// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (access/AccessControl.sol)

pragma solidity ^0.8.0;

import "./IAccessControlUpgradeable.sol";
import "../utils/ContextUpgradeable.sol";
import "../utils/StringsUpgradeable.sol";
import "../utils/introspection/ERC165Upgradeable.sol";
import {Initializable} from "../proxy/utils/Initializable.sol";

/**
 * @dev Contract module that allows children to implement role-based access
 * control mechanisms. This is a lightweight version that doesn't allow enumerating role
 * members except through off-chain means by accessing the contract event logs. Some
 * applications may benefit from on-chain enumerability, for those cases see
 * {AccessControlEnumerable}.
 *
 * Roles are referred to by their `bytes32` identifier. These should be exposed
 * in the external API and be unique. The best way to achieve this is by
 * using `public constant` hash digests:
 *
 * ```solidity
 * bytes32 public constant MY_ROLE = keccak256("MY_ROLE");
 * ```
 *
 * Roles can be used to represent a set of permissions. To restrict access to a
 * function call, use {hasRole}:
 *
 * ```solidity
 * function foo() public {
 *     require(hasRole(MY_ROLE, msg.sender));
 *     ...
 * }
 * ```
 *
 * Roles can be granted and revoked dynamically via the {grantRole} and
 * {revokeRole} functions. Each role has an associated admin role, and only
 * accounts that have a role's admin role can call {grantRole} and {revokeRole}.
 *
 * By default, the admin role for all roles is `DEFAULT_ADMIN_ROLE`, which means
 * that only accounts with this role will be able to grant or revoke other
 * roles. More complex role relationships can be created by using
 * {_setRoleAdmin}.
 *
 * WARNING: The `DEFAULT_ADMIN_ROLE` is also its own admin: it has permission to
 * grant and revoke this role. Extra precautions should be taken to secure
 * accounts that have been granted it. We recommend using {AccessControlDefaultAdminRules}
 * to enforce additional security measures for this role.
 */
abstract contract AccessControlUpgradeable is Initializable, ContextUpgradeable, IAccessControlUpgradeable, ERC165Upgradeable {
    struct RoleData {
        mapping(address => bool) members;
        bytes32 adminRole;
    }

    mapping(bytes32 => RoleData) private _roles;

    bytes32 public constant DEFAULT_ADMIN_ROLE = 0x00;

    /**
     * @dev Modifier that checks that an account has a specific role. Reverts
     * with a standardized message including the required role.
     *
     * The format of the revert reason is given by the following regular expression:
     *
     *  /^AccessControl: account (0x[0-9a-f]{40}) is missing role (0x[0-9a-f]{64})$/
     *
     * _Available since v4.1._
     */
    modifier onlyRole(bytes32 role) {
        _checkRole(role);
        _;
    }

    function __AccessControl_init() internal onlyInitializing {
    }

    function __AccessControl_init_unchained() internal onlyInitializing {
    }
    /**
     * @dev See {IERC165-supportsInterface}.
     */
    function supportsInterface(bytes4 interfaceId) public view virtual override returns (bool) {
        return interfaceId == type(IAccessControlUpgradeable).interfaceId || super.supportsInterface(interfaceId);
    }

    /**
     * @dev Returns `true` if `account` has been granted `role`.
     */
    function hasRole(bytes32 role, address account) public view virtual override returns (bool) {
        return _roles[role].members[account];
    }

    /**
     * @dev Revert with a standard message if `_msgSender()` is missing `role`.
     * Overriding this function changes the behavior of the {onlyRole} modifier.
     *
     * Format of the revert message is described in {_checkRole}.
     *
     * _Available since v4.6._
     */
    function _checkRole(bytes32 role) internal view virtual {
        _checkRole(role, _msgSender());
    }

    /**
     * @dev Revert with a standard message if `account` is missing `role`.
     *
     * The format of the revert reason is given by the following regular expression:
     *
     *  /^AccessControl: account (0x[0-9a-f]{40}) is missing role (0x[0-9a-f]{64})$/
     */
    function _checkRole(bytes32 role, address account) internal view virtual {
        if (!hasRole(role, account)) {
            revert(
                string(
                    abi.encodePacked(
                        "AccessControl: account ",
                        StringsUpgradeable.toHexString(account),
                        " is missing role ",
                        StringsUpgradeable.toHexString(uint256(role), 32)
                    )
                )
            );
        }
    }

    /**
     * @dev Returns the admin role that controls `role`. See {grantRole} and
     * {revokeRole}.
     *
     * To change a role's admin, use {_setRoleAdmin}.
     */
    function getRoleAdmin(bytes32 role) public view virtual override returns (bytes32) {
        return _roles[role].adminRole;
    }

    /**
     * @dev Grants `role` to `account`.
     *
     * If `account` had not been already granted `role`, emits a {RoleGranted}
     * event.
     *
     * Requirements:
     *
     * - the caller must have ``role``'s admin role.
     *
     * May emit a {RoleGranted} event.
     */
    function grantRole(bytes32 role, address account) public virtual override onlyRole(getRoleAdmin(role)) {
        _grantRole(role, account);
    }

    /**
     * @dev Revokes `role` from `account`.
     *
     * If `account` had been granted `role`, emits a {RoleRevoked} event.
     *
     * Requirements:
     *
     * - the caller must have ``role``'s admin role.
     *
     * May emit a {RoleRevoked} event.
     */
    function revokeRole(bytes32 role, address account) public virtual override onlyRole(getRoleAdmin(role)) {
        _revokeRole(role, account);
    }

    /**
     * @dev Revokes `role` from the calling account.
     *
     * Roles are often managed via {grantRole} and {revokeRole}: this function's
     * purpose is to provide a mechanism for accounts to lose their privileges
     * if they are compromised (such as when a trusted device is misplaced).
     *
     * If the calling account had been revoked `role`, emits a {RoleRevoked}
     * event.
     *
     * Requirements:
     *
     * - the caller must be `account`.
     *
     * May emit a {RoleRevoked} event.
     */
    function renounceRole(bytes32 role, address account) public virtual override {
        require(account == _msgSender(), "AccessControl: can only renounce roles for self");

        _revokeRole(role, account);
    }

    /**
     * @dev Grants `role` to `account`.
     *
     * If `account` had not been already granted `role`, emits a {RoleGranted}
     * event. Note that unlike {grantRole}, this function doesn't perform any
     * checks on the calling account.
     *
     * May emit a {RoleGranted} event.
     *
     * [WARNING]
     * ====
     * This function should only be called from the constructor when setting
     * up the initial roles for the system.
     *
     * Using this function in any other way is effectively circumventing the admin
     * system imposed by {AccessControl}.
     * ====
     *
     * NOTE: This function is deprecated in favor of {_grantRole}.
     */
    function _setupRole(bytes32 role, address account) internal virtual {
        _grantRole(role, account);
    }

    /**
     * @dev Sets `adminRole` as ``role``'s admin role.
     *
     * Emits a {RoleAdminChanged} event.
     */
    function _setRoleAdmin(bytes32 role, bytes32 adminRole) internal virtual {
        bytes32 previousAdminRole = getRoleAdmin(role);
        _roles[role].adminRole = adminRole;
        emit RoleAdminChanged(role, previousAdminRole, adminRole);
    }

    /**
     * @dev Grants `role` to `account`.
     *
     * Internal function without access restriction.
     *
     * May emit a {RoleGranted} event.
     */
    function _grantRole(bytes32 role, address account) internal virtual {
        if (!hasRole(role, account)) {
            _roles[role].members[account] = true;
            emit RoleGranted(role, account, _msgSender());
        }
    }

    /**
     * @dev Revokes `role` from `account`.
     *
     * Internal function without access restriction.
     *
     * May emit a {RoleRevoked} event.
     */
    function _revokeRole(bytes32 role, address account) internal virtual {
        if (hasRole(role, account)) {
            _roles[role].members[account] = false;
            emit RoleRevoked(role, account, _msgSender());
        }
    }

    /**
     * @dev This empty reserved space is put in place to allow future versions to add new
     * variables without shifting down storage in the inheritance chain.
     * See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps
     */
    uint256[49] private __gap;
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (utils/Address.sol)

pragma solidity ^0.8.1;

/**
 * @dev Collection of functions related to the address type
 */
library Address {
    /**
     * @dev Returns true if `account` is a contract.
     *
     * [IMPORTANT]
     * ====
     * It is unsafe to assume that an address for which this function returns
     * false is an externally-owned account (EOA) and not a contract.
     *
     * Among others, `isContract` will return false for the following
     * types of addresses:
     *
     *  - an externally-owned account
     *  - a contract in construction
     *  - an address where a contract will be created
     *  - an address where a contract lived, but was destroyed
     *
     * Furthermore, `isContract` will also return true if the target contract within
     * the same transaction is already scheduled for destruction by `SELFDESTRUCT`,
     * which only has an effect at the end of a transaction.
     * ====
     *
     * [IMPORTANT]
     * ====
     * You shouldn't rely on `isContract` to protect against flash loan attacks!
     *
     * Preventing calls from contracts is highly discouraged. It breaks composability, breaks support for smart wallets
     * like Gnosis Safe, and does not provide security since it can be circumvented by calling from a contract
     * constructor.
     * ====
     */
    function isContract(address account) internal view returns (bool) {
        // This method relies on extcodesize/address.code.length, which returns 0
        // for contracts in construction, since the code is only stored at the end
        // of the constructor execution.

        return account.code.length > 0;
    }

    /**
     * @dev Replacement for Solidity's `transfer`: sends `amount` wei to
     * `recipient`, forwarding all available gas and reverting on errors.
     *
     * https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost
     * of certain opcodes, possibly making contracts go over the 2300 gas limit
     * imposed by `transfer`, making them unable to receive funds via
     * `transfer`. {sendValue} removes this limitation.
     *
     * https://consensys.net/diligence/blog/2019/09/stop-using-soliditys-transfer-now/[Learn more].
     *
     * IMPORTANT: because control is transferred to `recipient`, care must be
     * taken to not create reentrancy vulnerabilities. Consider using
     * {ReentrancyGuard} or the
     * https://solidity.readthedocs.io/en/v0.8.0/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern].
     */
    function sendValue(address payable recipient, uint256 amount) internal {
        require(address(this).balance >= amount, "Address: insufficient balance");

        (bool success, ) = recipient.call{value: amount}("");
        require(success, "Address: unable to send value, recipient may have reverted");
    }

    /**
     * @dev Performs a Solidity function call using a low level `call`. A
     * plain `call` is an unsafe replacement for a function call: use this
     * function instead.
     *
     * If `target` reverts with a revert reason, it is bubbled up by this
     * function (like regular Solidity function calls).
     *
     * Returns the raw returned data. To convert to the expected return value,
     * use https://solidity.readthedocs.io/en/latest/units-and-global-variables.html?highlight=abi.decode#abi-encoding-and-decoding-functions[`abi.decode`].
     *
     * Requirements:
     *
     * - `target` must be a contract.
     * - calling `target` with `data` must not revert.
     *
     * _Available since v3.1._
     */
    function functionCall(address target, bytes memory data) internal returns (bytes memory) {
        return functionCallWithValue(target, data, 0, "Address: low-level call failed");
    }

    /**
     * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], but with
     * `errorMessage` as a fallback revert reason when `target` reverts.
     *
     * _Available since v3.1._
     */
    function functionCall(
        address target,
        bytes memory data,
        string memory errorMessage
    ) internal returns (bytes memory) {
        return functionCallWithValue(target, data, 0, errorMessage);
    }

    /**
     * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
     * but also transferring `value` wei to `target`.
     *
     * Requirements:
     *
     * - the calling contract must have an ETH balance of at least `value`.
     * - the called Solidity function must be `payable`.
     *
     * _Available since v3.1._
     */
    function functionCallWithValue(address target, bytes memory data, uint256 value) internal returns (bytes memory) {
        return functionCallWithValue(target, data, value, "Address: low-level call with value failed");
    }

    /**
     * @dev Same as {xref-Address-functionCallWithValue-address-bytes-uint256-}[`functionCallWithValue`], but
     * with `errorMessage` as a fallback revert reason when `target` reverts.
     *
     * _Available since v3.1._
     */
    function functionCallWithValue(
        address target,
        bytes memory data,
        uint256 value,
        string memory errorMessage
    ) internal returns (bytes memory) {
        require(address(this).balance >= value, "Address: insufficient balance for call");
        (bool success, bytes memory returndata) = target.call{value: value}(data);
        return verifyCallResultFromTarget(target, success, returndata, errorMessage);
    }

    /**
     * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
     * but performing a static call.
     *
     * _Available since v3.3._
     */
    function functionStaticCall(address target, bytes memory data) internal view returns (bytes memory) {
        return functionStaticCall(target, data, "Address: low-level static call failed");
    }

    /**
     * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],
     * but performing a static call.
     *
     * _Available since v3.3._
     */
    function functionStaticCall(
        address target,
        bytes memory data,
        string memory errorMessage
    ) internal view returns (bytes memory) {
        (bool success, bytes memory returndata) = target.staticcall(data);
        return verifyCallResultFromTarget(target, success, returndata, errorMessage);
    }

    /**
     * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
     * but performing a delegate call.
     *
     * _Available since v3.4._
     */
    function functionDelegateCall(address target, bytes memory data) internal returns (bytes memory) {
        return functionDelegateCall(target, data, "Address: low-level delegate call failed");
    }

    /**
     * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],
     * but performing a delegate call.
     *
     * _Available since v3.4._
     */
    function functionDelegateCall(
        address target,
        bytes memory data,
        string memory errorMessage
    ) internal returns (bytes memory) {
        (bool success, bytes memory returndata) = target.delegatecall(data);
        return verifyCallResultFromTarget(target, success, returndata, errorMessage);
    }

    /**
     * @dev Tool to verify that a low level call to smart-contract was successful, and revert (either by bubbling
     * the revert reason or using the provided one) in case of unsuccessful call or if target was not a contract.
     *
     * _Available since v4.8._
     */
    function verifyCallResultFromTarget(
        address target,
        bool success,
        bytes memory returndata,
        string memory errorMessage
    ) internal view returns (bytes memory) {
        if (success) {
            if (returndata.length == 0) {
                // only check isContract if the call was successful and the return data is empty
                // otherwise we already know that it was a contract
                require(isContract(target), "Address: call to non-contract");
            }
            return returndata;
        } else {
            _revert(returndata, errorMessage);
        }
    }

    /**
     * @dev Tool to verify that a low level call was successful, and revert if it wasn't, either by bubbling the
     * revert reason or using the provided one.
     *
     * _Available since v4.3._
     */
    function verifyCallResult(
        bool success,
        bytes memory returndata,
        string memory errorMessage
    ) internal pure returns (bytes memory) {
        if (success) {
            return returndata;
        } else {
            _revert(returndata, errorMessage);
        }
    }

    function _revert(bytes memory returndata, string memory errorMessage) private pure {
        // Look for revert reason and bubble it up if present
        if (returndata.length > 0) {
            // The easiest way to bubble the revert reason is using memory via assembly
            /// @solidity memory-safe-assembly
            assembly {
                let returndata_size := mload(returndata)
                revert(add(32, returndata), returndata_size)
            }
        } else {
            revert(errorMessage);
        }
    }
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (utils/Address.sol)

pragma solidity ^0.8.1;

/**
 * @dev Collection of functions related to the address type
 */
library AddressUpgradeable {
    /**
     * @dev Returns true if `account` is a contract.
     *
     * [IMPORTANT]
     * ====
     * It is unsafe to assume that an address for which this function returns
     * false is an externally-owned account (EOA) and not a contract.
     *
     * Among others, `isContract` will return false for the following
     * types of addresses:
     *
     *  - an externally-owned account
     *  - a contract in construction
     *  - an address where a contract will be created
     *  - an address where a contract lived, but was destroyed
     *
     * Furthermore, `isContract` will also return true if the target contract within
     * the same transaction is already scheduled for destruction by `SELFDESTRUCT`,
     * which only has an effect at the end of a transaction.
     * ====
     *
     * [IMPORTANT]
     * ====
     * You shouldn't rely on `isContract` to protect against flash loan attacks!
     *
     * Preventing calls from contracts is highly discouraged. It breaks composability, breaks support for smart wallets
     * like Gnosis Safe, and does not provide security since it can be circumvented by calling from a contract
     * constructor.
     * ====
     */
    function isContract(address account) internal view returns (bool) {
        // This method relies on extcodesize/address.code.length, which returns 0
        // for contracts in construction, since the code is only stored at the end
        // of the constructor execution.

        return account.code.length > 0;
    }

    /**
     * @dev Replacement for Solidity's `transfer`: sends `amount` wei to
     * `recipient`, forwarding all available gas and reverting on errors.
     *
     * https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost
     * of certain opcodes, possibly making contracts go over the 2300 gas limit
     * imposed by `transfer`, making them unable to receive funds via
     * `transfer`. {sendValue} removes this limitation.
     *
     * https://consensys.net/diligence/blog/2019/09/stop-using-soliditys-transfer-now/[Learn more].
     *
     * IMPORTANT: because control is transferred to `recipient`, care must be
     * taken to not create reentrancy vulnerabilities. Consider using
     * {ReentrancyGuard} or the
     * https://solidity.readthedocs.io/en/v0.8.0/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern].
     */
    function sendValue(address payable recipient, uint256 amount) internal {
        require(address(this).balance >= amount, "Address: insufficient balance");

        (bool success, ) = recipient.call{value: amount}("");
        require(success, "Address: unable to send value, recipient may have reverted");
    }

    /**
     * @dev Performs a Solidity function call using a low level `call`. A
     * plain `call` is an unsafe replacement for a function call: use this
     * function instead.
     *
     * If `target` reverts with a revert reason, it is bubbled up by this
     * function (like regular Solidity function calls).
     *
     * Returns the raw returned data. To convert to the expected return value,
     * use https://solidity.readthedocs.io/en/latest/units-and-global-variables.html?highlight=abi.decode#abi-encoding-and-decoding-functions[`abi.decode`].
     *
     * Requirements:
     *
     * - `target` must be a contract.
     * - calling `target` with `data` must not revert.
     *
     * _Available since v3.1._
     */
    function functionCall(address target, bytes memory data) internal returns (bytes memory) {
        return functionCallWithValue(target, data, 0, "Address: low-level call failed");
    }

    /**
     * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], but with
     * `errorMessage` as a fallback revert reason when `target` reverts.
     *
     * _Available since v3.1._
     */
    function functionCall(
        address target,
        bytes memory data,
        string memory errorMessage
    ) internal returns (bytes memory) {
        return functionCallWithValue(target, data, 0, errorMessage);
    }

    /**
     * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
     * but also transferring `value` wei to `target`.
     *
     * Requirements:
     *
     * - the calling contract must have an ETH balance of at least `value`.
     * - the called Solidity function must be `payable`.
     *
     * _Available since v3.1._
     */
    function functionCallWithValue(address target, bytes memory data, uint256 value) internal returns (bytes memory) {
        return functionCallWithValue(target, data, value, "Address: low-level call with value failed");
    }

    /**
     * @dev Same as {xref-Address-functionCallWithValue-address-bytes-uint256-}[`functionCallWithValue`], but
     * with `errorMessage` as a fallback revert reason when `target` reverts.
     *
     * _Available since v3.1._
     */
    function functionCallWithValue(
        address target,
        bytes memory data,
        uint256 value,
        string memory errorMessage
    ) internal returns (bytes memory) {
        require(address(this).balance >= value, "Address: insufficient balance for call");
        (bool success, bytes memory returndata) = target.call{value: value}(data);
        return verifyCallResultFromTarget(target, success, returndata, errorMessage);
    }

    /**
     * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
     * but performing a static call.
     *
     * _Available since v3.3._
     */
    function functionStaticCall(address target, bytes memory data) internal view returns (bytes memory) {
        return functionStaticCall(target, data, "Address: low-level static call failed");
    }

    /**
     * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],
     * but performing a static call.
     *
     * _Available since v3.3._
     */
    function functionStaticCall(
        address target,
        bytes memory data,
        string memory errorMessage
    ) internal view returns (bytes memory) {
        (bool success, bytes memory returndata) = target.staticcall(data);
        return verifyCallResultFromTarget(target, success, returndata, errorMessage);
    }

    /**
     * @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
     * but performing a delegate call.
     *
     * _Available since v3.4._
     */
    function functionDelegateCall(address target, bytes memory data) internal returns (bytes memory) {
        return functionDelegateCall(target, data, "Address: low-level delegate call failed");
    }

    /**
     * @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],
     * but performing a delegate call.
     *
     * _Available since v3.4._
     */
    function functionDelegateCall(
        address target,
        bytes memory data,
        string memory errorMessage
    ) internal returns (bytes memory) {
        (bool success, bytes memory returndata) = target.delegatecall(data);
        return verifyCallResultFromTarget(target, success, returndata, errorMessage);
    }

    /**
     * @dev Tool to verify that a low level call to smart-contract was successful, and revert (either by bubbling
     * the revert reason or using the provided one) in case of unsuccessful call or if target was not a contract.
     *
     * _Available since v4.8._
     */
    function verifyCallResultFromTarget(
        address target,
        bool success,
        bytes memory returndata,
        string memory errorMessage
    ) internal view returns (bytes memory) {
        if (success) {
            if (returndata.length == 0) {
                // only check isContract if the call was successful and the return data is empty
                // otherwise we already know that it was a contract
                require(isContract(target), "Address: call to non-contract");
            }
            return returndata;
        } else {
            _revert(returndata, errorMessage);
        }
    }

    /**
     * @dev Tool to verify that a low level call was successful, and revert if it wasn't, either by bubbling the
     * revert reason or using the provided one.
     *
     * _Available since v4.3._
     */
    function verifyCallResult(
        bool success,
        bytes memory returndata,
        string memory errorMessage
    ) internal pure returns (bytes memory) {
        if (success) {
            return returndata;
        } else {
            _revert(returndata, errorMessage);
        }
    }

    function _revert(bytes memory returndata, string memory errorMessage) private pure {
        // Look for revert reason and bubble it up if present
        if (returndata.length > 0) {
            // The easiest way to bubble the revert reason is using memory via assembly
            /// @solidity memory-safe-assembly
            assembly {
                let returndata_size := mload(returndata)
                revert(add(32, returndata), returndata_size)
            }
        } else {
            revert(errorMessage);
        }
    }
}

// SPDX-License-Identifier: UNLICENSED
pragma solidity 0.8.20;

library BytesHelperLib {
  error OffsetOutOfBounds();

  function bytesToAddress(bytes calldata data, uint256 offset) internal pure returns (address output) {
    bytes memory b = data[offset:offset + 20];
    assembly {
      output := mload(add(b, 20))
    }
  }

  function bytesMemoryToAddress(bytes memory data, uint256 offset) internal pure returns (address output) {
    assembly {
      output := mload(add(add(data, offset), 32))
    }
  }

  function bytesToUint32(bytes calldata data, uint256 offset) internal pure returns (uint32 output) {
    bytes memory b = data[offset:offset + 4];
    assembly {
      output := mload(add(b, 4))
    }
  }

  function addressToBytes(address someAddress) internal pure returns (bytes32) {
    return bytes32(uint256(uint160(someAddress)));
  }

  function bytesToBech32Bytes(bytes calldata data, uint256 offset) internal pure returns (bytes memory) {
    bytes memory bech32Bytes = new bytes(42);
    for (uint i = 0; i < 42; i++) {
      bech32Bytes[i] = data[i + offset];
    }

    return bech32Bytes;
  }

  function bytesToBool(bytes calldata data, uint256 offset) internal pure returns (bool) {
    if (offset >= data.length) {
      revert OffsetOutOfBounds();
    }
    return uint8(data[offset]) != 0;
  }
}

// SPDX-License-Identifier: Unlicense
/*
 * @title Solidity Bytes Arrays Utils
 * @author Gonçalo Sá <goncalo.sa@consensys.net>
 *
 * @dev Bytes tightly packed arrays utility library for ethereum contracts written in Solidity.
 *      The library lets you concatenate, slice and type cast bytes arrays both in memory and storage.
 */
pragma solidity >=0.8.0 <0.9.0;

library BytesLib {
    function concat(bytes memory _preBytes, bytes memory _postBytes) internal pure returns (bytes memory) {
        bytes memory tempBytes;

        assembly {
            // Get a location of some free memory and store it in tempBytes as
            // Solidity does for memory variables.
            tempBytes := mload(0x40)

            // Store the length of the first bytes array at the beginning of
            // the memory for tempBytes.
            let length := mload(_preBytes)
            mstore(tempBytes, length)

            // Maintain a memory counter for the current write location in the
            // temp bytes array by adding the 32 bytes for the array length to
            // the starting location.
            let mc := add(tempBytes, 0x20)
            // Stop copying when the memory counter reaches the length of the
            // first bytes array.
            let end := add(mc, length)

            for {
                // Initialize a copy counter to the start of the _preBytes data,
                // 32 bytes into its memory.
                let cc := add(_preBytes, 0x20)
            } lt(mc, end) {
                // Increase both counters by 32 bytes each iteration.
                mc := add(mc, 0x20)
                cc := add(cc, 0x20)
            } {
                // Write the _preBytes data into the tempBytes memory 32 bytes
                // at a time.
                mstore(mc, mload(cc))
            }

