {Vm, VmSafe} from "./Vm.sol";
6
7		abstract contract CommonBase {
8		/// @dev Cheat code address.
9		/// Calculated as `address(uint160(uint256(keccak256("hevm cheat code"))))`.
10	21×	address internal constant VM_ADDRESS = 0x7109709ECfa91a80626fF3989D68f67F5b1DD12D;
11		/// @dev console.sol and console2.sol work by executing a staticcall to this address.
12		/// Calculated as `address(uint160(uint88(bytes11("console.log"))))`.
13		address internal constant CONSOLE = 0x000000000000000000636F6e736F6c652e6c6f67;
14		/// @dev Used when deploying with create2.
15		/// Taken from https://github.com/Arachnid/deterministic-deployment-proxy.
16		address internal constant CREATE2_FACTORY = 0x4e59b44847b379578588920cA78FbF26c0B4956C;
17		/// @dev The default address for tx.origin and msg.sender.
18		/// Calculated as `address(uint160(uint256(keccak256("foundry default caller"))))`.
19		address internal constant DEFAULT_SENDER = 0x1804c8AB1F12E6bbf3894d4083f33e07309d1f38;
20		/// @dev The address of the first contract `CREATE`d by a running test contract.
21		/// When running tests, each test contract is `CREATE`d by `DEFAULT_SENDER` with nonce 1.
22		/// Calculated as `VM.computeCreateAddress(VM.computeCreateAddress(DEFAULT_SENDER, 1), 1)`.
23		address internal constant DEFAULT_TEST_CONTRACT = 0x5615dEB798BB3E4dFa0139dFa1b3D433Cc23b72f;
24		/// @dev Deterministic deployment address of the Multicall3 contract.
25		/// Taken from https://www.multicall3.com.
26		address internal constant MULTICALL3_ADDRESS = 0xcA11bde05977b3631167028862bE2a173976CA11;
27		/// @dev The order of the secp256k1 curve.
28		uint256 internal constant SECP256K1_ORDER =
29		115792089237316195423570985008687907852837564279074904382605163141518161494337;
30
31		uint256 internal constant UINT256_MAX =
32	0	115792089237316195423570985008687907853269984665640564039457584007913129639935;
33
34		Vm internal constant vm = Vm(VM_ADDRESS);
35		StdStorage internal stdstore;
36		}
37
38		abstract contract TestBase is CommonBase {}
39
40		abstract contract ScriptBase is CommonBase {
41		VmSafe internal constant vmSafe = VmSafe(VM_ADDRESS);
42		}

1		// SPDX-License-Identifier: MIT
2		pragma solidity >=0.6.2 <0.9.0;
3
4		import {VmSafe} from "./Vm.sol";
5
6		/**
7		* StdChains provides information about EVM compatible chains that can be used in scripts/tests.
8		* For each chain, the chain's name, chain ID, and a default RPC URL are provided. Chains are
9		* identified by their alias, which is the same as the alias in the `[rpc_endpoints]` section of
10		* the `foundry.toml` file. For best UX, ensure the alias in the `foundry.toml` file match the
11		* alias used in this contract, which can be found as the first argument to the
12		* `setChainWithDefaultRpcUrl` call in the `initializeStdChains` function.
13		*
14		* There are two main ways to use this contract:
15		* 1. Set a chain with `setChain(string memory chainAlias, ChainData memory chain)` or
16		* `setChain(string memory chainAlias, Chain memory chain)`
17		* 2. Get a chain with `getChain(string memory chainAlias)` or `getChain(uint256 chainId)`.
18		*
19		* The first time either of those are used, chains are initialized with the default set of RPC URLs.
20		* This is done in `initializeStdChains`, which uses `setChainWithDefaultRpcUrl`. Defaults are recorded in
21		* `defaultRpcUrls`.
22		*
23		* The `setChain` function is straightforward, and it simply saves off the given chain data.
24		*
25		* The `getChain` methods use `getChainWithUpdatedRpcUrl` to return a chain. For example, let's say
26		* we want to retrieve the RPC URL for `mainnet`:
27		* - If you have specified data with `setChain`, it will return that.
28		* - If you have configured a mainnet RPC URL in `foundry.toml`, it will return the URL, provided it
29		* is valid (e.g. a URL is specified, or an environment variable is given and exists).
30		* - If neither of the above conditions is met, the default data is returned.
31		*
32		* Summarizing the above, the prioritization hierarchy is `setChain` -> `foundry.toml` -> environment variable -> defaults.
33		*/
34		abstract contract StdChains {
35		VmSafe private constant vm = VmSafe(address(uint160(uint256(keccak256("hevm cheat code")))));
36
37		bool private stdChainsInitialized;
38
39		struct ChainData {
40		string name;
41		uint256 chainId;
42		string rpcUrl;
43		}
44
45		struct Chain {
46		// The chain name.
47		string name;
48		// The chain's Chain ID.
49		uint256 chainId;
50		// The chain's alias. (i.e. what gets specified in `foundry.toml`).
51		string chainAlias;
52		// A default RPC endpoint for this chain.
53		// NOTE: This default RPC URL is included for convenience to facilitate quick tests and
54		// experimentation. Do not use this RPC URL for production test suites, CI, or other heavy
55		// usage as you will be throttled and this is a disservice to others who need this endpoint.
56		string rpcUrl;
57		}
58
59		// Maps from the chain's alias (matching the alias in the `foundry.toml` file) to chain data.
60		mapping(string => Chain) private chains;
61		// Maps from the chain's alias to it's default RPC URL.
62		mapping(string => string) private defaultRpcUrls;
63		// Maps from a chain ID to it's alias.
64		mapping(uint256 => string) private idToAlias;
65
66	12×	bool private fallbackToDefaultRpcUrls = true;
67
68		// The RPC URL will be fetched from config or defaultRpcUrls if possible.
69		function getChain(string memory chainAlias) internal virtual returns (Chain memory chain) {
70		require(bytes(chainAlias).length != 0, "StdChains getChain(string): Chain alias cannot be the empty string.");
71
72		initializeStdChains();
73		chain = chains[chainAlias];
74		require(
75		chain.chainId != 0,
76		string(abi.encodePacked("StdChains getChain(string): Chain with alias \"", chainAlias, "\" not found."))
77		);
78
79		chain = getChainWithUpdatedRpcUrl(chainAlias, chain);
80		}
81
82		function getChain(uint256 chainId) internal virtual returns (Chain memory chain) {
83		require(chainId != 0, "StdChains getChain(uint256): Chain ID cannot be 0.");
84		initializeStdChains();
85		string memory chainAlias = idToAlias[chainId];
86
87		chain = chains[chainAlias];
88
89		require(
90		chain.chainId != 0,
91		string(abi.encodePacked("StdChains getChain(uint256): Chain with ID ", vm.toString(chainId), " not found."))
92		);
93
94		chain = getChainWithUpdatedRpcUrl(chainAlias, chain);
95		}
96
97		// set chain info, with priority to argument's rpcUrl field.
98		function setChain(string memory chainAlias, ChainData memory chain) internal virtual {
99		require(
100		bytes(chainAlias).length != 0,
101		"StdChains setChain(string,ChainData): Chain alias cannot be the empty string."
102		);
103
104		require(chain.chainId != 0, "StdChains setChain(string,ChainData): Chain ID cannot be 0.");
105
106		initializeStdChains();
107		string memory foundAlias = idToAlias[chain.chainId];
108
109		require(
110		bytes(foundAlias).length == 0 \|\| keccak256(bytes(foundAlias)) == keccak256(bytes(chainAlias)),
111		string(
112		abi.encodePacked(
113		"StdChains setChain(string,ChainData): Chain ID ",
114		vm.toString(chain.chainId),
115		" already used by \"",
116		foundAlias,
117		"\"."
118		)
119		)
120		);
121
122		uint256 oldChainId = chains[chainAlias].chainId;
123		delete idToAlias[oldChainId];
124
125		chains[chainAlias] =
126		Chain({name: chain.name, chainId: chain.chainId, chainAlias: chainAlias, rpcUrl: chain.rpcUrl});
127		idToAlias[chain.chainId] = chainAlias;
128		}
129
130		// set chain info, with priority to argument's rpcUrl field.
131		function setChain(string memory chainAlias, Chain memory chain) internal virtual {
132		setChain(chainAlias, ChainData({name: chain.name, chainId: chain.chainId, rpcUrl: chain.rpcUrl}));
133		}
134
135		function _toUpper(string memory str) private pure returns (string memory) {
136		bytes memory strb = bytes(str);
137		bytes memory copy = new bytes(strb.length);
138		for (uint256 i = 0; i < strb.length; i++) {
139		bytes1 b = strb[i];
140		if (b >= 0x61 && b <= 0x7A) {
141		copy[i] = bytes1(uint8(b) - 32);
142		} else {
143		copy[i] = b;
144		}
145		}
146		return string(copy);
147		}
148
149		// lookup rpcUrl, in descending order of priority:
150		// current -> config (foundry.toml) -> environment variable -> default
151		function getChainWithUpdatedRpcUrl(string memory chainAlias, Chain memory chain)
152		private
153		view
154		returns (Chain memory)
155		{
156		if (bytes(chain.rpcUrl).length == 0) {
157		try vm.rpcUrl(chainAlias) returns (string memory configRpcUrl) {
158		chain.rpcUrl = configRpcUrl;
159		} catch (bytes memory err) {
160		string memory envName = string(abi.encodePacked(_toUpper(chainAlias), "_RPC_URL"));
161		if (fallbackToDefaultRpcUrls) {
162		chain.rpcUrl = vm.envOr(envName, defaultRpcUrls[chainAlias]);
163		} else {
164		chain.rpcUrl = vm.envString(envName);
165		}
166		// Distinguish 'not found' from 'cannot read'
167		// The upstream error thrown by forge for failing cheats changed so we check both the old and new versions
168		bytes memory oldNotFoundError =
169		abi.encodeWithSignature("CheatCodeError", string(abi.encodePacked("invalid rpc url ", chainAlias)));
170		bytes memory newNotFoundError = abi.encodeWithSignature(
171		"CheatcodeError(string)", string(abi.encodePacked("invalid rpc url: ", chainAlias))
172		);
173		bytes32 errHash = keccak256(err);
174		if (
175		(errHash != keccak256(oldNotFoundError) && errHash != keccak256(newNotFoundError))
176		\|\| bytes(chain.rpcUrl).length == 0
177		) {
178		/// @solidity memory-safe-assembly
179		assembly {
180		revert(add(32, err), mload(err))
181		}
182		}
183		}
184		}
185		return chain;
186		}
187
188		function setFallbackToDefaultRpcUrls(bool useDefault) internal {
189		fallbackToDefaultRpcUrls = useDefault;
190		}
191
192		function initializeStdChains() private {
193		if (stdChainsInitialized) return;
194
195		stdChainsInitialized = true;
196
197		// If adding an RPC here, make sure to test the default RPC URL in `test_Rpcs` in `StdChains.t.sol`
198		setChainWithDefaultRpcUrl("anvil", ChainData("Anvil", 31337, "http://127.0.0.1:8545"));
199		setChainWithDefaultRpcUrl("mainnet", ChainData("Mainnet", 1, "https://eth.llamarpc.com"));
200		setChainWithDefaultRpcUrl(
201		"sepolia", ChainData("Sepolia", 11155111, "https://sepolia.infura.io/v3/b9794ad1ddf84dfb8c34d6bb5dca2001")
202		);
203		setChainWithDefaultRpcUrl("holesky", ChainData("Holesky", 17000, "https://rpc.holesky.ethpandaops.io"));
204		setChainWithDefaultRpcUrl("hoodi", ChainData("Hoodi", 560048, "https://rpc.hoodi.ethpandaops.io"));
205		setChainWithDefaultRpcUrl("optimism", ChainData("Optimism", 10, "https://mainnet.optimism.io"));
206		setChainWithDefaultRpcUrl(
207		"optimism_sepolia", ChainData("Optimism Sepolia", 11155420, "https://sepolia.optimism.io")
208		);
209		setChainWithDefaultRpcUrl("arbitrum_one", ChainData("Arbitrum One", 42161, "https://arb1.arbitrum.io/rpc"));
210		setChainWithDefaultRpcUrl(
211		"arbitrum_one_sepolia", ChainData("Arbitrum One Sepolia", 421614, "https://sepolia-rollup.arbitrum.io/rpc")
212		);
213		setChainWithDefaultRpcUrl("arbitrum_nova", ChainData("Arbitrum Nova", 42170, "https://nova.arbitrum.io/rpc"));
214		setChainWithDefaultRpcUrl("polygon", ChainData("Polygon", 137, "https://polygon-rpc.com"));
215		setChainWithDefaultRpcUrl(
216		"polygon_amoy", ChainData("Polygon Amoy", 80002, "https://rpc-amoy.polygon.technology")
217		);
218		setChainWithDefaultRpcUrl("avalanche", ChainData("Avalanche", 43114, "https://api.avax.network/ext/bc/C/rpc"));
219		setChainWithDefaultRpcUrl(
220		"avalanche_fuji", ChainData("Avalanche Fuji", 43113, "https://api.avax-test.network/ext/bc/C/rpc")
221		);
222		setChainWithDefaultRpcUrl(
223		"bnb_smart_chain", ChainData("BNB Smart Chain", 56, "https://bsc-dataseed1.binance.org")
224		);
225		setChainWithDefaultRpcUrl(
226		"bnb_smart_chain_testnet",
227		ChainData("BNB Smart Chain Testnet", 97, "https://rpc.ankr.com/bsc_testnet_chapel")
228		);
229		setChainWithDefaultRpcUrl("gnosis_chain", ChainData("Gnosis Chain", 100, "https://rpc.gnosischain.com"));
230		setChainWithDefaultRpcUrl("moonbeam", ChainData("Moonbeam", 1284, "https://rpc.api.moonbeam.network"));
231		setChainWithDefaultRpcUrl(
232		"moonriver", ChainData("Moonriver", 1285, "https://rpc.api.moonriver.moonbeam.network")
233		);
234		setChainWithDefaultRpcUrl("moonbase", ChainData("Moonbase", 1287, "https://rpc.testnet.moonbeam.network"));
235		setChainWithDefaultRpcUrl("base_sepolia", ChainData("Base Sepolia", 84532, "https://sepolia.base.org"));
236		setChainWithDefaultRpcUrl("base", ChainData("Base", 8453, "https://mainnet.base.org"));
237		setChainWithDefaultRpcUrl("blast_sepolia", ChainData("Blast Sepolia", 168587773, "https://sepolia.blast.io"));
238		setChainWithDefaultRpcUrl("blast", ChainData("Blast", 81457, "https://rpc.blast.io"));
239		setChainWithDefaultRpcUrl("fantom_opera", ChainData("Fantom Opera", 250, "https://rpc.ankr.com/fantom/"));
240		setChainWithDefaultRpcUrl(
241		"fantom_opera_testnet", ChainData("Fantom Opera Testnet", 4002, "https://rpc.ankr.com/fantom_testnet/")
242		);
243		setChainWithDefaultRpcUrl("fraxtal", ChainData("Fraxtal", 252, "https://rpc.frax.com"));
244		setChainWithDefaultRpcUrl("fraxtal_testnet", ChainData("Fraxtal Testnet", 2522, "https://rpc.testnet.frax.com"));
245		setChainWithDefaultRpcUrl(
246		"berachain_bartio_testnet", ChainData("Berachain bArtio Testnet", 80084, "https://bartio.rpc.berachain.com")
247		);
248		setChainWithDefaultRpcUrl("flare", ChainData("Flare", 14, "https://flare-api.flare.network/ext/C/rpc"));
249		setChainWithDefaultRpcUrl(
250		"flare_coston2", ChainData("Flare Coston2", 114, "https://coston2-api.flare.network/ext/C/rpc")
251		);
252
253		setChainWithDefaultRpcUrl("mode", ChainData("Mode", 34443, "https://mode.drpc.org"));
254		setChainWithDefaultRpcUrl("mode_sepolia", ChainData("Mode Sepolia", 919, "https://sepolia.mode.network"));
255
256		setChainWithDefaultRpcUrl("zora", ChainData("Zora", 7777777, "https://zora.drpc.org"));
257		setChainWithDefaultRpcUrl(
258		"zora_sepolia", ChainData("Zora Sepolia", 999999999, "https://sepolia.rpc.zora.energy")
259		);
260
261		setChainWithDefaultRpcUrl("race", ChainData("Race", 6805, "https://racemainnet.io"));
262		setChainWithDefaultRpcUrl("race_sepolia", ChainData("Race Sepolia", 6806, "https://racemainnet.io"));
263
264		setChainWithDefaultRpcUrl("metal", ChainData("Metal", 1750, "https://metall2.drpc.org"));
265		setChainWithDefaultRpcUrl("metal_sepolia", ChainData("Metal Sepolia", 1740, "https://testnet.rpc.metall2.com"));
266
267		setChainWithDefaultRpcUrl("binary", ChainData("Binary", 624, "https://rpc.zero.thebinaryholdings.com"));
268		setChainWithDefaultRpcUrl(
269		"binary_sepolia", ChainData("Binary Sepolia", 625, "https://rpc.zero.thebinaryholdings.com")
270		);
271
272		setChainWithDefaultRpcUrl("orderly", ChainData("Orderly", 291, "https://rpc.orderly.network"));
273		setChainWithDefaultRpcUrl(
274		"orderly_sepolia", ChainData("Orderly Sepolia", 4460, "https://testnet-rpc.orderly.org")
275		);
276		}
277
278		// set chain info, with priority to chainAlias' rpc url in foundry.toml
279		function setChainWithDefaultRpcUrl(string memory chainAlias, ChainData memory chain) private {
280		string memory rpcUrl = chain.rpcUrl;
281		defaultRpcUrls[chainAlias] = rpcUrl;
282		chain.rpcUrl = "";
283		setChain(chainAlias, chain);
284		chain.rpcUrl = rpcUrl; // restore argument
285		}
286		}

