// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.1.0) (utils/cryptography/ECDSA.sol)

pragma solidity ^0.8.20;

/**
 * @dev Elliptic Curve Digital Signature Algorithm (ECDSA) operations.
 *
 * These functions can be used to verify that a message was signed by the holder
 * of the private keys of a given address.
 */
library ECDSA {
    enum RecoverError {
        NoError,
        InvalidSignature,
        InvalidSignatureLength,
        InvalidSignatureS
    }

    /**
     * @dev The signature derives the `address(0)`.
     */
    error ECDSAInvalidSignature();

    /**
     * @dev The signature has an invalid length.
     */
    error ECDSAInvalidSignatureLength(uint256 length);

    /**
     * @dev The signature has an S value that is in the upper half order.
     */
    error ECDSAInvalidSignatureS(bytes32 s);

    /**
     * @dev Returns the address that signed a hashed message (`hash`) with `signature` or an error. This will not
     * return address(0) without also returning an error description. Errors are documented using an enum (error type)
     * and a bytes32 providing additional information about the error.
     *
     * If no error is returned, then the address can be used for verification purposes.
     *
     * The `ecrecover` EVM precompile allows for malleable (non-unique) signatures:
     * this function rejects them by requiring the `s` value to be in the lower
     * half order, and the `v` value to be either 27 or 28.
     *
     * IMPORTANT: `hash` _must_ be the result of a hash operation for the
     * verification to be secure: it is possible to craft signatures that
     * recover to arbitrary addresses for non-hashed data. A safe way to ensure
     * this is by receiving a hash of the original message (which may otherwise
     * be too long), and then calling {MessageHashUtils-toEthSignedMessageHash} on it.
     *
     * Documentation for signature generation:
     * - with https://web3js.readthedocs.io/en/v1.3.4/web3-eth-accounts.html#sign[Web3.js]
     * - with https://docs.ethers.io/v5/api/signer/#Signer-signMessage[ethers]
     */
    function tryRecover(
        bytes32 hash,
        bytes memory signature
    ) internal pure returns (address recovered, RecoverError err, bytes32 errArg) {
        if (signature.length == 65) {
            bytes32 r;
            bytes32 s;
            uint8 v;
            // ecrecover takes the signature parameters, and the only way to get them
            // currently is to use assembly.
            assembly ("memory-safe") {
                r := mload(add(signature, 0x20))
                s := mload(add(signature, 0x40))
                v := byte(0, mload(add(signature, 0x60)))
            }
            return tryRecover(hash, v, r, s);
        } else {
            return (address(0), RecoverError.InvalidSignatureLength, bytes32(signature.length));
        }
    }

    /**
     * @dev Returns the address that signed a hashed message (`hash`) with
     * `signature`. This address can then be used for verification purposes.
     *
     * The `ecrecover` EVM precompile allows for malleable (non-unique) signatures:
     * this function rejects them by requiring the `s` value to be in the lower
     * half order, and the `v` value to be either 27 or 28.
     *
     * IMPORTANT: `hash` _must_ be the result of a hash operation for the
     * verification to be secure: it is possible to craft signatures that
     * recover to arbitrary addresses for non-hashed data. A safe way to ensure
     * this is by receiving a hash of the original message (which may otherwise
     * be too long), and then calling {MessageHashUtils-toEthSignedMessageHash} on it.
     */
    function recover(bytes32 hash, bytes memory signature) internal pure returns (address) {
        (address recovered, RecoverError error, bytes32 errorArg) = tryRecover(hash, signature);
        _throwError(error, errorArg);
        return recovered;
    }

    /**
     * @dev Overload of {ECDSA-tryRecover} that receives the `r` and `vs` short-signature fields separately.
     *
     * See https://eips.ethereum.org/EIPS/eip-2098[ERC-2098 short signatures]
     */
    function tryRecover(
        bytes32 hash,
        bytes32 r,
        bytes32 vs
    ) internal pure returns (address recovered, RecoverError err, bytes32 errArg) {
        unchecked {
            bytes32 s = vs & bytes32(0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff);
            // We do not check for an overflow here since the shift operation results in 0 or 1.
            uint8 v = uint8((uint256(vs) >> 255) + 27);
            return tryRecover(hash, v, r, s);
        }
    }