            // Add the length of _postBytes to the current length of tempBytes
            // and store it as the new length in the first 32 bytes of the
            // tempBytes memory.
            length := mload(_postBytes)
            mstore(tempBytes, add(length, mload(tempBytes)))

            // Move the memory counter back from a multiple of 0x20 to the
            // actual end of the _preBytes data.
            mc := end
            // Stop copying when the memory counter reaches the new combined
            // length of the arrays.
            end := add(mc, length)

            for {
                let cc := add(_postBytes, 0x20)
            } lt(mc, end) {
                mc := add(mc, 0x20)
                cc := add(cc, 0x20)
            } {
                mstore(mc, mload(cc))
            }

            // Update the free-memory pointer by padding our last write location
            // to 32 bytes: add 31 bytes to the end of tempBytes to move to the
            // next 32 byte block, then round down to the nearest multiple of
            // 32. If the sum of the length of the two arrays is zero then add
            // one before rounding down to leave a blank 32 bytes (the length block with 0).
            mstore(
                0x40,
                and(
                    add(add(end, iszero(add(length, mload(_preBytes)))), 31),
                    not(31) // Round down to the nearest 32 bytes.
                )
            )
        }

        return tempBytes;
    }

    function concatStorage(bytes storage _preBytes, bytes memory _postBytes) internal {
        assembly {
            // Read the first 32 bytes of _preBytes storage, which is the length
            // of the array. (We don't need to use the offset into the slot
            // because arrays use the entire slot.)
            let fslot := sload(_preBytes.slot)
            // Arrays of 31 bytes or less have an even value in their slot,
            // while longer arrays have an odd value. The actual length is
            // the slot divided by two for odd values, and the lowest order
            // byte divided by two for even values.
            // If the slot is even, bitwise and the slot with 255 and divide by
            // two to get the length. If the slot is odd, bitwise and the slot
            // with -1 and divide by two.
            let slength := div(and(fslot, sub(mul(0x100, iszero(and(fslot, 1))), 1)), 2)
            let mlength := mload(_postBytes)
            let newlength := add(slength, mlength)
            // slength can contain both the length and contents of the array
            // if length < 32 bytes so let's prepare for that
            // v. http://solidity.readthedocs.io/en/latest/miscellaneous.html#layout-of-state-variables-in-storage
            switch add(lt(slength, 32), lt(newlength, 32))
            case 2 {
                // Since the new array still fits in the slot, we just need to
                // update the contents of the slot.
                // uint256(bytes_storage) = uint256(bytes_storage) + uint256(bytes_memory) + new_length
                sstore(
                    _preBytes.slot,
                    // all the modifications to the slot are inside this
                    // next block
                    add(
                        // we can just add to the slot contents because the
                        // bytes we want to change are the LSBs
                        fslot,
                        add(
                            mul(
                                div(
                                    // load the bytes from memory
                                    mload(add(_postBytes, 0x20)),
                                    // zero all bytes to the right
                                    exp(0x100, sub(32, mlength))
                                ),
                                // and now shift left the number of bytes to
                                // leave space for the length in the slot
                                exp(0x100, sub(32, newlength))
                            ),
                            // increase length by the double of the memory
                            // bytes length
                            mul(mlength, 2)
                        )
                    )
                )
            }
            case 1 {
                // The stored value fits in the slot, but the combined value
                // will exceed it.
                // get the keccak hash to get the contents of the array
                mstore(0x0, _preBytes.slot)
                let sc := add(keccak256(0x0, 0x20), div(slength, 32))

                // save new length
                sstore(_preBytes.slot, add(mul(newlength, 2), 1))

                // The contents of the _postBytes array start 32 bytes into
                // the structure. Our first read should obtain the `submod`
                // bytes that can fit into the unused space in the last word
                // of the stored array. To get this, we read 32 bytes starting
                // from `submod`, so the data we read overlaps with the array
                // contents by `submod` bytes. Masking the lowest-order
                // `submod` bytes allows us to add that value directly to the
                // stored value.

                let submod := sub(32, slength)
                let mc := add(_postBytes, submod)
                let end := add(_postBytes, mlength)
                let mask := sub(exp(0x100, submod), 1)

                sstore(
                    sc,
                    add(
                        and(fslot, 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff00),
                        and(mload(mc), mask)
                    )
                )

                for {
                    mc := add(mc, 0x20)
                    sc := add(sc, 1)
                } lt(mc, end) {
                    sc := add(sc, 1)
                    mc := add(mc, 0x20)
                } {
                    sstore(sc, mload(mc))
                }

                mask := exp(0x100, sub(mc, end))

                sstore(sc, mul(div(mload(mc), mask), mask))
            }
            default {
                // get the keccak hash to get the contents of the array
                mstore(0x0, _preBytes.slot)
                // Start copying to the last used word of the stored array.
                let sc := add(keccak256(0x0, 0x20), div(slength, 32))

                // save new length
                sstore(_preBytes.slot, add(mul(newlength, 2), 1))

                // Copy over the first `submod` bytes of the new data as in
                // case 1 above.
                let slengthmod := mod(slength, 32)
                // solhint-disable-next-line no-unused-vars
                let mlengthmod := mod(mlength, 32)
                let submod := sub(32, slengthmod)
                let mc := add(_postBytes, submod)
                let end := add(_postBytes, mlength)
                let mask := sub(exp(0x100, submod), 1)

                sstore(sc, add(sload(sc), and(mload(mc), mask)))

                for {
                    sc := add(sc, 1)
                    mc := add(mc, 0x20)
                } lt(mc, end) {
                    sc := add(sc, 1)
                    mc := add(mc, 0x20)
                } {
                    sstore(sc, mload(mc))
                }

                mask := exp(0x100, sub(mc, end))

                sstore(sc, mul(div(mload(mc), mask), mask))
            }
        }
    }

    function slice(bytes memory _bytes, uint256 _start, uint256 _length) internal pure returns (bytes memory) {
        require(_length + 31 >= _length, "slice_overflow");
        require(_bytes.length >= _start + _length, "slice_outOfBounds");

        bytes memory tempBytes;

        assembly {
            switch iszero(_length)
            case 0 {
                // Get a location of some free memory and store it in tempBytes as
                // Solidity does for memory variables.
                tempBytes := mload(0x40)

                // The first word of the slice result is potentially a partial
                // word read from the original array. To read it, we calculate
                // the length of that partial word and start copying that many
                // bytes into the array. The first word we copy will start with
                // data we don't care about, but the last `lengthmod` bytes will
                // land at the beginning of the contents of the new array. When
                // we're done copying, we overwrite the full first word with
                // the actual length of the slice.
                let lengthmod := and(_length, 31)

                // The multiplication in the next line is necessary
                // because when slicing multiples of 32 bytes (lengthmod == 0)
                // the following copy loop was copying the origin's length
                // and then ending prematurely not copying everything it should.
                let mc := add(add(tempBytes, lengthmod), mul(0x20, iszero(lengthmod)))
                let end := add(mc, _length)

                for {
                    // The multiplication in the next line has the same exact purpose
                    // as the one above.
                    let cc := add(add(add(_bytes, lengthmod), mul(0x20, iszero(lengthmod))), _start)
                } lt(mc, end) {
                    mc := add(mc, 0x20)
                    cc := add(cc, 0x20)
                } {
                    mstore(mc, mload(cc))
                }

                mstore(tempBytes, _length)

                //update free-memory pointer
                //allocating the array padded to 32 bytes like the compiler does now
                mstore(0x40, and(add(mc, 31), not(31)))
            }
            //if we want a zero-length slice let's just return a zero-length array
            default {
                tempBytes := mload(0x40)
                //zero out the 32 bytes slice we are about to return
                //we need to do it because Solidity does not garbage collect
                mstore(tempBytes, 0)

                mstore(0x40, add(tempBytes, 0x20))
            }
        }

        return tempBytes;
    }

    function toAddress(bytes memory _bytes, uint256 _start) internal pure returns (address) {
        require(_bytes.length >= _start + 20, "toAddress_outOfBounds");
        address tempAddress;

        assembly {
            tempAddress := div(mload(add(add(_bytes, 0x20), _start)), 0x1000000000000000000000000)
        }

        return tempAddress;
    }

    function toUint8(bytes memory _bytes, uint256 _start) internal pure returns (uint8) {
        require(_bytes.length >= _start + 1, "toUint8_outOfBounds");
        uint8 tempUint;

        assembly {
            tempUint := mload(add(add(_bytes, 0x1), _start))
        }

        return tempUint;
    }

    function toUint16(bytes memory _bytes, uint256 _start) internal pure returns (uint16) {
        require(_bytes.length >= _start + 2, "toUint16_outOfBounds");
        uint16 tempUint;

        assembly {
            tempUint := mload(add(add(_bytes, 0x2), _start))
        }

        return tempUint;
    }

    function toUint32(bytes memory _bytes, uint256 _start) internal pure returns (uint32) {
        require(_bytes.length >= _start + 4, "toUint32_outOfBounds");
        uint32 tempUint;

        assembly {
            tempUint := mload(add(add(_bytes, 0x4), _start))
        }

        return tempUint;
    }

    function toUint64(bytes memory _bytes, uint256 _start) internal pure returns (uint64) {
        require(_bytes.length >= _start + 8, "toUint64_outOfBounds");
        uint64 tempUint;

        assembly {
            tempUint := mload(add(add(_bytes, 0x8), _start))
        }

        return tempUint;
    }

    function toUint96(bytes memory _bytes, uint256 _start) internal pure returns (uint96) {
        require(_bytes.length >= _start + 12, "toUint96_outOfBounds");
        uint96 tempUint;

        assembly {
            tempUint := mload(add(add(_bytes, 0xc), _start))
        }

        return tempUint;
    }

    function toUint128(bytes memory _bytes, uint256 _start) internal pure returns (uint128) {
        require(_bytes.length >= _start + 16, "toUint128_outOfBounds");
        uint128 tempUint;

        assembly {
            tempUint := mload(add(add(_bytes, 0x10), _start))
        }

        return tempUint;
    }

    function toUint256(bytes memory _bytes, uint256 _start) internal pure returns (uint256) {
        require(_bytes.length >= _start + 32, "toUint256_outOfBounds");
        uint256 tempUint;

        assembly {
            tempUint := mload(add(add(_bytes, 0x20), _start))
        }

        return tempUint;
    }

    function toBytes32(bytes memory _bytes, uint256 _start) internal pure returns (bytes32) {
        require(_bytes.length >= _start + 32, "toBytes32_outOfBounds");
        bytes32 tempBytes32;

        assembly {
            tempBytes32 := mload(add(add(_bytes, 0x20), _start))
        }

        return tempBytes32;
    }

    function equal(bytes memory _preBytes, bytes memory _postBytes) internal pure returns (bool) {
        bool success = true;

        assembly {
            let length := mload(_preBytes)

            // if lengths don't match the arrays are not equal
            switch eq(length, mload(_postBytes))
            case 1 {
                // cb is a circuit breaker in the for loop since there's
                //  no said feature for inline assembly loops
                // cb = 1 - don't breaker
                // cb = 0 - break
                let cb := 1

                let mc := add(_preBytes, 0x20)
                let end := add(mc, length)

                for {
                    let cc := add(_postBytes, 0x20)
                } // while(uint256(mc < end) + cb == 2) // the next line is the loop condition:
                eq(add(lt(mc, end), cb), 2) {
                    mc := add(mc, 0x20)
                    cc := add(cc, 0x20)
                } {
                    // if any of these checks fails then arrays are not equal
                    if iszero(eq(mload(mc), mload(cc))) {
                        // unsuccess:
                        success := 0
                        cb := 0
                    }
                }
            }
            default {
                // unsuccess:
                success := 0
            }
        }

        return success;
    }

    function equalStorage(bytes storage _preBytes, bytes memory _postBytes) internal view returns (bool) {
        bool success = true;

        assembly {
            // we know _preBytes_offset is 0
            let fslot := sload(_preBytes.slot)
            // Decode the length of the stored array like in concatStorage().
            let slength := div(and(fslot, sub(mul(0x100, iszero(and(fslot, 1))), 1)), 2)
            let mlength := mload(_postBytes)

            // if lengths don't match the arrays are not equal
            switch eq(slength, mlength)
            case 1 {
                // slength can contain both the length and contents of the array
                // if length < 32 bytes so let's prepare for that
                // v. http://solidity.readthedocs.io/en/latest/miscellaneous.html#layout-of-state-variables-in-storage
                if iszero(iszero(slength)) {
                    switch lt(slength, 32)
                    case 1 {
                        // blank the last byte which is the length
                        fslot := mul(div(fslot, 0x100), 0x100)

                        if iszero(eq(fslot, mload(add(_postBytes, 0x20)))) {
                            // unsuccess:
                            success := 0
                        }
                    }
                    default {
                        // cb is a circuit breaker in the for loop since there's
                        //  no said feature for inline assembly loops
                        // cb = 1 - don't breaker
                        // cb = 0 - break
                        let cb := 1

                        // get the keccak hash to get the contents of the array
                        mstore(0x0, _preBytes.slot)
                        let sc := keccak256(0x0, 0x20)

                        let mc := add(_postBytes, 0x20)
                        let end := add(mc, mlength)

                        // the next line is the loop condition:
                        // while(uint256(mc < end) + cb == 2)
                        // solhint-disable-next-line no-empty-blocks
                        for {

                        } eq(add(lt(mc, end), cb), 2) {
                            sc := add(sc, 1)
                            mc := add(mc, 0x20)
                        } {
                            if iszero(eq(sload(sc), mload(mc))) {
                                // unsuccess:
                                success := 0
                                cb := 0
                            }
                        }
                    }
                }
            }
            default {
                // unsuccess:
                success := 0
            }
        }

        return success;
    }
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.4) (utils/Context.sol)

pragma solidity ^0.8.0;

/**
 * @dev Provides information about the current execution context, including the
 * sender of the transaction and its data. While these are generally available
 * via msg.sender and msg.data, they should not be accessed in such a direct
 * manner, since when dealing with meta-transactions the account sending and
 * paying for execution may not be the actual sender (as far as an application
 * is concerned).
 *
 * This contract is only required for intermediate, library-like contracts.
 */
abstract contract Context {
    function _msgSender() internal view virtual returns (address) {
        return msg.sender;
    }

    function _msgData() internal view virtual returns (bytes calldata) {
        return msg.data;
    }

    function _contextSuffixLength() internal view virtual returns (uint256) {
        return 0;
    }
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.4) (utils/Context.sol)

pragma solidity ^0.8.0;
import {Initializable} from "../proxy/utils/Initializable.sol";

/**
 * @dev Provides information about the current execution context, including the
 * sender of the transaction and its data. While these are generally available
 * via msg.sender and msg.data, they should not be accessed in such a direct
 * manner, since when dealing with meta-transactions the account sending and
 * paying for execution may not be the actual sender (as far as an application
 * is concerned).
 *
 * This contract is only required for intermediate, library-like contracts.
 */
abstract contract ContextUpgradeable is Initializable {
    function __Context_init() internal onlyInitializing {
    }

    function __Context_init_unchained() internal onlyInitializing {
    }
    function _msgSender() internal view virtual returns (address) {
        return msg.sender;
    }

    function _msgData() internal view virtual returns (bytes calldata) {
        return msg.data;
    }

    function _contextSuffixLength() internal view virtual returns (uint256) {
        return 0;
    }

    /**
     * @dev This empty reserved space is put in place to allow future versions to add new
     * variables without shifting down storage in the inheritance chain.
     * See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps
     */
    uint256[50] private __gap;
}

// SPDX-License-Identifier: LGPL-3.0
pragma solidity 0.8.20;

import '@openzeppelin/contracts-upgradeable/proxy/utils/Initializable.sol';
import '@openzeppelin/contracts-upgradeable/access/OwnableUpgradeable.sol';
import '@openzeppelin/contracts-upgradeable/security/ReentrancyGuardUpgradeable.sol';
import '../permissions/Pausable.sol';
import '../libraries/EIP1271SignatureUtils.sol';
import './DelegationManagerStorage.sol';

/**
 * @title DelegationManager
 * @notice  This is the contract for delegation in Pell. The main functionalities of this contract are
 * - enabling anyone to register as an operator in Pell
 * - allowing operators to specify parameters related to stakers who delegate to them
 * - enabling any staker to delegate its stake to the operator of its choice (a given staker can only delegate to a single operator at a time)
 * - enabling a staker to undelegate its assets from the operator it is delegated to (performed as part of the withdrawal process, initiated through the StrategyManager)
 */
contract DelegationManager is Initializable, OwnableUpgradeable, Pausable, DelegationManagerStorage, ReentrancyGuardUpgradeable {
  // @dev Index for flag that pauses new delegations when set
  uint8 internal constant PAUSED_NEW_DELEGATION = 0;

  // @dev Index for flag that pauses queuing new withdrawals when set.
  uint8 internal constant PAUSED_ENTER_WITHDRAWAL_QUEUE = 1;

  // @dev Index for flag that pauses completing existing withdrawals when set.
  uint8 internal constant PAUSED_EXIT_WITHDRAWAL_QUEUE = 2;

  // @dev Chain ID at the time of contract deployment
  uint256 internal immutable ORIGINAL_CHAIN_ID;

  // @dev Maximum Value for `stakerOptOutWindow`. Approximately equivalent to 6 months.
  uint256 public constant MAX_STAKER_OPT_OUT_WINDOW = 180 days;

  // @notice Simple permission for functions that are only callable by the StrategyManager contract
  modifier onlyStrategyManager() {
    require(msg.sender == address(strategyManager), 'DelegationManager: onlyStrategyManager');
    _;
  }

  /*******************************************************************************
                            INITIALIZING FUNCTIONS
    *******************************************************************************/

  /**
   * @dev Initializes the immutable addresses of the strategy mananger and slasher.
   */
  constructor(IStrategyManager _strategyManager, ISlasher _slasher) DelegationManagerStorage(_strategyManager, _slasher) {
    _disableInitializers();
    ORIGINAL_CHAIN_ID = block.chainid;
  }

  /**
   * @dev Initializes the addresses of the initial owner, pauser registry, and paused status.
   * minWithdrawalDelay is set only once here
   */
  function initialize(
    address initialOwner,
    IPauserRegistry _pauserRegistry,
    uint256 initialPausedStatus,
    uint256 _minWithdrawalDelay,
    IStrategy[] calldata _strategies,
    uint256[] calldata _withdrawalDelay
  ) external initializer {
    _initializePauser(_pauserRegistry, initialPausedStatus);
    _DOMAIN_SEPARATOR = _calculateDomainSeparator();
    _transferOwnership(initialOwner);
    _setMinWithdrawalDelay(_minWithdrawalDelay);
    _setStrategyWithdrawalDelay(_strategies, _withdrawalDelay);
  }

  /*******************************************************************************
                            EXTERNAL FUNCTIONS 
    *******************************************************************************/

  /**
   * @notice Registers the caller as an operator in Pell.
   * @param registeringOperatorDetails is the `OperatorDetails` for the operator.
   * @param metadataURI is a URI for the operator's metadata, i.e. a link providing more details on the operator.
   *
   * @dev Once an operator is registered, they cannot 'deregister' as an operator, and they will forever be considered "delegated to themself".
   * @dev This function will revert if the caller attempts to set their `earningsReceiver` to address(0).
   * @dev Note that the `metadataURI` is *never stored * and is only emitted in the `OperatorMetadataURIUpdated` event
   */
  function registerAsOperator(OperatorDetails calldata registeringOperatorDetails, string calldata metadataURI) external {
    require(
      _operatorDetails[msg.sender].earningsReceiver == address(0),
      'DelegationManager.registerAsOperator: operator has already registered'
    );
    _setOperatorDetails(msg.sender, registeringOperatorDetails);
    SignatureWithExpiry memory emptySignatureAndExpiry;
    // delegate from the operator to themselves
    _delegate(msg.sender, msg.sender, emptySignatureAndExpiry, bytes32(0));
    // emit events
    emit OperatorRegistered(msg.sender, registeringOperatorDetails);
    emit OperatorMetadataURIUpdated(msg.sender, metadataURI);
  }

  /**
   * @notice Updates an operator's stored `OperatorDetails`.
   * @param newOperatorDetails is the updated `OperatorDetails` for the operator, to replace their current OperatorDetails`.
   *
   * @dev The caller must have previously registered as an operator in Pell.
   * @dev This function will revert if the caller attempts to set their `earningsReceiver` to address(0).
   */
  function modifyOperatorDetails(OperatorDetails calldata newOperatorDetails) external {
    require(isOperator(msg.sender), 'DelegationManager.modifyOperatorDetails: caller must be an operator');
    _setOperatorDetails(msg.sender, newOperatorDetails);
  }

  /**
   * @notice Called by an operator to emit an `OperatorMetadataURIUpdated` event indicating the information has updated.
   * @param metadataURI The URI for metadata associated with an operator
   */
  function updateOperatorMetadataURI(string calldata metadataURI) external {
    require(isOperator(msg.sender), 'DelegationManager.updateOperatorMetadataURI: caller must be an operator');
    emit OperatorMetadataURIUpdated(msg.sender, metadataURI);
  }

  /**
   * @notice Caller delegates their stake to an operator.
   * @param operator The account (`msg.sender`) is delegating its assets to for use in serving applications built on Pell.
   * @param approverSignatureAndExpiry Verifies the operator approves of this delegation
   * @param approverSalt A unique single use value tied to an individual signature.
   * @dev The approverSignatureAndExpiry is used in the event that:
   *          1) the operator's `delegationApprover` address is set to a non-zero value.
   *                  AND
   *          2) neither the operator nor their `delegationApprover` is the `msg.sender`, since in the event that the operator
   *             or their delegationApprover is the `msg.sender`, then approval is assumed.
   * @dev In the event that `approverSignatureAndExpiry` is not checked, its content is ignored entirely; it's recommended to use an empty input
   * in this case to save on complexity + gas costs
   */
  function delegateTo(address operator, SignatureWithExpiry memory approverSignatureAndExpiry, bytes32 approverSalt) external {
    // go through the internal delegation flow, checking the `approverSignatureAndExpiry` if applicable
    _delegate(msg.sender, operator, approverSignatureAndExpiry, approverSalt);
  }

  /**
   * @notice Caller delegates a staker's stake to an operator with valid signatures from both parties.
   * @param staker The account delegating stake to an `operator` account
   * @param operator The account (`staker`) is delegating its assets to for use in serving applications built on Pell.
   * @param stakerSignatureAndExpiry Signed data from the staker authorizing delegating stake to an operator
   * @param approverSignatureAndExpiry is a parameter that will be used for verifying that the operator approves of this delegation action in the event that:
   * @param approverSalt Is a salt used to help guarantee signature uniqueness. Each salt can only be used once by a given approver.
   *
   * @dev If `staker` is an EOA, then `stakerSignature` is verified to be a valid ECDSA stakerSignature from `staker`, indicating their intention for this action.
   * @dev If `staker` is a contract, then `stakerSignature` will be checked according to EIP-1271.
   * @dev the operator's `delegationApprover` address is set to a non-zero value.
   * @dev neither the operator nor their `delegationApprover` is the `msg.sender`, since in the event that the operator or their delegationApprover
   * is the `msg.sender`, then approval is assumed.
   * @dev This function will revert if the current `block.timestamp` is equal to or exceeds the expiry
   * @dev In the case that `approverSignatureAndExpiry` is not checked, its content is ignored entirely; it's recommended to use an empty input
   * in this case to save on complexity + gas costs
   */
  function delegateToBySignature(
    address staker,
    address operator,
    SignatureWithExpiry memory stakerSignatureAndExpiry,
    SignatureWithExpiry memory approverSignatureAndExpiry,
    bytes32 approverSalt
  ) external {
    // check the signature expiry
    require(stakerSignatureAndExpiry.expiry >= block.timestamp, 'DelegationManager.delegateToBySignature: staker signature expired');

    // calculate the digest hash, then increment `staker`'s nonce
    uint256 currentStakerNonce = stakerNonce[staker];
    bytes32 stakerDigestHash = calculateStakerDelegationDigestHash(staker, currentStakerNonce, operator, stakerSignatureAndExpiry.expiry);
    unchecked {
      stakerNonce[staker] = currentStakerNonce + 1;
    }

    // actually check that the signature is valid
    EIP1271SignatureUtils.checkSignature_EIP1271(staker, stakerDigestHash, stakerSignatureAndExpiry.signature);

    // go through the internal delegation flow, checking the `approverSignatureAndExpiry` if applicable
    _delegate(staker, operator, approverSignatureAndExpiry, approverSalt);
  }

  /**
   * Allows the staker, the staker's operator, or that operator's delegationApprover to undelegate
   * a staker from their operator. Undelegation immediately removes ALL active shares/strategies from
   * both the staker and operator, and places the shares and strategies in the withdrawal queue
   */
  function undelegate(address staker) external onlyWhenNotPaused(PAUSED_ENTER_WITHDRAWAL_QUEUE) returns (bytes32[] memory withdrawalRoots) {
    require(isDelegated(staker), 'DelegationManager.undelegate: staker must be delegated to undelegate');
    require(!isOperator(staker), 'DelegationManager.undelegate: operators cannot be undelegated');
    require(staker != address(0), 'DelegationManager.undelegate: cannot undelegate zero address');
    address operator = delegatedTo[staker];
    require(
      msg.sender == staker || msg.sender == operator || msg.sender == _operatorDetails[operator].delegationApprover,
      'DelegationManager.undelegate: caller cannot undelegate staker'
    );