1		// SPDX-License-Identifier: MIT
2		pragma solidity >=0.6.2 <0.9.0;
3
4		pragma experimental ABIEncoderV2;
5
6		abstract contract StdInvariant {
7		struct FuzzSelector {
8		address addr;
9		bytes4[] selectors;
10		}
11
12		struct FuzzArtifactSelector {
13		string artifact;
14		bytes4[] selectors;
15		}
16
17		struct FuzzInterface {
18		address addr;
19		string[] artifacts;
20		}
21
22		address[] private _excludedContracts;
23		address[] private _excludedSenders;
24		address[] private _targetedContracts;
25		address[] private _targetedSenders;
26
27		string[] private _excludedArtifacts;
28		string[] private _targetedArtifacts;
29
30		FuzzArtifactSelector[] private _targetedArtifactSelectors;
31
32		FuzzSelector[] private _excludedSelectors;
33		FuzzSelector[] private _targetedSelectors;
34
35		FuzzInterface[] private _targetedInterfaces;
36
37		// Functions for users:
38		// These are intended to be called in tests.
39
40		function excludeContract(address newExcludedContract_) internal {
41		_excludedContracts.push(newExcludedContract_);
42		}
43
44		function excludeSelector(FuzzSelector memory newExcludedSelector_) internal {
45		_excludedSelectors.push(newExcludedSelector_);
46		}
47
48		function excludeSender(address newExcludedSender_) internal {
49		_excludedSenders.push(newExcludedSender_);
50		}
51
52		function excludeArtifact(string memory newExcludedArtifact_) internal {
53		_excludedArtifacts.push(newExcludedArtifact_);
54		}
55
56		function targetArtifact(string memory newTargetedArtifact_) internal {
57		_targetedArtifacts.push(newTargetedArtifact_);
58		}
59
60		function targetArtifactSelector(FuzzArtifactSelector memory newTargetedArtifactSelector_) internal {
61		_targetedArtifactSelectors.push(newTargetedArtifactSelector_);
62		}
63
64		function targetContract(address newTargetedContract_) internal {
65	0	_targetedContracts.push(newTargetedContract_);
66		}
67
68		function targetSelector(FuzzSelector memory newTargetedSelector_) internal {
69		_targetedSelectors.push(newTargetedSelector_);
70		}
71
72	0	function targetSender(address newTargetedSender_) internal {
73	0	_targetedSenders.push(newTargetedSender_);
74		}
75
76		function targetInterface(FuzzInterface memory newTargetedInterface_) internal {
77		_targetedInterfaces.push(newTargetedInterface_);
78		}
79
80		// Functions for forge:
81		// These are called by forge to run invariant tests and don't need to be called in tests.
82
83	0	function excludeArtifacts() public view returns (string[] memory excludedArtifacts_) {
84	0	excludedArtifacts_ = _excludedArtifacts;
85		}
86
87	0	function excludeContracts() public view returns (address[] memory excludedContracts_) {
88	0	excludedContracts_ = _excludedContracts;
89		}
90
91	0	function excludeSelectors() public view returns (FuzzSelector[] memory excludedSelectors_) {
92	0	excludedSelectors_ = _excludedSelectors;
93		}
94
95	0	function excludeSenders() public view returns (address[] memory excludedSenders_) {
96	0	excludedSenders_ = _excludedSenders;
97		}
98
99	0	function targetArtifacts() public view returns (string[] memory targetedArtifacts_) {
100	0	targetedArtifacts_ = _targetedArtifacts;
101		}
102
103	14×	function targetArtifactSelectors() public view returns (FuzzArtifactSelector[] memory targetedArtifactSelectors_) {
104	33×	targetedArtifactSelectors_ = _targetedArtifactSelectors;
105		}
106
107	0	function targetContracts() public view returns (address[] memory targetedContracts_) {
108	0	targetedContracts_ = _targetedContracts;
109		}
110
111	0	function targetSelectors() public view returns (FuzzSelector[] memory targetedSelectors_) {
112	0	targetedSelectors_ = _targetedSelectors;
113		}
114
115	0	function targetSenders() public view returns (address[] memory targetedSenders_) {
116	0	targetedSenders_ = _targetedSenders;
117		}
118
119	2×	function targetInterfaces() public view returns (FuzzInterface[] memory targetedInterfaces_) {
120	7×	targetedInterfaces_ = _targetedInterfaces;
121		}
122		}

1		// SPDX-License-Identifier: GPL-2.0
2		pragma solidity ^0.8.0;
3
4		import {BaseSetup} from "@chimera/BaseSetup.sol";
5		import {vm} from "@chimera/Hevm.sol";
6		import {EnumerableSet} from "./EnumerableSet.sol";
7
8		/// @dev This is the source of truth for the actors being used in the test
9		/// @notice No actors should be used in the suite without being added here first
10		abstract contract ActorManager {
11		using EnumerableSet for EnumerableSet.AddressSet;
12
13		///@notice The current actor being used
14		address private _actor;
15
16		///@notice The list of all actors being used
17		EnumerableSet.AddressSet private _actors;
18
19		// If the current target is address(0) then it has not been setup yet and should revert
20		error ActorNotSetup();
21		// Do not allow duplicates
22		error ActorExists();
23		// If the actor does not exist
24		error ActorNotAdded();
25		// Do not allow the default actor
26		error DefaultActor();
27
28		/// @notice address(this) is the default actor
29		constructor() {
30	6×	_actors.add(address(this));
31	8×	_actor = address(this);
32		}
33
34		/// @notice Returns the current active actor
35	6×	function _getActor() internal view returns (address) {
36	6×	return _actor;
37		}
38
39		/// @notice Returns all actors being used
40	8×	function _getActors() internal view returns (address[] memory) {
41	14×	return _actors.values();
42		}
43
44		/// @notice Adds an actor to the list of actors
45	1×	function _addActor(address target) internal {
46	10×	if (_actors.contains(target)) {
47	0	revert ActorExists();
48		}
49
50	7×	if (target == address(this)) {
51	0	revert DefaultActor();
52		}
53
54	5×	_actors.add(target);
55		}
56
57		/// @notice Removes an actor from the list of actors
58		function _removeActor(address target) internal {
59		if (!_actors.contains(target)) {
60		revert ActorNotAdded();
61		}
62
63		if (target == address(this)) {
64		revert DefaultActor();
65		}
66
67		_actors.remove(target);
68		}
69
70		/// @dev Expose this in the `TargetFunctions` contract to let the fuzzer switch actors
71		/// NOTE: We revert if the entropy is greater than the number of actors, for Halmos compatibility
72		/// @dev This may reduce fuzzing performance if using multiple actors, if so add explicitly clamped handlers to ManagersTargets using the index of all added actors
73		/// @notice Switches the current actor based on the entropy
74		/// @param entropy The entropy to choose a random actor in the array for switching
75		/// @return target The new active actor
76	6×	function _switchActor(uint256 entropy) internal returns (address target) {
77	14×	target = _actors.at(entropy);
78	20×	_actor = target;
79		}
80		}