    /**
     * @dev Overload of {ECDSA-recover} that receives the `r and `vs` short-signature fields separately.
     */
    function recover(bytes32 hash, bytes32 r, bytes32 vs) internal pure returns (address) {
        (address recovered, RecoverError error, bytes32 errorArg) = tryRecover(hash, r, vs);
        _throwError(error, errorArg);
        return recovered;
    }

    /**
     * @dev Overload of {ECDSA-tryRecover} that receives the `v`,
     * `r` and `s` signature fields separately.
     */
    function tryRecover(
        bytes32 hash,
        uint8 v,
        bytes32 r,
        bytes32 s
    ) internal pure returns (address recovered, RecoverError err, bytes32 errArg) {
        // EIP-2 still allows signature malleability for ecrecover(). Remove this possibility and make the signature
        // unique. Appendix F in the Ethereum Yellow paper (https://ethereum.github.io/yellowpaper/paper.pdf), defines
        // the valid range for s in (301): 0 < s < secp256k1n ÷ 2 + 1, and for v in (302): v ∈ {27, 28}. Most
        // signatures from current libraries generate a unique signature with an s-value in the lower half order.
        //
        // If your library generates malleable signatures, such as s-values in the upper range, calculate a new s-value
        // with 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141 - s1 and flip v from 27 to 28 or
        // vice versa. If your library also generates signatures with 0/1 for v instead 27/28, add 27 to v to accept
        // these malleable signatures as well.
        if (uint256(s) > 0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0) {
            return (address(0), RecoverError.InvalidSignatureS, s);
        }

        // If the signature is valid (and not malleable), return the signer address
        address signer = ecrecover(hash, v, r, s);
        if (signer == address(0)) {
            return (address(0), RecoverError.InvalidSignature, bytes32(0));
        }

        return (signer, RecoverError.NoError, bytes32(0));
    }

    /**
     * @dev Overload of {ECDSA-recover} that receives the `v`,
     * `r` and `s` signature fields separately.
     */
    function recover(bytes32 hash, uint8 v, bytes32 r, bytes32 s) internal pure returns (address) {
        (address recovered, RecoverError error, bytes32 errorArg) = tryRecover(hash, v, r, s);
        _throwError(error, errorArg);
        return recovered;
    }

    /**
     * @dev Optionally reverts with the corresponding custom error according to the `error` argument provided.
     */
    function _throwError(RecoverError error, bytes32 errorArg) private pure {
        if (error == RecoverError.NoError) {
            return; // no error: do nothing
        } else if (error == RecoverError.InvalidSignature) {
            revert ECDSAInvalidSignature();
        } else if (error == RecoverError.InvalidSignatureLength) {
            revert ECDSAInvalidSignatureLength(uint256(errorArg));
        } else if (error == RecoverError.InvalidSignatureS) {
            revert ECDSAInvalidSignatureS(errorArg);
        }
    }
}

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.19;

/**
 * Refined FlashloanArbBot with:
 *   - Multi-tier Quoter checks for better (but still naive) price estimates
 *   - Basic input validation in executeOperation
 *   - Reentrancy guards, multi-sig withdrawal, pause/stop toggles
 * Note: For fully advanced strategies, consider aggregator usage or multi-hop routes.
 */

import "./ReentrancyGuard.sol";
import "./ECDSA.sol";

/// -------------------------------
/// Aave V3
/// -------------------------------
interface IPoolAddressesProvider {
    function getPool() external view returns (address);
}

interface IPool {
    function flashLoanSimple(
        address receiver,
        address asset,
        uint256 amount,
        bytes calldata params,
        uint16 referralCode
    ) external;
}

/// -------------------------------
/// Minimal ERC20 + WETH interface
/// -------------------------------
interface IERC20 {
    function approve(address spender, uint256 amount) external returns (bool);
    function balanceOf(address) external view returns (uint256);
    function transfer(address to, uint256 value) external returns (bool);
}

interface IWETH is IERC20 {
    function deposit() external payable;
    function withdraw(uint256 wad) external;
}