    // Gather strategies and shares to remove from staker/operator during undelegation
    // Undelegation removes ALL currently-active strategies and shares
    (IStrategy[] memory strategies, uint256[] memory shares) = getDelegatableShares(staker);

    // emit an event if this action was not initiated by the staker themselves
    if (msg.sender != staker) {
      emit StakerForceUndelegated(staker, operator);
    }

    // undelegate the staker
    emit StakerUndelegated(staker, operator);
    delegatedTo[staker] = address(0);

    // if no delegatable shares, return an empty array, and don't queue a withdrawal
    if (strategies.length == 0) {
      withdrawalRoots = new bytes32[](0);
    } else {
      withdrawalRoots = new bytes32[](strategies.length);
      for (uint256 i = 0; i < strategies.length; i++) {
        IStrategy[] memory singleStrategy = new IStrategy[](1);
        uint256[] memory singleShare = new uint256[](1);
        singleStrategy[0] = strategies[i];
        singleShare[0] = shares[i];

        withdrawalRoots[i] = _removeSharesAndQueueWithdrawal({
          staker: staker,
          operator: operator,
          withdrawer: staker,
          strategies: singleStrategy,
          shares: singleShare
        });
      }
    }

    return withdrawalRoots;
  }

  /**
   * Allows a staker to withdraw some shares. Withdrawn shares/strategies are immediately removed
   * from the staker. If the staker is delegated, withdrawn shares/strategies are also removed from
   * their operator.
   *
   * All withdrawn shares/strategies are placed in a queue and can be fully withdrawn after a delay.
   */
  function queueWithdrawals(
    QueuedWithdrawalParams[] calldata queuedWithdrawalParams
  ) external onlyWhenNotPaused(PAUSED_ENTER_WITHDRAWAL_QUEUE) returns (bytes32[] memory) {
    bytes32[] memory withdrawalRoots = new bytes32[](queuedWithdrawalParams.length);
    address operator = delegatedTo[msg.sender];

    for (uint256 i = 0; i < queuedWithdrawalParams.length; i++) {
      require(
        queuedWithdrawalParams[i].strategies.length == queuedWithdrawalParams[i].shares.length,
        'DelegationManager.queueWithdrawal: input length mismatch'
      );
      require(queuedWithdrawalParams[i].withdrawer == msg.sender, 'DelegationManager.queueWithdrawal: withdrawer must be staker');

      // Remove shares from staker's strategies and place strategies/shares in queue.
      // If the staker is delegated to an operator, the operator's delegated shares are also reduced
      // NOTE: This will fail if the staker doesn't have the shares implied by the input parameters
      withdrawalRoots[i] = _removeSharesAndQueueWithdrawal({
        staker: msg.sender,
        operator: operator,
        withdrawer: queuedWithdrawalParams[i].withdrawer,
        strategies: queuedWithdrawalParams[i].strategies,
        shares: queuedWithdrawalParams[i].shares
      });
    }
    return withdrawalRoots;
  }

  /**
   * @notice Used to complete the specified `withdrawal`. The caller must match `withdrawal.withdrawer`
   * @param withdrawal The Withdrawal to complete.
   * @param tokens Array in which the i-th entry specifies the `token` input to the 'withdraw' function of the i-th Strategy in the `withdrawal.strategies` array.
   * This input can be provided with zero length if `receiveAsTokens` is set to 'false' (since in that case, this input will be unused)
   * @param middlewareTimesIndex is the index in the operator that the staker who triggered the withdrawal was delegated to's middleware times array
   * @param receiveAsTokens If true, the shares specified in the withdrawal will be withdrawn from the specified strategies themselves
   * and sent to the caller, through calls to `withdrawal.strategies[i].withdraw`. If false, then the shares in the specified strategies
   * will simply be transferred to the caller directly.
   * @dev middlewareTimesIndex is unused, but will be used in the Slasher eventually
   * @dev beaconChainETHStrategy shares are non-transferrable, so if `receiveAsTokens = false` and `withdrawal.withdrawer != withdrawal.staker`, note that
   * any beaconChainETHStrategy shares in the `withdrawal` will be _returned to the staker_, rather than transferred to the withdrawer, unlike shares in
   * any other strategies, which will be transferred to the withdrawer.
   */
  function completeQueuedWithdrawal(
    Withdrawal calldata withdrawal,
    IERC20[] calldata tokens,
    uint256 middlewareTimesIndex,
    bool receiveAsTokens
  ) external onlyWhenNotPaused(PAUSED_EXIT_WITHDRAWAL_QUEUE) nonReentrant {
    _completeQueuedWithdrawal(withdrawal, tokens, middlewareTimesIndex, receiveAsTokens);
  }

  /**
   * @notice Array-ified version of `completeQueuedWithdrawal`.
   * Used to complete the specified `withdrawals`. The function caller must match `withdrawals[...].withdrawer`
   * @param withdrawals The Withdrawals to complete.
   * @param tokens Array of tokens for each Withdrawal. See `completeQueuedWithdrawal` for the usage of a single array.
   * @param middlewareTimesIndexes One index to reference per Withdrawal. See `completeQueuedWithdrawal` for the usage of a single index.
   * @param receiveAsTokens Whether or not to complete each withdrawal as tokens. See `completeQueuedWithdrawal` for the usage of a single boolean.
   * @dev See `completeQueuedWithdrawal` for relevant dev tags
   */
  function completeQueuedWithdrawals(
    Withdrawal[] calldata withdrawals,
    IERC20[][] calldata tokens,
    uint256[] calldata middlewareTimesIndexes,
    bool[] calldata receiveAsTokens
  ) external onlyWhenNotPaused(PAUSED_EXIT_WITHDRAWAL_QUEUE) nonReentrant {
    for (uint256 i = 0; i < withdrawals.length; ++i) {
      _completeQueuedWithdrawal(withdrawals[i], tokens[i], middlewareTimesIndexes[i], receiveAsTokens[i]);
    }
  }

  /**
   * @notice Increases a staker's delegated share balance in a strategy.
   * @param staker The address to increase the delegated shares for their operator.
   * @param strategy The strategy in which to increase the delegated shares.
   * @param shares The number of shares to increase.
   *
   * @dev *If the staker is actively delegated*, then increases the `staker`'s delegated shares in `strategy` by `shares`. Otherwise does nothing.
   * @dev Callable only by the StrategyManager.
   */
  function increaseDelegatedShares(address staker, IStrategy strategy, uint256 shares) external onlyStrategyManager {
    // if the staker is delegated to an operator
    if (isDelegated(staker)) {
      address operator = delegatedTo[staker];

      // add strategy shares to delegate's shares
      _increaseOperatorShares({operator: operator, staker: staker, strategy: strategy, shares: shares});
    }
  }

  /**
   * @notice Decreases a staker's delegated share balance in a strategy.
   * @param staker The address to increase the delegated shares for their operator.
   * @param strategy The strategy in which to decrease the delegated shares.
   * @param shares The number of shares to decrease.
   *
   * @dev *If the staker is actively delegated*, then decreases the `staker`'s delegated shares in `strategy` by `shares`. Otherwise does nothing.
   * @dev Callable only by the StrategyManager or EigenPodManager.
   */
  function decreaseDelegatedShares(address staker, IStrategy strategy, uint256 shares) external onlyStrategyManager {
    // if the staker is delegated to an operator
    if (isDelegated(staker)) {
      address operator = delegatedTo[staker];

      // subtract strategy shares from delegate's shares
      _decreaseOperatorShares({operator: operator, staker: staker, strategy: strategy, shares: shares});
    }
  }

  /**
   * @notice Owner-only function for modifying the value of the `minWithdrawalDelay` variable.
   * @param newMinWithdrawalDelay new value of `minWithdrawalDelay`.
   */
  function setMinWithdrawalDelay(uint256 newMinWithdrawalDelay) external onlyOwner {
    _setMinWithdrawalDelay(newMinWithdrawalDelay);
  }

  /**
   * @notice Called by owner to set the minimum withdrawal delay for each passed in strategy
   * Note that the min cooldown to complete a withdrawal of a strategy is
   * MAX(minWithdrawalDelay, strategyWithdrawalDelay[strategy])
   * @param strategies The strategies to set the minimum withdrawal delay for
   * @param withdrawalDelay The minimum withdrawal delay to set for each strategy
   */
  function setStrategyWithdrawalDelay(IStrategy[] calldata strategies, uint256[] calldata withdrawalDelay) external onlyOwner {
    _setStrategyWithdrawalDelay(strategies, withdrawalDelay);
  }

  /*******************************************************************************
                            INTERNAL FUNCTIONS
    *******************************************************************************/

  /**
   * @notice Sets operator parameters in the `_operatorDetails` mapping.
   * @param operator The account registered as an operator updating their operatorDetails
   * @param newOperatorDetails The new parameters for the operator
   *
   * @dev This function will revert if the operator attempts to set their `earningsReceiver` to address(0).
   */
  function _setOperatorDetails(address operator, OperatorDetails calldata newOperatorDetails) internal {
    require(
      newOperatorDetails.earningsReceiver != address(0),
      'DelegationManager._setOperatorDetails: cannot set `earningsReceiver` to zero address'
    );
    require(
      newOperatorDetails.stakerOptOutWindow <= MAX_STAKER_OPT_OUT_WINDOW,
      'DelegationManager._setOperatorDetails: stakerOptOutWindow cannot be > MAX_STAKER_OPT_OUT_WINDOW'
    );
    require(
      newOperatorDetails.stakerOptOutWindow >= _operatorDetails[operator].stakerOptOutWindow,
      'DelegationManager._setOperatorDetails: stakerOptOutWindow cannot be decreased'
    );
    _operatorDetails[operator] = newOperatorDetails;
    emit OperatorDetailsModified(msg.sender, newOperatorDetails);
  }

  /**
   * @notice Delegates *from* a `staker` *to* an `operator`.
   * @param staker The address to delegate *from* -- this address is delegating control of its own assets.
   * @param operator The address to delegate *to* -- this address is being given power to place the `staker`'s assets at risk on services
   * @param approverSignatureAndExpiry Verifies the operator approves of this delegation
   * @param approverSalt Is a salt used to help guarantee signature uniqueness. Each salt can only be used once by a given approver.
   * @dev Ensures that:
   *          1) the `staker` is not already delegated to an operator
   *          2) the `operator` has indeed registered as an operator in Pell
   *          3) if applicable, that the approver signature is valid and non-expired
   */
  function _delegate(
    address staker,
    address operator,
    SignatureWithExpiry memory approverSignatureAndExpiry,
    bytes32 approverSalt
  ) internal onlyWhenNotPaused(PAUSED_NEW_DELEGATION) {
    require(!isDelegated(staker), 'DelegationManager._delegate: staker is already actively delegated');
    require(isOperator(operator), 'DelegationManager._delegate: operator is not registered in Pell');

    // fetch the operator's `delegationApprover` address and store it in memory in case we need to use it multiple times
    address _delegationApprover = _operatorDetails[operator].delegationApprover;
    /**
     * Check the `_delegationApprover`'s signature, if applicable.
     * If the `_delegationApprover` is the zero address, then the operator allows all stakers to delegate to them and this verification is skipped.
     * If the `_delegationApprover` or the `operator` themselves is the caller, then approval is assumed and signature verification is skipped as well.
     */
    if (_delegationApprover != address(0) && msg.sender != _delegationApprover && msg.sender != operator) {
      // check the signature expiry
      require(approverSignatureAndExpiry.expiry >= block.timestamp, 'DelegationManager._delegate: approver signature expired');
      // check that the salt hasn't been used previously, then mark the salt as spent
      require(!delegationApproverSaltIsSpent[_delegationApprover][approverSalt], 'DelegationManager._delegate: approverSalt already spent');
      delegationApproverSaltIsSpent[_delegationApprover][approverSalt] = true;

      // calculate the digest hash
      bytes32 approverDigestHash = calculateDelegationApprovalDigestHash(
        staker,
        operator,
        _delegationApprover,
        approverSalt,
        approverSignatureAndExpiry.expiry
      );

      // actually check that the signature is valid
      EIP1271SignatureUtils.checkSignature_EIP1271(_delegationApprover, approverDigestHash, approverSignatureAndExpiry.signature);
    }

    // record the delegation relation between the staker and operator, and emit an event
    delegatedTo[staker] = operator;
    emit StakerDelegated(staker, operator);

    (IStrategy[] memory strategies, uint256[] memory shares) = getDelegatableShares(staker);

    for (uint256 i = 0; i < strategies.length; ) {
      _increaseOperatorShares({operator: operator, staker: staker, strategy: strategies[i], shares: shares[i]});

      unchecked {
        ++i;
      }
    }
  }

  /**
   * @dev commented-out param (middlewareTimesIndex) is the index in the operator that the staker who triggered the withdrawal was delegated to's middleware times array
   * This param is intended to be passed on to the Slasher contract, but is unused in the M2 release of these contracts, and is thus commented-out.
   */
  function _completeQueuedWithdrawal(
    Withdrawal calldata withdrawal,
    IERC20[] calldata tokens,
    uint256 /*middlewareTimesIndex*/,
    bool receiveAsTokens
  ) internal {
    bytes32 withdrawalRoot = calculateWithdrawalRoot(withdrawal);

    require(pendingWithdrawals[withdrawalRoot], 'DelegationManager._completeQueuedWithdrawal: action is not in queue');

    require(
      withdrawal.startTimestamp + minWithdrawalDelay <= block.timestamp,
      'DelegationManager._completeQueuedWithdrawal: minWithdrawalDelay period has not yet passed'
    );

    require(msg.sender == withdrawal.withdrawer, 'DelegationManager._completeQueuedWithdrawal: only withdrawer can complete action');

    if (receiveAsTokens) {
      require(tokens.length == withdrawal.strategies.length, 'DelegationManager._completeQueuedWithdrawal: input length mismatch');
    }

    // Remove `withdrawalRoot` from pending roots
    delete pendingWithdrawals[withdrawalRoot];

    // Finalize action by converting shares to tokens for each strategy, or
    // by re-awarding shares in each strategy.
    if (receiveAsTokens) {
      for (uint256 i = 0; i < withdrawal.strategies.length; ) {
        require(
          withdrawal.startTimestamp + strategyWithdrawalDelay[withdrawal.strategies[i]] <= block.timestamp,
          'DelegationManager._completeQueuedWithdrawal: withdrawalDelay period has not yet passed for this strategy'
        );

        _withdrawSharesAsTokens({
          staker: withdrawal.staker,
          withdrawer: msg.sender,
          strategy: withdrawal.strategies[i],
          shares: withdrawal.shares[i],
          token: tokens[i]
        });
        unchecked {
          ++i;
        }
      }
      // Award shares back in StrategyManager/EigenPodManager. If withdrawer is delegated, increase the shares delegated to the operator
    } else {
      address currentOperator = delegatedTo[msg.sender];
      for (uint256 i = 0; i < withdrawal.strategies.length; ) {
        require(
          withdrawal.startTimestamp + strategyWithdrawalDelay[withdrawal.strategies[i]] <= block.timestamp,
          'DelegationManager._completeQueuedWithdrawal: withdrawalDelay period has not yet passed for this strategy'
        );

        strategyManager.addShares(msg.sender, tokens[i], withdrawal.strategies[i], withdrawal.shares[i]);
        // Similar to `isDelegated` logic
        if (currentOperator != address(0)) {
          _increaseOperatorShares({
            operator: currentOperator,
            // the 'staker' here is the address receiving new shares
            staker: msg.sender,
            strategy: withdrawal.strategies[i],
            shares: withdrawal.shares[i]
          });
        }

        unchecked {
          ++i;
        }
      }
    }

    emit WithdrawalCompleted(withdrawalRoot);
  }

  // @notice Increases `operator`s delegated shares in `strategy` by `shares` and emits an `OperatorSharesIncreased` event
  function _increaseOperatorShares(address operator, address staker, IStrategy strategy, uint256 shares) internal {
    operatorShares[operator][strategy] += shares;
    emit OperatorSharesIncreased(operator, staker, strategy, shares);
  }

  // @notice Decreases `operator`s delegated shares in `strategy` by `shares` and emits an `OperatorSharesDecreased` event
  function _decreaseOperatorShares(address operator, address staker, IStrategy strategy, uint256 shares) internal {
    // This will revert on underflow, so no check needed
    operatorShares[operator][strategy] -= shares;
    emit OperatorSharesDecreased(operator, staker, strategy, shares);
  }

  /**
   * @notice Removes `shares` in `strategies` from `staker` who is currently delegated to `operator` and queues a withdrawal to the `withdrawer`.
   * @dev If the `operator` is indeed an operator, then the operator's delegated shares in the `strategies` are also decreased appropriately.
   * @dev If `withdrawer` is not the same address as `staker`, then thirdPartyTransfersForbidden[strategy] must be set to false in the StrategyManager.
   */
  function _removeSharesAndQueueWithdrawal(
    address staker,
    address operator,
    address withdrawer,
    IStrategy[] memory strategies,
    uint256[] memory shares
  ) internal returns (bytes32) {
    require(staker != address(0), 'DelegationManager._removeSharesAndQueueWithdrawal: staker cannot be zero address');
    require(strategies.length != 0, 'DelegationManager._removeSharesAndQueueWithdrawal: strategies cannot be empty');

    // Remove shares from staker and operator
    // Each of these operations fail if we attempt to remove more shares than exist
    for (uint256 i = 0; i < strategies.length; ) {
      // Similar to `isDelegated` logic
      if (operator != address(0)) {
        _decreaseOperatorShares({operator: operator, staker: staker, strategy: strategies[i], shares: shares[i]});
      }

      require(
        staker == withdrawer || !strategyManager.thirdPartyTransfersForbidden(strategies[i]),
        'DelegationManager._removeSharesAndQueueWithdrawal: withdrawer must be same address as staker if thirdPartyTransfersForbidden are set'
      );
      // this call will revert if `shares[i]` exceeds the Staker's current shares in `strategies[i]`
      strategyManager.removeShares(staker, strategies[i], shares[i]);

      unchecked {
        ++i;
      }
    }

    // Create queue entry and increment withdrawal nonce
    uint256 nonce = cumulativeWithdrawalsQueued[staker];
    cumulativeWithdrawalsQueued[staker]++;

    Withdrawal memory withdrawal = Withdrawal({
      staker: staker,
      delegatedTo: operator,
      withdrawer: withdrawer,
      nonce: nonce,
      startTimestamp: uint32(block.timestamp),
      strategies: strategies,
      shares: shares
    });

    bytes32 withdrawalRoot = calculateWithdrawalRoot(withdrawal);

    // Place withdrawal in queue
    pendingWithdrawals[withdrawalRoot] = true;

    emit WithdrawalQueued(withdrawalRoot, withdrawal);
    return withdrawalRoot;
  }

  /**
   * @notice Withdraws `shares` in `strategy` to `withdrawer`. Call is ultimately forwarded to the `strategy` with info on the `token`.
   */
  function _withdrawSharesAsTokens(address staker, address withdrawer, IStrategy strategy, uint256 shares, IERC20 token) internal {
    strategyManager.withdrawSharesAsTokens(withdrawer, strategy, shares, token);
  }

  function _setMinWithdrawalDelay(uint256 _minWithdrawalDelay) internal {
    require(
      _minWithdrawalDelay <= MAX_WITHDRAWAL_DELAY,
      'DelegationManager._setMinWithdrawalDelay: _minWithdrawalDelay cannot be > MAX_WITHDRAWAL_DELAY'
    );
    emit MinWithdrawalDelaySet(minWithdrawalDelay, _minWithdrawalDelay);
    minWithdrawalDelay = _minWithdrawalDelay;
  }

  /**
   * @notice Sets the withdrawal delay for each strategy in `_strategies` to `_withdrawalDelay`.
   * gets called when initializing contract or by calling `setStrategyWithdrawalDelay`
   */
  function _setStrategyWithdrawalDelay(IStrategy[] calldata _strategies, uint256[] calldata _withdrawalDelay) internal {
    require(_strategies.length == _withdrawalDelay.length, 'DelegationManager._setStrategyWithdrawalDelay: input length mismatch');
    uint256 numStrats = _strategies.length;
    for (uint256 i = 0; i < numStrats; ++i) {
      IStrategy strategy = _strategies[i];
      uint256 prevStrategyWithdrawalDelay = strategyWithdrawalDelay[strategy];
      uint256 newStrategyWithdrawalDelay = _withdrawalDelay[i];
      require(
        newStrategyWithdrawalDelay <= MAX_WITHDRAWAL_DELAY,
        'DelegationManager._setStrategyWithdrawalDelay: _withdrawalDelay cannot be > MAX_WITHDRAWAL_DELAY'
      );

      // set the new withdrawal delay
      strategyWithdrawalDelay[strategy] = newStrategyWithdrawalDelay;
      emit StrategyWithdrawalDelaySet(strategy, prevStrategyWithdrawalDelay, newStrategyWithdrawalDelay);
    }
  }

  /*******************************************************************************
                            VIEW FUNCTIONS
    *******************************************************************************/

  /**
   * @notice Getter function for the current EIP-712 domain separator for this contract.
   *
   * @dev The domain separator will change in the event of a fork that changes the ChainID.
   * @dev By introducing a domain separator the DApp developers are guaranteed that there can be no signature collision.
   * for more detailed information please read EIP-712.
   */
  function domainSeparator() public view returns (bytes32) {
    if (block.chainid == ORIGINAL_CHAIN_ID) {
      return _DOMAIN_SEPARATOR;
    } else {
      return _calculateDomainSeparator();
    }
  }

  /**
   * @notice Returns 'true' if `staker` *is* actively delegated, and 'false' otherwise.
   */
  function isDelegated(address staker) public view returns (bool) {
    return (delegatedTo[staker] != address(0));
  }

  /**
   * @notice Returns true is an operator has previously registered for delegation.
   */
  function isOperator(address operator) public view returns (bool) {
    return (_operatorDetails[operator].earningsReceiver != address(0));
  }

  /**
   * @notice Returns the OperatorDetails struct associated with an `operator`.
   */
  function operatorDetails(address operator) external view returns (OperatorDetails memory) {
    return _operatorDetails[operator];
  }

  /*
   * @notice Returns the earnings receiver address for an operator
   */
  function earningsReceiver(address operator) external view returns (address) {
    return _operatorDetails[operator].earningsReceiver;
  }

  /**
   * @notice Returns the delegationApprover account for an operator
   */
  function delegationApprover(address operator) external view returns (address) {
    return _operatorDetails[operator].delegationApprover;
  }

  /**
   * @notice Returns the stakerOptOutWindow for an operator
   */
  function stakerOptOutWindow(address operator) external view returns (uint256) {
    return _operatorDetails[operator].stakerOptOutWindow;
  }

  /// @notice Given array of strategies, returns array of shares for the operator
  function getOperatorShares(address operator, IStrategy[] memory strategies) public view returns (uint256[] memory) {
    uint256[] memory shares = new uint256[](strategies.length);
    for (uint256 i = 0; i < strategies.length; ++i) {
      shares[i] = operatorShares[operator][strategies[i]];
    }
    return shares;
  }

  /**
   * @notice Returns the number of actively-delegatable shares a staker has across all strategies.
   * @dev Returns two empty arrays in the case that the Staker has no actively-delegateable shares.
   */
  function getDelegatableShares(address staker) public view returns (IStrategy[] memory, uint256[] memory) {
    // Get currently active shares and strategies for `staker`
    (IStrategy[] memory strategyManagerStrats, uint256[] memory strategyManagerShares) = strategyManager.getDeposits(staker);
    return (strategyManagerStrats, strategyManagerShares);
  }

  /**
   * @notice Given a list of strategies, return the minimum cooldown that must pass to withdraw
   * from all the inputted strategies. Return value is >= minWithdrawalDelay as this is the global min withdrawal delay.
   * @param strategies The strategies to check withdrawal delays for
   */
  function getWithdrawalDelay(IStrategy[] calldata strategies) public view returns (uint256) {
    uint256 withdrawalDelay = minWithdrawalDelay;
    for (uint256 i = 0; i < strategies.length; ++i) {
      uint256 currWithdrawalDelay = strategyWithdrawalDelay[strategies[i]];
      if (currWithdrawalDelay > withdrawalDelay) {
        withdrawalDelay = currWithdrawalDelay;
      }
    }
    return withdrawalDelay;
  }

  /// @notice Returns the keccak256 hash of `withdrawal`.
  function calculateWithdrawalRoot(Withdrawal memory withdrawal) public pure returns (bytes32) {
    return keccak256(abi.encode(withdrawal));
  }

  /**
   * @notice Calculates the digestHash for a `staker` to sign to delegate to an `operator`
   * @param staker The signing staker
   * @param operator The operator who is being delegated to
   * @param expiry The desired expiry time of the staker's signature
   */
  function calculateCurrentStakerDelegationDigestHash(address staker, address operator, uint256 expiry) external view returns (bytes32) {
    // fetch the staker's current nonce
    uint256 currentStakerNonce = stakerNonce[staker];
    // calculate the digest hash
    return calculateStakerDelegationDigestHash(staker, currentStakerNonce, operator, expiry);
  }

