// SPDX-License-Identifier: MIT

pragma solidity >=0.6.0 <0.8.0;

/*
 * @dev Provides information about the current execution context, including the
 * sender of the transaction and its data. While these are generally available
 * via msg.sender and msg.data, they should not be accessed in such a direct
 * manner, since when dealing with GSN meta-transactions the account sending and
 * paying for execution may not be the actual sender (as far as an application
 * is concerned).
 *
 * This contract is only required for intermediate, library-like contracts.
 */
abstract contract Context {
    function _msgSender() internal view virtual returns (address payable) {
        return msg.sender;
    }

    function _msgData() internal view virtual returns (bytes memory) {
        this; // silence state mutability warning without generating bytecode - see https://github.com/ethereum/solidity/issues/2691
        return msg.data;
    }
}

// SPDX-License-Identifier: MIT

pragma solidity >=0.6.0 <0.8.0;

/**
 * @dev Interface of the ERC20 standard as defined in the EIP.
 */
interface IERC20 {
    /**
     * @dev Returns the amount of tokens in existence.
     */
    function totalSupply() external view returns (uint256);

    /**
     * @dev Returns the amount of tokens owned by `account`.
     */
    function balanceOf(address account) external view returns (uint256);

    /**
     * @dev Moves `amount` tokens from the caller's account to `recipient`.
     *
     * Returns a boolean value indicating whether the operation succeeded.
     *
     * Emits a {Transfer} event.
     */
    function transfer(address recipient, uint256 amount) external returns (bool);

    /**
     * @dev Returns the remaining number of tokens that `spender` will be
     * allowed to spend on behalf of `owner` through {transferFrom}. This is
     * zero by default.
     *
     * This value changes when {approve} or {transferFrom} are called.
     */
    function allowance(address owner, address spender) external view returns (uint256);

    /**
     * @dev Sets `amount` as the allowance of `spender` over the caller's tokens.
     *
     * Returns a boolean value indicating whether the operation succeeded.
     *
     * IMPORTANT: Beware that changing an allowance with this method brings the risk
     * that someone may use both the old and the new allowance by unfortunate
     * transaction ordering. One possible solution to mitigate this race
     * condition is to first reduce the spender's allowance to 0 and set the
     * desired value afterwards:
     * https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729
     *
     * Emits an {Approval} event.
     */
    function approve(address spender, uint256 amount) external returns (bool);

    /**
     * @dev Moves `amount` tokens from `sender` to `recipient` using the
     * allowance mechanism. `amount` is then deducted from the caller's
     * allowance.
     *
     * Returns a boolean value indicating whether the operation succeeded.
     *
     * Emits a {Transfer} event.
     */
    function transferFrom(address sender, address recipient, uint256 amount) external returns (bool);

    /**
     * @dev Emitted when `value` tokens are moved from one account (`from`) to
     * another (`to`).
     *
     * Note that `value` may be zero.
     */
    event Transfer(address indexed from, address indexed to, uint256 value);

    /**
     * @dev Emitted when the allowance of a `spender` for an `owner` is set by
     * a call to {approve}. `value` is the new allowance.
     */
    event Approval(address indexed owner, address indexed spender, uint256 value);
}

pragma solidity 0.7.6;

import '@openzeppelin/contracts/cryptography/MerkleProof.sol';
import '@openzeppelin/contracts/token/ERC20/IERC20.sol';
import '@openzeppelin/contracts/access/Ownable.sol';
import '@openzeppelin/contracts/utils/Pausable.sol';


/// @dev Contract for stakehouse testnet game reward distribution
contract MerkleDrop is Ownable, Pausable {
    /// @dev Merkle root for reward distribution tree
    bytes32 public ROOT;
    /// @dev Token address paid out as reward (cBSN)
    address public TOKEN_ADDRESS;

    /// @dev Tracks user claims to prevent double-claiming
    mapping(uint => mapping(address => bool)) public claims;

    uint public VERSION = 1;

    /// @dev Event indicating reward has been claimed
    event RewardClaim(
        address user,
        uint amount,
        uint version
    );

    /// @dev event to signal the new merkle version
    event MerkleUpdate(
        bytes32 newRoot,
        uint newVersion
    );

    constructor (address _tokenAddress, bytes32 _root) {
        require(_tokenAddress != address(0));
        require(_root != bytes32(0));