1		// SPDX-License-Identifier: MIT
2		// OpenZeppelin Contracts (last updated v4.9.0) (utils/structs/EnumerableSet.sol)
3		// This file was procedurally generated from scripts/generate/templates/EnumerableSet.js.
4
5		pragma solidity ^0.8.0;
6
7		/**
8		* @dev Library for managing
9		* https://en.wikipedia.org/wiki/Set_(abstract_data_type)[sets] of primitive
10		* types.
11		*
12		* Sets have the following properties:
13		*
14		* - Elements are added, removed, and checked for existence in constant time
15		* (O(1)).
16		* - Elements are enumerated in O(n). No guarantees are made on the ordering.
17		*
18		* ```solidity
19		* contract Example {
20		* // Add the library methods
21		* using EnumerableSet for EnumerableSet.AddressSet;
22		*
23		* // Declare a set state variable
24		* EnumerableSet.AddressSet private mySet;
25		* }
26		* ```
27		*
28		* As of v3.3.0, sets of type `bytes32` (`Bytes32Set`), `address` (`AddressSet`)
29		* and `uint256` (`UintSet`) are supported.
30		*
31		* [WARNING]
32		* ====
33		* Trying to delete such a structure from storage will likely result in data corruption, rendering the structure
34		* unusable.
35		* See https://github.com/ethereum/solidity/pull/11843[ethereum/solidity#11843] for more info.
36		*
37		* In order to clean an EnumerableSet, you can either remove all elements one by one or create a fresh instance using an
38		* array of EnumerableSet.
39		* ====
40		*/
41	0	library EnumerableSet {
42		// To implement this library for multiple types with as little code
43		// repetition as possible, we write it in terms of a generic Set type with
44		// bytes32 values.
45		// The Set implementation uses private functions, and user-facing
46		// implementations (such as AddressSet) are just wrappers around the
47		// underlying Set.
48		// This means that we can only create new EnumerableSets for types that fit
49		// in bytes32.
50
51		struct Set {
52		// Storage of set values
53		bytes32[] _values;
54		// Position of the value in the `values` array, plus 1 because index 0
55		// means a value is not in the set.
56		mapping(bytes32 => uint256) _indexes;
57		}
58
59		/**
60		* @dev Add a value to a set. O(1).
61		*
62		* Returns true if the value was added to the set, that is if it was not
63		* already present.
64		*/
65	2×	function _add(Set storage set, bytes32 value) private returns (bool) {
66	2×	if (!_contains(set, value)) {
67	22×	set._values.push(value);
68		// The value is stored at length-1, but we add 1 to all indexes
69		// and use 0 as a sentinel value
70	18×	set._indexes[value] = set._values.length;
71	2×	return true;
72		} else {
73	0	return false;
74		}
75		}
76
77		/**
78		* @dev Removes a value from a set. O(1).
79		*
80		* Returns true if the value was removed from the set, that is if it was
81		* present.
82		*/
83		function _remove(Set storage set, bytes32 value) private returns (bool) {
84		// We read and store the value's index to prevent multiple reads from the same storage slot
85		uint256 valueIndex = set._indexes[value];
86
87		if (valueIndex != 0) {
88		// Equivalent to contains(set, value)
89		// To delete an element from the _values array in O(1), we swap the element to delete with the last one in
90		// the array, and then remove the last element (sometimes called as 'swap and pop').
91		// This modifies the order of the array, as noted in {at}.
92
93		uint256 toDeleteIndex = valueIndex - 1;
94		uint256 lastIndex = set._values.length - 1;
95
96		if (lastIndex != toDeleteIndex) {
97		bytes32 lastValue = set._values[lastIndex];
98
99		// Move the last value to the index where the value to delete is
100		set._values[toDeleteIndex] = lastValue;
101		// Update the index for the moved value
102		set._indexes[lastValue] = valueIndex; // Replace lastValue's index to valueIndex
103		}
104
105		// Delete the slot where the moved value was stored
106		set._values.pop();
107
108		// Delete the index for the deleted slot
109		delete set._indexes[value];
110
111		return true;
112		} else {
113		return false;
114		}
115		}
116
117		/**
118		* @dev Returns true if the value is in the set. O(1).
119		*/
120	1×	function _contains(Set storage set, bytes32 value) private view returns (bool) {
121	26×	return set._indexes[value] != 0;
122		}
123
124		/**
125		* @dev Returns the number of values on the set. O(1).
126		*/
127		function _length(Set storage set) private view returns (uint256) {
128		return set._values.length;
129		}
130
131		/**
132		* @dev Returns the value stored at position `index` in the set. O(1).
133		*
134		* Note that there are no guarantees on the ordering of values inside the
135		* array, and it may change when more values are added or removed.
136		*
137		* Requirements:
138		*
139		* - `index` must be strictly less than {length}.
140		*/
141	14×	function _at(Set storage set, uint256 index) private view returns (bytes32) {
142	42×	return set._values[index];
143		}
144
145		/**
146		* @dev Return the entire set in an array
147		*
148		* WARNING: This operation will copy the entire storage to memory, which can be quite expensive. This is designed
149		* to mostly be used by view accessors that are queried without any gas fees. Developers should keep in mind that
150		* this function has an unbounded cost, and using it as part of a state-changing function may render the function
151		* uncallable if the set grows to a point where copying to memory consumes too much gas to fit in a block.
152		*/
153	12×	function _values(Set storage set) private view returns (bytes32[] memory) {
154	138×	return set._values;
155		}
156
157		// Bytes32Set
158
159		struct Bytes32Set {
160		Set _inner;
161		}
162
163		/**
164		* @dev Add a value to a set. O(1).
165		*
166		* Returns true if the value was added to the set, that is if it was not
167		* already present.
168		*/
169		function add(Bytes32Set storage set, bytes32 value) internal returns (bool) {
170		return _add(set._inner, value);
171		}
172
173		/**
174		* @dev Removes a value from a set. O(1).
175		*
176		* Returns true if the value was removed from the set, that is if it was
177		* present.
178		*/
179		function remove(Bytes32Set storage set, bytes32 value) internal returns (bool) {
180		return _remove(set._inner, value);
181		}
182
183		/**
184		* @dev Returns true if the value is in the set. O(1).
185		*/
186		function contains(Bytes32Set storage set, bytes32 value) internal view returns (bool) {
187		return _contains(set._inner, value);
188		}
189
190		/**
191		* @dev Returns the number of values in the set. O(1).
192		*/
193		function length(Bytes32Set storage set) internal view returns (uint256) {
194		return _length(set._inner);
195		}
196
197		/**
198		* @dev Returns the value stored at position `index` in the set. O(1).
199		*
200		* Note that there are no guarantees on the ordering of values inside the
201		* array, and it may change when more values are added or removed.
202		*
203		* Requirements:
204		*
205		* - `index` must be strictly less than {length}.
206		*/
207		function at(Bytes32Set storage set, uint256 index) internal view returns (bytes32) {
208		return _at(set._inner, index);
209		}
210
211		/**
212		* @dev Return the entire set in an array
213		*
214		* WARNING: This operation will copy the entire storage to memory, which can be quite expensive. This is designed
215		* to mostly be used by view accessors that are queried without any gas fees. Developers should keep in mind that
216		* this function has an unbounded cost, and using it as part of a state-changing function may render the function
217		* uncallable if the set grows to a point where copying to memory consumes too much gas to fit in a block.
218		*/
219		function values(Bytes32Set storage set) internal view returns (bytes32[] memory) {
220		bytes32[] memory store = _values(set._inner);
221		bytes32[] memory result;
222
223		/// @solidity memory-safe-assembly
224		assembly {
225		result := store
226		}
227
228		return result;
229		}
230
231		// AddressSet
232
233		struct AddressSet {
234		Set _inner;
235		}
236
237		/**
238		* @dev Add a value to a set. O(1).
239		*
240		* Returns true if the value was added to the set, that is if it was not
241		* already present.
242		*/
243	8×	function add(AddressSet storage set, address value) internal returns (bool) {
244	9×	return _add(set._inner, bytes32(uint256(uint160(value))));
245		}
246
247		/**
248		* @dev Removes a value from a set. O(1).
249		*
250		* Returns true if the value was removed from the set, that is if it was
251		* present.
252		*/
253		function remove(AddressSet storage set, address value) internal returns (bool) {
254		return _remove(set._inner, bytes32(uint256(uint160(value))));
255		}
256
257		/**
258		* @dev Returns true if the value is in the set. O(1).
259		*/
260	2×	function contains(AddressSet storage set, address value) internal view returns (bool) {
261	3×	return _contains(set._inner, bytes32(uint256(uint160(value))));
262		}
263
264		/**
265		* @dev Returns the number of values in the set. O(1).
266		*/
267		function length(AddressSet storage set) internal view returns (uint256) {
268		return _length(set._inner);
269		}
270
271		/**
272		* @dev Returns the value stored at position `index` in the set. O(1).
273		*
274		* Note that there are no guarantees on the ordering of values inside the
275		* array, and it may change when more values are added or removed.
276		*
277		* Requirements:
278		*
279		* - `index` must be strictly less than {length}.
280		*/
281	4×	function at(AddressSet storage set, uint256 index) internal view returns (address) {
282	10×	return address(uint160(uint256(_at(set._inner, index))));
283		}
284
285		/**
286		* @dev Return the entire set in an array
287		*
288		* WARNING: This operation will copy the entire storage to memory, which can be quite expensive. This is designed
289		* to mostly be used by view accessors that are queried without any gas fees. Developers should keep in mind that
290		* this function has an unbounded cost, and using it as part of a state-changing function may render the function
291		* uncallable if the set grows to a point where copying to memory consumes too much gas to fit in a block.
292		*/
293	4×	function values(AddressSet storage set) internal view returns (address[] memory) {
294	10×	bytes32[] memory store = _values(set._inner);
295		address[] memory result;
296
297		/// @solidity memory-safe-assembly
298		assembly {
299		result := store
300		}
301
302		return result;
303		}
304
305		// UintSet
306
307		struct UintSet {
308		Set _inner;
309		}
310
311		/**
312		* @dev Add a value to a set. O(1).
313		*
314		* Returns true if the value was added to the set, that is if it was not
315		* already present.
316		*/
317		function add(UintSet storage set, uint256 value) internal returns (bool) {
318		return _add(set._inner, bytes32(value));
319		}
320
321		/**
322		* @dev Removes a value from a set. O(1).
323		*
324		* Returns true if the value was removed from the set, that is if it was
325		* present.
326		*/
327		function remove(UintSet storage set, uint256 value) internal returns (bool) {
328		return _remove(set._inner, bytes32(value));
329		}
330
331		/**
332		* @dev Returns true if the value is in the set. O(1).
333		*/
334		function contains(UintSet storage set, uint256 value) internal view returns (bool) {
335		return _contains(set._inner, bytes32(value));
336		}
337
338		/**
339		* @dev Returns the number of values in the set. O(1).
340		*/
341		function length(UintSet storage set) internal view returns (uint256) {
342		return _length(set._inner);
343		}
344
345		/**
346		* @dev Returns the value stored at position `index` in the set. O(1).
347		*
348		* Note that there are no guarantees on the ordering of values inside the
349		* array, and it may change when more values are added or removed.
350		*
351		* Requirements:
352		*
353		* - `index` must be strictly less than {length}.
354		*/
355		function at(UintSet storage set, uint256 index) internal view returns (uint256) {
356		return uint256(_at(set._inner, index));
357		}
358
359		/**
360		* @dev Return the entire set in an array
361		*
362		* WARNING: This operation will copy the entire storage to memory, which can be quite expensive. This is designed
363		* to mostly be used by view accessors that are queried without any gas fees. Developers should keep in mind that
364		* this function has an unbounded cost, and using it as part of a state-changing function may render the function
365		* uncallable if the set grows to a point where copying to memory consumes too much gas to fit in a block.
366		*/
367		function values(UintSet storage set) internal view returns (uint256[] memory) {
368		bytes32[] memory store = _values(set._inner);
369		uint256[] memory result;
370
371		/// @solidity memory-safe-assembly
372		assembly {
373		result := store
374		}
375
376		return result;
377		}
378		}