/// -------------------------------
/// Uniswap V3 Router + Quoter
/// -------------------------------
interface ISwapRouter {
    struct ExactInputSingleParams {
        address tokenIn;
        address tokenOut;
        uint24 fee;
        address recipient;
        uint256 deadline;
        uint256 amountIn;
        uint256 amountOutMinimum;
        uint160 sqrtPriceLimitX96;
    }
    function exactInputSingle(ExactInputSingleParams calldata params)
        external
        payable
        returns (uint256 amountOut);
}

interface IQuoter {
    function quoteExactInputSingle(
        address tokenIn,
        address tokenOut,
        uint24 fee,
        uint256 amountIn,
        uint160 sqrtPriceLimitX96
    ) external returns (uint256 amountOut);
}

contract FlashloanArbBot is ReentrancyGuard {
    using ECDSA for bytes32;

    // ============= Config / State =============
    address public owner;
    bool public isActive;  
    bool public isPaused;  

    IPoolAddressesProvider public immutable ADDRESSES_PROVIDER;
    IPool public immutable POOL;

    // Key addresses on mainnet
    address public constant WETH           = 0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2;
    address public constant UNISWAP_V3ROUTER = 0xE592427A0AEce92De3Edee1F18E0157C05861564;
    address public constant UNISWAP_V3QUOTER = 0xb27308f9F90D607463bb33eA1BeBb41C27CE5AB6;

    // Bot parameters
    uint256 public slippageTolerance = 300;     
    uint256 public tradeDelay        = 300;     
    uint256 public minProfitThreshold= 0.001 ether;
    uint256 public lastTradeTimestamp;
    uint256 public maxFlashloanAmount= 10 ether;

    // Multi-sig withdrawal
    address[] public approvers;
    struct WithdrawalRequest {
        uint256 amount;
        uint256 approvals;
        uint256 timestamp;
        bool completed;     
        mapping(address => bool) voted;
    }
    mapping(uint256 => WithdrawalRequest) public withdrawalRequests;
    uint256 public withdrawalRequestCount;
    uint256 public withdrawalDelay = 300; 

    // ============= Events =============
    event BotStarted();
    event BotStopped();
    event Paused();
    event Unpaused();

    event DirectTradeExecuted(address token, uint256 initialETH, uint256 finalETH);
    event FlashloanExecuted(address asset, uint256 amount, uint256 premium, uint256 leftoverProfit);
    event ProfitabilityDetected(address token, uint256 profit, uint256 amountIn, uint256 gasCost, uint256 slippage);
    event WithdrawalRequested(uint256 requestId, uint256 amount);
    event WithdrawalApproved(uint256 requestId, address approver);
    event WithdrawalCompleted(uint256 requestId, uint256 amount);

    // ============= Modifiers =============
    modifier onlyOwner() {
        require(msg.sender == owner, "Not owner");
        _;
    }
    modifier onlyApprover() {
        require(isApprover(msg.sender), "Not an approver");
        _;
    }
    modifier whenNotPaused() {
        require(!isPaused, "Contract is paused");
        _;
    }
    modifier onlyPool() {
        require(msg.sender == address(POOL), "Caller not Aave pool");
        _;
    }

    // ============= Constructor ===========
    constructor(
        address _addressesProvider,
        address[] memory _approvers
    ) {
        owner = msg.sender;
        ADDRESSES_PROVIDER = IPoolAddressesProvider(_addressesProvider);
        POOL = IPool(ADDRESSES_PROVIDER.getPool());
        approvers = _approvers;
    }

    // ============= Fallback to receive ETH from owner, if needed =============
    receive() external payable nonReentrant {
        require(msg.sender == owner, "Only owner can fund contract with ETH");
    }