  /**
   * @notice Calculates the digest hash to be signed and used in the `delegateToBySignature` function
   * @param staker The signing staker
   * @param _stakerNonce The nonce of the staker. In practice we use the staker's current nonce, stored at `stakerNonce[staker]`
   * @param operator The operator who is being delegated to
   * @param expiry The desired expiry time of the staker's signature
   */
  function calculateStakerDelegationDigestHash(
    address staker,
    uint256 _stakerNonce,
    address operator,
    uint256 expiry
  ) public view returns (bytes32) {
    // calculate the struct hash
    bytes32 stakerStructHash = keccak256(abi.encode(STAKER_DELEGATION_TYPEHASH, staker, operator, _stakerNonce, expiry));
    // calculate the digest hash
    bytes32 stakerDigestHash = keccak256(abi.encodePacked('\x19\x01', domainSeparator(), stakerStructHash));
    return stakerDigestHash;
  }

  /**
   * @notice Calculates the digest hash to be signed by the operator's delegationApprove and used in the `delegateTo` and `delegateToBySignature` functions.
   * @param staker The account delegating their stake
   * @param operator The account receiving delegated stake
   * @param _delegationApprover the operator's `delegationApprover` who will be signing the delegationHash (in general)
   * @param approverSalt A unique and single use value associated with the approver signature.
   * @param expiry Time after which the approver's signature becomes invalid
   */
  function calculateDelegationApprovalDigestHash(
    address staker,
    address operator,
    address _delegationApprover,
    bytes32 approverSalt,
    uint256 expiry
  ) public view returns (bytes32) {
    // calculate the struct hash
    bytes32 approverStructHash = keccak256(
      abi.encode(DELEGATION_APPROVAL_TYPEHASH, _delegationApprover, staker, operator, approverSalt, expiry)
    );
    // calculate the digest hash
    bytes32 approverDigestHash = keccak256(abi.encodePacked('\x19\x01', domainSeparator(), approverStructHash));
    return approverDigestHash;
  }

  /**
   * @dev Recalculates the domain separator when the chainid changes due to a fork.
   */
  function _calculateDomainSeparator() internal view returns (bytes32) {
    return keccak256(abi.encode(DOMAIN_TYPEHASH, keccak256(bytes('Pell')), block.chainid, address(this)));
  }
}

// SPDX-License-Identifier: LGPL-3.0
pragma solidity 0.8.20;

import '../interfaces/IStrategyManager.sol';
import '../interfaces/IDelegationManager.sol';
import '../interfaces/ISlasher.sol';

/**
 * @title Storage variables for the `DelegationManager` contract.
 * @notice This storage contract is separate from the logic to simplify the upgrade process.
 */
abstract contract DelegationManagerStorage is IDelegationManager {
  /// @notice The EIP-712 typehash for the contract's domain
  bytes32 public constant DOMAIN_TYPEHASH = keccak256('EIP712Domain(string name,uint256 chainId,address verifyingContract)');

  /// @notice The EIP-712 typehash for the `StakerDelegation` struct used by the contract
  bytes32 public constant STAKER_DELEGATION_TYPEHASH =
    keccak256('StakerDelegation(address staker,address operator,uint256 nonce,uint256 expiry)');

  /// @notice The EIP-712 typehash for the `DelegationApproval` struct used by the contract
  bytes32 public constant DELEGATION_APPROVAL_TYPEHASH =
    keccak256('DelegationApproval(address delegationApprover,address staker,address operator,bytes32 salt,uint256 expiry)');

  /**
   * @notice Original EIP-712 Domain separator for this contract.
   * @dev The domain separator may change in the event of a fork that modifies the ChainID.
   * Use the getter function `domainSeparator` to get the current domain separator for this contract.
   */
  bytes32 internal _DOMAIN_SEPARATOR;

  /// @notice The StrategyManager contract for Pell
  IStrategyManager public immutable strategyManager;

  /// @notice The Slasher contract for Pell
  ISlasher public immutable slasher;

  // 30 days (60 * 60 * 24 * 30 = 2,592,000)
  uint256 public constant MAX_WITHDRAWAL_DELAY = 2592000;

  /**
   * @notice returns the total number of shares in `strategy` that are delegated to `operator`.
   * @notice Mapping: operator => strategy => total number of shares in the strategy delegated to the operator.
   * @dev By design, the following invariant should hold for each Strategy:
   * (operator's shares in delegation manager) = sum (shares above zero of all stakers delegated to operator)
   * = sum (delegateable shares of all stakers delegated to the operator)
   */
  mapping(address => mapping(IStrategy => uint256)) public operatorShares;

  /**
   * @notice Mapping: operator => OperatorDetails struct
   * @dev This struct is internal with an external getter so we can return an `OperatorDetails memory` object
   */
  mapping(address => OperatorDetails) internal _operatorDetails;

  /**
   * @notice Mapping: staker => operator whom the staker is currently delegated to.
   * @dev Note that returning address(0) indicates that the staker is not actively delegated to any operator.
   */
  mapping(address => address) public delegatedTo;

  /// @notice Mapping: staker => number of signed messages (used in `delegateToBySignature`) from the staker that this contract has already checked.
  mapping(address => uint256) public stakerNonce;

  /**
   * @notice Mapping: delegationApprover => 32-byte salt => whether or not the salt has already been used by the delegationApprover.
   * @dev Salts are used in the `delegateTo` and `delegateToBySignature` functions. Note that these functions only process the delegationApprover's
   * signature + the provided salt if the operator being delegated to has specified a nonzero address as their `delegationApprover`.
   */
  mapping(address => mapping(bytes32 => bool)) public delegationApproverSaltIsSpent;

  /**
   * @notice Global minimum withdrawal delay for all strategy withdrawals.
   * In a prior Goerli release, we only had a global min withdrawal delay across all strategies.
   * In addition, we now also configure withdrawal delays on a per-strategy basis.
   * To withdraw from a strategy, max(minWithdrawalDelay, strategyWithdrawalDelay[strategy]) number of timestamp must have passed.
   * See mapping strategyWithdrawalDelay below for per-strategy withdrawal delays.
   */
  uint256 public minWithdrawalDelay;

  /// @notice Mapping: hash of withdrawal inputs, aka 'withdrawalRoot' => whether the withdrawal is pending
  mapping(bytes32 => bool) public pendingWithdrawals;

  /// @notice Mapping: staker => cumulative number of queued withdrawals they have ever initiated.
  /// @dev This only increments (doesn't decrement), and is used to help ensure that otherwise identical withdrawals have unique hashes.
  mapping(address => uint256) public cumulativeWithdrawalsQueued;

  /**
   * @notice Minimum delay enforced by this contract per Strategy for completing queued withdrawals. Measured in timestamp, and adjustable by this contract's owner,
   * up to a maximum of `MAX_WITHDRAWAL_DELAY`. Minimum value is 0 (i.e. no delay enforced).
   */
  mapping(IStrategy => uint256) public strategyWithdrawalDelay;

  constructor(IStrategyManager _strategyManager, ISlasher _slasher) {
    strategyManager = _strategyManager;
    slasher = _slasher;
  }

  /**
   * @dev This empty reserved space is put in place to allow future versions to add new
   * variables without shifting down storage in the inheritance chain.
   * See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps
   */
  uint256[49] private __gap;
}

// SPDX-License-Identifier: LGPL-3.0
pragma solidity 0.8.20;

import '../interfaces/IStrategyManager.sol';
import '../interfaces/IDelegationManager.sol';
import '../interfaces/ISlasher.sol';

/**
 * @title Storage variables for the `DelegationManager` contract.
 * @notice This storage contract is separate from the logic to simplify the upgrade process.
 */
abstract contract DelegationManagerStorageV2 is IDelegationManager {
  /// @notice The EIP-712 typehash for the contract's domain
  bytes32 public constant DOMAIN_TYPEHASH = keccak256('EIP712Domain(string name,uint256 chainId,address verifyingContract)');

  /// @notice The EIP-712 typehash for the `StakerDelegation` struct used by the contract
  bytes32 public constant STAKER_DELEGATION_TYPEHASH =
    keccak256('StakerDelegation(address staker,address operator,uint256 nonce,uint256 expiry)');

  /// @notice The EIP-712 typehash for the `DelegationApproval` struct used by the contract
  bytes32 public constant DELEGATION_APPROVAL_TYPEHASH =
    keccak256('DelegationApproval(address delegationApprover,address staker,address operator,bytes32 salt,uint256 expiry)');

  /**
   * @notice Original EIP-712 Domain separator for this contract.
   * @dev The domain separator may change in the event of a fork that modifies the ChainID.
   * Use the getter function `domainSeparator` to get the current domain separator for this contract.
   */
  bytes32 internal _DOMAIN_SEPARATOR;

  /// @notice The StrategyManager contract for Pell
  IStrategyManager public immutable strategyManager;

  /// @notice The Slasher contract for Pell
  ISlasher public immutable slasher;

  // 30 days (60 * 60 * 24 * 30 = 2,592,000)
  uint256 public constant MAX_WITHDRAWAL_DELAY = 2592000;

  /**
   * @notice returns the total number of shares in `strategy` that are delegated to `operator`.
   * @notice Mapping: operator => strategy => total number of shares in the strategy delegated to the operator.
   * @dev By design, the following invariant should hold for each Strategy:
   * (operator's shares in delegation manager) = sum (shares above zero of all stakers delegated to operator)
   * = sum (delegateable shares of all stakers delegated to the operator)
   */
  mapping(address => mapping(IStrategy => uint256)) public operatorShares;

  /**
   * @notice Mapping: operator => OperatorDetails struct
   * @dev This struct is internal with an external getter so we can return an `OperatorDetails memory` object
   */
  mapping(address => OperatorDetails) internal _operatorDetails;

  /**
   * @notice Mapping: staker => operator whom the staker is currently delegated to.
   * @dev Note that returning address(0) indicates that the staker is not actively delegated to any operator.
   */
  mapping(address => address) public delegatedTo;

  /// @notice Mapping: staker => number of signed messages (used in `delegateToBySignature`) from the staker that this contract has already checked.
  mapping(address => uint256) public stakerNonce;

  /**
   * @notice Mapping: delegationApprover => 32-byte salt => whether or not the salt has already been used by the delegationApprover.
   * @dev Salts are used in the `delegateTo` and `delegateToBySignature` functions. Note that these functions only process the delegationApprover's
   * signature + the provided salt if the operator being delegated to has specified a nonzero address as their `delegationApprover`.
   */
  mapping(address => mapping(bytes32 => bool)) public delegationApproverSaltIsSpent;

  /**
   * @notice Global minimum withdrawal delay for all strategy withdrawals.
   * In a prior Goerli release, we only had a global min withdrawal delay across all strategies.
   * In addition, we now also configure withdrawal delays on a per-strategy basis.
   * To withdraw from a strategy, max(minWithdrawalDelay, strategyWithdrawalDelay[strategy]) number of timestamp must have passed.
   * See mapping strategyWithdrawalDelay below for per-strategy withdrawal delays.
   */
  uint256 public minWithdrawalDelay;

  /// @notice Mapping: hash of withdrawal inputs, aka 'withdrawalRoot' => whether the withdrawal is pending
  mapping(bytes32 => bool) public pendingWithdrawals;

  /// @notice Mapping: staker => cumulative number of queued withdrawals they have ever initiated.
  /// @dev This only increments (doesn't decrement), and is used to help ensure that otherwise identical withdrawals have unique hashes.
  mapping(address => uint256) public cumulativeWithdrawalsQueued;

  /**
   * @notice Minimum delay enforced by this contract per Strategy for completing queued withdrawals. Measured in timestamp, and adjustable by this contract's owner,
   * up to a maximum of `MAX_WITHDRAWAL_DELAY`. Minimum value is 0 (i.e. no delay enforced).
   */
  mapping(IStrategy => uint256) public strategyWithdrawalDelay;

  /// @notice Wrapped token gateway
  address public wrappedTokenGateway;

  constructor(IStrategyManager _strategyManager, ISlasher _slasher) {
    strategyManager = _strategyManager;
    slasher = _slasher;
  }

  /**
   * @dev This empty reserved space is put in place to allow future versions to add new
   * variables without shifting down storage in the inheritance chain.
   * See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps
   */
  uint256[48] private __gap;
}

// SPDX-License-Identifier: LGPL-3.0
pragma solidity 0.8.20;

import '../interfaces/IStrategyManager.sol';
import '../interfaces/IDelegationManagerV3.sol';
import '../interfaces/ISlasher.sol';

/**
 * @title Storage variables for the `DelegationManager` contract.
 * @notice This storage contract is separate from the logic to simplify the upgrade process.
 */
abstract contract DelegationManagerStorageV3 is IDelegationManagerV3 {
  /// @notice The EIP-712 typehash for the contract's domain
  bytes32 public constant DOMAIN_TYPEHASH = keccak256('EIP712Domain(string name,uint256 chainId,address verifyingContract)');

  /// @notice The EIP-712 typehash for the `StakerDelegation` struct used by the contract
  bytes32 public constant STAKER_DELEGATION_TYPEHASH =
    keccak256('StakerDelegation(address staker,address operator,uint256 nonce,uint256 expiry)');

  /// @notice The EIP-712 typehash for the `DelegationApproval` struct used by the contract
  bytes32 public constant DELEGATION_APPROVAL_TYPEHASH =
    keccak256('DelegationApproval(address delegationApprover,address staker,address operator,bytes32 salt,uint256 expiry)');

  /**
   * @notice Original EIP-712 Domain separator for this contract.
   * @dev The domain separator may change in the event of a fork that modifies the ChainID.
   * Use the getter function `domainSeparator` to get the current domain separator for this contract.
   */
  bytes32 internal _DOMAIN_SEPARATOR;

  /// @notice The StrategyManager contract for Pell
  IStrategyManager public immutable strategyManager;

  /// @notice The Slasher contract for Pell
  ISlasher public immutable slasher;

  // 30 days (60 * 60 * 24 * 30 = 2,592,000)
  uint256 public constant MAX_WITHDRAWAL_DELAY = 2592000;

  /**
   * @notice returns the total number of shares in `strategy` that are delegated to `operator`.
   * @notice Mapping: operator => strategy => total number of shares in the strategy delegated to the operator.
   * @dev By design, the following invariant should hold for each Strategy:
   * (operator's shares in delegation manager) = sum (shares above zero of all stakers delegated to operator)
   * = sum (delegateable shares of all stakers delegated to the operator)
   */
  mapping(address => mapping(IStrategy => uint256)) public operatorShares;

  /**
   * @notice Mapping: operator => OperatorDetails struct
   * @dev This struct is internal with an external getter so we can return an `OperatorDetails memory` object
   */
  mapping(address => OperatorDetails) internal _operatorDetails;

  /**
   * @notice Mapping: staker => operator whom the staker is currently delegated to.
   * @dev Note that returning address(0) indicates that the staker is not actively delegated to any operator.
   */
  mapping(address => address) public delegatedTo;

  /// @notice Mapping: staker => number of signed messages (used in `delegateToBySignature`) from the staker that this contract has already checked.
  mapping(address => uint256) public stakerNonce;

  /**
   * @notice Mapping: delegationApprover => 32-byte salt => whether or not the salt has already been used by the delegationApprover.
   * @dev Salts are used in the `delegateTo` and `delegateToBySignature` functions. Note that these functions only process the delegationApprover's
   * signature + the provided salt if the operator being delegated to has specified a nonzero address as their `delegationApprover`.
   */
  mapping(address => mapping(bytes32 => bool)) public delegationApproverSaltIsSpent;

  /**
   * @notice Global minimum withdrawal delay for all strategy withdrawals.
   * In a prior Goerli release, we only had a global min withdrawal delay across all strategies.
   * In addition, we now also configure withdrawal delays on a per-strategy basis.
   * To withdraw from a strategy, max(minWithdrawalDelay, strategyWithdrawalDelay[strategy]) number of timestamp must have passed.
   * See mapping strategyWithdrawalDelay below for per-strategy withdrawal delays.
   */
  uint256 public minWithdrawalDelay;

  /// @notice Mapping: hash of withdrawal inputs, aka 'withdrawalRoot' => whether the withdrawal is pending
  mapping(bytes32 => bool) public pendingWithdrawals;

  /// @notice Mapping: staker => cumulative number of queued withdrawals they have ever initiated.
  /// @dev This only increments (doesn't decrement), and is used to help ensure that otherwise identical withdrawals have unique hashes.
  mapping(address => uint256) public cumulativeWithdrawalsQueued;

  /**
   * @notice Minimum delay enforced by this contract per Strategy for completing queued withdrawals. Measured in timestamp, and adjustable by this contract's owner,
   * up to a maximum of `MAX_WITHDRAWAL_DELAY`. Minimum value is 0 (i.e. no delay enforced).
   */
  mapping(IStrategy => uint256) public strategyWithdrawalDelay;

  /// @notice Wrapped token gateway
  address public wrappedTokenGateway;

  /// @notice TSS
  ITSSManager public tssManager;

  constructor(IStrategyManager _strategyManager, ISlasher _slasher) {
    strategyManager = _strategyManager;
    slasher = _slasher;
  }

  /**
   * @dev This empty reserved space is put in place to allow future versions to add new
   * variables without shifting down storage in the inheritance chain.
   * See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps
   */
  uint256[47] private __gap;
}

// SPDX-License-Identifier: LGPL-3.0
pragma solidity 0.8.20;

import '@openzeppelin/contracts-upgradeable/proxy/utils/Initializable.sol';
import '@openzeppelin/contracts-upgradeable/access/OwnableUpgradeable.sol';
import '@openzeppelin/contracts-upgradeable/security/ReentrancyGuardUpgradeable.sol';
import '../permissions/Pausable.sol';
import '../libraries/EIP1271SignatureUtils.sol';
import './DelegationManagerStorageV2.sol';

/**
 * @title DelegationManager
 * @notice  This is the contract for delegation in Pell. The main functionalities of this contract are
 * - enabling anyone to register as an operator in Pell
 * - allowing operators to specify parameters related to stakers who delegate to them
 * - enabling any staker to delegate its stake to the operator of its choice (a given staker can only delegate to a single operator at a time)
 * - enabling a staker to undelegate its assets from the operator it is delegated to (performed as part of the withdrawal process, initiated through the StrategyManager)
 */
contract DelegationManagerV2 is Initializable, OwnableUpgradeable, Pausable, DelegationManagerStorageV2, ReentrancyGuardUpgradeable {
  // @dev Index for flag that pauses new delegations when set
  uint8 internal constant PAUSED_NEW_DELEGATION = 0;

  // @dev Index for flag that pauses queuing new withdrawals when set.
  uint8 internal constant PAUSED_ENTER_WITHDRAWAL_QUEUE = 1;

  // @dev Index for flag that pauses completing existing withdrawals when set.
  uint8 internal constant PAUSED_EXIT_WITHDRAWAL_QUEUE = 2;

  // @dev Chain ID at the time of contract deployment
  uint256 internal immutable ORIGINAL_CHAIN_ID;

  // @dev Maximum Value for `stakerOptOutWindow`. Approximately equivalent to 6 months.
  uint256 public constant MAX_STAKER_OPT_OUT_WINDOW = 180 days;

  // @notice Simple permission for functions that are only callable by the StrategyManager contract
  modifier onlyStrategyManager() {
    require(msg.sender == address(strategyManager), 'DelegationManager: onlyStrategyManager');
    _;
  }

  /*******************************************************************************
                            INITIALIZING FUNCTIONS
    *******************************************************************************/

  /**
   * @dev Initializes the immutable addresses of the strategy mananger and slasher.
   */
  constructor(IStrategyManager _strategyManager, ISlasher _slasher) DelegationManagerStorageV2(_strategyManager, _slasher) {
    _disableInitializers();
    ORIGINAL_CHAIN_ID = block.chainid;
  }

  /**
   * @dev Initializes the addresses of the initial owner, pauser registry, and paused status.
   * minWithdrawalDelay is set only once here
   */
  function initialize(
    address initialOwner,
    IPauserRegistry _pauserRegistry,
    uint256 initialPausedStatus,
    uint256 _minWithdrawalDelay,
    IStrategy[] calldata _strategies,
    uint256[] calldata _withdrawalDelay
  ) external initializer {
    _initializePauser(_pauserRegistry, initialPausedStatus);
    _DOMAIN_SEPARATOR = _calculateDomainSeparator();
    __ReentrancyGuard_init();
    _transferOwnership(initialOwner);
    _setMinWithdrawalDelay(_minWithdrawalDelay);
    _setStrategyWithdrawalDelay(_strategies, _withdrawalDelay);
  }

  /*******************************************************************************
                            EXTERNAL FUNCTIONS 
    *******************************************************************************/

  /**
   * @notice Registers the caller as an operator in Pell.
   * @param registeringOperatorDetails is the `OperatorDetails` for the operator.
   * @param metadataURI is a URI for the operator's metadata, i.e. a link providing more details on the operator.
   *
   * @dev Once an operator is registered, they cannot 'deregister' as an operator, and they will forever be considered "delegated to themself".
   * @dev This function will revert if the caller attempts to set their `earningsReceiver` to address(0).
   * @dev Note that the `metadataURI` is *never stored * and is only emitted in the `OperatorMetadataURIUpdated` event
   */
  function registerAsOperator(OperatorDetails calldata registeringOperatorDetails, string calldata metadataURI) external {
    require(
      _operatorDetails[msg.sender].earningsReceiver == address(0),
      'DelegationManager.registerAsOperator: operator has already registered'
    );
    _setOperatorDetails(msg.sender, registeringOperatorDetails);
    SignatureWithExpiry memory emptySignatureAndExpiry;
    // delegate from the operator to themselves
    _delegate(msg.sender, msg.sender, emptySignatureAndExpiry, bytes32(0));
    // emit events
    emit OperatorRegistered(msg.sender, registeringOperatorDetails);
    emit OperatorMetadataURIUpdated(msg.sender, metadataURI);
  }

  /**
   * @notice Updates an operator's stored `OperatorDetails`.
   * @param newOperatorDetails is the updated `OperatorDetails` for the operator, to replace their current OperatorDetails`.
   *
   * @dev The caller must have previously registered as an operator in Pell.
   * @dev This function will revert if the caller attempts to set their `earningsReceiver` to address(0).
   */
  function modifyOperatorDetails(OperatorDetails calldata newOperatorDetails) external {
    require(isOperator(msg.sender), 'DelegationManager.modifyOperatorDetails: caller must be an operator');
    _setOperatorDetails(msg.sender, newOperatorDetails);
  }

  /**
   * @notice Called by an operator to emit an `OperatorMetadataURIUpdated` event indicating the information has updated.
   * @param metadataURI The URI for metadata associated with an operator
   */
  function updateOperatorMetadataURI(string calldata metadataURI) external {
    require(isOperator(msg.sender), 'DelegationManager.updateOperatorMetadataURI: caller must be an operator');
    emit OperatorMetadataURIUpdated(msg.sender, metadataURI);
  }

  /**
   * @notice Caller delegates their stake to an operator.
   * @param operator The account (`msg.sender`) is delegating its assets to for use in serving applications built on Pell.
   * @param approverSignatureAndExpiry Verifies the operator approves of this delegation
   * @param approverSalt A unique single use value tied to an individual signature.
   * @dev The approverSignatureAndExpiry is used in the event that:
   *          1) the operator's `delegationApprover` address is set to a non-zero value.
   *                  AND
   *          2) neither the operator nor their `delegationApprover` is the `msg.sender`, since in the event that the operator
   *             or their delegationApprover is the `msg.sender`, then approval is assumed.
   * @dev In the event that `approverSignatureAndExpiry` is not checked, its content is ignored entirely; it's recommended to use an empty input
   * in this case to save on complexity + gas costs
   */
  function delegateTo(address operator, SignatureWithExpiry memory approverSignatureAndExpiry, bytes32 approverSalt) external {
    // go through the internal delegation flow, checking the `approverSignatureAndExpiry` if applicable
    _delegate(msg.sender, operator, approverSignatureAndExpiry, approverSalt);
  }

  /**
   * @notice Caller delegates a staker's stake to an operator with valid signatures from both parties.
   * @param staker The account delegating stake to an `operator` account
   * @param operator The account (`staker`) is delegating its assets to for use in serving applications built on Pell.
   * @param stakerSignatureAndExpiry Signed data from the staker authorizing delegating stake to an operator
   * @param approverSignatureAndExpiry is a parameter that will be used for verifying that the operator approves of this delegation action in the event that:
   * @param approverSalt Is a salt used to help guarantee signature uniqueness. Each salt can only be used once by a given approver.
   *
   * @dev If `staker` is an EOA, then `stakerSignature` is verified to be a valid ECDSA stakerSignature from `staker`, indicating their intention for this action.
   * @dev If `staker` is a contract, then `stakerSignature` will be checked according to EIP-1271.
   * @dev the operator's `delegationApprover` address is set to a non-zero value.
   * @dev neither the operator nor their `delegationApprover` is the `msg.sender`, since in the event that the operator or their delegationApprover
   * is the `msg.sender`, then approval is assumed.
   * @dev This function will revert if the current `block.timestamp` is equal to or exceeds the expiry
   * @dev In the case that `approverSignatureAndExpiry` is not checked, its content is ignored entirely; it's recommended to use an empty input
   * in this case to save on complexity + gas costs
   */
  function delegateToBySignature(
    address staker,
    address operator,
    SignatureWithExpiry memory stakerSignatureAndExpiry,
    SignatureWithExpiry memory approverSignatureAndExpiry,
    bytes32 approverSalt
  ) external {
    // check the signature expiry
    require(stakerSignatureAndExpiry.expiry >= block.timestamp, 'DelegationManager.delegateToBySignature: staker signature expired');