1		// SPDX-License-Identifier: UNLICENSED
2		// Copyright (c) 2025 Aave Labs
3		pragma solidity 0.8.28;
4
5		import {AccessManager} from 'src/dependencies/openzeppelin/AccessManager.sol';
6		import {EnumerableSet} from 'src/dependencies/openzeppelin/EnumerableSet.sol';
7		import {IAccessManagerEnumerable} from 'src/access/interfaces/IAccessManagerEnumerable.sol';
8
9		/// @title AccessManagerEnumerable
10		/// @author Aave Labs
11		/// @notice Extension of AccessManager that tracks role members and their function selectors using EnumerableSet.
12	115×	contract AccessManagerEnumerable is AccessManager, IAccessManagerEnumerable {
13		using EnumerableSet for EnumerableSet.AddressSet;
14		using EnumerableSet for EnumerableSet.Bytes32Set;
15
16		/// @dev Map of role identifiers to their respective member sets.
17		mapping(uint64 roleId => EnumerableSet.AddressSet) private _roleMembers;
18
19		/// @dev Map of role identifiers and target contract addresses to their respective set of function selectors.
20		mapping(uint64 roleId => mapping(address target => EnumerableSet.Bytes32Set))
21		private _roleTargetFunctions;
22
23	29×	constructor(address initialAdmin_) AccessManager(initialAdmin_) {}
24
25		/// @inheritdoc IAccessManagerEnumerable
26	0	function getRoleMember(uint64 roleId, uint256 index) external view returns (address) {
27	0	return _roleMembers[roleId].at(index);
28		}
29
30		/// @inheritdoc IAccessManagerEnumerable
31	0	function getRoleMemberCount(uint64 roleId) external view returns (uint256) {
32	0	return _roleMembers[roleId].length();
33		}
34
35		/// @inheritdoc IAccessManagerEnumerable
36	0	function getRoleMembers(
37		uint64 roleId,
38		uint256 start,
39		uint256 end
40	0	) external view returns (address[] memory) {
41	0	return _roleMembers[roleId].values(start, end);
42		}
43
44		/// @inheritdoc IAccessManagerEnumerable
45	0	function getRoleTargetFunction(
46		uint64 roleId,
47		address target,
48		uint256 index
49	0	) external view returns (bytes4) {
50	0	return bytes4(_roleTargetFunctions[roleId][target].at(index));
51		}
52
53		/// @inheritdoc IAccessManagerEnumerable
54	0	function getRoleTargetFunctionCount(
55		uint64 roleId,
56		address target
57	0	) external view returns (uint256) {
58	0	return _roleTargetFunctions[roleId][target].length();
59		}
60
61		/// @inheritdoc IAccessManagerEnumerable
62	0	function getRoleTargetFunctions(
63		uint64 roleId,
64		address target,
65		uint256 start,
66		uint256 end
67	0	) external view returns (bytes4[] memory) {
68	0	bytes32[] memory targetFunctions = _roleTargetFunctions[roleId][target].values(start, end);
69		bytes4[] memory targetFunctionSelectors;
70		assembly ('memory-safe') {
71		targetFunctionSelectors := targetFunctions
72		}
73		return targetFunctionSelectors;
74		}
75
76		/// @dev Override AccessManager `_grantRole` function to track role members.
77	3×	function _grantRole(
78		uint64 roleId,
79		address account,
80		uint32 grantDelay,
81		uint32 executionDelay
82	2×	) internal override returns (bool) {
83	10×	bool granted = super._grantRole(roleId, account, grantDelay, executionDelay);
84	5×	if (granted) {
85	19×	_roleMembers[roleId].add(account);
86		}
87	1×	return granted;
88		}
89
90		/// @dev Override AccessManager `_revokeRole` function to remove from tracked role members.
91	0	function _revokeRole(uint64 roleId, address account) internal override returns (bool) {
92	0	bool revoked = super._revokeRole(roleId, account);
93	0	if (revoked) {
94	0	_roleMembers[roleId].remove(account);
95		}
96	0	return revoked;
97		}
98
99		/// @dev Override AccessManager `_setTargetFunctionRole` function to track function selectors attributed to roles.
100	0	function _setTargetFunctionRole(
101		address target,
102		bytes4 selector,
103		uint64 roleId
104		) internal override {
105	0	uint64 oldRoleId = getTargetFunctionRole(target, selector);
106	0	super._setTargetFunctionRole(target, selector, roleId);
107	0	if (oldRoleId != ADMIN_ROLE) {
108	0	_roleTargetFunctions[oldRoleId][target].remove(bytes32(selector));
109		}
110	0	if (roleId != ADMIN_ROLE) {
111	0	_roleTargetFunctions[roleId][target].add(bytes32(selector));
112		}
113		}
114		}

1		// SPDX-License-Identifier: MIT
2		// OpenZeppelin Contracts (last updated v5.4.0) (access/manager/AccessManaged.sol)
3
4		pragma solidity ^0.8.20;
5
6		import {AuthorityUtils} from './AuthorityUtils.sol';
7		import {IAccessManager} from './IAccessManager.sol';
8		import {IAccessManaged} from './IAccessManaged.sol';
9		import {Context} from './Context.sol';
10
11		/**
12		* @dev This contract module makes available a {restricted} modifier. Functions decorated with this modifier will be
13		* permissioned according to an "authority": a contract like {AccessManager} that follows the {IAuthority} interface,
14		* implementing a policy that allows certain callers to access certain functions.
15		*
16		* IMPORTANT: The `restricted` modifier should never be used on `internal` functions, judiciously used in `public`
17		* functions, and ideally only used in `external` functions. See {restricted}.
18		*/
19		abstract contract AccessManaged is Context, IAccessManaged {
20		address private _authority;
21
22		bool private _consumingSchedule;
23
24		/**
25		* @dev Initializes the contract connected to an initial authority.
26		*/
27		constructor(address initialAuthority) {
28	4×	_setAuthority(initialAuthority);
29		}
30
31		/**
32		* @dev Restricts access to a function as defined by the connected Authority for this contract and the
33		* caller and selector of the function that entered the contract.
34		*
35		* [IMPORTANT]
36		* ====
37		* In general, this modifier should only be used on `external` functions. It is okay to use it on `public`
38		* functions that are used as external entry points and are not called internally. Unless you know what you're
39		* doing, it should never be used on `internal` functions. Failure to follow these rules can have critical security
40		* implications! This is because the permissions are determined by the function that entered the contract, i.e. the
41		* function at the bottom of the call stack, and not the function where the modifier is visible in the source code.
42		* ====
43		*
44		* [WARNING]
45		* ====
46		* Avoid adding this modifier to the https://docs.soliditylang.org/en/v0.8.20/contracts.html#receive-ether-function[`receive()`]
47		* function or the https://docs.soliditylang.org/en/v0.8.20/contracts.html#fallback-function[`fallback()`]. These
48		* functions are the only execution paths where a function selector cannot be unambiguously determined from the calldata
49		* since the selector defaults to `0x00000000` in the `receive()` function and similarly in the `fallback()` function
50		* if no calldata is provided. (See {_checkCanCall}).
51		*
52		* The `receive()` function will always panic whereas the `fallback()` may panic depending on the calldata length.
53		* ====
54		*/
55		modifier restricted() {
56	19×	_checkCanCall(_msgSender(), _msgData());
57	3×	_;
58		}
59
60		/// @inheritdoc IAccessManaged
61	6×	function authority() public view virtual returns (address) {
62	6×	return _authority;
63		}
64
65		/// @inheritdoc IAccessManaged
66	3×	function setAuthority(address newAuthority) public virtual {
67		address caller = _msgSender();
68	0	if (caller != authority()) {
69	0	revert AccessManagedUnauthorized(caller);
70		}
71	0	if (newAuthority.code.length == 0) {
72	0	revert AccessManagedInvalidAuthority(newAuthority);
73		}
74	1×	_setAuthority(newAuthority);
75		}
76
77		/// @inheritdoc IAccessManaged
78	0	function isConsumingScheduledOp() public view returns (bytes4) {
79	0	return _consumingSchedule ? this.isConsumingScheduledOp.selector : bytes4(0);
80		}
81
82		/**
83		* @dev Transfers control to a new authority. Internal function with no access restriction. Allows bypassing the
84		* permissions set by the current authority.
85		*/
86	3×	function _setAuthority(address newAuthority) internal virtual {
87	12×	_authority = newAuthority;
88	11×	emit AuthorityUpdated(newAuthority);
89		}
90
91		/**
92		* @dev Reverts if the caller is not allowed to call the function identified by a selector. Panics if the calldata
93		* is less than 4 bytes long.
94		*/
95	20×	function _checkCanCall(address caller, bytes calldata data) internal virtual {
96	20×	(bool immediate, uint32 delay) = AuthorityUtils.canCallWithDelay(
97	8×	authority(),
98	2×	caller,
99	2×	address(this),
100	26×	bytes4(data[0:4])
101		);
102	6×	if (!immediate) {
103	10×	if (delay > 0) {
104	0	_consumingSchedule = true;
105	0	IAccessManager(authority()).consumeScheduledOp(caller, data);
106	0	_consumingSchedule = false;
107		} else {
108	12×	revert AccessManagedUnauthorized(caller);
109		}
110		}
111		}
112		}

1		// SPDX-License-Identifier: MIT
2		// OpenZeppelin Contracts (last updated v5.4.0) (utils/Bytes.sol)
3
4		pragma solidity ^0.8.24;
5
6		import {Math} from './Math.sol';
7
8		/**
9		* @dev Bytes operations.
10		*/
11	0	library Bytes {
12		/**
13		* @dev Forward search for `s` in `buffer`
14		* * If `s` is present in the buffer, returns the index of the first instance
15		* * If `s` is not present in the buffer, returns type(uint256).max
16		*
17		* NOTE: replicates the behavior of https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/indexOf[Javascript's `Array.indexOf`]
18		*/
19		function indexOf(bytes memory buffer, bytes1 s) internal pure returns (uint256) {
20		return indexOf(buffer, s, 0);
21		}
22
23		/**
24		* @dev Forward search for `s` in `buffer` starting at position `pos`
25		* * If `s` is present in the buffer (at or after `pos`), returns the index of the next instance
26		* * If `s` is not present in the buffer (at or after `pos`), returns type(uint256).max
27		*
28		* NOTE: replicates the behavior of https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/indexOf[Javascript's `Array.indexOf`]
29		*/
30		function indexOf(bytes memory buffer, bytes1 s, uint256 pos) internal pure returns (uint256) {
31		uint256 length = buffer.length;
32		for (uint256 i = pos; i < length; ++i) {
33		if (bytes1(_unsafeReadBytesOffset(buffer, i)) == s) {
34		return i;
35		}
36		}
37		return type(uint256).max;
38		}
39
40		/**
41		* @dev Backward search for `s` in `buffer`
42		* * If `s` is present in the buffer, returns the index of the last instance
43		* * If `s` is not present in the buffer, returns type(uint256).max
44		*
45		* NOTE: replicates the behavior of https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/lastIndexOf[Javascript's `Array.lastIndexOf`]
46		*/
47		function lastIndexOf(bytes memory buffer, bytes1 s) internal pure returns (uint256) {
48		return lastIndexOf(buffer, s, type(uint256).max);
49		}
50
51		/**
52		* @dev Backward search for `s` in `buffer` starting at position `pos`
53		* * If `s` is present in the buffer (at or before `pos`), returns the index of the previous instance
54		* * If `s` is not present in the buffer (at or before `pos`), returns type(uint256).max
55		*
56		* NOTE: replicates the behavior of https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/lastIndexOf[Javascript's `Array.lastIndexOf`]
57		*/
58		function lastIndexOf(bytes memory buffer, bytes1 s, uint256 pos) internal pure returns (uint256) {
59		unchecked {
60		uint256 length = buffer.length;
61		for (uint256 i = Math.min(Math.saturatingAdd(pos, 1), length); i > 0; --i) {
62		if (bytes1(_unsafeReadBytesOffset(buffer, i - 1)) == s) {
63		return i - 1;
64		}
65		}
66		return type(uint256).max;
67		}
68		}
69
70		/**
71		* @dev Copies the content of `buffer`, from `start` (included) to the end of `buffer` into a new bytes object in
72		* memory.
73		*
74		* NOTE: replicates the behavior of https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/slice[Javascript's `Array.slice`]
75		*/
76		function slice(bytes memory buffer, uint256 start) internal pure returns (bytes memory) {
77		return slice(buffer, start, buffer.length);
78		}
79
80		/**
81		* @dev Copies the content of `buffer`, from `start` (included) to `end` (excluded) into a new bytes object in
82		* memory.
83		*
84		* NOTE: replicates the behavior of https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/slice[Javascript's `Array.slice`]
85		*/
86		function slice(
87		bytes memory buffer,
88		uint256 start,
89		uint256 end
90		) internal pure returns (bytes memory) {
91		// sanitize
92		uint256 length = buffer.length;
93		end = Math.min(end, length);
94		start = Math.min(start, end);
95
96		// allocate and copy
97		bytes memory result = new bytes(end - start);
98		assembly ('memory-safe') {
99		mcopy(add(result, 0x20), add(add(buffer, 0x20), start), sub(end, start))
100		}
101
102		return result;
103		}
104
105		/**
106		* @dev Reads a bytes32 from a bytes array without bounds checking.
107		*
108		* NOTE: making this function internal would mean it could be used with memory unsafe offset, and marking the
109		* assembly block as such would prevent some optimizations.
110		*/
111		function _unsafeReadBytesOffset(
112		bytes memory buffer,
113		uint256 offset
114		) private pure returns (bytes32 value) {
115		// This is not memory safe in the general case, but all calls to this private function are within bounds.
116		assembly ('memory-safe') {
117		value := mload(add(add(buffer, 0x20), offset))
118		}
119		}
120		}