    // ============= Admin Controls =============
    function start() external onlyOwner {
        require(!isActive, "Already active");
        isActive = true;
        emit BotStarted();
    }
    function stop() external onlyOwner {
        require(isActive, "Already stopped");
        isActive = false;
        emit BotStopped();
    }
    function pause() external onlyOwner {
        isPaused = true;
        emit Paused();
    }
    function unpause() external onlyOwner {
        isPaused = false;
        emit Unpaused();
    }

    function setSlippageTolerance(uint256 _slip) external onlyOwner {
        require(_slip <= 1000, "Too high slip");
        slippageTolerance = _slip;
    }
    function setMinProfitThreshold(uint256 _threshold) external onlyOwner {
        minProfitThreshold = _threshold;
    }
    function setTradeDelay(uint256 _delay) external onlyOwner {
        tradeDelay = _delay;
    }
    function setMaxFlashloanAmount(uint256 _amt) external onlyOwner {
        maxFlashloanAmount = _amt;
    }
    function setWithdrawalDelay(uint256 _wdDelay) external onlyOwner {
        withdrawalDelay = _wdDelay;
    }

    // ============= Approvers / Multi-Sig =============
    function isApprover(address account) public view returns (bool) {
        for (uint256 i = 0; i < approvers.length; i++) {
            if (approvers[i] == account) {
                return true;
            }
        }
        return false;
    }

    // ============= Direct Trade (ETH -> token -> ETH) using Uniswap V3 =============
    function executeDirectTrade(address token, uint256 ethAmount)
        external
        payable
        onlyOwner
        whenNotPaused
        nonReentrant
    {
        require(isActive, "Bot not active");
        require(block.timestamp >= lastTradeTimestamp + tradeDelay, "Trade delay not met");
        require(token != address(0), "Invalid token");
        require(ethAmount > 0, "AmountIn=0");
        require(msg.value == ethAmount, "Mismatch msg.value");

        uint256 profit = checkProfitability(token, ethAmount);
        require(profit >= minProfitThreshold, "Profit below threshold");

        // Wrap ETH -> WETH
        IWETH(WETH).deposit{value: ethAmount}();

        // 1) WETH->token
        uint256 tokenReceived = swapUniswapV3(WETH, token, ethAmount, 3000);

        // 2) token->WETH
        uint256 wethBack = swapUniswapV3(token, WETH, tokenReceived, 3000);

        // Unwrap WETH->ETH
        IWETH(WETH).withdraw(wethBack);

        lastTradeTimestamp = block.timestamp;
        uint256 finalEthBal = address(this).balance;

        emit ProfitabilityDetected(
            token,
            profit,
            ethAmount,
            approximateGasUsage() * tx.gasprice,
            slippageTolerance
        );
        emit DirectTradeExecuted(token, ethAmount, finalEthBal);
    }

    // ============= Aave V3 flashloan approach =============
    function executeFlashloanArb(address asset, uint256 amount)
        external
        onlyOwner
        whenNotPaused
        nonReentrant
    {
        require(isActive, "Bot not active");
        require(amount <= maxFlashloanAmount, "Exceeds max loan");
        require(block.timestamp >= lastTradeTimestamp + tradeDelay, "Delay not met");
        require(asset != address(0), "Invalid asset");
        require(amount > 0, "Amount=0");

        POOL.flashLoanSimple(address(this), asset, amount, bytes(""), 0);
    }

    /**
     * Aave calls this after giving us 'amount' of 'asset'.
     * We do a real two-step swap: e.g. WETH->token->WETH, see leftover, repay.
     */
    function executeOperation(
        address asset,
        uint256 amount,
        uint256 premium,
        address initiator,
        bytes calldata /* params */
    )
        external
        nonReentrant
        onlyPool
        returns (bool)
    {
        // Additional input checks
        require(asset != address(0), "Invalid asset");
        require(amount > 0, "No flashloan amount");
        require(premium >= 0, "Negative premium?"); // In practice, premium won't be negative in Solidity
        require(initiator == address(this), "Initiator invalid");

