Infinity-NFT

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.7.0) (utils/Address.sol)

pragma solidity ^0.8.1;

/**
 * @dev Collection of functions related to the address type
 */
library Address {
  /**
   * @dev Returns true if `account` is a contract.
   *
   * [IMPORTANT]
   * ====
   * It is unsafe to assume that an address for which this function returns
   * false is an externally-owned account (EOA) and not a contract.
   *
   * Among others, `isContract` will return false for the following
   * types of addresses:
   *
   *  - an externally-owned account
   *  - a contract in construction
   *  - an address where a contract will be created
   *  - an address where a contract lived, but was destroyed
   * ====
   *
   * [IMPORTANT]
   * ====
   * You shouldn't rely on `isContract` to protect against flash loan attacks!
   *
   * Preventing calls from contracts is highly discouraged. It breaks composability, breaks support for smart wallets
   * like Gnosis Safe, and does not provide security since it can be circumvented by calling from a contract
   * constructor.
   * ====
   */
  function isContract(address account) internal view returns (bool) {
    // This method relies on extcodesize/address.code.length, which returns 0
    // for contracts in construction, since the code is only stored at the end
    // of the constructor execution.

    return account.code.length > 0;
  }

  /**
   * @dev Replacement for Solidity's `transfer`: sends `amount` wei to
   * `recipient`, forwarding all available gas and reverting on errors.
   *
   * https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost
   * of certain opcodes, possibly making contracts go over the 2300 gas limit
   * imposed by `transfer`, making them unable to receive funds via
   * `transfer`. {sendValue} removes this limitation.
   *
   * https://consensys.net/diligence/blog/2019/09/stop-using-soliditys-transfer-now/[Learn more].
   *
   * IMPORTANT: because control is transferred to `recipient`, care must be
   * taken to not create reentrancy vulnerabilities. Consider using
   * {ReentrancyGuard} or the
   * https://solidity.readthedocs.io/en/v0.5.11/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern].
   */
  function sendValue(address payable recipient, uint256 amount) internal {
    require(address(this).balance >= amount, 'Address: insufficient balance');

    (bool success, ) = recipient.call{value: amount}('');
    require(success, 'Address: unable to send value, recipient may have reverted');
  }

  /**
   * @dev Performs a Solidity function call using a low level `call`. A
   * plain `call` is an unsafe replacement for a function call: use this
   * function instead.
   *
   * If `target` reverts with a revert reason, it is bubbled up by this
   * function (like regular Solidity function calls).
   *
   * Returns the raw returned data. To convert to the expected return value,
   * use https://solidity.readthedocs.io/en/latest/units-and-global-variables.html?highlight=abi.decode#abi-encoding-and-decoding-functions[`abi.decode`].
   *
   * Requirements:
   *
   * - `target` must be a contract.
   * - calling `target` with `data` must not revert.
   *
   * _Available since v3.1._
   */
  function functionCall(address target, bytes memory data) internal returns (bytes memory) {
    return functionCallWithValue(target, data, 0, 'Address: low-level call failed');
  }

  /**
   * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], but with
   * `errorMessage` as a fallback revert reason when `target` reverts.
   *
   * _Available since v3.1._
   */
  function functionCall(
    address target,
    bytes memory data,
    string memory errorMessage
  ) internal returns (bytes memory) {
    return functionCallWithValue(target, data, 0, errorMessage);
  }

  /**
   * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
   * but also transferring `value` wei to `target`.
   *
   * Requirements:
   *
   * - the calling contract must have an ETH balance of at least `value`.
   * - the called Solidity function must be `payable`.
   *
   * _Available since v3.1._
   */
  function functionCallWithValue(
    address target,
    bytes memory data,
    uint256 value
  ) internal returns (bytes memory) {
    return functionCallWithValue(target, data, value, 'Address: low-level call with value failed');
  }

  /**
   * @dev Same as {xref-Address-functionCallWithValue-address-bytes-uint256-}[`functionCallWithValue`], but
   * with `errorMessage` as a fallback revert reason when `target` reverts.
   *
   * _Available since v3.1._
   */
  function functionCallWithValue(
    address target,
    bytes memory data,
    uint256 value,
    string memory errorMessage
  ) internal returns (bytes memory) {
    require(address(this).balance >= value, 'Address: insufficient balance for call');
    (bool success, bytes memory returndata) = target.call{value: value}(data);
    return verifyCallResultFromTarget(target, success, returndata, errorMessage);
  }

  /**
   * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
   * but performing a static call.
   *
   * _Available since v3.3._
   */
  function functionStaticCall(
    address target,
    bytes memory data
  ) internal view returns (bytes memory) {
    return functionStaticCall(target, data, 'Address: low-level static call failed');
  }

  /**
   * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],
   * but performing a static call.
   *
   * _Available since v3.3._
   */
  function functionStaticCall(
    address target,
    bytes memory data,
    string memory errorMessage
  ) internal view returns (bytes memory) {
    (bool success, bytes memory returndata) = target.staticcall(data);
    return verifyCallResultFromTarget(target, success, returndata, errorMessage);
  }

  /**
   * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
   * but performing a delegate call.
   *
   * _Available since v3.4._
   */
  function functionDelegateCall(address target, bytes memory data) internal returns (bytes memory) {
    return functionDelegateCall(target, data, 'Address: low-level delegate call failed');
  }

  /**
   * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],
   * but performing a delegate call.
   *
   * _Available since v3.4._
   */
  function functionDelegateCall(
    address target,
    bytes memory data,
    string memory errorMessage
  ) internal returns (bytes memory) {
    (bool success, bytes memory returndata) = target.delegatecall(data);
    return verifyCallResultFromTarget(target, success, returndata, errorMessage);
  }

  /**
   * @dev Tool to verify that a low level call to smart-contract was successful, and revert (either by bubbling
   * the revert reason or using the provided one) in case of unsuccessful call or if target was not a contract.
   *
   * _Available since v4.8._
   */
  function verifyCallResultFromTarget(
    address target,
    bool success,
    bytes memory returndata,
    string memory errorMessage
  ) internal view returns (bytes memory) {
    if (success) {
      if (returndata.length == 0) {
        // only check isContract if the call was successful and the return data is empty
        // otherwise we already know that it was a contract
        require(isContract(target), 'Address: call to non-contract');
      }
      return returndata;
    } else {
      _revert(returndata, errorMessage);
    }
  }

  /**
   * @dev Tool to verify that a low level call was successful, and revert if it wasn't, either by bubbling the
   * revert reason or using the provided one.
   *
   * _Available since v4.3._
   */
  function verifyCallResult(
    bool success,
    bytes memory returndata,
    string memory errorMessage
  ) internal pure returns (bytes memory) {
    if (success) {
      return returndata;
    } else {
      _revert(returndata, errorMessage);
    }
  }

  function _revert(bytes memory returndata, string memory errorMessage) private pure {
    // Look for revert reason and bubble it up if present
    if (returndata.length > 0) {
      // The easiest way to bubble the revert reason is using memory via assembly
      /// @solidity memory-safe-assembly
      assembly {
        let returndata_size := mload(returndata)
        revert(add(32, returndata), returndata_size)
      }
    } else {
      revert(errorMessage);
    }
  }
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (utils/Context.sol)

pragma solidity ^0.8.0;

/**
 * @dev Provides information about the current execution context, including the
 * sender of the transaction and its data. While these are generally available
 * via msg.sender and msg.data, they should not be accessed in such a direct
 * manner, since when dealing with meta-transactions the account sending and
 * paying for execution may not be the actual sender (as far as an application
 * is concerned).
 *
 * This contract is only required for intermediate, library-like contracts.
 */
abstract contract Context {
  function _msgSender() internal view virtual returns (address) {
    return msg.sender;
  }

  function _msgData() internal view virtual returns (bytes calldata) {
    return msg.data;
  }
}

// SPDX-License-Identifier: GPL-3.0-or-later
pragma solidity ^0.8.19;

import "DexfaiPool.sol";
import "ERC721Enumerable.sol";

import "IDexfaiINFT.sol";
import "IERC20.sol";
import "IDexfaiFactory.sol";
import "IWETH.sol";

/**
 * @title Xfai's Infinity NFT contract
 * @author Xfai
 * @notice DexfaiINFT is responsible for minting, boosting, and harvesting INFTs
 */
contract DexfaiINFT is IDexfaiINFT, ERC721Enumerable {
  /**
   * @notice The WETH address.
   * @dev In the case of a chain ID other than Ethereum, the wrapped ERC20 token address of the chain's native coin
   */
  address private WETH;

  /**
   * @notice The ERC20 token used as the underlying token for the INFT
   */
  address private underlyingToken;

  /**
   * @notice The Factory address of the DEX
   */
  address private dexfaiFactory;

  string private baseURI;

  uint private counter;

  /**
   * @notice The reserve of underlyingToken within the INFT contract
   */
  uint public override reserve;