1		// SPDX-License-Identifier: MIT
2		// OpenZeppelin Contracts (last updated v5.2.0) (proxy/ERC1967/ERC1967Proxy.sol)
3
4		pragma solidity ^0.8.22;
5
6		import {Proxy} from './Proxy.sol';
7		import {ERC1967Utils} from './ERC1967Utils.sol';
8
9		/**
10		* @dev This contract implements an upgradeable proxy. It is upgradeable because calls are delegated to an
11		* implementation address that can be changed. This address is stored in storage in the location specified by
12		* https://eips.ethereum.org/EIPS/eip-1967[ERC-1967], so that it doesn't conflict with the storage layout of the
13		* implementation behind the proxy.
14		*/
15	0	contract ERC1967Proxy is Proxy {
16		/**
17		* @dev Initializes the upgradeable proxy with an initial implementation specified by `implementation`.
18		*
19		* If `_data` is nonempty, it's used as data in a delegate call to `implementation`. This will typically be an
20		* encoded function call, and allows initializing the storage of the proxy like a Solidity constructor.
21		*
22		* Requirements:
23		*
24		* - If `data` is empty, `msg.value` must be zero.
25		*/
26	0	constructor(address implementation, bytes memory _data) payable {
27	0	ERC1967Utils.upgradeToAndCall(implementation, _data);
28		}
29
30		/**
31		* @dev Returns the current implementation address.
32		*
33		* TIP: To get this value clients can read directly from the storage slot shown below (specified by ERC-1967) using
34		* the https://eth.wiki/json-rpc/API#eth_getstorageat[`eth_getStorageAt`] RPC call.
35		* `0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc`
36		*/
37	0	function _implementation() internal view virtual override returns (address) {
38	0	return ERC1967Utils.getImplementation();
39		}
40		}

1		// SPDX-License-Identifier: MIT
2		// OpenZeppelin Contracts (last updated v5.4.0) (proxy/ERC1967/ERC1967Utils.sol)
3
4		pragma solidity ^0.8.21;
5
6		import {IBeacon} from './IBeacon.sol';
7		import {IERC1967} from './IERC1967.sol';
8		import {Address} from './Address.sol';
9		import {StorageSlot} from './StorageSlot.sol';
10
11		/**
12		* @dev This library provides getters and event emitting update functions for
13		* https://eips.ethereum.org/EIPS/eip-1967[ERC-1967] slots.
14		*/
15	0	library ERC1967Utils {
16		/**
17		* @dev Storage slot with the address of the current implementation.
18		* This is the keccak-256 hash of "eip1967.proxy.implementation" subtracted by 1.
19		*/
20		// solhint-disable-next-line private-vars-leading-underscore
21		bytes32 internal constant IMPLEMENTATION_SLOT =
22	0	0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc;
23
24		/**
25		* @dev The `implementation` of the proxy is invalid.
26		*/
27		error ERC1967InvalidImplementation(address implementation);
28
29		/**
30		* @dev The `admin` of the proxy is invalid.
31		*/
32		error ERC1967InvalidAdmin(address admin);
33
34		/**
35		* @dev The `beacon` of the proxy is invalid.
36		*/
37		error ERC1967InvalidBeacon(address beacon);
38
39		/**
40		* @dev An upgrade function sees `msg.value > 0` that may be lost.
41		*/
42		error ERC1967NonPayable();
43
44		/**
45		* @dev Returns the current implementation address.
46		*/
47	0	function getImplementation() internal view returns (address) {
48	0	return StorageSlot.getAddressSlot(IMPLEMENTATION_SLOT).value;
49		}
50
51		/**
52		* @dev Stores a new address in the ERC-1967 implementation slot.
53		*/
54	0	function _setImplementation(address newImplementation) private {
55	0	if (newImplementation.code.length == 0) {
56	0	revert ERC1967InvalidImplementation(newImplementation);
57		}
58	0	StorageSlot.getAddressSlot(IMPLEMENTATION_SLOT).value = newImplementation;
59		}
60
61		/**
62		* @dev Performs implementation upgrade with additional setup call if data is nonempty.
63		* This function is payable only if the setup call is performed, otherwise `msg.value` is rejected
64		* to avoid stuck value in the contract.
65		*
66		* Emits an {IERC1967-Upgraded} event.
67		*/
68	0	function upgradeToAndCall(address newImplementation, bytes memory data) internal {
69	0	_setImplementation(newImplementation);
70	0	emit IERC1967.Upgraded(newImplementation);
71
72	0	if (data.length > 0) {
73	0	Address.functionDelegateCall(newImplementation, data);
74		} else {
75	0	_checkNonPayable();
76		}
77		}
78
79		/**
80		* @dev Storage slot with the admin of the contract.
81		* This is the keccak-256 hash of "eip1967.proxy.admin" subtracted by 1.
82		*/
83		// solhint-disable-next-line private-vars-leading-underscore
84		bytes32 internal constant ADMIN_SLOT =
85		0xb53127684a568b3173ae13b9f8a6016e243e63b6e8ee1178d6a717850b5d6103;
86
87		/**
88		* @dev Returns the current admin.
89		*
90		* TIP: To get this value clients can read directly from the storage slot shown below (specified by ERC-1967) using
91		* the https://eth.wiki/json-rpc/API#eth_getstorageat[`eth_getStorageAt`] RPC call.
92		* `0xb53127684a568b3173ae13b9f8a6016e243e63b6e8ee1178d6a717850b5d6103`
93		*/
94	0	function getAdmin() internal view returns (address) {
95	0	return StorageSlot.getAddressSlot(ADMIN_SLOT).value;
96		}
97
98		/**
99		* @dev Stores a new address in the ERC-1967 admin slot.
100		*/
101	0	function _setAdmin(address newAdmin) private {
102	0	if (newAdmin == address(0)) {
103	0	revert ERC1967InvalidAdmin(address(0));
104		}
105	0	StorageSlot.getAddressSlot(ADMIN_SLOT).value = newAdmin;
106		}
107
108		/**
109		* @dev Changes the admin of the proxy.
110		*
111		* Emits an {IERC1967-AdminChanged} event.
112		*/
113	0	function changeAdmin(address newAdmin) internal {
114	0	emit IERC1967.AdminChanged(getAdmin(), newAdmin);
115	0	_setAdmin(newAdmin);
116		}
117
118		/**
119		* @dev The storage slot of the UpgradeableBeacon contract which defines the implementation for this proxy.
120		* This is the keccak-256 hash of "eip1967.proxy.beacon" subtracted by 1.
121		*/
122		// solhint-disable-next-line private-vars-leading-underscore
123		bytes32 internal constant BEACON_SLOT =
124		0xa3f0ad74e5423aebfd80d3ef4346578335a9a72aeaee59ff6cb3582b35133d50;
125
126		/**
127		* @dev Returns the current beacon.
128		*/
129		function getBeacon() internal view returns (address) {
130		return StorageSlot.getAddressSlot(BEACON_SLOT).value;
131		}
132
133		/**
134		* @dev Stores a new beacon in the ERC-1967 beacon slot.
135		*/
136		function _setBeacon(address newBeacon) private {
137		if (newBeacon.code.length == 0) {
138		revert ERC1967InvalidBeacon(newBeacon);
139		}
140
141		StorageSlot.getAddressSlot(BEACON_SLOT).value = newBeacon;
142
143		address beaconImplementation = IBeacon(newBeacon).implementation();
144		if (beaconImplementation.code.length == 0) {
145		revert ERC1967InvalidImplementation(beaconImplementation);
146		}
147		}
148
149		/**
150		* @dev Change the beacon and trigger a setup call if data is nonempty.
151		* This function is payable only if the setup call is performed, otherwise `msg.value` is rejected
152		* to avoid stuck value in the contract.
153		*
154		* Emits an {IERC1967-BeaconUpgraded} event.
155		*
156		* CAUTION: Invoking this function has no effect on an instance of {BeaconProxy} since v5, since
157		* it uses an immutable beacon without looking at the value of the ERC-1967 beacon slot for
158		* efficiency.
159		*/
160		function upgradeBeaconToAndCall(address newBeacon, bytes memory data) internal {
161		_setBeacon(newBeacon);
162		emit IERC1967.BeaconUpgraded(newBeacon);
163
164		if (data.length > 0) {
165		Address.functionDelegateCall(IBeacon(newBeacon).implementation(), data);
166		} else {
167		_checkNonPayable();
168		}
169		}
170
171		/**
172		* @dev Reverts if `msg.value` is not zero. It can be used to avoid `msg.value` stuck in the contract
173		* if an upgrade doesn't perform an initialization call.
174		*/
175	0	function _checkNonPayable() private {
176	0	if (msg.value > 0) {
177	0	revert ERC1967NonPayable();
178		}
179		}
180		}

