// SPDX-License-Identifier: MIT
// Copyright 2023 Proof Holdings Inc.
pragma solidity >=0.8.19;

import {IEntropyOracle, IEntropyOracleEvents} from "./IEntropyOracle.sol";
import {AccessControlEnumerable} from "ethier/utils/AccessControlEnumerable.sol";
import {ECDSA} from "openzeppelin-contracts/utils/cryptography/ECDSA.sol";

/**
 * @notice Returns the digest that the oracle is expected to sign for a given block's entropy. The keccak256 of this
 * (deterministic) signature is the block entropy. The security level of the entropy is therefore inherited from the
 * security level of the signature.
 */
function blockDigest(uint256 blockNumber) view returns (bytes32) {
    return ECDSA.toEthSignedMessageHash(abi.encode(blockNumber, block.chainid));
}

/**
 * @notice Allows for specific addresses to request entropy from an external source in a verifiable manner.
 * @dev Entropy requests emit events that can be used for automatic fulfilment.
 * @dev Limitation: the oracle is a centralised entity that can look ahead to future entropy should it choose to; it
 * MUST therefore be trusted by all parties that wish to protect against entropy snooping. In practice, this usually
 * means a contract owner protecting against malicious users, but not vice versa.
 */
contract EntropyOracle is IEntropyOracle, AccessControlEnumerable {
    /**
     * @notice Entropy MUST NOT be *provided* for the current nor future blocks.
     */
    error NonHistoricalBlock(uint256 blockNumber);

    /**
     * @notice The signature for the provided entropy was not provided by the oracle.
     */
    error InvalidEntropySignature();

    /**
     * @notice Entropy has already been provided for the specified block.
     */
    error EntropyAlreadyProvided(uint256 blockNumber);

    /**
     * @notice Defines the addresses allowed to request entropy.
     */
    bytes32 public constant ENTROPY_REQUESTER_ROLE = keccak256("ENTROPY_REQUESTER_ROLE");

    /**
     * @notice The address of the oracle providing entropy.
     */
    address public signer;

    /**
     * @notice Provided entropy.
     * @dev Value of 0 indicates that entropy has been neither requested nor provided; value of 1 indicates that it has
     * been requested but not yet provided.
     */
    mapping(uint256 => bytes32) private _blockEntropy;

    constructor(address admin, address steerer) {
        _grantRole(DEFAULT_ADMIN_ROLE, admin);
        _grantRole(DEFAULT_STEERING_ROLE, steerer);
        _setRoleAdmin(ENTROPY_REQUESTER_ROLE, DEFAULT_STEERING_ROLE);
    }

    /**
     * @inheritdoc IEntropyOracle
     */
    function requestEntropy() public {
        requestEntropy(block.number);
    }

    /**
     * @inheritdoc IEntropyOracle
     */
    function requestEntropy(uint256 blockNumber) public onlyRole(ENTROPY_REQUESTER_ROLE) {
        if (_blockEntropy[blockNumber] == 0) {
            emit EntropyRequested(blockNumber);
            _blockEntropy[blockNumber] = bytes32(uint256(1));
        }
    }

    /**
     * @notice Input argument to provideEntropy() for specifying multiple blocks in a single call.
     */
    struct EntropyFulfilment {
        uint256 blockNumber;
        bytes signature;
    }

    /**
     * @notice Fulfil a request for entropy. The block MUST be historical.
     * @dev Entropy MAY be provided for a block even if it wasn't explicitly requested.
     */
    function provideEntropy(EntropyFulfilment calldata entropy) external virtual {
        _provideEntropy(entropy);
    }

    function _provideEntropy(EntropyFulfilment calldata entropy) internal returns (bytes32) {
        uint256 blockNumber = entropy.blockNumber;
        if (blockNumber >= block.number) {
            revert NonHistoricalBlock(blockNumber);
        }
        if (ECDSA.recover(blockDigest(blockNumber), entropy.signature) != signer) {
            revert InvalidEntropySignature();
        }
        if (blockEntropy(blockNumber) != 0) {
            revert EntropyAlreadyProvided(blockNumber);
        }

        bytes32 hashed = keccak256(entropy.signature);
        _blockEntropy[blockNumber] = hashed;
        emit EntropyProvided(blockNumber, hashed);
        return hashed;
    }

    /**
     * @notice Fulfil multiple requests for entropy.
     * @dev Equivalent to multiple calls to the single-block equivalent of provideEntropy().
     */
    function provideEntropy(EntropyFulfilment[] calldata entropy) external virtual {
        for (uint256 i = 0; i < entropy.length; ++i) {
            _provideEntropy(entropy[i]);
        }
    }