        ROOT = _root;
        TOKEN_ADDRESS = _tokenAddress;

        emit MerkleUpdate(_root, VERSION);
    }


    /// @dev redeem reward tokens by proving the user is part of the merkle tree
    /// @param _proof - Branch of the merkle tree to complete the proof on
    /// @param _amount - The amount to be claimed
    function redeem(bytes32[] calldata _proof, uint256 _amount) external whenNotPaused {
        address claimer = msg.sender;
        //Computing the hash of leaf
        bytes32 leaf = _leaf(_amount, claimer);

        require(!hasClaimed(claimer), 'User already claimed tokens');
        require(MerkleProof.verify(_proof, ROOT, leaf), 'User is not a part of airdrop list');

        //Set double spending prevention and transfer the tokens
        claims[VERSION][claimer] = true;
        IERC20(TOKEN_ADDRESS).transfer(claimer, _amount);

        emit RewardClaim(claimer, _amount, VERSION);
    }

    /// @dev Check if the user already claimed tokens
    /// @param _user - address of the claimer
    function hasClaimed(address _user) public view returns (bool claimed) {
        claimed = claims[VERSION][_user];
    }


    /// @dev get proof verification for testing
    /// @param _amount - amount to be claimed
    /// @param _claimer - address that will claim the amount
    /// @param _proof - proof that the data belongs to the merkletree
    function getProofVerification(uint256 _amount, address _claimer, bytes32[] memory _proof) public view returns (bool) {
        bytes32 leaf = _leaf(_amount, _claimer);
        return MerkleProof.verify(_proof, ROOT, leaf);
    }

    /// @dev Recover tokens in case of some emergency
    function recoverTokens() external onlyOwner {
      uint balance = IERC20(TOKEN_ADDRESS).balanceOf(address(this));
      IERC20(TOKEN_ADDRESS).transfer(owner(), balance);
    }

    /// @dev pause the smart contract
    function pause() external onlyOwner {
        _pause();
    }

    /// @dev unpause the smart contract
    function unpause() external onlyOwner {
        _unpause();
    }

    /// @dev change the root if needed
    /// @param _root - new root of the merkle tree for token distribution
    function changeRoot(bytes32 _root) external onlyOwner whenPaused {
        require(_root != bytes32(0), 'Setting root hash to 0 not allowed');
        VERSION += 1;
        ROOT = _root;

        emit MerkleUpdate(_root, VERSION);
    }

    /// @dev change the token address if needed
    /// @param _token - new ERC20 token address
    function changeTokenAddress(address _token) external onlyOwner {
        require(_token != address(0), 'Setting address to 0 not allowed');
        TOKEN_ADDRESS = _token;
    }

    /// @dev Compute the leaf hash entry to the merkle tree
    /// @param _amount - Amount to be claimed
    /// @param _claimer - user claiming the reward
    function _leaf(uint256 _amount, address _claimer) internal pure returns (bytes32)
    {
        return keccak256(abi.encodePacked(_amount, _claimer));
    }
}

// SPDX-License-Identifier: MIT

pragma solidity >=0.6.0 <0.8.0;

/**
 * @dev These functions deal with verification of Merkle trees (hash trees),
 */
library MerkleProof {
    /**
     * @dev Returns true if a `leaf` can be proved to be a part of a Merkle tree
     * defined by `root`. For this, a `proof` must be provided, containing
     * sibling hashes on the branch from the leaf to the root of the tree. Each
     * pair of leaves and each pair of pre-images are assumed to be sorted.
     */
    function verify(bytes32[] memory proof, bytes32 root, bytes32 leaf) internal pure returns (bool) {
        bytes32 computedHash = leaf;

        for (uint256 i = 0; i < proof.length; i++) {
            bytes32 proofElement = proof[i];

            if (computedHash <= proofElement) {
                // Hash(current computed hash + current element of the proof)
                computedHash = keccak256(abi.encodePacked(computedHash, proofElement));
            } else {
                // Hash(current element of the proof + current computed hash)
                computedHash = keccak256(abi.encodePacked(proofElement, computedHash));
            }
        }

        // Check if the computed hash (root) is equal to the provided root
        return computedHash == root;
    }
}