1		// SPDX-License-Identifier: MIT
2		pragma solidity ^0.8.4;
3
4		/// @notice Contract for EIP-712 typed structured data hashing and signing.
5		/// @author Solady (https://github.com/vectorized/solady/blob/main/src/utils/EIP712.sol)
6		/// @author Modified from Solbase (https://github.com/Sol-DAO/solbase/blob/main/src/utils/EIP712.sol)
7		/// @author Modified from OpenZeppelin (https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/utils/cryptography/EIP712.sol)
8		///
9		/// @dev Note, this implementation:
10		/// - Uses `address(this)` for the `verifyingContract` field.
11		/// - Does NOT use the optional EIP-712 salt.
12		/// - Does NOT use any EIP-712 extensions.
13		/// This is for simplicity and to save gas.
14		/// If you need to customize, please fork / modify accordingly.
15		abstract contract EIP712 {
16		/´:°•.°+.•´.:˚.°.˚•´.°:°•.°•.•´.:˚.°.˚•´.°:°•.°+.•´.:/
17		/* CONSTANTS AND IMMUTABLES */
18		/.•°:°.´+˚.°.˚:.´•.+°.•°:´.´•.•°.•°:°.´:•˚°.°.˚:.´+°.•*/
19
20		/// @dev `keccak256("EIP712Domain(string name,string version,uint256 chainId,address verifyingContract)")`.
21		bytes32 internal constant _DOMAIN_TYPEHASH =
22		0x8b73c3c69bb8fe3d512ecc4cf759cc79239f7b179b0ffacaa9a75d522b39400f;
23
24		uint256 private immutable _cachedThis;
25		uint256 private immutable _cachedChainId;
26		bytes32 private immutable _cachedNameHash;
27		bytes32 private immutable _cachedVersionHash;
28		bytes32 private immutable _cachedDomainSeparator;
29
30		/´:°•.°+.•´.:˚.°.˚•´.°:°•.°•.•´.:˚.°.˚•´.°:°•.°+.•´.:/
31		/* CONSTRUCTOR */
32		/.•°:°.´+˚.°.˚:.´•.+°.•°:´.´•.•°.•°:°.´:•˚°.°.˚:.´+°.•*/
33
34		/// @dev Cache the hashes for cheaper runtime gas costs.
35		/// In the case of upgradeable contracts (i.e. proxies),
36		/// or if the chain id changes due to a hard fork,
37		/// the domain separator will be seamlessly calculated on-the-fly.
38		constructor() {
39	3×	_cachedThis = uint256(uint160(address(this)));
40	3×	_cachedChainId = block.chainid;
41
42	2×	string memory name;
43		string memory version;
44	2×	if (!_domainNameAndVersionMayChange()) (name, version) = _domainNameAndVersion();
45	11×	bytes32 nameHash = _domainNameAndVersionMayChange() ? bytes32(0) : keccak256(bytes(name));
46	10×	bytes32 versionHash = _domainNameAndVersionMayChange() ? bytes32(0) : keccak256(bytes(version));
47	4×	_cachedNameHash = nameHash;
48	4×	_cachedVersionHash = versionHash;
49
50		bytes32 separator;
51		if (!_domainNameAndVersionMayChange()) {
52		/// @solidity memory-safe-assembly
53		assembly {
54	3×	let m := mload(0x40) // Load the free memory pointer.
55	5×	mstore(m, _DOMAIN_TYPEHASH)
56	7×	mstore(add(m, 0x20), nameHash)
57	7×	mstore(add(m, 0x40), versionHash)
58	5×	mstore(add(m, 0x60), chainid())
59	5×	mstore(add(m, 0x80), address())
60	4×	separator := keccak256(m, 0xa0)
61		}
62		}
63	2×	_cachedDomainSeparator = separator;
64		}
65
66		/´:°•.°+.•´.:˚.°.˚•´.°:°•.°•.•´.:˚.°.˚•´.°:°•.°+.•´.:/
67		/* FUNCTIONS TO OVERRIDE */
68		/.•°:°.´+˚.°.˚:.´•.+°.•°:´.´•.•°.•°:°.´:•˚°.°.˚:.´+°.•*/
69
70		/// @dev Please override this function to return the domain name and version.
71		/// ```
72		/// function _domainNameAndVersion()
73		/// internal
74		/// pure
75		/// virtual
76		/// returns (string memory name, string memory version)
77		/// {
78		/// name = "Solady";
79		/// version = "1";
80		/// }
81		/// ```
82		///
83		/// Note: If the returned result may change after the contract has been deployed,
84		/// you must override `_domainNameAndVersionMayChange()` to return true.
85		function _domainNameAndVersion()
86		internal
87		view
88		virtual
89		returns (string memory name, string memory version);
90
91		/// @dev Returns if `_domainNameAndVersion()` may change
92		/// after the contract has been deployed (i.e. after the constructor).
93		/// Default: false.
94		function _domainNameAndVersionMayChange() internal pure virtual returns (bool result) {}
95
96		/´:°•.°+.•´.:˚.°.˚•´.°:°•.°•.•´.:˚.°.˚•´.°:°•.°+.•´.:/
97		/* HASHING OPERATIONS */
98		/.•°:°.´+˚.°.˚:.´•.+°.•°:´.´•.•°.•°:°.´:•˚°.°.˚:.´+°.•*/
99
100		/// @dev Returns the EIP-712 domain separator.
101	0	function _domainSeparator() internal view virtual returns (bytes32 separator) {
102		if (_domainNameAndVersionMayChange()) {
103		separator = _buildDomainSeparator();
104		} else {
105	0	separator = _cachedDomainSeparator;
106	0	if (_cachedDomainSeparatorInvalidated()) separator = _buildDomainSeparator();
107		}
108		}
109
110		/// @dev Returns the hash of the fully encoded EIP-712 message for this domain,
111		/// given `structHash`, as defined in
112		/// https://eips.ethereum.org/EIPS/eip-712#definition-of-hashstruct.
113		///
114		/// The hash can be used together with {ECDSA-recover} to obtain the signer of a message:
115		/// ```
116		/// bytes32 digest = _hashTypedData(keccak256(abi.encode(
117		/// keccak256("Mail(address to,string contents)"),
118		/// mailTo,
119		/// keccak256(bytes(mailContents))
120		/// )));
121		/// address signer = ECDSA.recover(digest, signature);
122		/// ```
123	0	function _hashTypedData(bytes32 structHash) internal view virtual returns (bytes32 digest) {
124		// We will use `digest` to store the domain separator to save a bit of gas.
125		if (_domainNameAndVersionMayChange()) {
126		digest = _buildDomainSeparator();
127		} else {
128	0	digest = _cachedDomainSeparator;
129	0	if (_cachedDomainSeparatorInvalidated()) digest = _buildDomainSeparator();
130		}
131		/// @solidity memory-safe-assembly
132		assembly {
133		// Compute the digest.
134	0	mstore(0x00, 0x1901000000000000) // Store "\x19\x01".
135	0	mstore(0x1a, digest) // Store the domain separator.
136	0	mstore(0x3a, structHash) // Store the struct hash.
137	0	digest := keccak256(0x18, 0x42)
138		// Restore the part of the free memory slot that was overwritten.
139	0	mstore(0x3a, 0)
140		}
141		}
142
143		/´:°•.°+.•´.:˚.°.˚•´.°:°•.°•.•´.:˚.°.˚•´.°:°•.°+.•´.:/
144		/* EIP-5267 OPERATIONS */
145		/.•°:°.´+˚.°.˚:.´•.+°.•°:´.´•.•°.•°:°.´:•˚°.°.˚:.´+°.•*/
146
147		/// @dev See: https://eips.ethereum.org/EIPS/eip-5267
148	0	function eip712Domain()
149		public
150		view
151		virtual
152		returns (
153	0	bytes1 fields,
154	0	string memory name,
155		string memory version,
156		uint256 chainId,
157		address verifyingContract,
158		bytes32 salt,
159		uint256[] memory extensions
160		)
161		{
162		fields = hex'0f'; // `0b01111`.
163	0	(name, version) = _domainNameAndVersion();
164	0	chainId = block.chainid;
165	0	verifyingContract = address(this);
166		salt = salt; // `bytes32(0)`.
167		extensions = extensions; // `new uint256[](0)`.
168		}
169
170		/´:°•.°+.•´.:˚.°.˚•´.°:°•.°•.•´.:˚.°.˚•´.°:°•.°+.•´.:/
171		/* PRIVATE HELPERS */
172		/.•°:°.´+˚.°.˚:.´•.+°.•°:´.´•.•°.•°:°.´:•˚°.°.˚:.´+°.•*/
173
174		/// @dev Returns the EIP-712 domain separator.
175	0	function _buildDomainSeparator() private view returns (bytes32 separator) {
176		// We will use `separator` to store the name hash to save a bit of gas.
177		bytes32 versionHash;
178		if (_domainNameAndVersionMayChange()) {
179		(string memory name, string memory version) = _domainNameAndVersion();
180		separator = keccak256(bytes(name));
181		versionHash = keccak256(bytes(version));
182		} else {
183	0	separator = _cachedNameHash;
184	0	versionHash = _cachedVersionHash;
185		}
186		/// @solidity memory-safe-assembly
187		assembly {
188	0	let m := mload(0x40) // Load the free memory pointer.
189	0	mstore(m, _DOMAIN_TYPEHASH)
190	0	mstore(add(m, 0x20), separator) // Name hash.
191	0	mstore(add(m, 0x40), versionHash)
192	0	mstore(add(m, 0x60), chainid())
193	0	mstore(add(m, 0x80), address())
194	0	separator := keccak256(m, 0xa0)
195		}
196		}
197
198		/// @dev Returns if the cached domain separator has been invalidated.
199	0	function _cachedDomainSeparatorInvalidated() private view returns (bool result) {
200	0	uint256 cachedChainId = _cachedChainId;
201	0	uint256 cachedThis = _cachedThis;
202		/// @solidity memory-safe-assembly
203		assembly {
204	0	result := iszero(and(eq(chainid(), cachedChainId), eq(address(), cachedThis)))
205		}
206		}
207		}

1		// SPDX-License-Identifier: MIT
2		pragma solidity ^0.8.4;
3
4		// trimmed https://github.com/Vectorized/solady/blob/ba711c9fa6a2dc7b2b7707f7fe136b5133379c03/src/utils/LibBit.sol
5
6		/// @notice Library for bit twiddling and boolean operations.
7		/// @author Solady (https://github.com/vectorized/solady/blob/main/src/utils/LibBit.sol)
8		/// @author Inspired by (https://graphics.stanford.edu/~seander/bithacks.html)
9	0	library LibBit {
10		/// @dev Returns the number of set bits in `x`.
11	1×	function popCount(uint256 x) internal pure returns (uint256 c) {
12		/// @solidity memory-safe-assembly
13		assembly {
14		let max := not(0)
15	4×	let isMax := eq(x, max)
16	7×	x := sub(x, and(shr(1, x), div(max, 3)))
17	11×	x := add(and(x, div(max, 5)), and(shr(2, x), div(max, 5)))
18	7×	x := and(add(x, shr(4, x)), div(max, 17))
19	8×	c := or(shl(8, isMax), shr(248, mul(x, div(max, 255))))
20		}
21		}
22
23		/// @dev Find last set.
24		/// Returns the index of the most significant bit of `x`,
25		/// counting from the least significant bit position.
26		/// If `x` is zero, returns 256.
27	2×	function fls(uint256 x) internal pure returns (uint256 r) {
28		/// @solidity memory-safe-assembly
29		assembly {
30	8×	r := or(shl(8, iszero(x)), shl(7, lt(0xffffffffffffffffffffffffffffffff, x)))
31	7×	r := or(r, shl(6, lt(0xffffffffffffffff, shr(r, x))))
32	8×	r := or(r, shl(5, lt(0xffffffff, shr(r, x))))
33	8×	r := or(r, shl(4, lt(0xffff, shr(r, x))))
34	8×	r := or(r, shl(3, lt(0xff, shr(r, x))))
35		// forgefmt: disable-next-item
36	2×	r := or(
37		r,
38	1×	byte(
39	7×	and(0x1f, shr(shr(r, x), 0x8421084210842108cc6318c6db6d54be)),
40	1×	0x0706060506020504060203020504030106050205030304010505030400000000
41		)
42		)
43		}
44		}
45		}

1		// SPDX-License-Identifier: GPL-2.0
2		pragma solidity ^0.8.0;
3
4		import {Setup} from "./Setup.sol";
5		import {ISpoke} from "src/spoke/interfaces/ISpoke.sol";
6		import {LiquidationLogic} from "src/spoke/libraries/LiquidationLogic.sol";
7
8
9		// ghost variables for tracking state variable values before and after function calls
10		abstract contract BeforeAfter is Setup {
11		enum Operation {
12		None,
13		SetPrice
14		}
15
16		struct Vars {
17		bool isAnyUserLiquidatable;
18		Operation operation;
19		}
20
21		Vars internal _before;
22		Vars internal _after;
23
24		mapping(uint256 assetId => uint256 maxDrawnIndexSeen) internal ghost_maxDrawnIndexSeen;
25		mapping(uint256 assetId => uint256 maxSupplySharePriceAssetsSeen) internal ghost_maxSupplySharePriceAssetsSeen;
26		mapping(uint256 assetId => uint256 maxSupplySharePriceSharesSeen) internal ghost_maxSupplySharePriceSharesSeen;
27
28		/// === MODIFIERS === ///
29		/// Prank admin and actor
30
31		modifier asAdmin {
32	423×	vm.startPrank(ADMIN);
33	36×	__before();
34		_;
35	26×	__after();
36	134×	vm.stopPrank();
37		}
38
39		modifier asActor {
40	416×	vm.startPrank(address(_getActor()));
41	32×	__before();
42		_;
43	11×	__after();
44	86×	vm.stopPrank();
45		}
46
47	1×	function __before() internal {
48	4×	__snapshot(_before);
49		}
50
51	1×	function __after() internal {
52	4×	__snapshot(_after);
53		}
54
55	1×	function __snapshot(Vars storage vars) internal {
56	2×	vars.isAnyUserLiquidatable = false;
57	3×	vars.operation = Operation.None;
58
59	5×	address[] memory actors = _getActors();
60	12×	for(uint256 i = 0; i < actors.length; i++) {
61	24×	address actor = actors[i];
62	67×	ISpoke.UserAccountData memory actorAccountData = iSpoke.getUserAccountData(actor);
63	21×	vars.isAnyUserLiquidatable = vars.isAnyUserLiquidatable \|\| (actorAccountData.healthFactor < LiquidationLogic.HEALTH_FACTOR_LIQUIDATION_THRESHOLD);
64		}
65		}
66
67	2×	function _updateMonotonicGhosts(uint256 assetId) internal {
68	61×	uint256 currentDrawnIndex = iHub.getAssetDrawnIndex(assetId);
69	17×	if (currentDrawnIndex > ghost_maxDrawnIndexSeen[assetId]) {
70	13×	ghost_maxDrawnIndexSeen[assetId] = currentDrawnIndex;
71		}
72
73	60×	uint256 addedShares = iHub.getAddedShares(assetId);
74	4×	if (addedShares > 0) {
75	61×	uint256 addedAssets = iHub.getAddedAssets(assetId);
76	15×	uint256 maxAssets = ghost_maxSupplySharePriceAssetsSeen[assetId];
77	8×	uint256 maxShares = ghost_maxSupplySharePriceSharesSeen[assetId];
78	23×	if (maxShares == 0 \|\| maxAssets * addedShares <= addedAssets * maxShares) {
79	17×	ghost_maxSupplySharePriceAssetsSeen[assetId] = addedAssets;
80	10×	ghost_maxSupplySharePriceSharesSeen[assetId] = addedShares;
81		}
82		}
83		}
84		}