    /**
     * @inheritdoc IEntropyOracle
     */
    function blockEntropy(uint256 blockNumber) public view virtual returns (bytes32) {
        bytes32 entropy = _blockEntropy[blockNumber];
        if (uint256(entropy) > 1) {
            return entropy;
        }
        return 0;
    }

    /**
     * @notice Updates the oracle's signing address.
     */
    function setSigner(address signer_) external onlyRole(DEFAULT_STEERING_ROLE) {
        signer = signer_;
    }
}

// SPDX-License-Identifier: MIT
// Copyright 2023 Proof Holdings Inc.
pragma solidity >=0.8.19;

import {EntropyOracle} from "./EntropyOracle.sol";
import {IEntropyOracle} from "./IEntropyOracle.sol";
import {IEntropyOracleV2, IEntropyOracleV2Events, IEntropyConsumer} from "./IEntropyOracleV2.sol";
import {Address} from "openzeppelin-contracts/utils/Address.sol";
import {EnumerableSet} from "openzeppelin-contracts/utils/structs/EnumerableSet.sol";

contract EntropyOracleV2 is EntropyOracle, IEntropyOracleV2, IEntropyOracleV2Events {
    using Address for address;
    using EnumerableSet for EnumerableSet.Bytes32Set;

    /**
     * @notice Callbacks MUST NOT be triggered for a block if entropy is not yet set.
     */
    error EntropyNotAvailable(uint256 blockNumber);

    /**
     * @notice Thrown if removeCallback() is called on a non-existent callback.
     */
    error CallbackNotRegistered(address consumer, uint96 callbackId, uint256 blockNumber);

    /**
     * @notice IEntropyConsumer contracts to be triggered when entropy is provided for a block, keyed by block number.
     */
    mapping(uint256 => EnumerableSet.Bytes32Set) private _callbacks;

    /**
     * @notice V1 EntropyOracle from which entropy is sourced if this contract doesn't have it available.
     */
    IEntropyOracle public v1Override;

    constructor(address admin, address steerer) EntropyOracle(admin, steerer) {}

    /**
     * @inheritdoc IEntropyOracleV2
     */
    function requestEntropyWithCallback() external {
        requestEntropyWithCallback(block.number, 0);
    }

    /**
     * @inheritdoc IEntropyOracleV2
     */
    function requestEntropyWithCallback(uint256 blockNumber, uint96 callbackId) public {
        bytes32 entropy = blockEntropy(blockNumber);
        if (uint256(entropy) != 0) {
            IEntropyConsumer(msg.sender).consumeEntropy(blockNumber, callbackId, entropy);
        } else {
            EntropyOracle.requestEntropy(blockNumber);
            // We don't perform any check of msg.sender compatibility because this is handled in provideEntropy. Even if
            // we were to use, for example, supportsInterface, this provides no guarantee that the callback doesn't
            // fail.
            _callbacks[blockNumber].add(_packCallback(msg.sender, callbackId));
        }
    }

    /**
     * @notice Returns the number of callbacks registered for the block.
     */
    function numCallbacks(uint256 blockNumber) external view returns (uint256) {
        return _callbacks[blockNumber].length();
    }

    /**
     * @notice Returns the i'th callback registered for the block.
     */
    function callback(uint256 blockNumber, uint256 i) external view returns (address, uint96) {
        return _unpackCallback(_callbacks[blockNumber].at(i));
    }

    /**
     * @notice Returns whether the consumer has requested a callback with the specified ID and block number.
     */
    function isCallbackRegistered(address consumer, uint96 callbackId, uint256 blockNumber)
        external
        view
        returns (bool)
    {
        return _callbacks[blockNumber].contains(_packCallback(consumer, callbackId));
    }

    /**
     * @notice Packs a callback address and ID into a bytes32.
     */
    function _packCallback(address addr, uint96 id) internal pure returns (bytes32) {
        return bytes32(uint256(uint160(addr)) << 96 | (id & type(uint96).max));
    }

    /**
     * @notice Reverses _packCallback().
     */
    function _unpackCallback(bytes32 packed) internal pure returns (address consumer, uint96 id) {
        consumer = address(uint160(uint256(packed) >> 96));
        id = uint96(uint256(packed));
    }

    /**
     * @notice Fulfil a request for entropy. The block MUST be historical.
     * @dev Entropy MAY be provided for a block even if it wasn't explicitly requested.
     * @dev This will result in callback functions of requesters being executed, up to maxCallbacks. To trigger
     * remaining callbacks, call triggerCallbacks().
     */
    function provideEntropy(EntropyFulfilment calldata entropy, uint256 maxCallbacks) public virtual {
        bytes32 hashed = EntropyOracle._provideEntropy(entropy);
        _triggerCallbacks(entropy.blockNumber, hashed, maxCallbacks);
    }