        // If asset = WETH, let's do a sample WETH->DAI->WETH
        address DAI = 0x6B175474E89094C44Da98b954EedeAC495271d0F;
        uint256 daiOut = swapUniswapV3(asset, DAI, amount, 3000);

        uint256 backToWeth = swapUniswapV3(DAI, asset, daiOut, 3000);

        uint256 owe = amount + premium;
        require(backToWeth > owe, "No profit from arb");
        uint256 leftover = backToWeth - owe;

        // repay
        IERC20(asset).approve(address(POOL), owe);
        lastTradeTimestamp = block.timestamp;

        emit FlashloanExecuted(asset, amount, premium, leftover);
        return true;
    }

    // ============= Internal Uniswap V3 single swap =============
    function swapUniswapV3(address tokenIn, address tokenOut, uint256 amountIn, uint24 fee)
        internal
        returns (uint256)
    {
        require(tokenIn != address(0) && tokenOut != address(0), "Invalid tokenIn/out");
        require(amountIn > 0, "swap amount=0");

        IERC20(tokenIn).approve(UNISWAP_V3ROUTER, amountIn);

        ISwapRouter.ExactInputSingleParams memory params = ISwapRouter.ExactInputSingleParams({
            tokenIn: tokenIn,
            tokenOut: tokenOut,
            fee: fee,
            recipient: address(this),
            deadline: block.timestamp,
            amountIn: amountIn,
            amountOutMinimum: 1,  // For actual safety, use a real minOut
            sqrtPriceLimitX96: 0
        });

        uint256 out = ISwapRouter(UNISWAP_V3ROUTER).exactInputSingle(params);
        return out;
    }

    // ============= On-chain "checkProfitability" with multi-tier Quoter =============
    /**
     * We attempt multiple fee tiers (500, 3000, 10000) to see which yields best finalOut 
     * for (WETH -> token -> WETH). Then do slippage & gas cost checks.
     */
    function checkProfitability(address token, uint256 amountIn)
        public
        returns (uint256)
    {
        require(token != address(0), "Invalid token");
        require(amountIn > 0, "amountIn=0");

        // We'll try 3 common V3 fee tiers
        uint24[3] memory feeTiers = [uint24(500), uint24(3000), uint24(10000)];

        uint256 bestFinalOut = 0;
        for (uint256 i = 0; i < feeTiers.length; i++) {
            uint24 buyFee = feeTiers[i];
            // step 1: WETH->token
            uint256 out1 = IQuoter(UNISWAP_V3QUOTER).quoteExactInputSingle(
                WETH,
                token,
                buyFee,
                amountIn,
                0
            );
            if (out1 == 0) continue;

            // Then for the second leg, we might try multiple fee tiers as well.
            // For simplicity, let's re-use the same tier, or try all again. 
            // We'll do the same tier to keep code short.
            uint256 out2 = IQuoter(UNISWAP_V3QUOTER).quoteExactInputSingle(
                token,
                WETH,
                buyFee,
                out1,
                0
            );
            if (out2 > bestFinalOut) {
                bestFinalOut = out2;
            }
        }

        if (bestFinalOut == 0) return 0;

        // Slippage
        uint256 finalOut = bestFinalOut - ((bestFinalOut * slippageTolerance) / 10_000);

        // approximate gas cost
        uint256 gasCost = approximateGasUsage() * tx.gasprice;

        if (finalOut > (amountIn + gasCost)) {
            return finalOut - (amountIn + gasCost);
        } else {
            return 0;
        }
    }

    function approximateGasUsage() internal pure returns (uint256) {
        return 500000; // guess
    }

    // ============= Multi-Sig with Delay =============
    function requestWithdrawal(uint256 amount) external onlyOwner {
        require(amount > 0, "amount=0");
        require(amount <= address(this).balance, "Not enough ETH in contract");

        uint256 requestId = withdrawalRequestCount++;
        WithdrawalRequest storage w = withdrawalRequests[requestId];
        w.amount = amount;
        w.timestamp = block.timestamp;
        w.completed = false;

        emit WithdrawalRequested(requestId, amount);
    }

    function approveWithdrawal(uint256 requestId) external onlyApprover {
        require(requestId < withdrawalRequestCount, "Invalid requestId");
        WithdrawalRequest storage w = withdrawalRequests[requestId];
        require(!w.completed, "Already completed");
        require(!w.voted[msg.sender], "Already voted");
        require(block.timestamp >= w.timestamp + withdrawalDelay, "Delay not met");

        w.voted[msg.sender] = true;
        w.approvals++;

        emit WithdrawalApproved(requestId, msg.sender);