  /**
   * @notice Total amount of issued shares
   */
  uint public override totalSharesIssued;

  /**
   * @notice Initial reserve set at during deployment. Does count as part of INFT reserve
   */
  uint public override initialReserve;

  uint private constant NOT_ENTERED = 1;
  uint private constant ENTERED = 2;
  uint private status;
  uint private expectedMints;

  /**
   * @notice Mapping from token address to harvested amounts. harvestedBalance shows how much of a token has been harvested so far from the contract.
   */
  mapping(address => uint) public override harvestedBalance;

  /**
   * @notice Mapping from token ID to share
   */
  mapping(uint => uint) public override INFTShares;

  /**
   * @notice Mapping from token address to token ID to token share
   */
  mapping(address => mapping(uint => uint)) public override sharesHarvestedByPool;

  /**
   * @notice Mapping from token address to total share for a token
   */
  mapping(address => uint) public override totalSharesHarvestedByPool;

  /**
   * @notice Functions with the onlyOwner modifier can be called only by the factory owner
   */
  modifier onlyOwner() {
    require(msg.sender == IDexfaiFactory(dexfaiFactory).getOwner(), 'DexfaiINFT: NOT_OWNER');
    _;
  }

  /**
   * @notice Functions with the lock modifier can be called only once within a transaction
   */
  modifier lock() {
    require(status != ENTERED, 'DexfaiINFT: REENTRANT_CALL');
    status = ENTERED;
    _;
    status = NOT_ENTERED;
  }

  /**
   * @notice Construct Xfai's DEX Factory
   * @param _dexfaiFactory The address of the DexfaiFactory contract
   * @param _underlyingToken The address of the ERC20 token used as the underlying token for the INFT
   * @param _initialReserve The initial reserve used during deployment
   * @param _expectedMints The number of pre-mints before minting is available
   */
  constructor(
    address _dexfaiFactory,
    address _WETH,
    address _underlyingToken,
    uint _initialReserve,
    uint _expectedMints
  ) ERC721('Infinity-NFT', 'INFT') {
    status = NOT_ENTERED;
    dexfaiFactory = _dexfaiFactory;
    WETH = _WETH;
    underlyingToken = _underlyingToken;
    initialReserve = _initialReserve;
    expectedMints = _expectedMints;
    totalSharesIssued = 1; // permanently lock one share to prevent zero divisions
  }

  receive() external payable {
    assert(msg.sender == WETH); // only accept ETH via fallback from the WETH contract
  }

  /**
   * @notice preMint is used to mint the legacy NFTs before minting is enabled
   * @dev Can only be called by the owner
   * @param _legacyLNFTHolders the address array of the legacy nft holders
   * @param _initialShares the share array of the legacy nft holders
   */
  function premint(
    address[] memory _legacyLNFTHolders,
    uint[] memory _initialShares
  ) external override onlyOwner {
    require(counter < expectedMints, 'DexfaiINFT: PREMINTS_ENDED');
    require(_initialShares.length == _legacyLNFTHolders.length, 'DexfaiINFT: INVALID_VALUES');
    for (uint i = 0; i < _initialShares.length; i++) {
      counter += 1;
      _safeMint(_legacyLNFTHolders[i], counter);
      INFTShares[counter] = _initialShares[i];
      totalSharesIssued += _initialShares[i];
    }
  }

  /**
   * @notice Function used to set the baseURI of the NFT
   * @dev setBaseURI can be called only by the contract owner
   * @param _newBaseURI the new baseURI string for the NFT
   */
  function setBaseURI(string memory _newBaseURI) external override onlyOwner {
    baseURI = _newBaseURI;
  }

  function _baseURI() internal view override returns (string memory) {
    return baseURI;
  }

  /**
   * @notice Function used to fetch contract states
   * @return The reserve used during contract initialization, the reserve of the underlying token, and the total number of shares issued
   */
  function getStates() external view override returns (uint, uint, uint) {
    return (initialReserve, reserve, totalSharesIssued);
  }

  /**
   * @notice Computes the amount of _token fees collected for a given _tokenID
   * @param _tokenID The token ID of an INFT
   * @param _token the address of an ERC20 token
   * @return share2amount The total amount of _token that a given _tokenID can harvest
   * @return inftShare The share of an INFT
   * @return harvestedShares The amount of shares harvested for a given pool
   */
  function shareToTokenAmount(
    uint _tokenID,
    address _token
  ) external view override returns (uint share2amount, uint inftShare, uint harvestedShares) {
    inftShare = INFTShares[_tokenID];
    harvestedShares = sharesHarvestedByPool[_token][_tokenID];
    uint tokenBalance = IERC20(_token).balanceOf(address(this));
    uint share = inftShare - harvestedShares;
    uint totalShare = totalSharesIssued - totalSharesHarvestedByPool[_token];
    share2amount = (tokenBalance * share) / totalShare; // zero divisions not possible
  }

  /**
   * @notice Creates a new INFT, the share of which is determined by the amount of the underlying token sent to the DexfaiFactory
   * @dev This low-level function should be called from a contract which performs important safety checks
   * @param _to The address to which the newly minted INFT should be sent to
   * @return tokenID The id of the newly minted INFT
   * @return share The share value of the INFT
   */
  function mint(address _to) external override lock returns (uint tokenID, uint share) {
    require(counter >= expectedMints, 'DexfaiINFT: PREMINTS_ONGOING');
    uint amount = IERC20(underlyingToken).balanceOf(dexfaiFactory) - reserve;
    require(amount != 0, 'DexfaiINFT: INSUFICIENT_AMOUNT');
    counter += 1;
    tokenID = counter;
    reserve += amount;
    share = (1e18 * amount) / (reserve + initialReserve);
    INFTShares[tokenID] = share;
    totalSharesIssued += share;
    _safeMint(_to, tokenID);
    emit Mint(msg.sender, _to, share, tokenID);
  }

  /**
   * @notice Boosts the share value of an INFT, the share of which is determined by the amount of the underlying token sent to the DexfaiFactory
   * @dev This low-level function should be called from a contract which performs important safety checks
   * @param _tokenID The token ID of an INFT
   * @return share The share value added to an INFT
   */
  function boost(uint _tokenID) external override lock returns (uint share) {
    require(_tokenID <= counter, 'DexfaiINFT: Inexistent_ID');
    uint amount = IERC20(underlyingToken).balanceOf(dexfaiFactory) - reserve;
    require(amount != 0, 'DexfaiINFT: INSUFICIENT_AMOUNT');
    reserve += amount;
    share = (1e18 * amount) / (reserve + initialReserve);
    INFTShares[_tokenID] += share;
    totalSharesIssued += share;
    emit Boost(msg.sender, share, _tokenID);
  }

  /**
   * @notice Harvests the fees (in terms of a given ERC20 token) for a given INFT.
   * @param _token An ERC20 token address
   * @param _tokenID The token ID of an INFT
   * @param _amount The amount of _token to harvest
   */
  function _harvest(
    address _token,
    uint _tokenID,
    uint _amount
  ) private returns (uint harvestedTokenShare) {
    require(ownerOf(_tokenID) == msg.sender, 'DexfaiINFT: NOT_INFT_OWNER');
    uint tokenBalance = IERC20(_token).balanceOf(address(this));
    uint share = INFTShares[_tokenID] - sharesHarvestedByPool[_token][_tokenID];
    uint totalShare = totalSharesIssued - totalSharesHarvestedByPool[_token];
    uint share2amount = (tokenBalance * share) / totalShare; // zero divisions not possible
    require(_amount <= share2amount, 'DexfaiINFT: AMOUNT_EXCEEDS_SHARE');
    harvestedTokenShare = (share * _amount) / share2amount;
    sharesHarvestedByPool[_token][_tokenID] += harvestedTokenShare;
    totalSharesHarvestedByPool[_token] += harvestedTokenShare;
    harvestedBalance[_token] += _amount;
  }

  /**
   * @notice Harvests INFT fees from the INFT contract
   * @param _token The address of an ERC20 token
   * @param _tokenID The ID of the INFT
   * @param _amount The amount to harvest
   */
  function harvestToken(
    address _token,
    uint _tokenID,
    uint _amount
  ) external override lock returns (uint) {
    uint harvestedTokenShare = _harvest(_token, _tokenID, _amount);
    _safeTransfer(_token, ownerOf(_tokenID), _amount);
    emit HarvestToken(_token, _amount, harvestedTokenShare, _tokenID);
    return _amount;
  }