    // calculate the digest hash, then increment `staker`'s nonce
    uint256 currentStakerNonce = stakerNonce[staker];
    bytes32 stakerDigestHash = calculateStakerDelegationDigestHash(staker, currentStakerNonce, operator, stakerSignatureAndExpiry.expiry);
    unchecked {
      stakerNonce[staker] = currentStakerNonce + 1;
    }

    // actually check that the signature is valid
    EIP1271SignatureUtils.checkSignature_EIP1271(staker, stakerDigestHash, stakerSignatureAndExpiry.signature);

    // go through the internal delegation flow, checking the `approverSignatureAndExpiry` if applicable
    _delegate(staker, operator, approverSignatureAndExpiry, approverSalt);
  }

  /**
   * Allows the staker, the staker's operator, or that operator's delegationApprover to undelegate
   * a staker from their operator. Undelegation immediately removes ALL active shares/strategies from
   * both the staker and operator, and places the shares and strategies in the withdrawal queue
   */
  function undelegate(address staker) external onlyWhenNotPaused(PAUSED_ENTER_WITHDRAWAL_QUEUE) returns (bytes32[] memory withdrawalRoots) {
    require(isDelegated(staker), 'DelegationManager.undelegate: staker must be delegated to undelegate');
    require(!isOperator(staker), 'DelegationManager.undelegate: operators cannot be undelegated');
    require(staker != address(0), 'DelegationManager.undelegate: cannot undelegate zero address');
    address operator = delegatedTo[staker];
    require(
      msg.sender == staker || msg.sender == operator || msg.sender == _operatorDetails[operator].delegationApprover,
      'DelegationManager.undelegate: caller cannot undelegate staker'
    );

    // Gather strategies and shares to remove from staker/operator during undelegation
    // Undelegation removes ALL currently-active strategies and shares
    (IStrategy[] memory strategies, uint256[] memory shares) = getDelegatableShares(staker);

    // emit an event if this action was not initiated by the staker themselves
    if (msg.sender != staker) {
      emit StakerForceUndelegated(staker, operator);
    }

    // undelegate the staker
    emit StakerUndelegated(staker, operator);
    delegatedTo[staker] = address(0);

    // if no delegatable shares, return an empty array, and don't queue a withdrawal
    if (strategies.length == 0) {
      withdrawalRoots = new bytes32[](0);
    } else {
      withdrawalRoots = new bytes32[](strategies.length);
      for (uint256 i = 0; i < strategies.length; i++) {
        IStrategy[] memory singleStrategy = new IStrategy[](1);
        uint256[] memory singleShare = new uint256[](1);
        singleStrategy[0] = strategies[i];
        singleShare[0] = shares[i];

        withdrawalRoots[i] = _removeSharesAndQueueWithdrawal({
          staker: staker,
          operator: operator,
          withdrawer: staker,
          strategies: singleStrategy,
          shares: singleShare
        });
      }
    }

    return withdrawalRoots;
  }

  /**
   * Allows a staker to withdraw some shares. Withdrawn shares/strategies are immediately removed
   * from the staker. If the staker is delegated, withdrawn shares/strategies are also removed from
   * their operator.
   *
   * All withdrawn shares/strategies are placed in a queue and can be fully withdrawn after a delay.
   */
  function queueWithdrawals(
    QueuedWithdrawalParams[] calldata queuedWithdrawalParams
  ) external onlyWhenNotPaused(PAUSED_ENTER_WITHDRAWAL_QUEUE) returns (bytes32[] memory) {
    bytes32[] memory withdrawalRoots = new bytes32[](queuedWithdrawalParams.length);
    address operator = delegatedTo[msg.sender];

    for (uint256 i = 0; i < queuedWithdrawalParams.length; i++) {
      require(
        queuedWithdrawalParams[i].strategies.length == queuedWithdrawalParams[i].shares.length,
        'DelegationManager.queueWithdrawal: input length mismatch'
      );
      require(
        queuedWithdrawalParams[i].withdrawer == msg.sender || queuedWithdrawalParams[i].withdrawer == wrappedTokenGateway,
        'DelegationManager.queueWithdrawal: withdrawer must be staker or wrapped token gateway'
      );

      // Remove shares from staker's strategies and place strategies/shares in queue.
      // If the staker is delegated to an operator, the operator's delegated shares are also reduced
      // NOTE: This will fail if the staker doesn't have the shares implied by the input parameters
      withdrawalRoots[i] = _removeSharesAndQueueWithdrawal({
        staker: msg.sender,
        operator: operator,
        withdrawer: queuedWithdrawalParams[i].withdrawer,
        strategies: queuedWithdrawalParams[i].strategies,
        shares: queuedWithdrawalParams[i].shares
      });
    }
    return withdrawalRoots;
  }

  /**
   * @notice Used to complete the specified `withdrawal`. The caller must match `withdrawal.withdrawer`
   * @param withdrawal The Withdrawal to complete.
   * @param tokens Array in which the i-th entry specifies the `token` input to the 'withdraw' function of the i-th Strategy in the `withdrawal.strategies` array.
   * This input can be provided with zero length if `receiveAsTokens` is set to 'false' (since in that case, this input will be unused)
   * @param middlewareTimesIndex is the index in the operator that the staker who triggered the withdrawal was delegated to's middleware times array
   * @param receiveAsTokens If true, the shares specified in the withdrawal will be withdrawn from the specified strategies themselves
   * and sent to the caller, through calls to `withdrawal.strategies[i].withdraw`. If false, then the shares in the specified strategies
   * will simply be transferred to the caller directly.
   * @dev middlewareTimesIndex is unused, but will be used in the Slasher eventually
   * @dev beaconChainETHStrategy shares are non-transferrable, so if `receiveAsTokens = false` and `withdrawal.withdrawer != withdrawal.staker`, note that
   * any beaconChainETHStrategy shares in the `withdrawal` will be _returned to the staker_, rather than transferred to the withdrawer, unlike shares in
   * any other strategies, which will be transferred to the withdrawer.
   */
  function completeQueuedWithdrawal(
    Withdrawal calldata withdrawal,
    IERC20[] calldata tokens,
    uint256 middlewareTimesIndex,
    bool receiveAsTokens
  ) external onlyWhenNotPaused(PAUSED_EXIT_WITHDRAWAL_QUEUE) nonReentrant {
    _completeQueuedWithdrawal(withdrawal, tokens, middlewareTimesIndex, receiveAsTokens);
  }

  /**
   * @notice Array-ified version of `completeQueuedWithdrawal`.
   * Used to complete the specified `withdrawals`. The function caller must match `withdrawals[...].withdrawer`
   * @param withdrawals The Withdrawals to complete.
   * @param tokens Array of tokens for each Withdrawal. See `completeQueuedWithdrawal` for the usage of a single array.
   * @param middlewareTimesIndexes One index to reference per Withdrawal. See `completeQueuedWithdrawal` for the usage of a single index.
   * @param receiveAsTokens Whether or not to complete each withdrawal as tokens. See `completeQueuedWithdrawal` for the usage of a single boolean.
   * @dev See `completeQueuedWithdrawal` for relevant dev tags
   */
  function completeQueuedWithdrawals(
    Withdrawal[] calldata withdrawals,
    IERC20[][] calldata tokens,
    uint256[] calldata middlewareTimesIndexes,
    bool[] calldata receiveAsTokens
  ) external onlyWhenNotPaused(PAUSED_EXIT_WITHDRAWAL_QUEUE) nonReentrant {
    for (uint256 i = 0; i < withdrawals.length; ++i) {
      _completeQueuedWithdrawal(withdrawals[i], tokens[i], middlewareTimesIndexes[i], receiveAsTokens[i]);
    }
  }

  /**
   * @notice Increases a staker's delegated share balance in a strategy.
   * @param staker The address to increase the delegated shares for their operator.
   * @param strategy The strategy in which to increase the delegated shares.
   * @param shares The number of shares to increase.
   *
   * @dev *If the staker is actively delegated*, then increases the `staker`'s delegated shares in `strategy` by `shares`. Otherwise does nothing.
   * @dev Callable only by the StrategyManager.
   */
  function increaseDelegatedShares(address staker, IStrategy strategy, uint256 shares) external onlyStrategyManager {
    // if the staker is delegated to an operator
    if (isDelegated(staker)) {
      address operator = delegatedTo[staker];

      // add strategy shares to delegate's shares
      _increaseOperatorShares({operator: operator, staker: staker, strategy: strategy, shares: shares});
    }
  }

  /**
   * @notice Decreases a staker's delegated share balance in a strategy.
   * @param staker The address to increase the delegated shares for their operator.
   * @param strategy The strategy in which to decrease the delegated shares.
   * @param shares The number of shares to decrease.
   *
   * @dev *If the staker is actively delegated*, then decreases the `staker`'s delegated shares in `strategy` by `shares`. Otherwise does nothing.
   * @dev Callable only by the StrategyManager or EigenPodManager.
   */
  function decreaseDelegatedShares(address staker, IStrategy strategy, uint256 shares) external onlyStrategyManager {
    // if the staker is delegated to an operator
    if (isDelegated(staker)) {
      address operator = delegatedTo[staker];

      // subtract strategy shares from delegate's shares
      _decreaseOperatorShares({operator: operator, staker: staker, strategy: strategy, shares: shares});
    }
  }

  /**
   * @notice Owner-only function for modifying the value of the `minWithdrawalDelay` variable.
   * @param newMinWithdrawalDelay new value of `minWithdrawalDelay`.
   */
  function setMinWithdrawalDelay(uint256 newMinWithdrawalDelay) external onlyOwner {
    _setMinWithdrawalDelay(newMinWithdrawalDelay);
  }

  /**
   * @notice Called by owner to set the minimum withdrawal delay for each passed in strategy
   * Note that the min cooldown to complete a withdrawal of a strategy is
   * MAX(minWithdrawalDelay, strategyWithdrawalDelay[strategy])
   * @param strategies The strategies to set the minimum withdrawal delay for
   * @param withdrawalDelay The minimum withdrawal delay to set for each strategy
   */
  function setStrategyWithdrawalDelay(IStrategy[] calldata strategies, uint256[] calldata withdrawalDelay) external onlyOwner {
    _setStrategyWithdrawalDelay(strategies, withdrawalDelay);
  }

  /**
   * @notice Called by owner to update the wrapped token gateway
   * @param _newWrappedTokenGateway New wrapped token gateway address
   */
  function updateWrappedTokenGateway(address _newWrappedTokenGateway) external onlyOwner {
    emit UpdateWrappedTokenGateway(wrappedTokenGateway, _newWrappedTokenGateway);
    wrappedTokenGateway = _newWrappedTokenGateway;
  }

  /*******************************************************************************
                            INTERNAL FUNCTIONS
    *******************************************************************************/

  /**
   * @notice Sets operator parameters in the `_operatorDetails` mapping.
   * @param operator The account registered as an operator updating their operatorDetails
   * @param newOperatorDetails The new parameters for the operator
   *
   * @dev This function will revert if the operator attempts to set their `earningsReceiver` to address(0).
   */
  function _setOperatorDetails(address operator, OperatorDetails calldata newOperatorDetails) internal {
    require(
      newOperatorDetails.earningsReceiver != address(0),
      'DelegationManager._setOperatorDetails: cannot set `earningsReceiver` to zero address'
    );
    require(
      newOperatorDetails.stakerOptOutWindow <= MAX_STAKER_OPT_OUT_WINDOW,
      'DelegationManager._setOperatorDetails: stakerOptOutWindow cannot be > MAX_STAKER_OPT_OUT_WINDOW'
    );
    require(
      newOperatorDetails.stakerOptOutWindow >= _operatorDetails[operator].stakerOptOutWindow,
      'DelegationManager._setOperatorDetails: stakerOptOutWindow cannot be decreased'
    );
    _operatorDetails[operator] = newOperatorDetails;
    emit OperatorDetailsModified(msg.sender, newOperatorDetails);
  }

  /**
   * @notice Delegates *from* a `staker` *to* an `operator`.
   * @param staker The address to delegate *from* -- this address is delegating control of its own assets.
   * @param operator The address to delegate *to* -- this address is being given power to place the `staker`'s assets at risk on services
   * @param approverSignatureAndExpiry Verifies the operator approves of this delegation
   * @param approverSalt Is a salt used to help guarantee signature uniqueness. Each salt can only be used once by a given approver.
   * @dev Ensures that:
   *          1) the `staker` is not already delegated to an operator
   *          2) the `operator` has indeed registered as an operator in Pell
   *          3) if applicable, that the approver signature is valid and non-expired
   */
  function _delegate(
    address staker,
    address operator,
    SignatureWithExpiry memory approverSignatureAndExpiry,
    bytes32 approverSalt
  ) internal onlyWhenNotPaused(PAUSED_NEW_DELEGATION) {
    require(!isDelegated(staker), 'DelegationManager._delegate: staker is already actively delegated');
    require(isOperator(operator), 'DelegationManager._delegate: operator is not registered in Pell');

    // fetch the operator's `delegationApprover` address and store it in memory in case we need to use it multiple times
    address _delegationApprover = _operatorDetails[operator].delegationApprover;
    /**
     * Check the `_delegationApprover`'s signature, if applicable.
     * If the `_delegationApprover` is the zero address, then the operator allows all stakers to delegate to them and this verification is skipped.
     * If the `_delegationApprover` or the `operator` themselves is the caller, then approval is assumed and signature verification is skipped as well.
     */
    if (_delegationApprover != address(0) && msg.sender != _delegationApprover && msg.sender != operator) {
      // check the signature expiry
      require(approverSignatureAndExpiry.expiry >= block.timestamp, 'DelegationManager._delegate: approver signature expired');
      // check that the salt hasn't been used previously, then mark the salt as spent
      require(!delegationApproverSaltIsSpent[_delegationApprover][approverSalt], 'DelegationManager._delegate: approverSalt already spent');
      delegationApproverSaltIsSpent[_delegationApprover][approverSalt] = true;

      // calculate the digest hash
      bytes32 approverDigestHash = calculateDelegationApprovalDigestHash(
        staker,
        operator,
        _delegationApprover,
        approverSalt,
        approverSignatureAndExpiry.expiry
      );

      // actually check that the signature is valid
      EIP1271SignatureUtils.checkSignature_EIP1271(_delegationApprover, approverDigestHash, approverSignatureAndExpiry.signature);
    }

    // record the delegation relation between the staker and operator, and emit an event
    delegatedTo[staker] = operator;
    emit StakerDelegated(staker, operator);

    (IStrategy[] memory strategies, uint256[] memory shares) = getDelegatableShares(staker);

    for (uint256 i = 0; i < strategies.length; ) {
      _increaseOperatorShares({operator: operator, staker: staker, strategy: strategies[i], shares: shares[i]});

      unchecked {
        ++i;
      }
    }
  }

  /**
   * @dev commented-out param (middlewareTimesIndex) is the index in the operator that the staker who triggered the withdrawal was delegated to's middleware times array
   * This param is intended to be passed on to the Slasher contract, but is unused in the M2 release of these contracts, and is thus commented-out.
   */
  function _completeQueuedWithdrawal(
    Withdrawal calldata withdrawal,
    IERC20[] calldata tokens,
    uint256 /*middlewareTimesIndex*/,
    bool receiveAsTokens
  ) internal {
    bytes32 withdrawalRoot = calculateWithdrawalRoot(withdrawal);

    require(pendingWithdrawals[withdrawalRoot], 'DelegationManager._completeQueuedWithdrawal: action is not in queue');

    require(
      withdrawal.startTimestamp + minWithdrawalDelay <= block.timestamp,
      'DelegationManager._completeQueuedWithdrawal: minWithdrawalDelay period has not yet passed'
    );

    require(msg.sender == withdrawal.withdrawer, 'DelegationManager._completeQueuedWithdrawal: only withdrawer can complete action');

    if (receiveAsTokens) {
      require(tokens.length == withdrawal.strategies.length, 'DelegationManager._completeQueuedWithdrawal: input length mismatch');
    }

    // Remove `withdrawalRoot` from pending roots
    delete pendingWithdrawals[withdrawalRoot];

    // Finalize action by converting shares to tokens for each strategy, or
    // by re-awarding shares in each strategy.
    if (receiveAsTokens) {
      for (uint256 i = 0; i < withdrawal.strategies.length; ) {
        require(
          withdrawal.startTimestamp + strategyWithdrawalDelay[withdrawal.strategies[i]] <= block.timestamp,
          'DelegationManager._completeQueuedWithdrawal: withdrawalDelay period has not yet passed for this strategy'
        );

        _withdrawSharesAsTokens({
          staker: withdrawal.staker,
          withdrawer: msg.sender,
          strategy: withdrawal.strategies[i],
          shares: withdrawal.shares[i],
          token: tokens[i]
        });
        unchecked {
          ++i;
        }
      }
      // Award shares back in StrategyManager/EigenPodManager. If withdrawer is delegated, increase the shares delegated to the operator
    } else {
      address currentOperator = delegatedTo[msg.sender];
      for (uint256 i = 0; i < withdrawal.strategies.length; ) {
        require(
          withdrawal.startTimestamp + strategyWithdrawalDelay[withdrawal.strategies[i]] <= block.timestamp,
          'DelegationManager._completeQueuedWithdrawal: withdrawalDelay period has not yet passed for this strategy'
        );

        strategyManager.addShares(msg.sender, tokens[i], withdrawal.strategies[i], withdrawal.shares[i]);
        // Similar to `isDelegated` logic
        if (currentOperator != address(0)) {
          _increaseOperatorShares({
            operator: currentOperator,
            // the 'staker' here is the address receiving new shares
            staker: msg.sender,
            strategy: withdrawal.strategies[i],
            shares: withdrawal.shares[i]
          });
        }

        unchecked {
          ++i;
        }
      }
    }

    emit WithdrawalCompleted(withdrawalRoot);
  }

  // @notice Increases `operator`s delegated shares in `strategy` by `shares` and emits an `OperatorSharesIncreased` event
  function _increaseOperatorShares(address operator, address staker, IStrategy strategy, uint256 shares) internal {
    operatorShares[operator][strategy] += shares;
    emit OperatorSharesIncreased(operator, staker, strategy, shares);
  }

  // @notice Decreases `operator`s delegated shares in `strategy` by `shares` and emits an `OperatorSharesDecreased` event
  function _decreaseOperatorShares(address operator, address staker, IStrategy strategy, uint256 shares) internal {
    // This will revert on underflow, so no check needed
    operatorShares[operator][strategy] -= shares;
    emit OperatorSharesDecreased(operator, staker, strategy, shares);
  }

  /**
   * @notice Removes `shares` in `strategies` from `staker` who is currently delegated to `operator` and queues a withdrawal to the `withdrawer`.
   * @dev If the `operator` is indeed an operator, then the operator's delegated shares in the `strategies` are also decreased appropriately.
   * @dev If `withdrawer` is not the same address as `staker`, then thirdPartyTransfersForbidden[strategy] must be set to false in the StrategyManager.
   */
  function _removeSharesAndQueueWithdrawal(
    address staker,
    address operator,
    address withdrawer,
    IStrategy[] memory strategies,
    uint256[] memory shares
  ) internal returns (bytes32) {
    require(staker != address(0), 'DelegationManager._removeSharesAndQueueWithdrawal: staker cannot be zero address');
    require(strategies.length != 0, 'DelegationManager._removeSharesAndQueueWithdrawal: strategies cannot be empty');

    // Remove shares from staker and operator
    // Each of these operations fail if we attempt to remove more shares than exist
    for (uint256 i = 0; i < strategies.length; ) {
      // Similar to `isDelegated` logic
      if (operator != address(0)) {
        _decreaseOperatorShares({operator: operator, staker: staker, strategy: strategies[i], shares: shares[i]});
      }

      require(
        staker == withdrawer || !strategyManager.thirdPartyTransfersForbidden(strategies[i]),
        'DelegationManager._removeSharesAndQueueWithdrawal: withdrawer must be same address as staker if thirdPartyTransfersForbidden are set'
      );
      // this call will revert if `shares[i]` exceeds the Staker's current shares in `strategies[i]`
      strategyManager.removeShares(staker, strategies[i], shares[i]);

      unchecked {
        ++i;
      }
    }

    // Create queue entry and increment withdrawal nonce
    uint256 nonce = cumulativeWithdrawalsQueued[staker];
    cumulativeWithdrawalsQueued[staker]++;

    Withdrawal memory withdrawal = Withdrawal({
      staker: staker,
      delegatedTo: operator,
      withdrawer: withdrawer,
      nonce: nonce,
      startTimestamp: uint32(block.timestamp),
      strategies: strategies,
      shares: shares
    });

    bytes32 withdrawalRoot = calculateWithdrawalRoot(withdrawal);

    // Place withdrawal in queue
    pendingWithdrawals[withdrawalRoot] = true;

    emit WithdrawalQueued(withdrawalRoot, withdrawal);
    return withdrawalRoot;
  }

  /**
   * @notice Withdraws `shares` in `strategy` to `withdrawer`. Call is ultimately forwarded to the `strategy` with info on the `token`.
   */
  function _withdrawSharesAsTokens(address staker, address withdrawer, IStrategy strategy, uint256 shares, IERC20 token) internal {
    strategyManager.withdrawSharesAsTokens(withdrawer, strategy, shares, token);
  }

  function _setMinWithdrawalDelay(uint256 _minWithdrawalDelay) internal {
    require(
      _minWithdrawalDelay <= MAX_WITHDRAWAL_DELAY,
      'DelegationManager._setMinWithdrawalDelay: _minWithdrawalDelay cannot be > MAX_WITHDRAWAL_DELAY'
    );
    emit MinWithdrawalDelaySet(minWithdrawalDelay, _minWithdrawalDelay);
    minWithdrawalDelay = _minWithdrawalDelay;
  }

  /**
   * @notice Sets the withdrawal delay for each strategy in `_strategies` to `_withdrawalDelay`.
   * gets called when initializing contract or by calling `setStrategyWithdrawalDelay`
   */
  function _setStrategyWithdrawalDelay(IStrategy[] calldata _strategies, uint256[] calldata _withdrawalDelay) internal {
    require(_strategies.length == _withdrawalDelay.length, 'DelegationManager._setStrategyWithdrawalDelay: input length mismatch');
    uint256 numStrats = _strategies.length;
    for (uint256 i = 0; i < numStrats; ++i) {
      IStrategy strategy = _strategies[i];
      uint256 prevStrategyWithdrawalDelay = strategyWithdrawalDelay[strategy];
      uint256 newStrategyWithdrawalDelay = _withdrawalDelay[i];
      require(
        newStrategyWithdrawalDelay <= MAX_WITHDRAWAL_DELAY,
        'DelegationManager._setStrategyWithdrawalDelay: _withdrawalDelay cannot be > MAX_WITHDRAWAL_DELAY'
      );

      // set the new withdrawal delay
      strategyWithdrawalDelay[strategy] = newStrategyWithdrawalDelay;
      emit StrategyWithdrawalDelaySet(strategy, prevStrategyWithdrawalDelay, newStrategyWithdrawalDelay);
    }
  }

  /*******************************************************************************
                            VIEW FUNCTIONS
    *******************************************************************************/

  /**
   * @notice Getter function for the current EIP-712 domain separator for this contract.
   *
   * @dev The domain separator will change in the event of a fork that changes the ChainID.
   * @dev By introducing a domain separator the DApp developers are guaranteed that there can be no signature collision.
   * for more detailed information please read EIP-712.
   */
  function domainSeparator() public view returns (bytes32) {
    if (block.chainid == ORIGINAL_CHAIN_ID) {
      return _DOMAIN_SEPARATOR;
    } else {
      return _calculateDomainSeparator();
    }
  }

  /**
   * @notice Returns 'true' if `staker` *is* actively delegated, and 'false' otherwise.
   */
  function isDelegated(address staker) public view returns (bool) {
    return (delegatedTo[staker] != address(0));
  }

  /**
   * @notice Returns true is an operator has previously registered for delegation.
   */
  function isOperator(address operator) public view returns (bool) {
    return (_operatorDetails[operator].earningsReceiver != address(0));
  }

  /**
   * @notice Returns the OperatorDetails struct associated with an `operator`.
   */
  function operatorDetails(address operator) external view returns (OperatorDetails memory) {
    return _operatorDetails[operator];
  }

  /*
   * @notice Returns the earnings receiver address for an operator
   */
  function earningsReceiver(address operator) external view returns (address) {
    return _operatorDetails[operator].earningsReceiver;
  }

  /**
   * @notice Returns the delegationApprover account for an operator
   */
  function delegationApprover(address operator) external view returns (address) {
    return _operatorDetails[operator].delegationApprover;
  }

  /**
   * @notice Returns the stakerOptOutWindow for an operator
   */
  function stakerOptOutWindow(address operator) external view returns (uint256) {
    return _operatorDetails[operator].stakerOptOutWindow;
  }

  /// @notice Given array of strategies, returns array of shares for the operator
  function getOperatorShares(address operator, IStrategy[] memory strategies) public view returns (uint256[] memory) {
    uint256[] memory shares = new uint256[](strategies.length);
    for (uint256 i = 0; i < strategies.length; ++i) {
      shares[i] = operatorShares[operator][strategies[i]];
    }
    return shares;
  }