1		// SPDX-License-Identifier: GPL-2.0
2		pragma solidity ^0.8.0;
3
4		import {CryticAsserts} from "@chimera/CryticAsserts.sol";
5
6		import {TargetFunctions} from "./TargetFunctions.sol";
7
8		// echidna tests/recon/CryticTester.sol --contract CryticTester --config echidna.yaml --format text --workers 32 --test-limit 1000000000
9		// medusa fuzz
10	378×	contract CryticTester is TargetFunctions, CryticAsserts {
11		constructor() payable {
12	4×	setup();
13		}
14		}

1		// SPDX-License-Identifier: GPL-2.0
2		pragma solidity ^0.8.0;
3
4		import {Asserts} from "@chimera/Asserts.sol";
5		import {BeforeAfter} from "./BeforeAfter.sol";
6
7		/// @notice Invariants are written to support both Echidna property mode (bool) and optimization mode (int256).
8		/// @dev Default is property mode; to switch, run:
9		/// `sed -i '' -e 's/OPTIMIZATION_MODE = false/OPTIMIZATION_MODE = true/' -e 's/public returns (bool)/public returns (int256 maxViolation)/g' -e 's/return maxViolation <= 0;/return maxViolation;/g' tests/recon/Properties.sol`
10		/// This keeps the same invariant logic but changes the return type and value so fuzzers can optimize on a
11		/// signed percentage target where <= 0 is success and > 0 is a violation, while skipping assertions.
12		abstract contract Properties is BeforeAfter, Asserts {
13	3×	int256 internal constant PERCENT = int256(1e18);
14		bool internal constant OPTIMIZATION_MODE = false;
15
16		/// @dev Avoids Low likelihood scenarios in Audit Contest
17	2×	uint256 internal constant MIN_TOTAL_SUPPLIED = 1e6;
18
19		string constant ASSERTION_LIQUIDATION_CALL_DOS = "!!! iSpoke_liquidationCall DoS";
20		string constant ASSERTION_REPAY_DOS = "!!! iSpoke_repay DoS";
21		string constant ASSERTION_SUPPLY_DOS = "!!! iSpoke_supply DoS";
22		string constant ASSERTION_WITHDRAW_DOS = "!!! iSpoke_withdraw DoS";
23		string constant ASSERTION_MINT_FEE_SHARES_PPS_CHANGE = "!!! iHub_mintFeeShares PPS change";
24		string constant ASSERTION_CANARY = "!!! canary assertion";
25
26		/// @dev Avoids invalidated issues by only implementing pre-vetted list of Audit Contest invariants
27		/// @dev Reference https://audits.sherlock.xyz/contests/1209
28		string constant INVARIANT_1_TOTAL_BORROWED_LESS_THAN_SUPPLIED_V0 =
29		"Invariant 1: Total borrowed assets <= total supplied assets (v0)";
30		string constant INVARIANT_1_TOTAL_BORROWED_LESS_THAN_SUPPLIED_V1 =
31		"Invariant 1: Total borrowed assets <= total supplied assets (v1)";
32		string constant INVARIANT_1_TOTAL_BORROWED_LESS_THAN_SUPPLIED_V2 =
33		"Invariant 1: Total borrowed assets <= total supplied assets (v2)";
34		string constant INVARIANT_2_TOTAL_BORROWED_SHARES_MATCHES_SPOKE_SUM =
35		"Invariant 2: Total borrowed shares == sum of Spoke debt shares";
36		string constant INVARIANT_3_HUB_ADDED_ASSETS_GREATER_THAN_SPOKE_SUM =
37		"Invariant 3: Hub added assets >= sum of Spoke added assets (converted from shares)";
38		string constant INVARIANT_4_HUB_ADDED_SHARES_MATCHES_SPOKE_SUM =
39		"Invariant 4: Hub added shares == sum of Spoke added shares";
40		string constant INVARIANT_5_SUPPLY_SHARE_PRICE_AND_DRAWN_INDEX_MONOTONIC =
41		"Invariant 5: Supply share price and drawn index cannot decrease";
42
43		/// @dev Add extra 'Holy grail' property
44		string constant INVARIANT_HOLY_GRAIL_SHOULD_NOT_BECOME_LIQUIDATABLE =
45		"Holy grail: Users should not become liquidatable except by price change";
46		string constant INVARIANT_CANARY_GLOBAL_INVARIANT_FAILURE = "Canary invariant";
47
48	2×	function _relativeDiff(int256 diff, uint256 denom) internal pure returns (int256) {
49	6×	if (denom == 0) {
50	6×	if (diff == 0) {
51	3×	return 0;
52		}
53	11×	return diff > 0 ? type(int256).max : type(int256).min;
54		}
55	11×	return (diff * PERCENT) / int256(denom);
56		}
57
58	2×	function _abs(int256 value) internal pure returns (int256) {
59	8×	return value < 0 ? -value : value;
60		}
61
62		/// @notice Invariant 1: Total borrowed assets <= total supplied assets (v0)
63		/// @dev Uses definition assumed by the auditors
64	8×	function invariant_totalBorrowedLessThanSupplied_v0() public returns (bool) {
65	69×	uint256 assetCount = iHub.getAssetCount();
66	1×	int256 maxViolation = type(int256).min;
67
68	16×	for (uint256 i = 0; i < assetCount; i++) {
69	61×	uint256 totalBorrowed = iHub.getAssetTotalOwed(i);
70	63×	uint256 totalSupplied = iHub.getAddedShares(i);
71
72	12×	int256 diff = totalBorrowed >= totalSupplied
73	6×	? int256(totalBorrowed - totalSupplied)
74	11×	: -int256(totalSupplied - totalBorrowed);
75	9×	int256 relativeDiff = _relativeDiff(diff, totalSupplied);
76	7×	if (relativeDiff > maxViolation) {
77	3×	maxViolation = relativeDiff;
78		}
79		}
80		if (!OPTIMIZATION_MODE) {
81	25×	t(maxViolation <= 0, INVARIANT_1_TOTAL_BORROWED_LESS_THAN_SUPPLIED_V0);
82		}
83	3×	return maxViolation <= 0;
84		}
85
86		/// @notice Invariant 1: Total borrowed assets <= total supplied assets (v1)
87		/// @dev Uses definition provided by the protocol team
88	6×	function invariant_totalBorrowedLessThanSupplied_v1() public returns (bool) {
89	69×	uint256 assetCount = iHub.getAssetCount();
90	1×	int256 maxViolation = type(int256).min;
91
92	17×	for (uint256 i = 0; i < assetCount; i++) {
93	61×	uint256 totalBorrowed = iHub.getAssetTotalOwed(i);
94	190×	uint256 totalSupplied = iHub.previewRemoveByShares(i, iHub.getAddedShares(i)) + iHub.getAssetAccruedFees(i);
95
96	5×	if (totalSupplied <= MIN_TOTAL_SUPPLIED) {
97	4×	continue;
98		}
99
100	12×	int256 diff = totalBorrowed >= totalSupplied
101	6×	? int256(totalBorrowed - totalSupplied)
102	11×	: -int256(totalSupplied - totalBorrowed);
103	9×	int256 relativeDiff = _relativeDiff(diff, totalSupplied);
104	7×	if (relativeDiff > maxViolation) {
105	3×	maxViolation = relativeDiff;
106		}
107		}
108		if (!OPTIMIZATION_MODE) {
109	24×	t(maxViolation <= 0, INVARIANT_1_TOTAL_BORROWED_LESS_THAN_SUPPLIED_V1);
110		}
111		return maxViolation <= 0;
112		}
113
114		/// @notice Invariant 1: Total borrowed assets <= total supplied assets (v2)
115		/// @dev Uses definition provided by the protocol team with auditors fix
116	6×	function invariant_totalBorrowedLessThanSupplied_v2() public returns (bool) {
117	69×	uint256 assetCount = iHub.getAssetCount();
118	1×	int256 maxViolation = type(int256).min;
119
120	17×	for (uint256 i = 0; i < assetCount; i++) {
121	61×	uint256 totalBorrowed = iHub.getAssetTotalOwed(i);
122	128×	uint256 totalSupplied = iHub.getAddedAssets(i) + iHub.getAssetAccruedFees(i);
123
124	5×	if (totalSupplied <= MIN_TOTAL_SUPPLIED) {
125	4×	continue;
126		}
127
128	12×	int256 diff = totalBorrowed >= totalSupplied
129	6×	? int256(totalBorrowed - totalSupplied)
130	11×	: -int256(totalSupplied - totalBorrowed);
131	9×	int256 relativeDiff = _relativeDiff(diff, totalSupplied);
132	7×	if (relativeDiff > maxViolation) {
133	3×	maxViolation = relativeDiff;
134		}
135		}
136		if (!OPTIMIZATION_MODE) {
137	24×	t(maxViolation <= 0, INVARIANT_1_TOTAL_BORROWED_LESS_THAN_SUPPLIED_V2);
138		}
139		return maxViolation <= 0;
140		}
141
142		/// @notice Invariant 2: Total borrowed shares == sum of Spoke debt shares
143	6×	function invariant_totalBorrowedSharesMatchesSpokeSum() public returns (bool) {
144	69×	uint256 assetCount = iHub.getAssetCount();
145	1×	int256 maxViolation = type(int256).min;
146
147	16×	for (uint256 i = 0; i < assetCount; i++) {
148	61×	uint256 hubDrawnShares = iHub.getAssetDrawnShares(i);
149	62×	uint256 spokesCount = iHub.getSpokeCount(i);
150
151	2×	uint256 sumSpokeDrawnShares = 0;
152	13×	for (uint256 j = 0; j < spokesCount; j++) {
153	63×	address spoke = iHub.getSpokeAddress(i, j);
154	70×	sumSpokeDrawnShares += iHub.getSpokeDrawnShares(i, spoke);
155		}
156
157	10×	int256 diff = hubDrawnShares >= sumSpokeDrawnShares
158	6×	? int256(hubDrawnShares - sumSpokeDrawnShares)
159	0	: -int256(sumSpokeDrawnShares - hubDrawnShares);
160	13×	int256 relativeDiff = _relativeDiff(_abs(diff), sumSpokeDrawnShares);
161	7×	if (relativeDiff > maxViolation) {
162	3×	maxViolation = relativeDiff;
163		}
164		}
165		if (!OPTIMIZATION_MODE) {
166	24×	t(maxViolation <= 0, INVARIANT_2_TOTAL_BORROWED_SHARES_MATCHES_SPOKE_SUM);
167		}
168		return maxViolation <= 0;
169		}
170
171		/// @notice Invariant 3: Hub added assets >= sum of Spoke added assets (converted from shares)
172	6×	function invariant_hubAddedAssetsGreaterThanSpokeSum() public returns (bool) {
173	69×	uint256 assetCount = iHub.getAssetCount();
174	1×	int256 maxViolation = type(int256).min;
175
176	16×	for (uint256 i = 0; i < assetCount; i++) {
177	61×	uint256 addedShares = iHub.getAddedShares(i);
178	63×	uint256 hubAddedAssets = iHub.previewRemoveByShares(i, addedShares);
179	62×	uint256 spokesCount = iHub.getSpokeCount(i);
180
181	2×	uint256 sumSpokeAddedAssets = 0;
182	13×	for (uint256 j = 0; j < spokesCount; j++) {
183	63×	address spoke = iHub.getSpokeAddress(i, j);
184	70×	sumSpokeAddedAssets += iHub.getSpokeAddedAssets(i, spoke);
185		}
186
187	12×	int256 diff = sumSpokeAddedAssets >= hubAddedAssets
188	6×	? int256(sumSpokeAddedAssets - hubAddedAssets)
189	11×	: -int256(hubAddedAssets - sumSpokeAddedAssets);
190	9×	int256 relativeDiff = _relativeDiff(diff, sumSpokeAddedAssets);
191	7×	if (relativeDiff > maxViolation) {
192	3×	maxViolation = relativeDiff;
193		}
194		}
195		if (!OPTIMIZATION_MODE) {
196	24×	t(maxViolation <= 0, INVARIANT_3_HUB_ADDED_ASSETS_GREATER_THAN_SPOKE_SUM);
197		}
198		return maxViolation <= 0;
199		}
200
201		/// @notice Invariant 4: Hub added shares == sum of Spoke added shares
202	6×	function invariant_hubAddedSharesMatchesSpokeSum() public returns (bool) {
203	69×	uint256 assetCount = iHub.getAssetCount();
204	1×	int256 maxViolation = type(int256).min;
205
206	16×	for (uint256 i = 0; i < assetCount; i++) {
207	61×	uint256 hubAddedShares = iHub.getAddedShares(i);
208	62×	uint256 spokesCount = iHub.getSpokeCount(i);
209
210	2×	uint256 sumSpokeAddedShares = 0;
211	13×	for (uint256 j = 0; j < spokesCount; j++) {
212	63×	address spoke = iHub.getSpokeAddress(i, j);
213	70×	sumSpokeAddedShares += iHub.getSpokeAddedShares(i, spoke);
214		}
215
216	10×	int256 diff = hubAddedShares >= sumSpokeAddedShares
217	6×	? int256(hubAddedShares - sumSpokeAddedShares)
218	0	: -int256(sumSpokeAddedShares - hubAddedShares);
219	9×	int256 relativeDiff = _relativeDiff(_abs(diff), sumSpokeAddedShares);
220	7×	if (relativeDiff > maxViolation) {
221	3×	maxViolation = relativeDiff;
222		}
223		}
224		if (!OPTIMIZATION_MODE) {
225	24×	t(maxViolation <= 0, INVARIANT_4_HUB_ADDED_SHARES_MATCHES_SPOKE_SUM);
226		}
227		return maxViolation <= 0;
228		}
229
230		/// @notice Invariant 5: Supply share price and drawn index cannot decrease
231	6×	function invariant_supplySharePriceAndDrawnIndexMonotonic() public returns (bool) {
232	69×	uint256 assetCount = iHub.getAssetCount();
233	1×	int256 maxViolation = type(int256).min;
234
235	12×	for (uint256 i = 0; i < assetCount; i++) {
236	61×	uint256 currentDrawnIndex = iHub.getAssetDrawnIndex(i);
237	11×	uint256 maxDrawnIndexSeen = ghost_maxDrawnIndexSeen[i];
238
239	7×	if (maxDrawnIndexSeen > 0) {
240	10×	int256 diff = currentDrawnIndex >= maxDrawnIndexSeen
241	11×	? -int256(currentDrawnIndex - maxDrawnIndexSeen)
242	0	: int256(maxDrawnIndexSeen - currentDrawnIndex);
243	9×	int256 relativeDiff = _relativeDiff(diff, maxDrawnIndexSeen);
244	7×	if (relativeDiff > maxViolation) {
245	3×	maxViolation = relativeDiff;
246		}
247		}
248
249	60×	uint256 addedShares = iHub.getAddedShares(i);
250	8×	if (addedShares > 0) {
251	61×	uint256 addedAssets = iHub.getAddedAssets(i);
252	15×	uint256 maxAssets = ghost_maxSupplySharePriceAssetsSeen[i];
253	8×	uint256 maxShares = ghost_maxSupplySharePriceSharesSeen[i];
254
255	9×	if (maxShares > 0) {
256	8×	uint256 lhs = addedAssets * maxShares;
257	9×	uint256 rhs = maxAssets * addedShares;
258	29×	int256 diff = lhs >= rhs ? -int256(lhs - rhs) : int256(rhs - lhs);
259	9×	int256 relativeDiff = _relativeDiff(diff, rhs);
260	7×	if (relativeDiff > maxViolation) {
261	3×	maxViolation = relativeDiff;
262		}
263		}
264		}
265
266	5×	_updateMonotonicGhosts(i);
267		}
268		if (!OPTIMIZATION_MODE) {
269	24×	t(maxViolation <= 0, INVARIANT_5_SUPPLY_SHARE_PRICE_AND_DRAWN_INDEX_MONOTONIC);
270		}
271		return maxViolation <= 0;
272		}
273
274		/// @dev Reference https://www.certora.com/blog/the-holy-grail
275	6×	function invariant_shouldNotBecomeLiquidatable() public returns (bool) {
276		int256 maxViolation = type(int256).min;
277	20×	if (_after.operation != Operation.SetPrice) {
278	24×	int256 diff = (_before.isAnyUserLiquidatable \|\| !_after.isAnyUserLiquidatable) ? int256(0) : PERCENT;
279	7×	if (diff > maxViolation) {
280	3×	maxViolation = diff;
281		}
282		}
283		if (!OPTIMIZATION_MODE) {
284	24×	t(maxViolation <= 0, INVARIANT_HOLY_GRAIL_SHOULD_NOT_BECOME_LIQUIDATABLE);
285		}
286		return maxViolation <= 0;
287		}
288
289		/// @dev Canary assertion helper. A failing input is expected to be discovered during fuzzing.
290	15×	function assert_canary_ASSERTION_CANARY(uint256 entropy) public {
291	24×	t(entropy > 0, ASSERTION_CANARY);
292		}
293
294		/// @dev Canary global invariant expected to fail immediately.
295	19×	function invariant_canary() public returns (bool) {
296		int256 maxViolation = PERCENT;
297		if (!OPTIMIZATION_MODE) {
298	24×	t(maxViolation <= 0, INVARIANT_CANARY_GLOBAL_INVARIANT_FAILURE);
299		}
300	3×	return maxViolation <= 0;
301		}
302		}