  /**
   * @notice Harvests INFT fees from the INFT contract
   * @param _tokenID The ID of the INFT
   * @param _amount The amount to harvest
   */
  function harvestETH(uint _tokenID, uint _amount) external override lock returns (uint) {
    uint harvestedTokenShare = _harvest(WETH, _tokenID, _amount);
    IWETH(WETH).withdraw(_amount);
    _safeTransferETH(ownerOf(_tokenID), _amount);
    emit HarvestETH(_amount, harvestedTokenShare, _tokenID);
    return _amount;
  }

  function _safeTransfer(address _token, address _to, uint256 _value) internal {
    require(_token.code.length > 0, 'DexfaiINFT: TRANSFER_FAILED');
    (bool success, bytes memory data) = _token.call(
      abi.encodeWithSelector(IERC20.transfer.selector, _to, _value)
    );
    require(
      success && (data.length == 0 || abi.decode(data, (bool))),
      'DexfaiINFT: TRANSFER_FAILED'
    );
  }

  function _safeTransferETH(address _to, uint _value) internal {
    (bool success, ) = _to.call{value: _value}(new bytes(0));
    require(success, 'DexfaiINFT: ETH_TRANSFER_FAILED');
  }
}

// SPDX-License-Identifier: GPL-3.0-or-later
pragma solidity ^0.8.19;

import "IDexfaiPool.sol";
import "IERC20.sol";
import "IDexfaiFactory.sol";

/**
 * @title Xfai's Dexfai Pools
 * @author Xfai
 * @notice DexfaiPool are contracts that get generated by the DexfaiFactory. Every hosted token has one unique pool that holds the state (i.e. pool reserve, balance, weights) for the given token.
 */
contract DexfaiPool is IDexfaiPool {
  /**
   * @notice The ERC20 token name for the LP token
   */
  string public override name;

  /**
   * @notice The ERC20 token symbol for the LP token
   */
  string public override symbol;

  /**
   * @notice The ERC20 token decimals for the LP token
   */
  uint8 public constant override decimals = 18;

  /**
   * @notice Structure to capture time period obervations every 15 minutes, used for local oracles
   */
  struct Observation {
    uint rCumulative;
    uint wCumulative;
    uint timestamp;
  }

  /**
   * @notice The amount of time within a period.
   * @dev Used to capture oracle reading every 15 minutes
   */
  uint private constant PERIOD_SIZE = 900;

  /**
   * @notice The total size of the ring buffer
   * @dev Stores every PERIOD_SIZE a new record. The buffer can store up to 1 week of data
   */
  uint private constant RING_SIZE = 672;

  /**
   * @notice The ring buffer counter
   * @dev Used to determine the latest index within the ring buffer
   */
  uint public ringBufferNonce = 0;

  /**
   * @notice The ring buffer array
   */
  Observation[RING_SIZE] public override observations;

  /**
   * @notice The pool reserve
   */
  uint private r;

  /**
   * @notice Pool weight
   * @dev w is used to compute the exchange value of a token
   */
  uint private w;

  /**
   * @notice The last block timestamp
   */
  uint private blockTimestampLast;

  /**
   * @notice The cumulative reserve value
   * @dev used to compute TWAPs
   */
  uint private rCumulativeLast;

  /**
   * @notice The cumulative w value
   * @dev used to compute TWAPs
   */
  uint private wCumulativeLast;

  /**
   * @notice The total supply of LP tokens
   */
  uint public override totalSupply = 0;

  uint private seeded = 1;
  IDexfaiFactory private dexfaiFactory;

  /**
   * @notice The ERC20 token address for which the pool was created. Not the same with the LP token address
   */
  address public override poolToken;

  /**
   * @notice the domain seperator. Used for permits
   */
  bytes32 public override DOMAIN_SEPARATOR;

  /**
   * @notice the permit typehash. Used for permits
   * @dev keccak256("Permit(address owner,address spender,uint256 value,uint256 nonce,uint256 deadline)");
   */
  bytes32 public constant override PERMIT_TYPEHASH =
    0x6e71edae12b1b97f4d1f60370fef10105fa2faae0126114a169c64845d6126c9;

  /**
   * @notice mapping used to determine the nonce of an address. Used for permits
   */
  mapping(address => uint) public override nonces;

  /**
   * @notice mapping used to determine the allowance of an address for another address
   */
  mapping(address => mapping(address => uint)) public override allowance;

  /**
   * @notice mapping used to determine the LP token balance of an address
   */
  mapping(address => uint) public override balanceOf;

  modifier linked() {
    address core = getDexfaiCore();
    require(msg.sender == core, 'DexfaiPool: NOT_CORE');
    _;
  }

  /**
   * @notice Construct the DexfaiPool
   * @dev The parameters of the pool are omitted in the construct and are instead specified via the initialize function
   */
  constructor() {
    write(0, 0, block.timestamp);

    DOMAIN_SEPARATOR = keccak256(
      abi.encode(
        keccak256(
          'EIP712Domain(string name,string version,uint256 chainId,address verifyingContract)'
        ),
        keccak256(bytes(name)),
        keccak256('1'),
        block.chainid,
        address(this)
      )
    );
  }

  // **** Oracle Functions ****

  /**
   * @notice Computes the latest index within the ring buffer
   * @dev The returned index will point at the latest 'empty' position within the ring buffer, i.e. the index for which the time period has not yet been reached
   * @return index The current index within the price oracle ring bufffer
   */
  function getCurrentIndex() public view override returns (uint16 index) {
    index = uint16(ringBufferNonce % RING_SIZE);
  }

  function write(uint _r, uint _w, uint _blockTimestamp) private returns (uint16 index) {
    index = getCurrentIndex();
    observations[index] = Observation(_r, _w, _blockTimestamp);
    ringBufferNonce += 1;
    emit Write(_r, _w, _blockTimestamp);
  }

  /**
   * @notice Fetches the N-th latest stored observation from the ring buffer
   * @dev E.g. If _n = 1, getNthObservation returns the lastest observation. If _n = 2, getNthObservation returns the previous (2nd lastest) observation
   * @param _n The N-th observation that one wants to fetch
   * @return rCumulative The rCumulative of the N-th observation
   * @return wCumulative The wCumulative of the N-th observation
   * @return timestamp The timestamp of the N-th observation
   */
  function getNthObservation(
    uint _n
  ) public view override returns (uint rCumulative, uint wCumulative, uint timestamp) {
    require(ringBufferNonce >= _n, 'DexfaiPool: INEXISTENT_HISTORY');
    require(_n < RING_SIZE, 'DexfaiPool: OVERRIDDEN_HISTORY');
    uint16 index = uint16((ringBufferNonce - _n) % RING_SIZE);
    Observation memory point = observations[index];
    rCumulative = point.rCumulative;
    wCumulative = point.wCumulative;
    timestamp = point.timestamp;
  }

  /**
   * @notice Fetches the latest cummulativeLast values of the pool
   * @return rCumulativeLast The cummulative r of the pool
   * @return wCumulativeLast The cummulative w of the pool
   * @return blockTimestampLast The cummulative timestamp of the pool
   */
  function getCumulativeLast() public view override returns (uint, uint, uint) {
    return (rCumulativeLast, wCumulativeLast, blockTimestampLast);
  }

  // **** Pool Functions ****

  /**
   * @notice Called once by the factory at time of deployment
   * @param _token The ERC20 token address of the pool
   * @param _dexfaiFactory The Dexfai Factory of the pool
   */
  function initialize(address _token, address _dexfaiFactory) external override {
    require(seeded == 1, 'DexfaiPool: DEX_SEEDED');
    poolToken = _token;
    dexfaiFactory = IDexfaiFactory(_dexfaiFactory);
    name = string(abi.encodePacked(IERC20(_token).name(), '-Xfai'));
    symbol = string(abi.encodePacked(IERC20(_token).symbol(), '-Xfai'));
    seeded = 2;
  }

  /**
   * @notice Get the current Dexfai Core that is allowed to modify the pool state
   */
  function getDexfaiCore() public view override returns (address) {
    return dexfaiFactory.getDexfaiCore();
  }

  /**
   * @notice Get the current reserve, weight, and last block timestamp of the pool
   */
  function getStates() external view override returns (uint, uint, uint) {
    return (r, w, blockTimestampLast);
  }

  /**
   * @notice Updates the reserve and weight. On the first call per block updates cumulative states.
   * @dev This function is linked. Only the latest Dexfai core can call it
   * @param _balance The latest balance of the pool
   * @param _r The latest reserve of the pool
   * @param _w The latest w weight of the pool
   */
  function update(uint _balance, uint _r, uint _w) external override linked {
    uint blockTimestamp = block.timestamp;
    uint timeElapsed = blockTimestamp - blockTimestampLast;
    if (timeElapsed > 0 && _r != 0) {
      unchecked {
        rCumulativeLast += _r * timeElapsed;
        wCumulativeLast += _w * timeElapsed;
      }
    }
    (, , uint timestamp) = getNthObservation(1);
    timeElapsed = blockTimestamp - timestamp; // compare the last observation with current timestamp, if greater than 15 minutes, record a new event
    if (timeElapsed > PERIOD_SIZE && _r != 0) {
      write(rCumulativeLast, wCumulativeLast, blockTimestamp);
    }
    r = _balance;
    w = _w;
    blockTimestampLast = blockTimestamp;
    emit Sync(_balance, _w);
  }