  /**
   * @notice Returns the number of actively-delegatable shares a staker has across all strategies.
   * @dev Returns two empty arrays in the case that the Staker has no actively-delegateable shares.
   */
  function getDelegatableShares(address staker) public view returns (IStrategy[] memory, uint256[] memory) {
    // Get currently active shares and strategies for `staker`
    (IStrategy[] memory strategyManagerStrats, uint256[] memory strategyManagerShares) = strategyManager.getDeposits(staker);
    return (strategyManagerStrats, strategyManagerShares);
  }

  /**
   * @notice Given a list of strategies, return the minimum cooldown that must pass to withdraw
   * from all the inputted strategies. Return value is >= minWithdrawalDelay as this is the global min withdrawal delay.
   * @param strategies The strategies to check withdrawal delays for
   */
  function getWithdrawalDelay(IStrategy[] calldata strategies) public view returns (uint256) {
    uint256 withdrawalDelay = minWithdrawalDelay;
    for (uint256 i = 0; i < strategies.length; ++i) {
      uint256 currWithdrawalDelay = strategyWithdrawalDelay[strategies[i]];
      if (currWithdrawalDelay > withdrawalDelay) {
        withdrawalDelay = currWithdrawalDelay;
      }
    }
    return withdrawalDelay;
  }

  /// @notice Returns the keccak256 hash of `withdrawal`.
  function calculateWithdrawalRoot(Withdrawal memory withdrawal) public pure returns (bytes32) {
    return keccak256(abi.encode(withdrawal));
  }

  /**
   * @notice Calculates the digestHash for a `staker` to sign to delegate to an `operator`
   * @param staker The signing staker
   * @param operator The operator who is being delegated to
   * @param expiry The desired expiry time of the staker's signature
   */
  function calculateCurrentStakerDelegationDigestHash(address staker, address operator, uint256 expiry) external view returns (bytes32) {
    // fetch the staker's current nonce
    uint256 currentStakerNonce = stakerNonce[staker];
    // calculate the digest hash
    return calculateStakerDelegationDigestHash(staker, currentStakerNonce, operator, expiry);
  }

  /**
   * @notice Calculates the digest hash to be signed and used in the `delegateToBySignature` function
   * @param staker The signing staker
   * @param _stakerNonce The nonce of the staker. In practice we use the staker's current nonce, stored at `stakerNonce[staker]`
   * @param operator The operator who is being delegated to
   * @param expiry The desired expiry time of the staker's signature
   */
  function calculateStakerDelegationDigestHash(
    address staker,
    uint256 _stakerNonce,
    address operator,
    uint256 expiry
  ) public view returns (bytes32) {
    // calculate the struct hash
    bytes32 stakerStructHash = keccak256(abi.encode(STAKER_DELEGATION_TYPEHASH, staker, operator, _stakerNonce, expiry));
    // calculate the digest hash
    bytes32 stakerDigestHash = keccak256(abi.encodePacked('\x19\x01', domainSeparator(), stakerStructHash));
    return stakerDigestHash;
  }

  /**
   * @notice Calculates the digest hash to be signed by the operator's delegationApprove and used in the `delegateTo` and `delegateToBySignature` functions.
   * @param staker The account delegating their stake
   * @param operator The account receiving delegated stake
   * @param _delegationApprover the operator's `delegationApprover` who will be signing the delegationHash (in general)
   * @param approverSalt A unique and single use value associated with the approver signature.
   * @param expiry Time after which the approver's signature becomes invalid
   */
  function calculateDelegationApprovalDigestHash(
    address staker,
    address operator,
    address _delegationApprover,
    bytes32 approverSalt,
    uint256 expiry
  ) public view returns (bytes32) {
    // calculate the struct hash
    bytes32 approverStructHash = keccak256(
      abi.encode(DELEGATION_APPROVAL_TYPEHASH, _delegationApprover, staker, operator, approverSalt, expiry)
    );
    // calculate the digest hash
    bytes32 approverDigestHash = keccak256(abi.encodePacked('\x19\x01', domainSeparator(), approverStructHash));
    return approverDigestHash;
  }

  /**
   * @dev Recalculates the domain separator when the chainid changes due to a fork.
   */
  function _calculateDomainSeparator() internal view returns (bytes32) {
    return keccak256(abi.encode(DOMAIN_TYPEHASH, keccak256(bytes('Pell')), block.chainid, address(this)));
  }
}

// SPDX-License-Identifier: LGPL-3.0
pragma solidity 0.8.20;

import '@openzeppelin/contracts-upgradeable/proxy/utils/Initializable.sol';
import '@openzeppelin/contracts-upgradeable/access/OwnableUpgradeable.sol';
import '@openzeppelin/contracts-upgradeable/security/ReentrancyGuardUpgradeable.sol';
import '../permissions/Pausable.sol';
import '../libraries/EIP1271SignatureUtils.sol';
import './DelegationManagerStorageV3.sol';

/**
 * @title DelegationManager
 * @notice  This is the contract for delegation in Pell. The main functionalities of this contract are
 * - enabling anyone to register as an operator in Pell
 * - allowing operators to specify parameters related to stakers who delegate to them
 * - enabling any staker to delegate its stake to the operator of its choice (a given staker can only delegate to a single operator at a time)
 * - enabling a staker to undelegate its assets from the operator it is delegated to (performed as part of the withdrawal process, initiated through the StrategyManager)
 */
contract DelegationManagerV3 is Initializable, OwnableUpgradeable, Pausable, DelegationManagerStorageV3, ReentrancyGuardUpgradeable {
  // @dev Index for flag that pauses new delegations when set
  uint8 internal constant PAUSED_NEW_DELEGATION = 0;

  // @dev Index for flag that pauses queuing new withdrawals when set.
  uint8 internal constant PAUSED_ENTER_WITHDRAWAL_QUEUE = 1;

  // @dev Index for flag that pauses completing existing withdrawals when set.
  uint8 internal constant PAUSED_EXIT_WITHDRAWAL_QUEUE = 2;

  // @dev Chain ID at the time of contract deployment
  uint256 internal immutable ORIGINAL_CHAIN_ID;

  // @dev Maximum Value for `stakerOptOutWindow`. Approximately equivalent to 6 months.
  uint256 public constant MAX_STAKER_OPT_OUT_WINDOW = 180 days;

  // @notice Simple permission for functions that are only callable by the StrategyManager contract
  modifier onlyStrategyManager() {
    require(msg.sender == address(strategyManager), 'DelegationManager: onlyStrategyManager');
    _;
  }

  // @notice Simple permission for functions that are only callable by the StrategyManager contract
  modifier onlyTSSManager() {
    require(tssManager.isTSSNode(msg.sender), 'DelegationManager: onlyTSSManager');
    _;
  }

  /*******************************************************************************
                            INITIALIZING FUNCTIONS
    *******************************************************************************/

  /**
   * @dev Initializes the immutable addresses of the strategy mananger and slasher.
   */
  constructor(IStrategyManager _strategyManager, ISlasher _slasher) DelegationManagerStorageV3(_strategyManager, _slasher) {
    _disableInitializers();
    ORIGINAL_CHAIN_ID = block.chainid;
  }

  /**
   * @dev Initializes the addresses of the initial owner, pauser registry, and paused status.
   * minWithdrawalDelay is set only once here
   */
  function initialize(
    address initialOwner,
    IPauserRegistry _pauserRegistry,
    uint256 initialPausedStatus,
    uint256 _minWithdrawalDelay,
    IStrategy[] calldata _strategies,
    uint256[] calldata _withdrawalDelay
  ) external initializer {
    _initializePauser(_pauserRegistry, initialPausedStatus);
    _DOMAIN_SEPARATOR = _calculateDomainSeparator();
    __ReentrancyGuard_init();
    _transferOwnership(initialOwner);
    _setMinWithdrawalDelay(_minWithdrawalDelay);
    _setStrategyWithdrawalDelay(_strategies, _withdrawalDelay);
  }

  /*******************************************************************************
                            EXTERNAL FUNCTIONS 
    *******************************************************************************/

  /**
   * @notice Registers the caller as an operator in Pell.
   * @param registeringOperatorDetails is the `OperatorDetails` for the operator.
   * @param metadataURI is a URI for the operator's metadata, i.e. a link providing more details on the operator.
   *
   * @dev Once an operator is registered, they cannot 'deregister' as an operator, and they will forever be considered "delegated to themself".
   * @dev This function will revert if the caller attempts to set their `earningsReceiver` to address(0).
   * @dev Note that the `metadataURI` is *never stored * and is only emitted in the `OperatorMetadataURIUpdated` event
   */
  function syncRegisterAsOperator(
    address operator,
    OperatorDetails calldata registeringOperatorDetails,
    string calldata metadataURI
  ) external onlyTSSManager {
    require(!isDelegated(operator), 'DelegationManager.registerAsOperator: caller is already actively delegated');
    _setOperatorDetails(operator, registeringOperatorDetails);
    SignatureWithExpiry memory emptySignatureAndExpiry;
    // delegate from the operator to themselves
    _delegate(operator, operator, emptySignatureAndExpiry, bytes32(0));
    // emit events
    emit OperatorRegistered(operator, registeringOperatorDetails);
    emit OperatorMetadataURIUpdated(operator, metadataURI);
  }

  /**
   * @notice Updates an operator's stored `OperatorDetails`.
   * @param newOperatorDetails is the updated `OperatorDetails` for the operator, to replace their current OperatorDetails`.
   *
   * @dev The caller must have previously registered as an operator in Pell.
   * @dev This function will revert if the caller attempts to set their `earningsReceiver` to address(0).
   */
  function syncModifyOperatorDetails(address operator, OperatorDetails calldata newOperatorDetails) external onlyTSSManager {
    require(isOperator(operator), 'DelegationManager.modifyOperatorDetails: caller must be an operator');
    _setOperatorDetails(operator, newOperatorDetails);
  }

  /**
   * @notice Caller delegates their stake to an operator.
   * @param operator The account (`msg.sender`) is delegating its assets to for use in serving applications built on Pell.
   * @param approverSignatureAndExpiry Verifies the operator approves of this delegation
   * @param approverSalt A unique single use value tied to an individual signature.
   * @dev The approverSignatureAndExpiry is used in the event that:
   *          1) the operator's `delegationApprover` address is set to a non-zero value.
   *                  AND
   *          2) neither the operator nor their `delegationApprover` is the `msg.sender`, since in the event that the operator
   *             or their delegationApprover is the `msg.sender`, then approval is assumed.
   * @dev In the event that `approverSignatureAndExpiry` is not checked, its content is ignored entirely; it's recommended to use an empty input
   * in this case to save on complexity + gas costs
   */
  function delegateTo(address operator, SignatureWithExpiry memory approverSignatureAndExpiry, bytes32 approverSalt) external {
    require(!isDelegated(msg.sender), 'DelegationManager._delegate: staker is already actively delegated');
    require(isOperator(operator), 'DelegationManager._delegate: operator is not registered in Pell');
    // go through the internal delegation flow, checking the `approverSignatureAndExpiry` if applicable
    _delegate(msg.sender, operator, approverSignatureAndExpiry, approverSalt);
  }

  /**
   * @notice Caller delegates a staker's stake to an operator with valid signatures from both parties.
   * @param staker The account delegating stake to an `operator` account
   * @param operator The account (`staker`) is delegating its assets to for use in serving applications built on Pell.
   * @param stakerSignatureAndExpiry Signed data from the staker authorizing delegating stake to an operator
   * @param approverSignatureAndExpiry is a parameter that will be used for verifying that the operator approves of this delegation action in the event that:
   * @param approverSalt Is a salt used to help guarantee signature uniqueness. Each salt can only be used once by a given approver.
   *
   * @dev If `staker` is an EOA, then `stakerSignature` is verified to be a valid ECDSA stakerSignature from `staker`, indicating their intention for this action.
   * @dev If `staker` is a contract, then `stakerSignature` will be checked according to EIP-1271.
   * @dev the operator's `delegationApprover` address is set to a non-zero value.
   * @dev neither the operator nor their `delegationApprover` is the `msg.sender`, since in the event that the operator or their delegationApprover
   * is the `msg.sender`, then approval is assumed.
   * @dev This function will revert if the current `block.timestamp` is equal to or exceeds the expiry
   * @dev In the case that `approverSignatureAndExpiry` is not checked, its content is ignored entirely; it's recommended to use an empty input
   * in this case to save on complexity + gas costs
   */
  function delegateToBySignature(
    address staker,
    address operator,
    SignatureWithExpiry memory stakerSignatureAndExpiry,
    SignatureWithExpiry memory approverSignatureAndExpiry,
    bytes32 approverSalt
  ) external {
    require(!isDelegated(staker), 'DelegationManager._delegate: staker is already actively delegated');
    require(isOperator(operator), 'DelegationManager._delegate: operator is not registered in Pell');
    // check the signature expiry
    require(stakerSignatureAndExpiry.expiry >= block.timestamp, 'DelegationManager.delegateToBySignature: staker signature expired');

    // calculate the digest hash, then increment `staker`'s nonce
    uint256 currentStakerNonce = stakerNonce[staker];
    bytes32 stakerDigestHash = calculateStakerDelegationDigestHash(staker, currentStakerNonce, operator, stakerSignatureAndExpiry.expiry);
    unchecked {
      stakerNonce[staker] = currentStakerNonce + 1;
    }

    // actually check that the signature is valid
    EIP1271SignatureUtils.checkSignature_EIP1271(staker, stakerDigestHash, stakerSignatureAndExpiry.signature);

    // go through the internal delegation flow, checking the `approverSignatureAndExpiry` if applicable
    _delegate(staker, operator, approverSignatureAndExpiry, approverSalt);
  }

  /**
   * Allows the staker, the staker's operator, or that operator's delegationApprover to undelegate
   * a staker from their operator. Undelegation immediately removes ALL active shares/strategies from
   * both the staker and operator, and places the shares and strategies in the withdrawal queue
   */
  function undelegate(address staker) external onlyWhenNotPaused(PAUSED_ENTER_WITHDRAWAL_QUEUE) returns (bytes32[] memory withdrawalRoots) {
    require(isDelegated(staker), 'DelegationManager.undelegate: staker must be delegated to undelegate');
    require(!isOperator(staker), 'DelegationManager.undelegate: operators cannot be undelegated');
    require(staker != address(0), 'DelegationManager.undelegate: cannot undelegate zero address');
    address operator = delegatedTo[staker];
    require(
      msg.sender == staker || msg.sender == operator || msg.sender == _operatorDetails[operator].delegationApprover,
      'DelegationManager.undelegate: caller cannot undelegate staker'
    );

    // Gather strategies and shares to remove from staker/operator during undelegation
    // Undelegation removes ALL currently-active strategies and shares
    (IStrategy[] memory strategies, uint256[] memory shares) = getDelegatableShares(staker);

    // emit an event if this action was not initiated by the staker themselves
    if (msg.sender != staker) {
      emit StakerForceUndelegated(staker, operator);
    }

    // undelegate the staker
    emit StakerUndelegated(staker, operator);
    delegatedTo[staker] = address(0);

    // if no delegatable shares, return an empty array, and don't queue a withdrawal
    if (strategies.length == 0) {
      withdrawalRoots = new bytes32[](0);
    } else {
      withdrawalRoots = new bytes32[](strategies.length);
      for (uint256 i = 0; i < strategies.length; i++) {
        IStrategy[] memory singleStrategy = new IStrategy[](1);
        uint256[] memory singleShare = new uint256[](1);
        singleStrategy[0] = strategies[i];
        singleShare[0] = shares[i];

        withdrawalRoots[i] = _removeSharesAndQueueWithdrawal({
          staker: staker,
          operator: operator,
          withdrawer: staker,
          strategies: singleStrategy,
          shares: singleShare
        });
      }
    }

    return withdrawalRoots;
  }

  /**
   * Allows a staker to withdraw some shares. Withdrawn shares/strategies are immediately removed
   * from the staker. If the staker is delegated, withdrawn shares/strategies are also removed from
   * their operator.
   *
   * All withdrawn shares/strategies are placed in a queue and can be fully withdrawn after a delay.
   */
  function queueWithdrawals(
    QueuedWithdrawalParams[] calldata queuedWithdrawalParams
  ) external onlyWhenNotPaused(PAUSED_ENTER_WITHDRAWAL_QUEUE) returns (bytes32[] memory) {
    bytes32[] memory withdrawalRoots = new bytes32[](queuedWithdrawalParams.length);
    address operator = delegatedTo[msg.sender];

    for (uint256 i = 0; i < queuedWithdrawalParams.length; i++) {
      require(
        queuedWithdrawalParams[i].strategies.length == queuedWithdrawalParams[i].shares.length,
        'DelegationManager.queueWithdrawal: input length mismatch'
      );
      require(
        queuedWithdrawalParams[i].withdrawer == msg.sender || queuedWithdrawalParams[i].withdrawer == wrappedTokenGateway,
        'DelegationManager.queueWithdrawal: withdrawer must be staker or wrapped token gateway'
      );

      // Remove shares from staker's strategies and place strategies/shares in queue.
      // If the staker is delegated to an operator, the operator's delegated shares are also reduced
      // NOTE: This will fail if the staker doesn't have the shares implied by the input parameters
      withdrawalRoots[i] = _removeSharesAndQueueWithdrawal({
        staker: msg.sender,
        operator: operator,
        withdrawer: queuedWithdrawalParams[i].withdrawer,
        strategies: queuedWithdrawalParams[i].strategies,
        shares: queuedWithdrawalParams[i].shares
      });
    }
    return withdrawalRoots;
  }

  /**
   * @notice Used to complete the specified `withdrawal`. The caller must match `withdrawal.withdrawer`
   * @param withdrawal The Withdrawal to complete.
   * @param tokens Array in which the i-th entry specifies the `token` input to the 'withdraw' function of the i-th Strategy in the `withdrawal.strategies` array.
   * This input can be provided with zero length if `receiveAsTokens` is set to 'false' (since in that case, this input will be unused)
   * @param middlewareTimesIndex is the index in the operator that the staker who triggered the withdrawal was delegated to's middleware times array
   * @param receiveAsTokens If true, the shares specified in the withdrawal will be withdrawn from the specified strategies themselves
   * and sent to the caller, through calls to `withdrawal.strategies[i].withdraw`. If false, then the shares in the specified strategies
   * will simply be transferred to the caller directly.
   * @dev middlewareTimesIndex is unused, but will be used in the Slasher eventually
   * @dev beaconChainETHStrategy shares are non-transferrable, so if `receiveAsTokens = false` and `withdrawal.withdrawer != withdrawal.staker`, note that
   * any beaconChainETHStrategy shares in the `withdrawal` will be _returned to the staker_, rather than transferred to the withdrawer, unlike shares in
   * any other strategies, which will be transferred to the withdrawer.
   */
  function completeQueuedWithdrawal(
    Withdrawal calldata withdrawal,
    IERC20[] calldata tokens,
    uint256 middlewareTimesIndex,
    bool receiveAsTokens
  ) external onlyWhenNotPaused(PAUSED_EXIT_WITHDRAWAL_QUEUE) nonReentrant {
    _completeQueuedWithdrawal(withdrawal, tokens, middlewareTimesIndex, receiveAsTokens);
  }

  /**
   * @notice Array-ified version of `completeQueuedWithdrawal`.
   * Used to complete the specified `withdrawals`. The function caller must match `withdrawals[...].withdrawer`
   * @param withdrawals The Withdrawals to complete.
   * @param tokens Array of tokens for each Withdrawal. See `completeQueuedWithdrawal` for the usage of a single array.
   * @param middlewareTimesIndexes One index to reference per Withdrawal. See `completeQueuedWithdrawal` for the usage of a single index.
   * @param receiveAsTokens Whether or not to complete each withdrawal as tokens. See `completeQueuedWithdrawal` for the usage of a single boolean.
   * @dev See `completeQueuedWithdrawal` for relevant dev tags
   */
  function completeQueuedWithdrawals(
    Withdrawal[] calldata withdrawals,
    IERC20[][] calldata tokens,
    uint256[] calldata middlewareTimesIndexes,
    bool[] calldata receiveAsTokens
  ) external onlyWhenNotPaused(PAUSED_EXIT_WITHDRAWAL_QUEUE) nonReentrant {
    for (uint256 i = 0; i < withdrawals.length; ++i) {
      _completeQueuedWithdrawal(withdrawals[i], tokens[i], middlewareTimesIndexes[i], receiveAsTokens[i]);
    }
  }

  /**
   * @notice Increases a staker's delegated share balance in a strategy.
   * @param staker The address to increase the delegated shares for their operator.
   * @param strategy The strategy in which to increase the delegated shares.
   * @param shares The number of shares to increase.
   *
   * @dev *If the staker is actively delegated*, then increases the `staker`'s delegated shares in `strategy` by `shares`. Otherwise does nothing.
   * @dev Callable only by the StrategyManager.
   */
  function increaseDelegatedShares(address staker, IStrategy strategy, uint256 shares) external onlyStrategyManager {
    // if the staker is delegated to an operator
    if (isDelegated(staker)) {
      address operator = delegatedTo[staker];

      // add strategy shares to delegate's shares
      _increaseOperatorShares({operator: operator, staker: staker, strategy: strategy, shares: shares});
    }
  }

  /**
   * @notice Decreases a staker's delegated share balance in a strategy.
   * @param staker The address to increase the delegated shares for their operator.
   * @param strategy The strategy in which to decrease the delegated shares.
   * @param shares The number of shares to decrease.
   *
   * @dev *If the staker is actively delegated*, then decreases the `staker`'s delegated shares in `strategy` by `shares`. Otherwise does nothing.
   * @dev Callable only by the StrategyManager or EigenPodManager.
   */
  function decreaseDelegatedShares(address staker, IStrategy strategy, uint256 shares) external onlyStrategyManager {
    // if the staker is delegated to an operator
    if (isDelegated(staker)) {
      address operator = delegatedTo[staker];

      // subtract strategy shares from delegate's shares
      _decreaseOperatorShares({operator: operator, staker: staker, strategy: strategy, shares: shares});
    }
  }

  /**
   * @notice Owner-only function for modifying the value of the `minWithdrawalDelay` variable.
   * @param newMinWithdrawalDelay new value of `minWithdrawalDelay`.
   */
  function setMinWithdrawalDelay(uint256 newMinWithdrawalDelay) external onlyOwner {
    _setMinWithdrawalDelay(newMinWithdrawalDelay);
  }

  /**
   * @notice Called by owner to set the minimum withdrawal delay for each passed in strategy
   * Note that the min cooldown to complete a withdrawal of a strategy is
   * MAX(minWithdrawalDelay, strategyWithdrawalDelay[strategy])
   * @param strategies The strategies to set the minimum withdrawal delay for
   * @param withdrawalDelay The minimum withdrawal delay to set for each strategy
   */
  function setStrategyWithdrawalDelay(IStrategy[] calldata strategies, uint256[] calldata withdrawalDelay) external onlyOwner {
    _setStrategyWithdrawalDelay(strategies, withdrawalDelay);
  }

  /**
   * @notice Called by owner to update the wrapped token gateway
   * @param _newWrappedTokenGateway New wrapped token gateway address
   */
  function updateWrappedTokenGateway(address _newWrappedTokenGateway) external onlyOwner {
    emit UpdateWrappedTokenGateway(wrappedTokenGateway, _newWrappedTokenGateway);
    wrappedTokenGateway = _newWrappedTokenGateway;
  }

  /**
   * @notice Called by owner to update the tss manager
   * @param _tssManager New tss manager address
   */
  function updateTSSManager(ITSSManager _tssManager) external onlyOwner {
    emit UpdateTSSManager(tssManager, _tssManager);
    tssManager = _tssManager;
  }

  /*******************************************************************************
                            INTERNAL FUNCTIONS
    *******************************************************************************/

  /**
   * @notice Sets operator parameters in the `_operatorDetails` mapping.
   * @param operator The account registered as an operator updating their operatorDetails
   * @param newOperatorDetails The new parameters for the operator
   *
   */
  function _setOperatorDetails(address operator, OperatorDetails calldata newOperatorDetails) internal {
    require(
      newOperatorDetails.stakerOptOutWindow <= MAX_STAKER_OPT_OUT_WINDOW,
      'DelegationManager._setOperatorDetails: stakerOptOutWindow cannot be > MAX_STAKER_OPT_OUT_WINDOW'
    );
    require(
      newOperatorDetails.stakerOptOutWindow >= _operatorDetails[operator].stakerOptOutWindow,
      'DelegationManager._setOperatorDetails: stakerOptOutWindow cannot be decreased'
    );
    _operatorDetails[operator] = newOperatorDetails;
    emit OperatorDetailsModified(msg.sender, newOperatorDetails);
  }