// SPDX-License-Identifier: MIT

pragma solidity >=0.6.0 <0.8.0;

import "../utils/Context.sol";
/**
 * @dev Contract module which provides a basic access control mechanism, where
 * there is an account (an owner) that can be granted exclusive access to
 * specific functions.
 *
 * By default, the owner account will be the one that deploys the contract. This
 * can later be changed with {transferOwnership}.
 *
 * This module is used through inheritance. It will make available the modifier
 * `onlyOwner`, which can be applied to your functions to restrict their use to
 * the owner.
 */
abstract contract Ownable is Context {
    address private _owner;

    event OwnershipTransferred(address indexed previousOwner, address indexed newOwner);

    /**
     * @dev Initializes the contract setting the deployer as the initial owner.
     */
    constructor () internal {
        address msgSender = _msgSender();
        _owner = msgSender;
        emit OwnershipTransferred(address(0), msgSender);
    }

    /**
     * @dev Returns the address of the current owner.
     */
    function owner() public view virtual returns (address) {
        return _owner;
    }

    /**
     * @dev Throws if called by any account other than the owner.
     */
    modifier onlyOwner() {
        require(owner() == _msgSender(), "Ownable: caller is not the owner");
        _;
    }

    /**
     * @dev Leaves the contract without owner. It will not be possible to call
     * `onlyOwner` functions anymore. Can only be called by the current owner.
     *
     * NOTE: Renouncing ownership will leave the contract without an owner,
     * thereby removing any functionality that is only available to the owner.
     */
    function renounceOwnership() public virtual onlyOwner {
        emit OwnershipTransferred(_owner, address(0));
        _owner = address(0);
    }

    /**
     * @dev Transfers ownership of the contract to a new account (`newOwner`).
     * Can only be called by the current owner.
     */
    function transferOwnership(address newOwner) public virtual onlyOwner {
        require(newOwner != address(0), "Ownable: new owner is the zero address");
        emit OwnershipTransferred(_owner, newOwner);
        _owner = newOwner;
    }
}

// SPDX-License-Identifier: MIT

pragma solidity >=0.6.0 <0.8.0;

import "./Context.sol";

/**
 * @dev Contract module which allows children to implement an emergency stop
 * mechanism that can be triggered by an authorized account.
 *
 * This module is used through inheritance. It will make available the
 * modifiers `whenNotPaused` and `whenPaused`, which can be applied to
 * the functions of your contract. Note that they will not be pausable by
 * simply including this module, only once the modifiers are put in place.
 */
abstract contract Pausable is Context {
    /**
     * @dev Emitted when the pause is triggered by `account`.
     */
    event Paused(address account);

    /**
     * @dev Emitted when the pause is lifted by `account`.
     */
    event Unpaused(address account);

    bool private _paused;

    /**
     * @dev Initializes the contract in unpaused state.
     */
    constructor () internal {
        _paused = false;
    }

    /**
     * @dev Returns true if the contract is paused, and false otherwise.
     */
    function paused() public view virtual returns (bool) {
        return _paused;
    }

    /**
     * @dev Modifier to make a function callable only when the contract is not paused.
     *
     * Requirements:
     *
     * - The contract must not be paused.
     */
    modifier whenNotPaused() {
        require(!paused(), "Pausable: paused");
        _;
    }

    /**
     * @dev Modifier to make a function callable only when the contract is paused.
     *
     * Requirements:
     *
     * - The contract must be paused.
     */
    modifier whenPaused() {
        require(paused(), "Pausable: not paused");
        _;
    }

    /**
     * @dev Triggers stopped state.
     *
     * Requirements:
     *
     * - The contract must not be paused.
     */
    function _pause() internal virtual whenNotPaused {
        _paused = true;
        emit Paused(_msgSender());
    }

    /**
     * @dev Returns to normal state.
     *
     * Requirements:
     *
     * - The contract must be paused.
     */
    function _unpause() internal virtual whenPaused {
        _paused = false;
        emit Unpaused(_msgSender());
    }
}

{
  "compilationTarget": {
    "contracts/merkledrop/MerkleDrop.sol": "MerkleDrop"
  },
  "evmVersion": "istanbul",
  "libraries": {},
  "metadata": {
    "bytecodeHash": "ipfs"
  },
  "optimizer": {
    "enabled": false,
    "runs": 200
  },
  "remappings": []
}