1		// SPDX-License-Identifier: GPL-2.0
2		pragma solidity ^0.8.0;
3
4		// Chimera deps
5		import {BaseSetup} from "@chimera/BaseSetup.sol";
6		import {vm} from "@chimera/Hevm.sol";
7
8		// Managers
9		import {ActorManager} from "@recon/ActorManager.sol";
10		import {AssetManager} from "@recon/AssetManager.sol";
11
12		// Helpers
13		import {Utils as ReconUtils} from "@recon/Utils.sol";
14
15		// Your deps
16		import "src/spoke/interfaces/IAaveOracle.sol";
17		import "src/hub/interfaces/IHub.sol";
18		import "src/spoke/interfaces/ISpoke.sol";
19
20		import "tests/Base.t.sol";
21
22		abstract contract Setup is BaseSetup, ActorManager, AssetManager, ReconUtils, Base {
23		mapping(address underlying => uint256 maxAmount) internal _maxByUnderlying;
24
25		IAaveOracle iAaveOracle;
26		IHub iHub;
27		ISpoke iSpoke;
28
29		/// === Setup === ///
30		/// This contains all calls to be performed in the tester constructor, both for Echidna and Foundry
31	2×	function setup() internal virtual override {
32	4×	deployFixtures();
33	4×	initEnvironment();
34
35	15×	iAaveOracle = oracle1;
36	16×	iHub = hub1;
37	14×	iSpoke = spoke1;
38
39	8×	_addAsset(address(tokenList.weth));
40	98×	_maxByUnderlying[address(tokenList.weth)] = 10e3 * 10 ** tokenList.weth.decimals();
41	8×	_addAsset(address(tokenList.usdx));
42	98×	_maxByUnderlying[address(tokenList.usdx)] = 100e3 * 10 ** tokenList.usdx.decimals();
43	8×	_addAsset(address(tokenList.dai));
44	98×	_maxByUnderlying[address(tokenList.dai)] = 100e3 * 10 ** tokenList.dai.decimals();
45	8×	_addAsset(address(tokenList.wbtc));
46	98×	_maxByUnderlying[address(tokenList.wbtc)] = 10e3 * 10 ** tokenList.wbtc.decimals();
47	8×	_addAsset(address(tokenList.usdy));
48	98×	_maxByUnderlying[address(tokenList.usdy)] = 100e3 * 10 ** tokenList.usdy.decimals();
49	8×	_addAsset(address(tokenList.usdz));
50	96×	_maxByUnderlying[address(tokenList.usdz)] = 100e3 * 10 ** tokenList.usdz.decimals();
51
52	5×	_switchAsset(0);
53
54	8×	_addActor(alice);
55	8×	_addActor(bob);
56	8×	_addActor(LIQUIDATOR);
57
58	6×	_switchActor(0);
59		}
60
61		/// === HELPERS === ///
62		/// Get the max amount for a given reserve based on its underlying token decimals (avoids Low likelihood scenarios in Audit Contest)
63	7×	function _max(uint256 reserveId) internal view returns (uint256) {
64	61×	ISpoke.Reserve memory reserve = iSpoke.getReserve(reserveId);
65	4×	address underlying = reserve.underlying;
66	12×	uint256 maxAmount = _maxByUnderlying[underlying];
67	4×	require(maxAmount > 0, "Max not set for underlying");
68	1×	return maxAmount;
69		}
70		}

1		// SPDX-License-Identifier: GPL-2.0
2		pragma solidity ^0.8.0;
3
4		import {BaseTargetFunctions} from "@chimera/BaseTargetFunctions.sol";
5		import {BeforeAfter} from "../BeforeAfter.sol";
6		import {Properties} from "../Properties.sol";
7		// Chimera deps
8		import {vm} from "@chimera/Hevm.sol";
9
10		// Helpers
11		import {Panic} from "@recon/Panic.sol";
12
13		import "src/spoke/interfaces/IAaveOracle.sol";
14		import "src/dependencies/chainlink/AggregatorV3Interface.sol";
15		import "src/spoke/AaveOracle.sol";
16		import "tests/mocks/MockPriceFeed.sol";
17
18		abstract contract IAaveOracleTargets is
19		BaseTargetFunctions,
20		Properties
21		{
22		/// Price can change by up to 100x or 1/100x (avoids Low likelihood scenarios in Audit Contest)
23	2×	uint256 private constant MAX_PRICE_CHANGE_FACTOR = 100;
24		mapping(uint256 reserveId => uint256 originalPrice) private _originalPrices;
25		/// CUSTOM TARGET FUNCTIONS - Add your own target functions here ///
26
27
28		/// AUTO GENERATED TARGET FUNCTIONS - WARNING: DO NOT DELETE OR MODIFY THIS LINE ///
29
30		function iAaveOracle_setReserveSource(uint256 reserveId, address source) private asActor {
31		iAaveOracle.setReserveSource(reserveId, source);
32		}
33
34	11×	function iAaveOracle_setPrice(uint256 reserveId, uint256 price) public asAdmin {
35	68×	uint256 reserveCount = iSpoke.getReserveCount();
36	6×	require(reserveCount > 0);
37
38	11×	reserveId = between(reserveId, 0, reserveCount - 1);
39
40	8×	uint256 basePrice = _getOriginalPrice(reserveId);
41
42	13×	price = between(price, basePrice / MAX_PRICE_CHANGE_FACTOR, basePrice * MAX_PRICE_CHANGE_FACTOR);
43	70×	AaveOracle oracle = AaveOracle(iSpoke.ORACLE());
44	5×	address mockPriceFeed = address(
45	148×	new MockPriceFeed(oracle.DECIMALS(), oracle.DESCRIPTION(), price)
46		);
47	45×	iSpoke.updateReservePriceSource(reserveId, mockPriceFeed);
48	8×	_after.operation = Operation.SetPrice;
49		}
50
51	10×	function _getOriginalPrice(uint256 reserveId) private returns (uint256 originalPrice) {
52	11×	originalPrice = _originalPrices[reserveId];
53	7×	if (originalPrice == 0) {
54	117×	(, int256 answer,,,) = AggregatorV3Interface(iAaveOracle.getReserveSource(reserveId)).latestRoundData();
55		originalPrice = uint256(answer);
56	13×	_originalPrices[reserveId] = originalPrice;
57		}
58		}
59		}