  /**
   * @notice Delegates *from* a `staker` *to* an `operator`.
   * @param staker The address to delegate *from* -- this address is delegating control of its own assets.
   * @param operator The address to delegate *to* -- this address is being given power to place the `staker`'s assets at risk on services
   * @param approverSignatureAndExpiry Verifies the operator approves of this delegation
   * @param approverSalt Is a salt used to help guarantee signature uniqueness. Each salt can only be used once by a given approver.
   * @dev Ensures that:
   *          1) the `staker` is not already delegated to an operator
   *          2) the `operator` has indeed registered as an operator in Pell
   *          3) if applicable, that the approver signature is valid and non-expired
   */
  function _delegate(
    address staker,
    address operator,
    SignatureWithExpiry memory approverSignatureAndExpiry,
    bytes32 approverSalt
  ) internal onlyWhenNotPaused(PAUSED_NEW_DELEGATION) {
    // fetch the operator's `delegationApprover` address and store it in memory in case we need to use it multiple times
    address _delegationApprover = _operatorDetails[operator].delegationApprover;
    /**
     * Check the `_delegationApprover`'s signature, if applicable.
     * If the `_delegationApprover` is the zero address, then the operator allows all stakers to delegate to them and this verification is skipped.
     * If the `_delegationApprover` or the `operator` themselves is the caller, then approval is assumed and signature verification is skipped as well.
     */
    if (_delegationApprover != address(0) && msg.sender != _delegationApprover && msg.sender != operator) {
      // check the signature expiry
      require(approverSignatureAndExpiry.expiry >= block.timestamp, 'DelegationManager._delegate: approver signature expired');
      // check that the salt hasn't been used previously, then mark the salt as spent
      require(!delegationApproverSaltIsSpent[_delegationApprover][approverSalt], 'DelegationManager._delegate: approverSalt already spent');
      delegationApproverSaltIsSpent[_delegationApprover][approverSalt] = true;

      // calculate the digest hash
      bytes32 approverDigestHash = calculateDelegationApprovalDigestHash(
        staker,
        operator,
        _delegationApprover,
        approverSalt,
        approverSignatureAndExpiry.expiry
      );

      // actually check that the signature is valid
      EIP1271SignatureUtils.checkSignature_EIP1271(_delegationApprover, approverDigestHash, approverSignatureAndExpiry.signature);
    }

    // record the delegation relation between the staker and operator, and emit an event
    delegatedTo[staker] = operator;
    emit StakerDelegated(staker, operator);

    (IStrategy[] memory strategies, uint256[] memory shares) = getDelegatableShares(staker);

    for (uint256 i = 0; i < strategies.length; ) {
      _increaseOperatorShares({operator: operator, staker: staker, strategy: strategies[i], shares: shares[i]});

      unchecked {
        ++i;
      }
    }
  }

  /**
   * @dev commented-out param (middlewareTimesIndex) is the index in the operator that the staker who triggered the withdrawal was delegated to's middleware times array
   * This param is intended to be passed on to the Slasher contract, but is unused in the M2 release of these contracts, and is thus commented-out.
   */
  function _completeQueuedWithdrawal(
    Withdrawal calldata withdrawal,
    IERC20[] calldata tokens,
    uint256 /*middlewareTimesIndex*/,
    bool receiveAsTokens
  ) internal {
    bytes32 withdrawalRoot = calculateWithdrawalRoot(withdrawal);

    require(pendingWithdrawals[withdrawalRoot], 'DelegationManager._completeQueuedWithdrawal: action is not in queue');

    require(
      withdrawal.startTimestamp + minWithdrawalDelay <= block.timestamp,
      'DelegationManager._completeQueuedWithdrawal: minWithdrawalDelay period has not yet passed'
    );

    require(msg.sender == withdrawal.withdrawer, 'DelegationManager._completeQueuedWithdrawal: only withdrawer can complete action');

    if (receiveAsTokens) {
      require(tokens.length == withdrawal.strategies.length, 'DelegationManager._completeQueuedWithdrawal: input length mismatch');
    }

    // Remove `withdrawalRoot` from pending roots
    delete pendingWithdrawals[withdrawalRoot];

    // Finalize action by converting shares to tokens for each strategy, or
    // by re-awarding shares in each strategy.
    if (receiveAsTokens) {
      for (uint256 i = 0; i < withdrawal.strategies.length; ) {
        require(
          withdrawal.startTimestamp + strategyWithdrawalDelay[withdrawal.strategies[i]] <= block.timestamp,
          'DelegationManager._completeQueuedWithdrawal: withdrawalDelay period has not yet passed for this strategy'
        );

        _withdrawSharesAsTokens({
          staker: withdrawal.staker,
          withdrawer: msg.sender,
          strategy: withdrawal.strategies[i],
          shares: withdrawal.shares[i],
          token: tokens[i]
        });
        unchecked {
          ++i;
        }
      }
      // Award shares back in StrategyManager/EigenPodManager. If withdrawer is delegated, increase the shares delegated to the operator
    } else {
      address currentOperator = delegatedTo[msg.sender];
      for (uint256 i = 0; i < withdrawal.strategies.length; ) {
        require(
          withdrawal.startTimestamp + strategyWithdrawalDelay[withdrawal.strategies[i]] <= block.timestamp,
          'DelegationManager._completeQueuedWithdrawal: withdrawalDelay period has not yet passed for this strategy'
        );

        strategyManager.addShares(msg.sender, tokens[i], withdrawal.strategies[i], withdrawal.shares[i]);
        // Similar to `isDelegated` logic
        if (currentOperator != address(0)) {
          _increaseOperatorShares({
            operator: currentOperator,
            // the 'staker' here is the address receiving new shares
            staker: msg.sender,
            strategy: withdrawal.strategies[i],
            shares: withdrawal.shares[i]
          });
        }

        unchecked {
          ++i;
        }
      }
    }

    emit WithdrawalCompleted(withdrawalRoot);
  }

  // @notice Increases `operator`s delegated shares in `strategy` by `shares` and emits an `OperatorSharesIncreased` event
  function _increaseOperatorShares(address operator, address staker, IStrategy strategy, uint256 shares) internal {
    operatorShares[operator][strategy] += shares;
    emit OperatorSharesIncreased(operator, staker, strategy, shares);
  }

  // @notice Decreases `operator`s delegated shares in `strategy` by `shares` and emits an `OperatorSharesDecreased` event
  function _decreaseOperatorShares(address operator, address staker, IStrategy strategy, uint256 shares) internal {
    // This will revert on underflow, so no check needed
    operatorShares[operator][strategy] -= shares;
    emit OperatorSharesDecreased(operator, staker, strategy, shares);
  }

  /**
   * @notice Removes `shares` in `strategies` from `staker` who is currently delegated to `operator` and queues a withdrawal to the `withdrawer`.
   * @dev If the `operator` is indeed an operator, then the operator's delegated shares in the `strategies` are also decreased appropriately.
   * @dev If `withdrawer` is not the same address as `staker`, then thirdPartyTransfersForbidden[strategy] must be set to false in the StrategyManager.
   */
  function _removeSharesAndQueueWithdrawal(
    address staker,
    address operator,
    address withdrawer,
    IStrategy[] memory strategies,
    uint256[] memory shares
  ) internal returns (bytes32) {
    require(staker != address(0), 'DelegationManager._removeSharesAndQueueWithdrawal: staker cannot be zero address');
    require(strategies.length != 0, 'DelegationManager._removeSharesAndQueueWithdrawal: strategies cannot be empty');

    // Remove shares from staker and operator
    // Each of these operations fail if we attempt to remove more shares than exist
    for (uint256 i = 0; i < strategies.length; ) {
      // Similar to `isDelegated` logic
      if (operator != address(0)) {
        _decreaseOperatorShares({operator: operator, staker: staker, strategy: strategies[i], shares: shares[i]});
      }

      require(
        staker == withdrawer || !strategyManager.thirdPartyTransfersForbidden(strategies[i]),
        'DelegationManager._removeSharesAndQueueWithdrawal: withdrawer must be same address as staker if thirdPartyTransfersForbidden are set'
      );
      // this call will revert if `shares[i]` exceeds the Staker's current shares in `strategies[i]`
      strategyManager.removeShares(staker, strategies[i], shares[i]);

      unchecked {
        ++i;
      }
    }

    // Create queue entry and increment withdrawal nonce
    uint256 nonce = cumulativeWithdrawalsQueued[staker];
    cumulativeWithdrawalsQueued[staker]++;

    Withdrawal memory withdrawal = Withdrawal({
      staker: staker,
      delegatedTo: operator,
      withdrawer: withdrawer,
      nonce: nonce,
      startTimestamp: uint32(block.timestamp),
      strategies: strategies,
      shares: shares
    });

    bytes32 withdrawalRoot = calculateWithdrawalRoot(withdrawal);

    // Place withdrawal in queue
    pendingWithdrawals[withdrawalRoot] = true;

    emit WithdrawalQueued(withdrawalRoot, withdrawal);
    return withdrawalRoot;
  }

  /**
   * @notice Withdraws `shares` in `strategy` to `withdrawer`. Call is ultimately forwarded to the `strategy` with info on the `token`.
   */
  function _withdrawSharesAsTokens(address staker, address withdrawer, IStrategy strategy, uint256 shares, IERC20 token) internal {
    strategyManager.withdrawSharesAsTokens(withdrawer, strategy, shares, token);
  }

  function _setMinWithdrawalDelay(uint256 _minWithdrawalDelay) internal {
    require(
      _minWithdrawalDelay <= MAX_WITHDRAWAL_DELAY,
      'DelegationManager._setMinWithdrawalDelay: _minWithdrawalDelay cannot be > MAX_WITHDRAWAL_DELAY'
    );
    emit MinWithdrawalDelaySet(minWithdrawalDelay, _minWithdrawalDelay);
    minWithdrawalDelay = _minWithdrawalDelay;
  }

  /**
   * @notice Sets the withdrawal delay for each strategy in `_strategies` to `_withdrawalDelay`.
   * gets called when initializing contract or by calling `setStrategyWithdrawalDelay`
   */
  function _setStrategyWithdrawalDelay(IStrategy[] calldata _strategies, uint256[] calldata _withdrawalDelay) internal {
    require(_strategies.length == _withdrawalDelay.length, 'DelegationManager._setStrategyWithdrawalDelay: input length mismatch');
    uint256 numStrats = _strategies.length;
    for (uint256 i = 0; i < numStrats; ++i) {
      IStrategy strategy = _strategies[i];
      uint256 prevStrategyWithdrawalDelay = strategyWithdrawalDelay[strategy];
      uint256 newStrategyWithdrawalDelay = _withdrawalDelay[i];
      require(
        newStrategyWithdrawalDelay <= MAX_WITHDRAWAL_DELAY,
        'DelegationManager._setStrategyWithdrawalDelay: _withdrawalDelay cannot be > MAX_WITHDRAWAL_DELAY'
      );

      // set the new withdrawal delay
      strategyWithdrawalDelay[strategy] = newStrategyWithdrawalDelay;
      emit StrategyWithdrawalDelaySet(strategy, prevStrategyWithdrawalDelay, newStrategyWithdrawalDelay);
    }
  }

  /*******************************************************************************
                            VIEW FUNCTIONS
    *******************************************************************************/

  /**
   * @notice Getter function for the current EIP-712 domain separator for this contract.
   *
   * @dev The domain separator will change in the event of a fork that changes the ChainID.
   * @dev By introducing a domain separator the DApp developers are guaranteed that there can be no signature collision.
   * for more detailed information please read EIP-712.
   */
  function domainSeparator() public view returns (bytes32) {
    if (block.chainid == ORIGINAL_CHAIN_ID) {
      return _DOMAIN_SEPARATOR;
    } else {
      return _calculateDomainSeparator();
    }
  }

  /**
   * @notice Returns 'true' if `staker` *is* actively delegated, and 'false' otherwise.
   */
  function isDelegated(address staker) public view returns (bool) {
    return (delegatedTo[staker] != address(0));
  }

  /**
   * @notice Returns true is an operator has previously registered for delegation.
   */
  function isOperator(address operator) public view returns (bool) {
    return operator != address(0) && delegatedTo[operator] == operator;
  }

  /**
   * @notice Returns the OperatorDetails struct associated with an `operator`.
   */
  function operatorDetails(address operator) external view returns (OperatorDetails memory) {
    return _operatorDetails[operator];
  }

  /**
   * @notice Returns the delegationApprover account for an operator
   */
  function delegationApprover(address operator) external view returns (address) {
    return _operatorDetails[operator].delegationApprover;
  }

  /**
   * @notice Returns the stakerOptOutWindow for an operator
   */
  function stakerOptOutWindow(address operator) external view returns (uint256) {
    return _operatorDetails[operator].stakerOptOutWindow;
  }

  /// @notice Given array of strategies, returns array of shares for the operator
  function getOperatorShares(address operator, IStrategy[] memory strategies) public view returns (uint256[] memory) {
    uint256[] memory shares = new uint256[](strategies.length);
    for (uint256 i = 0; i < strategies.length; ++i) {
      shares[i] = operatorShares[operator][strategies[i]];
    }
    return shares;
  }

  /**
   * @notice Returns the number of actively-delegatable shares a staker has across all strategies.
   * @dev Returns two empty arrays in the case that the Staker has no actively-delegateable shares.
   */
  function getDelegatableShares(address staker) public view returns (IStrategy[] memory, uint256[] memory) {
    // Get currently active shares and strategies for `staker`
    (IStrategy[] memory strategyManagerStrats, uint256[] memory strategyManagerShares) = strategyManager.getDeposits(staker);
    return (strategyManagerStrats, strategyManagerShares);
  }

  /**
   * @notice Given a list of strategies, return the minimum cooldown that must pass to withdraw
   * from all the inputted strategies. Return value is >= minWithdrawalDelay as this is the global min withdrawal delay.
   * @param strategies The strategies to check withdrawal delays for
   */
  function getWithdrawalDelay(IStrategy[] calldata strategies) public view returns (uint256) {
    uint256 withdrawalDelay = minWithdrawalDelay;
    for (uint256 i = 0; i < strategies.length; ++i) {
      uint256 currWithdrawalDelay = strategyWithdrawalDelay[strategies[i]];
      if (currWithdrawalDelay > withdrawalDelay) {
        withdrawalDelay = currWithdrawalDelay;
      }
    }
    return withdrawalDelay;
  }

  /// @notice Returns the keccak256 hash of `withdrawal`.
  function calculateWithdrawalRoot(Withdrawal memory withdrawal) public pure returns (bytes32) {
    return keccak256(abi.encode(withdrawal));
  }

  /**
   * @notice Calculates the digestHash for a `staker` to sign to delegate to an `operator`
   * @param staker The signing staker
   * @param operator The operator who is being delegated to
   * @param expiry The desired expiry time of the staker's signature
   */
  function calculateCurrentStakerDelegationDigestHash(address staker, address operator, uint256 expiry) external view returns (bytes32) {
    // fetch the staker's current nonce
    uint256 currentStakerNonce = stakerNonce[staker];
    // calculate the digest hash
    return calculateStakerDelegationDigestHash(staker, currentStakerNonce, operator, expiry);
  }

  /**
   * @notice Calculates the digest hash to be signed and used in the `delegateToBySignature` function
   * @param staker The signing staker
   * @param _stakerNonce The nonce of the staker. In practice we use the staker's current nonce, stored at `stakerNonce[staker]`
   * @param operator The operator who is being delegated to
   * @param expiry The desired expiry time of the staker's signature
   */
  function calculateStakerDelegationDigestHash(
    address staker,
    uint256 _stakerNonce,
    address operator,
    uint256 expiry
  ) public view returns (bytes32) {
    // calculate the struct hash
    bytes32 stakerStructHash = keccak256(abi.encode(STAKER_DELEGATION_TYPEHASH, staker, operator, _stakerNonce, expiry));
    // calculate the digest hash
    bytes32 stakerDigestHash = keccak256(abi.encodePacked('\x19\x01', domainSeparator(), stakerStructHash));
    return stakerDigestHash;
  }

  /**
   * @notice Calculates the digest hash to be signed by the operator's delegationApprove and used in the `delegateTo` and `delegateToBySignature` functions.
   * @param staker The account delegating their stake
   * @param operator The account receiving delegated stake
   * @param _delegationApprover the operator's `delegationApprover` who will be signing the delegationHash (in general)
   * @param approverSalt A unique and single use value associated with the approver signature.
   * @param expiry Time after which the approver's signature becomes invalid
   */
  function calculateDelegationApprovalDigestHash(
    address staker,
    address operator,
    address _delegationApprover,
    bytes32 approverSalt,
    uint256 expiry
  ) public view returns (bytes32) {
    // calculate the struct hash
    bytes32 approverStructHash = keccak256(
      abi.encode(DELEGATION_APPROVAL_TYPEHASH, _delegationApprover, staker, operator, approverSalt, expiry)
    );
    // calculate the digest hash
    bytes32 approverDigestHash = keccak256(abi.encodePacked('\x19\x01', domainSeparator(), approverStructHash));
    return approverDigestHash;
  }

  /**
   * @dev Recalculates the domain separator when the chainid changes due to a fork.
   */
  function _calculateDomainSeparator() internal view returns (bytes32) {
    return keccak256(abi.encode(DOMAIN_TYPEHASH, keccak256(bytes('Pell')), block.chainid, address(this)));
  }
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (utils/cryptography/ECDSA.sol)

pragma solidity ^0.8.0;

import "../Strings.sol";

/**
 * @dev Elliptic Curve Digital Signature Algorithm (ECDSA) operations.
 *
 * These functions can be used to verify that a message was signed by the holder
 * of the private keys of a given address.
 */
library ECDSA {
    enum RecoverError {
        NoError,
        InvalidSignature,
        InvalidSignatureLength,
        InvalidSignatureS,
        InvalidSignatureV // Deprecated in v4.8
    }

    function _throwError(RecoverError error) private pure {
        if (error == RecoverError.NoError) {
            return; // no error: do nothing
        } else if (error == RecoverError.InvalidSignature) {
            revert("ECDSA: invalid signature");
        } else if (error == RecoverError.InvalidSignatureLength) {
            revert("ECDSA: invalid signature length");
        } else if (error == RecoverError.InvalidSignatureS) {
            revert("ECDSA: invalid signature 's' value");
        }
    }

    /**
     * @dev Returns the address that signed a hashed message (`hash`) with
     * `signature` or error string. This address can then be used for verification purposes.
     *
     * The `ecrecover` EVM opcode allows for malleable (non-unique) signatures:
     * this function rejects them by requiring the `s` value to be in the lower
     * half order, and the `v` value to be either 27 or 28.
     *
     * IMPORTANT: `hash` _must_ be the result of a hash operation for the
     * verification to be secure: it is possible to craft signatures that
     * recover to arbitrary addresses for non-hashed data. A safe way to ensure
     * this is by receiving a hash of the original message (which may otherwise
     * be too long), and then calling {toEthSignedMessageHash} on it.
     *
     * Documentation for signature generation:
     * - with https://web3js.readthedocs.io/en/v1.3.4/web3-eth-accounts.html#sign[Web3.js]
     * - with https://docs.ethers.io/v5/api/signer/#Signer-signMessage[ethers]
     *
     * _Available since v4.3._
     */
    function tryRecover(bytes32 hash, bytes memory signature) internal pure returns (address, RecoverError) {
        if (signature.length == 65) {
            bytes32 r;
            bytes32 s;
            uint8 v;
            // ecrecover takes the signature parameters, and the only way to get them
            // currently is to use assembly.
            /// @solidity memory-safe-assembly
            assembly {
                r := mload(add(signature, 0x20))
                s := mload(add(signature, 0x40))
                v := byte(0, mload(add(signature, 0x60)))
            }
            return tryRecover(hash, v, r, s);
        } else {
            return (address(0), RecoverError.InvalidSignatureLength);
        }
    }

    /**
     * @dev Returns the address that signed a hashed message (`hash`) with
     * `signature`. This address can then be used for verification purposes.
     *
     * The `ecrecover` EVM opcode allows for malleable (non-unique) signatures:
     * this function rejects them by requiring the `s` value to be in the lower
     * half order, and the `v` value to be either 27 or 28.
     *
     * IMPORTANT: `hash` _must_ be the result of a hash operation for the
     * verification to be secure: it is possible to craft signatures that
     * recover to arbitrary addresses for non-hashed data. A safe way to ensure
     * this is by receiving a hash of the original message (which may otherwise
     * be too long), and then calling {toEthSignedMessageHash} on it.
     */
    function recover(bytes32 hash, bytes memory signature) internal pure returns (address) {
        (address recovered, RecoverError error) = tryRecover(hash, signature);
        _throwError(error);
        return recovered;
    }

    /**
     * @dev Overload of {ECDSA-tryRecover} that receives the `r` and `vs` short-signature fields separately.
     *
     * See https://eips.ethereum.org/EIPS/eip-2098[EIP-2098 short signatures]
     *
     * _Available since v4.3._
     */
    function tryRecover(bytes32 hash, bytes32 r, bytes32 vs) internal pure returns (address, RecoverError) {
        bytes32 s = vs & bytes32(0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff);
        uint8 v = uint8((uint256(vs) >> 255) + 27);
        return tryRecover(hash, v, r, s);
    }

    /**
     * @dev Overload of {ECDSA-recover} that receives the `r and `vs` short-signature fields separately.
     *
     * _Available since v4.2._
     */
    function recover(bytes32 hash, bytes32 r, bytes32 vs) internal pure returns (address) {
        (address recovered, RecoverError error) = tryRecover(hash, r, vs);
        _throwError(error);
        return recovered;
    }

    /**
     * @dev Overload of {ECDSA-tryRecover} that receives the `v`,
     * `r` and `s` signature fields separately.
     *
     * _Available since v4.3._
     */
    function tryRecover(bytes32 hash, uint8 v, bytes32 r, bytes32 s) internal pure returns (address, RecoverError) {
        // EIP-2 still allows signature malleability for ecrecover(). Remove this possibility and make the signature
        // unique. Appendix F in the Ethereum Yellow paper (https://ethereum.github.io/yellowpaper/paper.pdf), defines
        // the valid range for s in (301): 0 < s < secp256k1n ÷ 2 + 1, and for v in (302): v ∈ {27, 28}. Most
        // signatures from current libraries generate a unique signature with an s-value in the lower half order.
        //
        // If your library generates malleable signatures, such as s-values in the upper range, calculate a new s-value
        // with 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141 - s1 and flip v from 27 to 28 or
        // vice versa. If your library also generates signatures with 0/1 for v instead 27/28, add 27 to v to accept
        // these malleable signatures as well.
        if (uint256(s) > 0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0) {
            return (address(0), RecoverError.InvalidSignatureS);
        }

        // If the signature is valid (and not malleable), return the signer address
        address signer = ecrecover(hash, v, r, s);
        if (signer == address(0)) {
            return (address(0), RecoverError.InvalidSignature);
        }

        return (signer, RecoverError.NoError);
    }

    /**
     * @dev Overload of {ECDSA-recover} that receives the `v`,
     * `r` and `s` signature fields separately.
     */
    function recover(bytes32 hash, uint8 v, bytes32 r, bytes32 s) internal pure returns (address) {
        (address recovered, RecoverError error) = tryRecover(hash, v, r, s);
        _throwError(error);
        return recovered;
    }

    /**
     * @dev Returns an Ethereum Signed Message, created from a `hash`. This
     * produces hash corresponding to the one signed with the
     * https://eth.wiki/json-rpc/API#eth_sign[`eth_sign`]
     * JSON-RPC method as part of EIP-191.
     *
     * See {recover}.
     */
    function toEthSignedMessageHash(bytes32 hash) internal pure returns (bytes32 message) {
        // 32 is the length in bytes of hash,
        // enforced by the type signature above
        /// @solidity memory-safe-assembly
        assembly {
            mstore(0x00, "\x19Ethereum Signed Message:\n32")
            mstore(0x1c, hash)
            message := keccak256(0x00, 0x3c)
        }
    }

    /**
     * @dev Returns an Ethereum Signed Message, created from `s`. This
     * produces hash corresponding to the one signed with the
     * https://eth.wiki/json-rpc/API#eth_sign[`eth_sign`]
     * JSON-RPC method as part of EIP-191.
     *
     * See {recover}.
     */
    function toEthSignedMessageHash(bytes memory s) internal pure returns (bytes32) {
        return keccak256(abi.encodePacked("\x19Ethereum Signed Message:\n", Strings.toString(s.length), s));
    }

    /**
     * @dev Returns an Ethereum Signed Typed Data, created from a
     * `domainSeparator` and a `structHash`. This produces hash corresponding
     * to the one signed with the
     * https://eips.ethereum.org/EIPS/eip-712[`eth_signTypedData`]
     * JSON-RPC method as part of EIP-712.
     *
     * See {recover}.
     */
    function toTypedDataHash(bytes32 domainSeparator, bytes32 structHash) internal pure returns (bytes32 data) {
        /// @solidity memory-safe-assembly
        assembly {
            let ptr := mload(0x40)
            mstore(ptr, "\x19\x01")
            mstore(add(ptr, 0x02), domainSeparator)
            mstore(add(ptr, 0x22), structHash)
            data := keccak256(ptr, 0x42)
        }
    }

    /**
     * @dev Returns an Ethereum Signed Data with intended validator, created from a
     * `validator` and `data` according to the version 0 of EIP-191.
     *
     * See {recover}.
     */
    function toDataWithIntendedValidatorHash(address validator, bytes memory data) internal pure returns (bytes32) {
        return keccak256(abi.encodePacked("\x19\x00", validator, data));
    }
}

// SPDX-License-Identifier: LGPL-3.0
pragma solidity 0.8.20;

import '@openzeppelin/contracts/interfaces/IERC1271.sol';
import '@openzeppelin/contracts/utils/Address.sol';
import '@openzeppelin/contracts/utils/cryptography/ECDSA.sol';

/**
 * @title Library of utilities for making EIP1271-compliant signature checks.
 */
library EIP1271SignatureUtils {
  // bytes4(keccak256("isValidSignature(bytes32,bytes)")
  bytes4 internal constant EIP1271_MAGICVALUE = 0x1626ba7e;