  /**
   * @notice transfer the pool's ERC20 token (not LP token)
   * @dev This function is linked. Only the latest Dexfai core can call it
   * @param _token The pool's ERC20 token address
   * @param _to The recipient of the tokens
   * @param _value The amount of tokens
   */
  function safeTransfer(address _token, address _to, uint256 _value) external override linked {
    require(_token.code.length > 0, 'DexfaiPool: TRANSFER_FAILED');
    (bool success, bytes memory data) = _token.call(
      abi.encodeWithSelector(IERC20.transfer.selector, _to, _value)
    );
    require(
      success && (data.length == 0 || abi.decode(data, (bool))),
      'DexfaiPool: TRANSFER_FAILED'
    );
  }

  // **** ERC20 Functions ****

  /**
   * @notice This function mints new ERC20 LP tokens
   * @dev This function is linked. Only the latest Dexfai core can call it
   * @param _to The recipient of the tokens
   * @param _amount The amount of tokens
   */
  function mint(address _to, uint _amount) public override linked {
    _mint(_to, _amount);
  }

  /**
   * @notice This function burns existing ERC20 LP tokens
   * @dev This function is linked. Only the latest Dexfai core can call it
   * @param _to The recipient whose tokens get burned
   * @param _amount The amount of tokens burned
   */
  function burn(address _to, uint _amount) public override linked {
    _burn(_to, _amount);
  }

  function _mint(address _dst, uint _amount) internal {
    totalSupply += _amount;
    balanceOf[_dst] += _amount;
    emit Transfer(address(0), _dst, _amount);
  }

  function _burn(address _dst, uint _amount) internal {
    totalSupply -= _amount;
    balanceOf[_dst] -= _amount;
    emit Transfer(_dst, address(0), _amount);
  }

  /**
   * @notice The ERC20 standard approve function
   */
  function approve(address _spender, uint _amount) external override returns (bool) {
    allowance[msg.sender][_spender] = _amount;

    emit Approval(msg.sender, _spender, _amount);
    return true;
  }

  /**
   * @notice The ERC20 standard permit function
   */
  function permit(
    address _owner,
    address _spender,
    uint _value,
    uint _deadline,
    uint8 _v,
    bytes32 _r,
    bytes32 _s
  ) external override {
    require(_deadline >= block.timestamp, 'DexfaiPool: EXPIRED');
    bytes32 digest = keccak256(
      abi.encodePacked(
        '\x19\x01',
        DOMAIN_SEPARATOR,
        keccak256(
          abi.encode(PERMIT_TYPEHASH, _owner, _spender, _value, nonces[_owner]++, _deadline)
        )
      )
    );
    address recoveredAddress = ecrecover(digest, _v, _r, _s);
    require(recoveredAddress != address(0), 'DexfaiPool: INVALID_SIGNATURE');
    require(recoveredAddress == _owner, 'DexfaiPool: INVALID_SIGNATURE');
    allowance[_owner][_spender] = _value;

    emit Approval(_owner, _spender, _value);
  }

  /**
   * @notice The ERC20 standard transfer function
   */
  function transfer(address _dst, uint _amount) external override returns (bool) {
    _transferTokens(msg.sender, _dst, _amount);
    return true;
  }

  /**
   * @notice The ERC20 standard transferFrom function
   */
  function transferFrom(address _src, address _dst, uint _amount) external override returns (bool) {
    address spender = msg.sender;
    uint spenderAllowance = allowance[_src][spender];

    if (spender != _src && spenderAllowance != type(uint).max) {
      uint newAllowance = spenderAllowance - _amount;
      allowance[_src][spender] = newAllowance;

      emit Approval(_src, spender, newAllowance);
    }

    _transferTokens(_src, _dst, _amount);
    return true;
  }

  function _transferTokens(address _src, address _dst, uint _amount) internal {
    balanceOf[_src] -= _amount;
    balanceOf[_dst] += _amount;

    emit Transfer(_src, _dst, _amount);
  }
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (utils/introspection/ERC165.sol)

pragma solidity ^0.8.0;

import "IERC165.sol";

/**
 * @dev Implementation of the {IERC165} interface.
 *
 * Contracts that want to implement ERC165 should inherit from this contract and override {supportsInterface} to check
 * for the additional interface id that will be supported. For example:
 *
 * ```solidity
 * function supportsInterface(bytes4 interfaceId) public view virtual override returns (bool) {
 *     return interfaceId == type(MyInterface).interfaceId || super.supportsInterface(interfaceId);
 * }
 * ```
 *
 * Alternatively, {ERC165Storage} provides an easier to use but more expensive implementation.
 */
abstract contract ERC165 is IERC165 {
  /**
   * @dev See {IERC165-supportsInterface}.
   */
  function supportsInterface(bytes4 interfaceId) public view virtual override returns (bool) {
    return interfaceId == type(IERC165).interfaceId;
  }
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.7.0) (token/ERC721/ERC721.sol)

pragma solidity ^0.8.0;

import "IERC721.sol";
import "IERC721Receiver.sol";
import "IERC721Metadata.sol";
import "Address.sol";
import "Context.sol";
import "Strings.sol";
import "ERC165.sol";

/**
 * @dev Implementation of https://eips.ethereum.org/EIPS/eip-721[ERC721] Non-Fungible Token Standard, including
 * the Metadata extension, but not including the Enumerable extension, which is available separately as
 * {ERC721Enumerable}.
 */
contract ERC721 is Context, ERC165, IERC721, IERC721Metadata {
  using Address for address;
  using Strings for uint256;

  // Token name
  string private _name;

  // Token symbol
  string private _symbol;

  // Mapping from token ID to owner address
  mapping(uint256 => address) private _owners;

  // Mapping owner address to token count
  mapping(address => uint256) private _balances;

  // Mapping from token ID to approved address
  mapping(uint256 => address) private _tokenApprovals;

  // Mapping from owner to operator approvals
  mapping(address => mapping(address => bool)) private _operatorApprovals;

  /**
   * @dev Initializes the contract by setting a `name` and a `symbol` to the token collection.
   */
  constructor(string memory name_, string memory symbol_) {
    _name = name_;
    _symbol = symbol_;
  }

  /**
   * @dev See {IERC165-supportsInterface}.
   */
  function supportsInterface(
    bytes4 interfaceId
  ) public view virtual override(ERC165, IERC165) returns (bool) {
    return
      interfaceId == type(IERC721).interfaceId ||
      interfaceId == type(IERC721Metadata).interfaceId ||
      super.supportsInterface(interfaceId);
  }

  /**
   * @dev See {IERC721-balanceOf}.
   */
  function balanceOf(address owner) public view virtual override returns (uint256) {
    require(owner != address(0), 'ERC721: address zero is not a valid owner');
    return _balances[owner];
  }

  /**
   * @dev See {IERC721-ownerOf}.
   */
  function ownerOf(uint256 tokenId) public view virtual override returns (address) {
    address owner = _ownerOf(tokenId);
    require(owner != address(0), 'ERC721: invalid token ID');
    return owner;
  }

  /**
   * @dev See {IERC721Metadata-name}.
   */
  function name() public view virtual override returns (string memory) {
    return _name;
  }

  /**
   * @dev See {IERC721Metadata-symbol}.
   */
  function symbol() public view virtual override returns (string memory) {
    return _symbol;
  }

  /**
   * @dev See {IERC721Metadata-tokenURI}.
   */
  function tokenURI(uint256 tokenId) public view virtual override returns (string memory) {
    _requireMinted(tokenId);

    string memory baseURI = _baseURI();
    return bytes(baseURI).length > 0 ? string(abi.encodePacked(baseURI, tokenId.toString())) : '';
  }

  /**
   * @dev Base URI for computing {tokenURI}. If set, the resulting URI for each
   * token will be the concatenation of the `baseURI` and the `tokenId`. Empty
   * by default, can be overridden in child contracts.
   */
  function _baseURI() internal view virtual returns (string memory) {
    return '';
  }

  /**
   * @dev See {IERC721-approve}.
   */
  function approve(address to, uint256 tokenId) public virtual override {
    address owner = ERC721.ownerOf(tokenId);
    require(to != owner, 'ERC721: approval to current owner');

    require(
      _msgSender() == owner || isApprovedForAll(owner, _msgSender()),
      'ERC721: approve caller is not token owner or approved for all'
    );

    _approve(to, tokenId);
  }

  /**
   * @dev See {IERC721-getApproved}.
   */
  function getApproved(uint256 tokenId) public view virtual override returns (address) {
    _requireMinted(tokenId);

    return _tokenApprovals[tokenId];
  }

  /**
   * @dev See {IERC721-setApprovalForAll}.
   */
  function setApprovalForAll(address operator, bool approved) public virtual override {
    _setApprovalForAll(_msgSender(), operator, approved);
  }

  /**
   * @dev See {IERC721-isApprovedForAll}.
   */
  function isApprovedForAll(
    address owner,
    address operator
  ) public view virtual override returns (bool) {
    return _operatorApprovals[owner][operator];
  }