    /**
     * @notice Equivalent to provideEntropy(entropy, 2^256-1).
     */
    function provideEntropy(EntropyFulfilment calldata entropy) external virtual override {
        provideEntropy(entropy, type(uint256).max);
    }

    /**
     * @inheritdoc EntropyOracle
     */
    function provideEntropy(EntropyFulfilment[] calldata entropy) external virtual override {
        // TODO(arran) add an option to provide multiple blocks with maxCallbacksPerBlock.
        for (uint256 i = 0; i < entropy.length; ++i) {
            provideEntropy(entropy[i], type(uint256).max);
        }
    }

    /**
     * @notice Removes a specific consumer from the block so it isn't called by provideEntropy() nor triggerCallbacks().
     */
    function removeCallback(address consumer, uint96 callbackId, uint256 blockNumber)
        external
        onlyRole(DEFAULT_STEERING_ROLE)
    {
        EnumerableSet.Bytes32Set storage callbacks = _callbacks[blockNumber];
        bytes32 packed = _packCallback(consumer, callbackId);
        if (!callbacks.contains(packed)) {
            revert CallbackNotRegistered(consumer, callbackId, blockNumber);
        }
        _callbacks[blockNumber].remove(packed);
    }

    /**
     * @notice Triggers callbacks for a blockNumber i.f.f. respective entropy has already been provided.
     * @dev If a callback reverts during a call to provideEntropy() it fails gracefully with only an event emitted. This
     * function allows for it to be retried.
     * @dev Triggering of callbacks is idempotent, whether caused by a call to provideEntropy() or triggerCallbacks(),
     * as long as the callback is successful.
     */
    function triggerCallbacks(uint256 blockNumber, uint256 max) external {
        bytes32 entropy = blockEntropy(blockNumber);
        if (uint256(entropy) == 0) revert EntropyNotAvailable(blockNumber);
        _triggerCallbacks(blockNumber, entropy, max);
    }

    /**
     * @dev Assumes that entropy is already set for the blockNumber, which is the responsibility of the calling
     * function. provideEntropy() calls this after setting, and triggerCallbacks() reverts if not set.
     */
    function _triggerCallbacks(uint256 blockNumber, bytes32 entropy, uint256 max) internal {
        EnumerableSet.Bytes32Set storage callbacks = _callbacks[blockNumber];
        uint256 n = callbacks.length();
        if (n > max) {
            n = max;
        }
        bytes32[] memory successful = new bytes32[](n);
        uint256 cursor;

        for (uint256 i = 0; i < n; ++i) {
            bytes32 packed = callbacks.at(i);
            (address consumer, uint96 id) = _unpackCallback(packed);

            bytes memory data =
                abi.encodeWithSelector(IEntropyConsumer.consumeEntropy.selector, blockNumber, id, entropy);
            (bool ok, bytes memory reason) = consumer.call(data);
            if (ok) {
                successful[cursor++] = packed;
            } else {
                emit CallbackFailed(blockNumber, consumer, reason);
            }
        }

        while (cursor > 0) {
            callbacks.remove(successful[--cursor]);
        }
    }

    /**
     * @notice Returns the entropy value for the block number. If a non-zero v1Override address is set and it has
     * entropy available for the block, said entropy is returned.
     * @dev Not all blocks will have entropy available; check that the returned value is non-zero.
     */
    function blockEntropy(uint256 blockNumber)
        public
        view
        virtual
        override(EntropyOracle, IEntropyOracle)
        returns (bytes32)
    {
        if (address(v1Override) != address(0)) {
            bytes32 entropy = v1Override.blockEntropy(blockNumber);
            if (uint256(entropy) != 0) {
                return entropy;
            }
        }
        return EntropyOracle.blockEntropy(blockNumber);
    }

    /**
     * @notice Sets the address of the override EntropyOracle (v1) contract from which entropy is preferentially sourced
     * if available.
     */
    function setOverride(IEntropyOracle v1) external onlyRole(DEFAULT_STEERING_ROLE) {
        v1Override = v1;
    }
}

// SPDX-License-Identifier: MIT
// Copyright 2023 Proof Holdings Inc.
pragma solidity ^0.8.0;

interface IEntropyOracleEvents {
    /**
     * @notice Emitted when entropy is requested, to signal the oracle.
     */
    event EntropyRequested(uint256 indexed blockNumber);

    /**
     * @notice Emitted when an entropy request is fulfilled.
     */
    event EntropyProvided(uint256 indexed blockNumber, bytes32 entropy);
}

interface IEntropyOracle is IEntropyOracleEvents {
    /**
     * @notice Equivalent to requestEntropy(block.number). This is safe as the request will only be fulfilled once the
     * block is mined.
     */
    function requestEntropy() external;