        // threshold
        if (w.approvals >= (approvers.length / 2) + 1) {
            _processWithdrawal(requestId);
        }
    }

    function _processWithdrawal(uint256 requestId) internal nonReentrant {
        WithdrawalRequest storage w = withdrawalRequests[requestId];
        require(!w.completed, "Already processed");
        require(w.amount <= address(this).balance, "Insufficient balance");

        uint256 amt = w.amount;
        w.completed = true;
        w.amount = 0;

        payable(owner).transfer(amt);
        emit WithdrawalCompleted(requestId, amt);
    }
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (security/ReentrancyGuard.sol)

pragma solidity ^0.8.0;

/**
 * @dev Contract module that helps prevent reentrant calls to a function.
 *
 * Inheriting from `ReentrancyGuard` will make the {nonReentrant} modifier
 * available, which can be applied to functions to make sure there are no nested
 * (reentrant) calls to them.
 *
 * Note that because there is a single `nonReentrant` guard, functions marked as
 * `nonReentrant` may not call one another. This can be worked around by making
 * those functions `private`, and then adding `external` `nonReentrant` entry
 * points to them.
 *
 * TIP: If you would like to learn more about reentrancy and alternative ways
 * to protect against it, check out our blog post
 * https://blog.openzeppelin.com/reentrancy-after-istanbul/[Reentrancy After Istanbul].
 */
abstract contract ReentrancyGuard {
    // Booleans are more expensive than uint256 or any type that takes up a full
    // word because each write operation emits an extra SLOAD to first read the
    // slot's contents, replace the bits taken up by the boolean, and then write
    // back. This is the compiler's defense against contract upgrades and
    // pointer aliasing, and it cannot be disabled.

    // The values being non-zero value makes deployment a bit more expensive,
    // but in exchange the refund on every call to nonReentrant will be lower in
    // amount. Since refunds are capped to a percentage of the total
    // transaction's gas, it is best to keep them low in cases like this one, to
    // increase the likelihood of the full refund coming into effect.
    uint256 private constant _NOT_ENTERED = 1;
    uint256 private constant _ENTERED = 2;

    uint256 private _status;

    constructor() {
        _status = _NOT_ENTERED;
    }

    /**
     * @dev Prevents a contract from calling itself, directly or indirectly.
     * Calling a `nonReentrant` function from another `nonReentrant`
     * function is not supported. It is possible to prevent this from happening
     * by making the `nonReentrant` function external, and making it call a
     * `private` function that does the actual work.
     */
    modifier nonReentrant() {
        _nonReentrantBefore();
        _;
        _nonReentrantAfter();
    }

    function _nonReentrantBefore() private {
        // On the first call to nonReentrant, _status will be _NOT_ENTERED
        require(_status != _ENTERED, "ReentrancyGuard: reentrant call");

        // Any calls to nonReentrant after this point will fail
        _status = _ENTERED;
    }

    function _nonReentrantAfter() private {
        // By storing the original value once again, a refund is triggered (see
        // https://eips.ethereum.org/EIPS/eip-2200)
        _status = _NOT_ENTERED;
    }

    /**
     * @dev Returns true if the reentrancy guard is currently set to "entered", which indicates there is a
     * `nonReentrant` function in the call stack.
     */
    function _reentrancyGuardEntered() internal view returns (bool) {
        return _status == _ENTERED;
    }
}

{
  "compilationTarget": {
    "FlashloanArbBot.sol": "FlashloanArbBot"
  },
  "evmVersion": "cancun",
  "libraries": {},
  "metadata": {
    "bytecodeHash": "ipfs"
  },
  "optimizer": {
    "enabled": true,
    "runs": 200
  },
  "remappings": []
}