  /**
   * @dev See {IERC721-transferFrom}.
   */
  function transferFrom(address from, address to, uint256 tokenId) public virtual override {
    //solhint-disable-next-line max-line-length
    require(
      _isApprovedOrOwner(_msgSender(), tokenId),
      'ERC721: caller is not token owner or approved'
    );

    _transfer(from, to, tokenId);
  }

  /**
   * @dev See {IERC721-safeTransferFrom}.
   */
  function safeTransferFrom(address from, address to, uint256 tokenId) public virtual override {
    safeTransferFrom(from, to, tokenId, '');
  }

  /**
   * @dev See {IERC721-safeTransferFrom}.
   */
  function safeTransferFrom(
    address from,
    address to,
    uint256 tokenId,
    bytes memory data
  ) public virtual override {
    require(
      _isApprovedOrOwner(_msgSender(), tokenId),
      'ERC721: caller is not token owner or approved'
    );
    _safeTransfer(from, to, tokenId, data);
  }

  /**
   * @dev Safely transfers `tokenId` token from `from` to `to`, checking first that contract recipients
   * are aware of the ERC721 protocol to prevent tokens from being forever locked.
   *
   * `data` is additional data, it has no specified format and it is sent in call to `to`.
   *
   * This internal function is equivalent to {safeTransferFrom}, and can be used to e.g.
   * implement alternative mechanisms to perform token transfer, such as signature-based.
   *
   * Requirements:
   *
   * - `from` cannot be the zero address.
   * - `to` cannot be the zero address.
   * - `tokenId` token must exist and be owned by `from`.
   * - If `to` refers to a smart contract, it must implement {IERC721Receiver-onERC721Received}, which is called upon a safe transfer.
   *
   * Emits a {Transfer} event.
   */
  function _safeTransfer(
    address from,
    address to,
    uint256 tokenId,
    bytes memory data
  ) internal virtual {
    _transfer(from, to, tokenId);
    require(
      _checkOnERC721Received(from, to, tokenId, data),
      'ERC721: transfer to non ERC721Receiver implementer'
    );
  }

  /**
   * @dev Returns the owner of the `tokenId`. Does NOT revert if token doesn't exist
   */
  function _ownerOf(uint256 tokenId) internal view virtual returns (address) {
    return _owners[tokenId];
  }

  /**
   * @dev Returns whether `tokenId` exists.
   *
   * Tokens can be managed by their owner or approved accounts via {approve} or {setApprovalForAll}.
   *
   * Tokens start existing when they are minted (`_mint`),
   * and stop existing when they are burned (`_burn`).
   */
  function _exists(uint256 tokenId) internal view virtual returns (bool) {
    return _ownerOf(tokenId) != address(0);
  }

  /**
   * @dev Returns whether `spender` is allowed to manage `tokenId`.
   *
   * Requirements:
   *
   * - `tokenId` must exist.
   */
  function _isApprovedOrOwner(
    address spender,
    uint256 tokenId
  ) internal view virtual returns (bool) {
    address owner = ERC721.ownerOf(tokenId);
    return (spender == owner ||
      isApprovedForAll(owner, spender) ||
      getApproved(tokenId) == spender);
  }

  /**
   * @dev Safely mints `tokenId` and transfers it to `to`.
   *
   * Requirements:
   *
   * - `tokenId` must not exist.
   * - If `to` refers to a smart contract, it must implement {IERC721Receiver-onERC721Received}, which is called upon a safe transfer.
   *
   * Emits a {Transfer} event.
   */
  function _safeMint(address to, uint256 tokenId) internal virtual {
    _safeMint(to, tokenId, '');
  }

  /**
   * @dev Same as {xref-ERC721-_safeMint-address-uint256-}[`_safeMint`], with an additional `data` parameter which is
   * forwarded in {IERC721Receiver-onERC721Received} to contract recipients.
   */
  function _safeMint(address to, uint256 tokenId, bytes memory data) internal virtual {
    _mint(to, tokenId);
    require(
      _checkOnERC721Received(address(0), to, tokenId, data),
      'ERC721: transfer to non ERC721Receiver implementer'
    );
  }

  /**
   * @dev Mints `tokenId` and transfers it to `to`.
   *
   * WARNING: Usage of this method is discouraged, use {_safeMint} whenever possible
   *
   * Requirements:
   *
   * - `tokenId` must not exist.
   * - `to` cannot be the zero address.
   *
   * Emits a {Transfer} event.
   */
  function _mint(address to, uint256 tokenId) internal virtual {
    require(to != address(0), 'ERC721: mint to the zero address');
    require(!_exists(tokenId), 'ERC721: token already minted');

    _beforeTokenTransfer(address(0), to, tokenId, 1);

    // Check that tokenId was not minted by `_beforeTokenTransfer` hook
    require(!_exists(tokenId), 'ERC721: token already minted');

    unchecked {
      // Will not overflow unless all 2**256 token ids are minted to the same owner.
      // Given that tokens are minted one by one, it is impossible in practice that
      // this ever happens. Might change if we allow batch minting.
      // The ERC fails to describe this case.
      _balances[to] += 1;
    }

    _owners[tokenId] = to;

    emit Transfer(address(0), to, tokenId);

    _afterTokenTransfer(address(0), to, tokenId, 1);
  }

  /**
   * @dev Destroys `tokenId`.
   * The approval is cleared when the token is burned.
   * This is an internal function that does not check if the sender is authorized to operate on the token.
   *
   * Requirements:
   *
   * - `tokenId` must exist.
   *
   * Emits a {Transfer} event.
   */
  function _burn(uint256 tokenId) internal virtual {
    address owner = ERC721.ownerOf(tokenId);

    _beforeTokenTransfer(owner, address(0), tokenId, 1);

    // Update ownership in case tokenId was transferred by `_beforeTokenTransfer` hook
    owner = ERC721.ownerOf(tokenId);

    // Clear approvals
    delete _tokenApprovals[tokenId];

    unchecked {
      // Cannot overflow, as that would require more tokens to be burned/transferred
      // out than the owner initially received through minting and transferring in.
      _balances[owner] -= 1;
    }
    delete _owners[tokenId];

    emit Transfer(owner, address(0), tokenId);

    _afterTokenTransfer(owner, address(0), tokenId, 1);
  }

  /**
   * @dev Transfers `tokenId` from `from` to `to`.
   *  As opposed to {transferFrom}, this imposes no restrictions on msg.sender.
   *
   * Requirements:
   *
   * - `to` cannot be the zero address.
   * - `tokenId` token must be owned by `from`.
   *
   * Emits a {Transfer} event.
   */
  function _transfer(address from, address to, uint256 tokenId) internal virtual {
    require(ERC721.ownerOf(tokenId) == from, 'ERC721: transfer from incorrect owner');
    require(to != address(0), 'ERC721: transfer to the zero address');

    _beforeTokenTransfer(from, to, tokenId, 1);

    // Check that tokenId was not transferred by `_beforeTokenTransfer` hook
    require(ERC721.ownerOf(tokenId) == from, 'ERC721: transfer from incorrect owner');

    // Clear approvals from the previous owner
    delete _tokenApprovals[tokenId];

    unchecked {
      // `_balances[from]` cannot overflow for the same reason as described in `_burn`:
      // `from`'s balance is the number of token held, which is at least one before the current
      // transfer.
      // `_balances[to]` could overflow in the conditions described in `_mint`. That would require
      // all 2**256 token ids to be minted, which in practice is impossible.
      _balances[from] -= 1;
      _balances[to] += 1;
    }
    _owners[tokenId] = to;

    emit Transfer(from, to, tokenId);

    _afterTokenTransfer(from, to, tokenId, 1);
  }

  /**
   * @dev Approve `to` to operate on `tokenId`
   *
   * Emits an {Approval} event.
   */
  function _approve(address to, uint256 tokenId) internal virtual {
    _tokenApprovals[tokenId] = to;
    emit Approval(ERC721.ownerOf(tokenId), to, tokenId);
  }

  /**
   * @dev Approve `operator` to operate on all of `owner` tokens
   *
   * Emits an {ApprovalForAll} event.
   */
  function _setApprovalForAll(address owner, address operator, bool approved) internal virtual {
    require(owner != operator, 'ERC721: approve to caller');
    _operatorApprovals[owner][operator] = approved;
    emit ApprovalForAll(owner, operator, approved);
  }

  /**
   * @dev Reverts if the `tokenId` has not been minted yet.
   */
  function _requireMinted(uint256 tokenId) internal view virtual {
    require(_exists(tokenId), 'ERC721: invalid token ID');
  }