    /**
     * @notice Signal to the oracle that entropy is requested for the specified block. The request will only be
     * fulfilled once the block is mined.
     * @dev NOTE that this must be used with care. If a historical block is requested, the entropy may be known by a bad
     * actor. It is only safe to request entropy for a historical block i.f.f. said block was commited to before it was
     * mined.
     */
    function requestEntropy(uint256 blockNumber) external;

    /**
     * @notice Entropy values, keyed by block number.
     * @dev Not all blocks will have entropy available; check that the returned value is non-zero.
     */
    function blockEntropy(uint256) external view returns (bytes32);
}

// SPDX-License-Identifier: MIT
// Copyright 2023 Proof Holdings Inc.
pragma solidity ^0.8.0;

import {IEntropyOracle} from "./IEntropyOracle.sol";

/**
 * @notice Contracts that call IEntropyOracleV2.requestEntropyWithCallback(…) MUST implement IEntropyConsumer to be
 * notified of entropy provision.
 */
interface IEntropyConsumer {
    function consumeEntropy(uint256 blockNumber, uint96 callbackId, bytes32 entropy) external;
}

interface IEntropyOracleV2Events {
    /**
     * @notice Emitted when entropy is provided and the callback of an IEntropyConsumer reverts.
     */
    event CallbackFailed(uint256 indexed blockNumber, address indexed consumer, bytes reason);
}

/**
 * @dev There are deliberately no request options with only callbackId or only block number as these risk confusion that
 * may not be picked up by the compiler should constants be used.
 */
interface IEntropyOracleV2 is IEntropyOracle {
    /**
     * @notice Equivalent to requestEntropyWithCallback(block.number, 0). This is safe as the request will only be
     * fulfilled once the block is mined.
     */
    function requestEntropyWithCallback() external;

    /**
     * @notice Equivalent to requestEntropy(blockNumber) with an additional request for callback when the block's
     * entropy is provided.
     * @dev The requesting contract MUST implement IEntropyConsumer to receive the callback.
     * @dev Multiple calls with the same ID and block number, made before the block entropy is set, are deduplicated
     * such that this function is idempotent. Calls made after entropy is set for the block trigger the callback
     * in the same call stack and are not deduplicated.
     */
    function requestEntropyWithCallback(uint256 blockNumber, uint96 callbackId) external;
}

{
  "compilationTarget": {
    "EntropyOracleV2.sol": "EntropyOracleV2"
  },
  "evmVersion": "london",
  "libraries": {},
  "metadata": {
    "bytecodeHash": "ipfs"
  },
  "optimizer": {
    "enabled": true,
    "runs": 99999
  },
  "remappings": [
    ":@divergencetech/ethier/=/home/dave/.cache/bazel/_bazel_dave/b9a57168317213f9241a484d2ee2d038/external/ethier_0-54-0/",
    ":@openzeppelin/=/home/dave/.cache/bazel/_bazel_dave/b9a57168317213f9241a484d2ee2d038/external/openzeppelin-contracts_4-8-1/",
    ":ds-test/=/home/dave/.cache/bazel/_bazel_dave/b9a57168317213f9241a484d2ee2d038/external/ds-test_013e6c64/src/",
    ":ds-test_root/=/home/dave/.cache/bazel/_bazel_dave/b9a57168317213f9241a484d2ee2d038/external/ds-test_013e6c64/",
    ":ethier/=/home/dave/.cache/bazel/_bazel_dave/b9a57168317213f9241a484d2ee2d038/external/ethier_0-54-0/contracts/",
    ":ethier_root/=/home/dave/.cache/bazel/_bazel_dave/b9a57168317213f9241a484d2ee2d038/external/ethier_0-54-0/",
    ":forge-std/=/home/dave/.cache/bazel/_bazel_dave/b9a57168317213f9241a484d2ee2d038/external/forge-std_1-4-0/src/",
    ":openzeppelin-contracts/=/home/dave/.cache/bazel/_bazel_dave/b9a57168317213f9241a484d2ee2d038/external/openzeppelin-contracts_4-8-1/contracts/",
    ":openzeppelin-contracts/contracts/=/home/dave/.cache/bazel/_bazel_dave/b9a57168317213f9241a484d2ee2d038/external/openzeppelin-contracts_4-8-1/contracts/",
    ":openzeppelin-contracts_root/=/home/dave/.cache/bazel/_bazel_dave/b9a57168317213f9241a484d2ee2d038/external/openzeppelin-contracts_4-8-1/",
    ":proof/constants/=/home/dave/proof/proof-seller/contracts/constants/src/"
  ]
}