  /**
   * @dev Internal function to invoke {IERC721Receiver-onERC721Received} on a target address.
   * The call is not executed if the target address is not a contract.
   *
   * @param from address representing the previous owner of the given token ID
   * @param to target address that will receive the tokens
   * @param tokenId uint256 ID of the token to be transferred
   * @param data bytes optional data to send along with the call
   * @return bool whether the call correctly returned the expected magic value
   */
  function _checkOnERC721Received(
    address from,
    address to,
    uint256 tokenId,
    bytes memory data
  ) private returns (bool) {
    if (to.isContract()) {
      try IERC721Receiver(to).onERC721Received(_msgSender(), from, tokenId, data) returns (
        bytes4 retval
      ) {
        return retval == IERC721Receiver.onERC721Received.selector;
      } catch (bytes memory reason) {
        if (reason.length == 0) {
          revert('ERC721: transfer to non ERC721Receiver implementer');
        } else {
          /// @solidity memory-safe-assembly
          assembly {
            revert(add(32, reason), mload(reason))
          }
        }
      }
    } else {
      return true;
    }
  }

  /**
   * @dev Hook that is called before any token transfer. This includes minting and burning. If {ERC721Consecutive} is
   * used, the hook may be called as part of a consecutive (batch) mint, as indicated by `batchSize` greater than 1.
   *
   * Calling conditions:
   *
   * - When `from` and `to` are both non-zero, ``from``'s tokens will be transferred to `to`.
   * - When `from` is zero, the tokens will be minted for `to`.
   * - When `to` is zero, ``from``'s tokens will be burned.
   * - `from` and `to` are never both zero.
   * - `batchSize` is non-zero.
   *
   * To learn more about hooks, head to xref:ROOT:extending-contracts.adoc#using-hooks[Using Hooks].
   */
  function _beforeTokenTransfer(
    address from,
    address to,
    uint256 /* firstTokenId */,
    uint256 batchSize
  ) internal virtual {
    if (batchSize > 1) {
      if (from != address(0)) {
        _balances[from] -= batchSize;
      }
      if (to != address(0)) {
        _balances[to] += batchSize;
      }
    }
  }

  /**
   * @dev Hook that is called after any token transfer. This includes minting and burning. If {ERC721Consecutive} is
   * used, the hook may be called as part of a consecutive (batch) mint, as indicated by `batchSize` greater than 1.
   *
   * Calling conditions:
   *
   * - When `from` and `to` are both non-zero, ``from``'s tokens were transferred to `to`.
   * - When `from` is zero, the tokens were minted for `to`.
   * - When `to` is zero, ``from``'s tokens were burned.
   * - `from` and `to` are never both zero.
   * - `batchSize` is non-zero.
   *
   * To learn more about hooks, head to xref:ROOT:extending-contracts.adoc#using-hooks[Using Hooks].
   */
  function _afterTokenTransfer(
    address from,
    address to,
    uint256 firstTokenId,
    uint256 batchSize
  ) internal virtual {}
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (token/ERC721/extensions/ERC721Enumerable.sol)

pragma solidity ^0.8.0;

import "ERC721.sol";
import "IERC721Enumerable.sol";

/**
 * @dev This implements an optional extension of {ERC721} defined in the EIP that adds
 * enumerability of all the token ids in the contract as well as all token ids owned by each
 * account.
 */
abstract contract ERC721Enumerable is ERC721, IERC721Enumerable {
  // Mapping from owner to list of owned token IDs
  mapping(address => mapping(uint256 => uint256)) private _ownedTokens;

  // Mapping from token ID to index of the owner tokens list
  mapping(uint256 => uint256) private _ownedTokensIndex;

  // Array with all token ids, used for enumeration
  uint256[] private _allTokens;

  // Mapping from token id to position in the allTokens array
  mapping(uint256 => uint256) private _allTokensIndex;

  /**
   * @dev See {IERC165-supportsInterface}.
   */
  function supportsInterface(
    bytes4 interfaceId
  ) public view virtual override(IERC165, ERC721) returns (bool) {
    return
      interfaceId == type(IERC721Enumerable).interfaceId || super.supportsInterface(interfaceId);
  }

  /**
   * @dev See {IERC721Enumerable-tokenOfOwnerByIndex}.
   */
  function tokenOfOwnerByIndex(
    address owner,
    uint256 index
  ) public view virtual override returns (uint256) {
    require(index < ERC721.balanceOf(owner), 'ERC721Enumerable: owner index out of bounds');
    return _ownedTokens[owner][index];
  }

  /**
   * @dev See {IERC721Enumerable-totalSupply}.
   */
  function totalSupply() public view virtual override returns (uint256) {
    return _allTokens.length;
  }

  /**
   * @dev See {IERC721Enumerable-tokenByIndex}.
   */
  function tokenByIndex(uint256 index) public view virtual override returns (uint256) {
    require(index < ERC721Enumerable.totalSupply(), 'ERC721Enumerable: global index out of bounds');
    return _allTokens[index];
  }

  /**
   * @dev See {ERC721-_beforeTokenTransfer}.
   */
  function _beforeTokenTransfer(
    address from,
    address to,
    uint256 firstTokenId,
    uint256 batchSize
  ) internal virtual override {
    super._beforeTokenTransfer(from, to, firstTokenId, batchSize);

    if (batchSize > 1) {
      // Will only trigger during construction. Batch transferring (minting) is not available afterwards.
      revert('ERC721Enumerable: consecutive transfers not supported');
    }

    uint256 tokenId = firstTokenId;

    if (from == address(0)) {
      _addTokenToAllTokensEnumeration(tokenId);
    } else if (from != to) {
      _removeTokenFromOwnerEnumeration(from, tokenId);
    }
    if (to == address(0)) {
      _removeTokenFromAllTokensEnumeration(tokenId);
    } else if (to != from) {
      _addTokenToOwnerEnumeration(to, tokenId);
    }
  }

  /**
   * @dev Private function to add a token to this extension's ownership-tracking data structures.
   * @param to address representing the new owner of the given token ID
   * @param tokenId uint256 ID of the token to be added to the tokens list of the given address
   */
  function _addTokenToOwnerEnumeration(address to, uint256 tokenId) private {
    uint256 length = ERC721.balanceOf(to);
    _ownedTokens[to][length] = tokenId;
    _ownedTokensIndex[tokenId] = length;
  }

  /**
   * @dev Private function to add a token to this extension's token tracking data structures.
   * @param tokenId uint256 ID of the token to be added to the tokens list
   */
  function _addTokenToAllTokensEnumeration(uint256 tokenId) private {
    _allTokensIndex[tokenId] = _allTokens.length;
    _allTokens.push(tokenId);
  }

  /**
   * @dev Private function to remove a token from this extension's ownership-tracking data structures. Note that
   * while the token is not assigned a new owner, the `_ownedTokensIndex` mapping is _not_ updated: this allows for
   * gas optimizations e.g. when performing a transfer operation (avoiding double writes).
   * This has O(1) time complexity, but alters the order of the _ownedTokens array.
   * @param from address representing the previous owner of the given token ID
   * @param tokenId uint256 ID of the token to be removed from the tokens list of the given address
   */
  function _removeTokenFromOwnerEnumeration(address from, uint256 tokenId) private {
    // To prevent a gap in from's tokens array, we store the last token in the index of the token to delete, and
    // then delete the last slot (swap and pop).

    uint256 lastTokenIndex = ERC721.balanceOf(from) - 1;
    uint256 tokenIndex = _ownedTokensIndex[tokenId];

    // When the token to delete is the last token, the swap operation is unnecessary
    if (tokenIndex != lastTokenIndex) {
      uint256 lastTokenId = _ownedTokens[from][lastTokenIndex];

      _ownedTokens[from][tokenIndex] = lastTokenId; // Move the last token to the slot of the to-delete token
      _ownedTokensIndex[lastTokenId] = tokenIndex; // Update the moved token's index
    }

    // This also deletes the contents at the last position of the array
    delete _ownedTokensIndex[tokenId];
    delete _ownedTokens[from][lastTokenIndex];
  }

  /**
   * @dev Private function to remove a token from this extension's token tracking data structures.
   * This has O(1) time complexity, but alters the order of the _allTokens array.
   * @param tokenId uint256 ID of the token to be removed from the tokens list
   */
  function _removeTokenFromAllTokensEnumeration(uint256 tokenId) private {
    // To prevent a gap in the tokens array, we store the last token in the index of the token to delete, and
    // then delete the last slot (swap and pop).

    uint256 lastTokenIndex = _allTokens.length - 1;
    uint256 tokenIndex = _allTokensIndex[tokenId];

    // When the token to delete is the last token, the swap operation is unnecessary. However, since this occurs so
    // rarely (when the last minted token is burnt) that we still do the swap here to avoid the gas cost of adding
    // an 'if' statement (like in _removeTokenFromOwnerEnumeration)
    uint256 lastTokenId = _allTokens[lastTokenIndex];

    _allTokens[tokenIndex] = lastTokenId; // Move the last token to the slot of the to-delete token
    _allTokensIndex[lastTokenId] = tokenIndex; // Update the moved token's index

    // This also deletes the contents at the last position of the array
    delete _allTokensIndex[tokenId];
    _allTokens.pop();
  }
}

// SPDX-License-Identifier: GPL-3.0-only
pragma solidity ^0.8.19;

interface IDexfaiFactory {
  function getPool(address _token) external view returns (address pool);

  function allPools(uint256) external view returns (address pool);

  function poolCodeHash() external pure returns (bytes32);

  function allPoolsLength() external view returns (uint);

  function createPool(address _token) external returns (address pool);

  function setDexfaiCore(address _core) external;

  function getDexfaiCore() external view returns (address);

  function setOwner(address _owner) external;

  function setWhitelistingPhase(bool _state) external;

  function getOwner() external view returns (address);

  event ChangedOwner(address indexed owner);
  event ChangedCore(address indexed core);
  event Whitelisting(bool state);
  event PoolCreated(address indexed token, address indexed pool, uint allPoolsSize);
}

// SPDX-License-Identifier: GPL-3.0-only
pragma solidity ^0.8.19;

interface IDexfaiINFT {
  function reserve() external view returns (uint);

  function totalSharesIssued() external view returns (uint);

  function initialReserve() external view returns (uint);

  function harvestedBalance(address _token) external view returns (uint);

  function INFTShares(uint _id) external view returns (uint);

  function sharesHarvestedByPool(address _token, uint _id) external view returns (uint);

  function totalSharesHarvestedByPool(address _token) external view returns (uint);

  function setBaseURI(string memory _baseURI) external;

  function getStates() external view returns (uint, uint, uint);

  function shareToTokenAmount(
    uint _tokenID,
    address _token
  ) external view returns (uint share2amount, uint inftShare, uint harvestedShares);

  function premint(address[] memory _legacyLNFTHolders, uint[] memory _initialShares) external;

  function mint(address _to) external returns (uint tokenID, uint share);

  function boost(uint _tokenID) external returns (uint share);

  function harvestToken(address _token, uint _tokenID, uint _amount) external returns (uint);

  function harvestETH(uint _tokenID, uint _amount) external returns (uint);

  event Mint(address indexed from, address indexed to, uint share, uint id);
  event Boost(address indexed from, uint share, uint id);
  event HarvestToken(address token, uint harvestedAmount, uint harvestedShare, uint id);
  event HarvestETH(uint harvestedAmount, uint harvestedShare, uint id);
}

// SPDX-License-Identifier: GPL-3.0-only
pragma solidity ^0.8.19;

interface IDexfaiPool {
  function getCurrentIndex() external view returns (uint16 index);

  function getNthObservation(
    uint _n
  ) external view returns (uint timestamp, uint rCumulative, uint wCumulative);

  function getCumulativeLast()
    external
    view
    returns (uint timestamp, uint rCumulative, uint wCumulative);

  function ringBufferNonce() external view returns (uint);

  function observations(uint observation) external view returns (uint, uint, uint);

  function getDexfaiCore() external view returns (address);

  function poolToken() external view returns (address);

  function initialize(address _token, address _dexfaiFactory) external;

  function getStates() external view returns (uint, uint, uint);

  function update(uint _balance, uint _r, uint _w) external;

  function mint(address _to, uint _amount) external;

  function burn(address _to, uint _amount) external;

  function safeTransfer(address _token, address _to, uint256 _value) external;

  function totalSupply() external view returns (uint);

  function transfer(address _recipient, uint _amount) external returns (bool);

  function decimals() external view returns (uint8);

  function balanceOf(address) external view returns (uint);

  function transferFrom(address _sender, address _recipient, uint _amount) external returns (bool);

  function approve(address _spender, uint _value) external returns (bool);

  function allowance(address _owner, address _spender) external view returns (uint256);

  function symbol() external view returns (string memory);

  function name() external view returns (string memory);

  function permit(
    address _owner,
    address _spender,
    uint _value,
    uint _deadline,
    uint8 _v,
    bytes32 _re,
    bytes32 _s
  ) external;

  function nonces(address _owner) external view returns (uint);

  function PERMIT_TYPEHASH() external view returns (bytes32);

  function DOMAIN_SEPARATOR() external view returns (bytes32);

  event Sync(uint _reserve, uint _w);
  event Transfer(address indexed _from, address indexed _to, uint _amount);
  event Approval(address indexed _owner, address indexed _spender, uint _amount);
  event Write(uint _r, uint _w, uint _blockTimestamp);
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (utils/introspection/IERC165.sol)

pragma solidity ^0.8.19;

/**
 * @dev Interface of the ERC165 standard, as defined in the
 * https://eips.ethereum.org/EIPS/eip-165[EIP].
 *
 * Implementers can declare support of contract interfaces, which can then be
 * queried by others ({ERC165Checker}).
 *
 * For an implementation, see {ERC165}.
 */
interface IERC165 {
  /**
   * @dev Returns true if this contract implements the interface defined by
   * `interfaceId`. See the corresponding
   * https://eips.ethereum.org/EIPS/eip-165#how-interfaces-are-identified[EIP section]
   * to learn more about how these ids are created.
   *
   * This function call must use less than 30 000 gas.
   */
  function supportsInterface(bytes4 interfaceId) external view returns (bool);
}

// SPDX-License-Identifier: GPL-3.0-or-later
pragma solidity ^0.8.19;

interface IERC20 {
  function totalSupply() external view returns (uint);

  function transfer(address recipient, uint amount) external returns (bool);

  function decimals() external view returns (uint8);

  function balanceOf(address) external view returns (uint);

  function transferFrom(address sender, address recipient, uint amount) external returns (bool);

  function approve(address spender, uint value) external returns (bool);

  function allowance(address owner, address spender) external view returns (uint256);

  function symbol() external view returns (string memory);

  function name() external view returns (string memory);
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.7.0) (token/ERC721/IERC721.sol)

pragma solidity ^0.8.19;

import "IERC165.sol";

/**
 * @dev Required interface of an ERC721 compliant contract.
 */
interface IERC721 is IERC165 {
  /**
   * @dev Emitted when `tokenId` token is transferred from `from` to `to`.
   */
  event Transfer(address indexed from, address indexed to, uint256 indexed tokenId);

  /**
   * @dev Emitted when `owner` enables `approved` to manage the `tokenId` token.
   */
  event Approval(address indexed owner, address indexed approved, uint256 indexed tokenId);

  /**
   * @dev Emitted when `owner` enables or disables (`approved`) `operator` to manage all of its assets.
   */
  event ApprovalForAll(address indexed owner, address indexed operator, bool approved);

  /**
   * @dev Returns the number of tokens in ``owner``'s account.
   */
  function balanceOf(address owner) external view returns (uint256 balance);

  /**
   * @dev Returns the owner of the `tokenId` token.
   *
   * Requirements:
   *
   * - `tokenId` must exist.
   */
  function ownerOf(uint256 tokenId) external view returns (address owner);

  /**
   * @dev Safely transfers `tokenId` token from `from` to `to`.
   *
   * Requirements:
   *
   * - `from` cannot be the zero address.
   * - `to` cannot be the zero address.
   * - `tokenId` token must exist and be owned by `from`.
   * - If the caller is not `from`, it must be approved to move this token by either {approve} or {setApprovalForAll}.
   * - If `to` refers to a smart contract, it must implement {IERC721Receiver-onERC721Received}, which is called upon a safe transfer.
   *
   * Emits a {Transfer} event.
   */
  function safeTransferFrom(
    address from,
    address to,
    uint256 tokenId,
    bytes calldata data
  ) external;

  /**
   * @dev Safely transfers `tokenId` token from `from` to `to`, checking first that contract recipients
   * are aware of the ERC721 protocol to prevent tokens from being forever locked.
   *
   * Requirements:
   *
   * - `from` cannot be the zero address.
   * - `to` cannot be the zero address.
   * - `tokenId` token must exist and be owned by `from`.
   * - If the caller is not `from`, it must have been allowed to move this token by either {approve} or {setApprovalForAll}.
   * - If `to` refers to a smart contract, it must implement {IERC721Receiver-onERC721Received}, which is called upon a safe transfer.
   *
   * Emits a {Transfer} event.
   */
  function safeTransferFrom(address from, address to, uint256 tokenId) external;

  /**
   * @dev Transfers `tokenId` token from `from` to `to`.
   *
   * WARNING: Note that the caller is responsible to confirm that the recipient is capable of receiving ERC721
   * or else they may be permanently lost. Usage of {safeTransferFrom} prevents loss, though the caller must
   * understand this adds an external call which potentially creates a reentrancy vulnerability.
   *
   * Requirements:
   *
   * - `from` cannot be the zero address.
   * - `to` cannot be the zero address.
   * - `tokenId` token must be owned by `from`.
   * - If the caller is not `from`, it must be approved to move this token by either {approve} or {setApprovalForAll}.
   *
   * Emits a {Transfer} event.
   */
  function transferFrom(address from, address to, uint256 tokenId) external;

  /**
   * @dev Gives permission to `to` to transfer `tokenId` token to another account.
   * The approval is cleared when the token is transferred.
   *
   * Only a single account can be approved at a time, so approving the zero address clears previous approvals.
   *
   * Requirements:
   *
   * - The caller must own the token or be an approved operator.
   * - `tokenId` must exist.
   *
   * Emits an {Approval} event.
   */
  function approve(address to, uint256 tokenId) external;

  /**
   * @dev Approve or remove `operator` as an operator for the caller.
   * Operators can call {transferFrom} or {safeTransferFrom} for any token owned by the caller.
   *
   * Requirements:
   *
   * - The `operator` cannot be the caller.
   *
   * Emits an {ApprovalForAll} event.
   */
  function setApprovalForAll(address operator, bool _approved) external;

  /**
   * @dev Returns the account approved for `tokenId` token.
   *
   * Requirements:
   *
   * - `tokenId` must exist.
   */
  function getApproved(uint256 tokenId) external view returns (address operator);

  /**
   * @dev Returns if the `operator` is allowed to manage all of the assets of `owner`.
   *
   * See {setApprovalForAll}
   */
  function isApprovedForAll(address owner, address operator) external view returns (bool);
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.5.0) (token/ERC721/extensions/IERC721Enumerable.sol)

pragma solidity ^0.8.19;

import "IERC721.sol";

/**
 * @title ERC-721 Non-Fungible Token Standard, optional enumeration extension
 * @dev See https://eips.ethereum.org/EIPS/eip-721
 */
interface IERC721Enumerable is IERC721 {
  /**
   * @dev Returns the total amount of tokens stored by the contract.
   */
  function totalSupply() external view returns (uint256);

  /**
   * @dev Returns a token ID owned by `owner` at a given `index` of its token list.
   * Use along with {balanceOf} to enumerate all of ``owner``'s tokens.
   */
  function tokenOfOwnerByIndex(address owner, uint256 index) external view returns (uint256);

  /**
   * @dev Returns a token ID at a given `index` of all the tokens stored by the contract.
   * Use along with {totalSupply} to enumerate all tokens.
   */
  function tokenByIndex(uint256 index) external view returns (uint256);
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (token/ERC721/extensions/IERC721Metadata.sol)

pragma solidity ^0.8.19;

import "IERC721.sol";

/**
 * @title ERC-721 Non-Fungible Token Standard, optional metadata extension
 * @dev See https://eips.ethereum.org/EIPS/eip-721
 */
interface IERC721Metadata is IERC721 {
  /**
   * @dev Returns the token collection name.
   */
  function name() external view returns (string memory);

  /**
   * @dev Returns the token collection symbol.
   */
  function symbol() external view returns (string memory);

  /**
   * @dev Returns the Uniform Resource Identifier (URI) for `tokenId` token.
   */
  function tokenURI(uint256 tokenId) external view returns (string memory);
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.6.0) (token/ERC721/IERC721Receiver.sol)

pragma solidity ^0.8.19;

/**
 * @title ERC721 token receiver interface
 * @dev Interface for any contract that wants to support safeTransfers
 * from ERC721 asset contracts.
 */
interface IERC721Receiver {
  /**
   * @dev Whenever an {IERC721} `tokenId` token is transferred to this contract via {IERC721-safeTransferFrom}
   * by `operator` from `from`, this function is called.
   *
   * It must return its Solidity selector to confirm the token transfer.
   * If any other value is returned or the interface is not implemented by the recipient, the transfer will be reverted.
   *
   * The selector can be obtained in Solidity with `IERC721Receiver.onERC721Received.selector`.
   */
  function onERC721Received(
    address operator,
    address from,
    uint256 tokenId,
    bytes calldata data
  ) external returns (bytes4);
}

// SPDX-License-Identifier: GPL-3.0-only

pragma solidity ^0.8.19;

interface IWETH {
  function deposit() external payable;

  function transfer(address to, uint value) external returns (bool);

  function withdraw(uint) external;
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.7.0) (utils/math/Math.sol)

pragma solidity ^0.8.0;

/**
 * @dev Standard math utilities missing in the Solidity language.
 */
library OZMath {
  enum Rounding {
    Down, // Toward negative infinity
    Up, // Toward infinity
    Zero // Toward zero
  }

  /**
   * @dev Return the log in base 10, rounded down, of a positive value.
   * Returns 0 if given 0.
   */
  function log10(uint256 value) internal pure returns (uint256) {
    uint256 result = 0;
    unchecked {
      if (value >= 10 ** 64) {
        value /= 10 ** 64;
        result += 64;
      }
      if (value >= 10 ** 32) {
        value /= 10 ** 32;
        result += 32;
      }
      if (value >= 10 ** 16) {
        value /= 10 ** 16;
        result += 16;
      }
      if (value >= 10 ** 8) {
        value /= 10 ** 8;
        result += 8;
      }
      if (value >= 10 ** 4) {
        value /= 10 ** 4;
        result += 4;
      }
      if (value >= 10 ** 2) {
        value /= 10 ** 2;
        result += 2;
      }
      if (value >= 10 ** 1) {
        result += 1;
      }
    }
    return result;
  }

  /**
   * @dev Return the log in base 10, following the selected rounding direction, of a positive value.
   * Returns 0 if given 0.
   */
  function log10(uint256 value, Rounding rounding) internal pure returns (uint256) {
    unchecked {
      uint256 result = log10(value);
      return result + (rounding == Rounding.Up && 10 ** result < value ? 1 : 0);
    }
  }

  /**
   * @dev Return the log in base 256, rounded down, of a positive value.
   * Returns 0 if given 0.
   *
   * Adding one to the result gives the number of pairs of hex symbols needed to represent `value` as a hex string.
   */
  function log256(uint256 value) internal pure returns (uint256) {
    uint256 result = 0;
    unchecked {
      if (value >> 128 > 0) {
        value >>= 128;
        result += 16;
      }
      if (value >> 64 > 0) {
        value >>= 64;
        result += 8;
      }
      if (value >> 32 > 0) {
        value >>= 32;
        result += 4;
      }
      if (value >> 16 > 0) {
        value >>= 16;
        result += 2;
      }
      if (value >> 8 > 0) {
        result += 1;
      }
    }
    return result;
  }

  /**
   * @dev Return the log in base 10, following the selected rounding direction, of a positive value.
   * Returns 0 if given 0.
   */
  function log256(uint256 value, Rounding rounding) internal pure returns (uint256) {
    unchecked {
      uint256 result = log256(value);
      return result + (rounding == Rounding.Up && 1 << (result << 3) < value ? 1 : 0);
    }
  }
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.7.0) (utils/Strings.sol)

pragma solidity ^0.8.0;

import "OZMath.sol";

/**
 * @dev String operations.
 */
library Strings {
  bytes16 private constant _SYMBOLS = '0123456789abcdef';
  uint8 private constant _ADDRESS_LENGTH = 20;

  /**
   * @dev Converts a `uint256` to its ASCII `string` decimal representation.
   */
  function toString(uint256 value) internal pure returns (string memory) {
    unchecked {
      uint256 length = OZMath.log10(value) + 1;
      string memory buffer = new string(length);
      uint256 ptr;
      /// @solidity memory-safe-assembly
      assembly {
        ptr := add(buffer, add(32, length))
      }
      while (true) {
        ptr--;
        /// @solidity memory-safe-assembly
        assembly {
          mstore8(ptr, byte(mod(value, 10), _SYMBOLS))
        }
        value /= 10;
        if (value == 0) break;
      }
      return buffer;
    }
  }

  /**
   * @dev Converts a `uint256` to its ASCII `string` hexadecimal representation.
   */
  function toHexString(uint256 value) internal pure returns (string memory) {
    unchecked {
      return toHexString(value, OZMath.log256(value) + 1);
    }
  }

  /**
   * @dev Converts a `uint256` to its ASCII `string` hexadecimal representation with fixed length.
   */
  function toHexString(uint256 value, uint256 length) internal pure returns (string memory) {
    bytes memory buffer = new bytes(2 * length + 2);
    buffer[0] = '0';
    buffer[1] = 'x';
    for (uint256 i = 2 * length + 1; i > 1; --i) {
      buffer[i] = _SYMBOLS[value & 0xf];
      value >>= 4;
    }
    require(value == 0, 'Strings: hex length insufficient');
    return string(buffer);
  }

  /**
   * @dev Converts an `address` with fixed length of 20 bytes to its not checksummed ASCII `string` hexadecimal representation.
   */
  function toHexString(address addr) internal pure returns (string memory) {
    return toHexString(uint256(uint160(addr)), _ADDRESS_LENGTH);
  }
}

{
  "compilationTarget": {
    "DexfaiINFT.sol": "DexfaiINFT"
  },
  "evmVersion": "london",
  "libraries": {},
  "metadata": {
    "bytecodeHash": "ipfs"
  },
  "optimizer": {
    "enabled": true,
    "runs": 200
  },
  "remappings": []
}