  /**
   * @notice Checks @param signature is a valid signature of @param digestHash from @param signer.
   * If the `signer` contains no code -- i.e. it is not (yet, at least) a contract address, then checks using standard ECDSA logic
   * Otherwise, passes on the signature to the signer to verify the signature and checks that it returns the `EIP1271_MAGICVALUE`.
   */
  function checkSignature_EIP1271(address signer, bytes32 digestHash, bytes memory signature) internal view {
    /**
     * check validity of signature:
     * 1) if `signer` is an EOA, then `signature` must be a valid ECDSA signature from `signer`,
     * indicating their intention for this action
     * 2) if `signer` is a contract, then `signature` must will be checked according to EIP-1271
     */
    if (Address.isContract(signer)) {
      require(
        IERC1271(signer).isValidSignature(digestHash, signature) == EIP1271_MAGICVALUE,
        'EIP1271SignatureUtils.checkSignature_EIP1271: ERC1271 signature verification failed'
      );
    } else {
      require(ECDSA.recover(digestHash, signature) == signer, 'EIP1271SignatureUtils.checkSignature_EIP1271: signature not from signer');
    }
  }
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (utils/introspection/ERC165.sol)

pragma solidity ^0.8.0;

import "./IERC165Upgradeable.sol";
import {Initializable} from "../../proxy/utils/Initializable.sol";

/**
 * @dev Implementation of the {IERC165} interface.
 *
 * Contracts that want to implement ERC165 should inherit from this contract and override {supportsInterface} to check
 * for the additional interface id that will be supported. For example:
 *
 * ```solidity
 * function supportsInterface(bytes4 interfaceId) public view virtual override returns (bool) {
 *     return interfaceId == type(MyInterface).interfaceId || super.supportsInterface(interfaceId);
 * }
 * ```
 *
 * Alternatively, {ERC165Storage} provides an easier to use but more expensive implementation.
 */
abstract contract ERC165Upgradeable is Initializable, IERC165Upgradeable {
    function __ERC165_init() internal onlyInitializing {
    }

    function __ERC165_init_unchained() internal onlyInitializing {
    }
    /**
     * @dev See {IERC165-supportsInterface}.
     */
    function supportsInterface(bytes4 interfaceId) public view virtual override returns (bool) {
        return interfaceId == type(IERC165Upgradeable).interfaceId;
    }

    /**
     * @dev This empty reserved space is put in place to allow future versions to add new
     * variables without shifting down storage in the inheritance chain.
     * See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps
     */
    uint256[50] private __gap;
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.7.0) (proxy/ERC1967/ERC1967Proxy.sol)

pragma solidity ^0.8.0;

import "../Proxy.sol";
import "./ERC1967Upgrade.sol";

/**
 * @dev This contract implements an upgradeable proxy. It is upgradeable because calls are delegated to an
 * implementation address that can be changed. This address is stored in storage in the location specified by
 * https://eips.ethereum.org/EIPS/eip-1967[EIP1967], so that it doesn't conflict with the storage layout of the
 * implementation behind the proxy.
 */
contract ERC1967Proxy is Proxy, ERC1967Upgrade {
    /**
     * @dev Initializes the upgradeable proxy with an initial implementation specified by `_logic`.
     *
     * If `_data` is nonempty, it's used as data in a delegate call to `_logic`. This will typically be an encoded
     * function call, and allows initializing the storage of the proxy like a Solidity constructor.
     */
    constructor(address _logic, bytes memory _data) payable {
        _upgradeToAndCall(_logic, _data, false);
    }

    /**
     * @dev Returns the current implementation address.
     */
    function _implementation() internal view virtual override returns (address impl) {
        return ERC1967Upgrade._getImplementation();
    }
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (proxy/ERC1967/ERC1967Upgrade.sol)

pragma solidity ^0.8.2;

import "../beacon/IBeacon.sol";
import "../../interfaces/IERC1967.sol";
import "../../interfaces/draft-IERC1822.sol";
import "../../utils/Address.sol";
import "../../utils/StorageSlot.sol";

/**
 * @dev This abstract contract provides getters and event emitting update functions for
 * https://eips.ethereum.org/EIPS/eip-1967[EIP1967] slots.
 *
 * _Available since v4.1._
 */
abstract contract ERC1967Upgrade is IERC1967 {
    // This is the keccak-256 hash of "eip1967.proxy.rollback" subtracted by 1
    bytes32 private constant _ROLLBACK_SLOT = 0x4910fdfa16fed3260ed0e7147f7cc6da11a60208b5b9406d12a635614ffd9143;

    /**
     * @dev Storage slot with the address of the current implementation.
     * This is the keccak-256 hash of "eip1967.proxy.implementation" subtracted by 1, and is
     * validated in the constructor.
     */
    bytes32 internal constant _IMPLEMENTATION_SLOT = 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc;

    /**
     * @dev Returns the current implementation address.
     */
    function _getImplementation() internal view returns (address) {
        return StorageSlot.getAddressSlot(_IMPLEMENTATION_SLOT).value;
    }

    /**
     * @dev Stores a new address in the EIP1967 implementation slot.
     */
    function _setImplementation(address newImplementation) private {
        require(Address.isContract(newImplementation), "ERC1967: new implementation is not a contract");
        StorageSlot.getAddressSlot(_IMPLEMENTATION_SLOT).value = newImplementation;
    }

    /**
     * @dev Perform implementation upgrade
     *
     * Emits an {Upgraded} event.
     */
    function _upgradeTo(address newImplementation) internal {
        _setImplementation(newImplementation);
        emit Upgraded(newImplementation);
    }

    /**
     * @dev Perform implementation upgrade with additional setup call.
     *
     * Emits an {Upgraded} event.
     */
    function _upgradeToAndCall(address newImplementation, bytes memory data, bool forceCall) internal {
        _upgradeTo(newImplementation);
        if (data.length > 0 || forceCall) {
            Address.functionDelegateCall(newImplementation, data);
        }
    }

    /**
     * @dev Perform implementation upgrade with security checks for UUPS proxies, and additional setup call.
     *
     * Emits an {Upgraded} event.
     */
    function _upgradeToAndCallUUPS(address newImplementation, bytes memory data, bool forceCall) internal {
        // Upgrades from old implementations will perform a rollback test. This test requires the new
        // implementation to upgrade back to the old, non-ERC1822 compliant, implementation. Removing
        // this special case will break upgrade paths from old UUPS implementation to new ones.
        if (StorageSlot.getBooleanSlot(_ROLLBACK_SLOT).value) {
            _setImplementation(newImplementation);
        } else {
            try IERC1822Proxiable(newImplementation).proxiableUUID() returns (bytes32 slot) {
                require(slot == _IMPLEMENTATION_SLOT, "ERC1967Upgrade: unsupported proxiableUUID");
            } catch {
                revert("ERC1967Upgrade: new implementation is not UUPS");
            }
            _upgradeToAndCall(newImplementation, data, forceCall);
        }
    }

    /**
     * @dev Storage slot with the admin of the contract.
     * This is the keccak-256 hash of "eip1967.proxy.admin" subtracted by 1, and is
     * validated in the constructor.
     */
    bytes32 internal constant _ADMIN_SLOT = 0xb53127684a568b3173ae13b9f8a6016e243e63b6e8ee1178d6a717850b5d6103;

    /**
     * @dev Returns the current admin.
     */
    function _getAdmin() internal view returns (address) {
        return StorageSlot.getAddressSlot(_ADMIN_SLOT).value;
    }

    /**
     * @dev Stores a new address in the EIP1967 admin slot.
     */
    function _setAdmin(address newAdmin) private {
        require(newAdmin != address(0), "ERC1967: new admin is the zero address");
        StorageSlot.getAddressSlot(_ADMIN_SLOT).value = newAdmin;
    }

    /**
     * @dev Changes the admin of the proxy.
     *
     * Emits an {AdminChanged} event.
     */
    function _changeAdmin(address newAdmin) internal {
        emit AdminChanged(_getAdmin(), newAdmin);
        _setAdmin(newAdmin);
    }

    /**
     * @dev The storage slot of the UpgradeableBeacon contract which defines the implementation for this proxy.
     * This is bytes32(uint256(keccak256('eip1967.proxy.beacon')) - 1)) and is validated in the constructor.
     */
    bytes32 internal constant _BEACON_SLOT = 0xa3f0ad74e5423aebfd80d3ef4346578335a9a72aeaee59ff6cb3582b35133d50;

    /**
     * @dev Returns the current beacon.
     */
    function _getBeacon() internal view returns (address) {
        return StorageSlot.getAddressSlot(_BEACON_SLOT).value;
    }

    /**
     * @dev Stores a new beacon in the EIP1967 beacon slot.
     */
    function _setBeacon(address newBeacon) private {
        require(Address.isContract(newBeacon), "ERC1967: new beacon is not a contract");
        require(
            Address.isContract(IBeacon(newBeacon).implementation()),
            "ERC1967: beacon implementation is not a contract"
        );
        StorageSlot.getAddressSlot(_BEACON_SLOT).value = newBeacon;
    }

    /**
     * @dev Perform beacon upgrade with additional setup call. Note: This upgrades the address of the beacon, it does
     * not upgrade the implementation contained in the beacon (see {UpgradeableBeacon-_setImplementation} for that).
     *
     * Emits a {BeaconUpgraded} event.
     */
    function _upgradeBeaconToAndCall(address newBeacon, bytes memory data, bool forceCall) internal {
        _setBeacon(newBeacon);
        emit BeaconUpgraded(newBeacon);
        if (data.length > 0 || forceCall) {
            Address.functionDelegateCall(IBeacon(newBeacon).implementation(), data);
        }
    }
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (token/ERC20/ERC20.sol)

pragma solidity ^0.8.0;

import "./IERC20.sol";
import "./extensions/IERC20Metadata.sol";
import "../../utils/Context.sol";

/**
 * @dev Implementation of the {IERC20} interface.
 *
 * This implementation is agnostic to the way tokens are created. This means
 * that a supply mechanism has to be added in a derived contract using {_mint}.
 * For a generic mechanism see {ERC20PresetMinterPauser}.
 *
 * TIP: For a detailed writeup see our guide
 * https://forum.openzeppelin.com/t/how-to-implement-erc20-supply-mechanisms/226[How
 * to implement supply mechanisms].
 *
 * The default value of {decimals} is 18. To change this, you should override
 * this function so it returns a different value.
 *
 * We have followed general OpenZeppelin Contracts guidelines: functions revert
 * instead returning `false` on failure. This behavior is nonetheless
 * conventional and does not conflict with the expectations of ERC20
 * applications.
 *
 * Additionally, an {Approval} event is emitted on calls to {transferFrom}.
 * This allows applications to reconstruct the allowance for all accounts just
 * by listening to said events. Other implementations of the EIP may not emit
 * these events, as it isn't required by the specification.
 *
 * Finally, the non-standard {decreaseAllowance} and {increaseAllowance}
 * functions have been added to mitigate the well-known issues around setting
 * allowances. See {IERC20-approve}.
 */
contract ERC20 is Context, IERC20, IERC20Metadata {
    mapping(address => uint256) private _balances;

    mapping(address => mapping(address => uint256)) private _allowances;

    uint256 private _totalSupply;

    string private _name;
    string private _symbol;

    /**
     * @dev Sets the values for {name} and {symbol}.
     *
     * All two of these values are immutable: they can only be set once during
     * construction.
     */
    constructor(string memory name_, string memory symbol_) {
        _name = name_;
        _symbol = symbol_;
    }

    /**
     * @dev Returns the name of the token.
     */
    function name() public view virtual override returns (string memory) {
        return _name;
    }

    /**
     * @dev Returns the symbol of the token, usually a shorter version of the
     * name.
     */
    function symbol() public view virtual override returns (string memory) {
        return _symbol;
    }

    /**
     * @dev Returns the number of decimals used to get its user representation.
     * For example, if `decimals` equals `2`, a balance of `505` tokens should
     * be displayed to a user as `5.05` (`505 / 10 ** 2`).
     *
     * Tokens usually opt for a value of 18, imitating the relationship between
     * Ether and Wei. This is the default value returned by this function, unless
     * it's overridden.
     *
     * NOTE: This information is only used for _display_ purposes: it in
     * no way affects any of the arithmetic of the contract, including
     * {IERC20-balanceOf} and {IERC20-transfer}.
     */
    function decimals() public view virtual override returns (uint8) {
        return 18;
    }

    /**
     * @dev See {IERC20-totalSupply}.
     */
    function totalSupply() public view virtual override returns (uint256) {
        return _totalSupply;
    }

    /**
     * @dev See {IERC20-balanceOf}.
     */
    function balanceOf(address account) public view virtual override returns (uint256) {
        return _balances[account];
    }

    /**
     * @dev See {IERC20-transfer}.
     *
     * Requirements:
     *
     * - `to` cannot be the zero address.
     * - the caller must have a balance of at least `amount`.
     */
    function transfer(address to, uint256 amount) public virtual override returns (bool) {
        address owner = _msgSender();
        _transfer(owner, to, amount);
        return true;
    }

    /**
     * @dev See {IERC20-allowance}.
     */
    function allowance(address owner, address spender) public view virtual override returns (uint256) {
        return _allowances[owner][spender];
    }

    /**
     * @dev See {IERC20-approve}.
     *
     * NOTE: If `amount` is the maximum `uint256`, the allowance is not updated on
     * `transferFrom`. This is semantically equivalent to an infinite approval.
     *
     * Requirements:
     *
     * - `spender` cannot be the zero address.
     */
    function approve(address spender, uint256 amount) public virtual override returns (bool) {
        address owner = _msgSender();
        _approve(owner, spender, amount);
        return true;
    }

    /**
     * @dev See {IERC20-transferFrom}.
     *
     * Emits an {Approval} event indicating the updated allowance. This is not
     * required by the EIP. See the note at the beginning of {ERC20}.
     *
     * NOTE: Does not update the allowance if the current allowance
     * is the maximum `uint256`.
     *
     * Requirements:
     *
     * - `from` and `to` cannot be the zero address.
     * - `from` must have a balance of at least `amount`.
     * - the caller must have allowance for ``from``'s tokens of at least
     * `amount`.
     */
    function transferFrom(address from, address to, uint256 amount) public virtual override returns (bool) {
        address spender = _msgSender();
        _spendAllowance(from, spender, amount);
        _transfer(from, to, amount);
        return true;
    }

    /**
     * @dev Atomically increases the allowance granted to `spender` by the caller.
     *
     * This is an alternative to {approve} that can be used as a mitigation for
     * problems described in {IERC20-approve}.
     *
     * Emits an {Approval} event indicating the updated allowance.
     *
     * Requirements:
     *
     * - `spender` cannot be the zero address.
     */
    function increaseAllowance(address spender, uint256 addedValue) public virtual returns (bool) {
        address owner = _msgSender();
        _approve(owner, spender, allowance(owner, spender) + addedValue);
        return true;
    }

    /**
     * @dev Atomically decreases the allowance granted to `spender` by the caller.
     *
     * This is an alternative to {approve} that can be used as a mitigation for
     * problems described in {IERC20-approve}.
     *
     * Emits an {Approval} event indicating the updated allowance.
     *
     * Requirements:
     *
     * - `spender` cannot be the zero address.
     * - `spender` must have allowance for the caller of at least
     * `subtractedValue`.
     */
    function decreaseAllowance(address spender, uint256 subtractedValue) public virtual returns (bool) {
        address owner = _msgSender();
        uint256 currentAllowance = allowance(owner, spender);
        require(currentAllowance >= subtractedValue, "ERC20: decreased allowance below zero");
        unchecked {
            _approve(owner, spender, currentAllowance - subtractedValue);
        }

        return true;
    }

    /**
     * @dev Moves `amount` of tokens from `from` to `to`.
     *
     * This internal function is equivalent to {transfer}, and can be used to
     * e.g. implement automatic token fees, slashing mechanisms, etc.
     *
     * Emits a {Transfer} event.
     *
     * Requirements:
     *
     * - `from` cannot be the zero address.
     * - `to` cannot be the zero address.
     * - `from` must have a balance of at least `amount`.
     */
    function _transfer(address from, address to, uint256 amount) internal virtual {
        require(from != address(0), "ERC20: transfer from the zero address");
        require(to != address(0), "ERC20: transfer to the zero address");

        _beforeTokenTransfer(from, to, amount);

        uint256 fromBalance = _balances[from];
        require(fromBalance >= amount, "ERC20: transfer amount exceeds balance");
        unchecked {
            _balances[from] = fromBalance - amount;
            // Overflow not possible: the sum of all balances is capped by totalSupply, and the sum is preserved by
            // decrementing then incrementing.
            _balances[to] += amount;
        }

        emit Transfer(from, to, amount);

        _afterTokenTransfer(from, to, amount);
    }

    /** @dev Creates `amount` tokens and assigns them to `account`, increasing
     * the total supply.
     *
     * Emits a {Transfer} event with `from` set to the zero address.
     *
     * Requirements:
     *
     * - `account` cannot be the zero address.
     */
    function _mint(address account, uint256 amount) internal virtual {
        require(account != address(0), "ERC20: mint to the zero address");

        _beforeTokenTransfer(address(0), account, amount);

        _totalSupply += amount;
        unchecked {
            // Overflow not possible: balance + amount is at most totalSupply + amount, which is checked above.
            _balances[account] += amount;
        }
        emit Transfer(address(0), account, amount);

        _afterTokenTransfer(address(0), account, amount);
    }

    /**
     * @dev Destroys `amount` tokens from `account`, reducing the
     * total supply.
     *
     * Emits a {Transfer} event with `to` set to the zero address.
     *
     * Requirements:
     *
     * - `account` cannot be the zero address.
     * - `account` must have at least `amount` tokens.
     */
    function _burn(address account, uint256 amount) internal virtual {
        require(account != address(0), "ERC20: burn from the zero address");

        _beforeTokenTransfer(account, address(0), amount);

        uint256 accountBalance = _balances[account];
        require(accountBalance >= amount, "ERC20: burn amount exceeds balance");
        unchecked {
            _balances[account] = accountBalance - amount;
            // Overflow not possible: amount <= accountBalance <= totalSupply.
            _totalSupply -= amount;
        }

        emit Transfer(account, address(0), amount);

        _afterTokenTransfer(account, address(0), amount);
    }

    /**
     * @dev Sets `amount` as the allowance of `spender` over the `owner` s tokens.
     *
     * This internal function is equivalent to `approve`, and can be used to
     * e.g. set automatic allowances for certain subsystems, etc.
     *
     * Emits an {Approval} event.
     *
     * Requirements:
     *
     * - `owner` cannot be the zero address.
     * - `spender` cannot be the zero address.
     */
    function _approve(address owner, address spender, uint256 amount) internal virtual {
        require(owner != address(0), "ERC20: approve from the zero address");
        require(spender != address(0), "ERC20: approve to the zero address");

        _allowances[owner][spender] = amount;
        emit Approval(owner, spender, amount);
    }

    /**
     * @dev Updates `owner` s allowance for `spender` based on spent `amount`.
     *
     * Does not update the allowance amount in case of infinite allowance.
     * Revert if not enough allowance is available.
     *
     * Might emit an {Approval} event.
     */
    function _spendAllowance(address owner, address spender, uint256 amount) internal virtual {
        uint256 currentAllowance = allowance(owner, spender);
        if (currentAllowance != type(uint256).max) {
            require(currentAllowance >= amount, "ERC20: insufficient allowance");
            unchecked {
                _approve(owner, spender, currentAllowance - amount);
            }
        }
    }

    /**
     * @dev Hook that is called before any transfer of tokens. This includes
     * minting and burning.
     *
     * Calling conditions:
     *
     * - when `from` and `to` are both non-zero, `amount` of ``from``'s tokens
     * will be transferred to `to`.
     * - when `from` is zero, `amount` tokens will be minted for `to`.
     * - when `to` is zero, `amount` of ``from``'s tokens will be burned.
     * - `from` and `to` are never both zero.
     *
     * To learn more about hooks, head to xref:ROOT:extending-contracts.adoc#using-hooks[Using Hooks].
     */
    function _beforeTokenTransfer(address from, address to, uint256 amount) internal virtual {}

    /**
     * @dev Hook that is called after any transfer of tokens. This includes
     * minting and burning.
     *
     * Calling conditions:
     *
     * - when `from` and `to` are both non-zero, `amount` of ``from``'s tokens
     * has been transferred to `to`.
     * - when `from` is zero, `amount` tokens have been minted for `to`.
     * - when `to` is zero, `amount` of ``from``'s tokens have been burned.
     * - `from` and `to` are never both zero.
     *
     * To learn more about hooks, head to xref:ROOT:extending-contracts.adoc#using-hooks[Using Hooks].
     */
    function _afterTokenTransfer(address from, address to, uint256 amount) internal virtual {}
}

// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.9.0) (token/ERC20/ERC20.sol)

pragma solidity ^0.8.0;

import "./IERC20Upgradeable.sol";
import "./extensions/IERC20MetadataUpgradeable.sol";
import "../../utils/ContextUpgradeable.sol";
import {Initializable} from "../../proxy/utils/Initializable.sol";

/**
 * @dev Implementation of the {IERC20} interface.
 *
 * This implementation is agnostic to the way tokens are created. This means
 * that a supply mechanism has to be added in a derived contract using {_mint}.
 * For a generic mechanism see {ERC20PresetMinterPauser}.
 *
 * TIP: For a detailed writeup see our guide
 * https://forum.openzeppelin.com/t/how-to-implement-erc20-supply-mechanisms/226[How
 * to implement supply mechanisms].
 *
 * The default value of {decimals} is 18. To change this, you should override
 * this function so it returns a different value.
 *
 * We have followed general OpenZeppelin Contracts guidelines: functions revert
 * instead returning `false` on failure. This behavior is nonetheless
 * conventional and does not conflict with the expectations of ERC20
 * applications.
 *
 * Additionally, an {Approval} event is emitted on calls to {transferFrom}.
 * This allows applications to reconstruct the allowance for all accounts just
 * by listening to said events. Other implementations of the EIP may not emit
 * these events, as it isn't required by the specification.
 *
 * Finally, the non-standard {decreaseAllowance} and {increaseAllowance}
 * functions have been added to mitigate the well-known issues around setting
 * allowances. See {IERC20-approve}.
 */
contract ERC20Upgradeable is Initializable, ContextUpgradeable, IERC20Upgradeable, IERC20MetadataUpgradeable {
    mapping(address => uint256) private _balances;

    mapping(address => mapping(address => uint256)) private _allowances;

    uint256 private _totalSupply;

    string private _name;
    string private _symbol;

    /**
     * @dev Sets the values for {name} and {symbol}.
     *
     * All two of these values are immutable: they can only be set once during
     * construction.
     */
    function __ERC20_init(string memory name_, string memory symbol_) internal onlyInitializing {
        __ERC20_init_unchained(name_, symbol_);
    }

    function __ERC20_init_unchained(string memory name_, string memory symbol_) internal onlyInitializing {
        _name = name_;
        _symbol = symbol_;
    }

    /**
     * @dev Returns the name of the token.
     */
    function name() public view virtual override returns (string memory) {
        return _name;
    }

    /**
     * @dev Returns the symbol of the token, usually a shorter version of the
     * name.
     */
    function symbol() public view virtual override returns (string memory) {
        return _symbol;
    }

    /**
     * @dev Returns the number of decimals used to get its user representation.
     * For example, if `decimals` equals `2`, a balance of `505` tokens should
     * be displayed to a user as `5.05` (`505 / 10 ** 2`).
     *
     * Tokens usually opt for a value of 18, imitating the relationship between
     * Ether and Wei. This is the default value returned by this function, unless
     * it's overridden.
     *
     * NOTE: This information is only used for _display_ purposes: it in
     * no way affects any of the arithmetic of the contract, including
     * {IERC20-balanceOf} and {IERC20-transfer}.
     */
    function decimals() public view virtual override returns (uint8) {
        return 18;
    }

    /**
     * @dev See {IERC20-totalSupply}.
     */
    function totalSupply() public view virtual override returns (uint256) {
        return _totalSupply;
    }

    /**
     * @dev See {IERC20-balanceOf}.
     */
    function balanceOf(address account) public view virtual override returns (uint256) {
        return _balances[account];
    }

    /**
     * @dev See {IERC20-transfer}.
     *
     * Requirements:
     *
     * - `to` cannot be the zero address.
     * - the caller must have a balance of at least `amount`.
     */
    function transfer(address to, uint256 amount) public virtual override returns (bool) {
        address owner = _msgSender();
        _transfer(owner, to, amount);
        return true;
    }

    /**
     * @dev See {IERC20-allowance}.
     */
    function allowance(address owner, address spender) public view virtual override returns (uint256) {
        return _allowances[owner][spender];
    }

    /**
     * @dev See {IERC20-approve}.
     *
     * NOTE: If `amount` is the maximum `uint256`, the allowance is not updated on
     * `transferFrom`. This is semantically equivalent to an infinite approval.
     *
     * Requirements:
     *
     * - `spender` cannot be the zero address.
     */
    function approve(address spender, uint256 amount) public virtual override returns (bool) {
        address owner = _msgSender();
        _approve(owner, spender, amount);
        return true;
    }

    /**
     * @dev See {IERC20-transferFrom}.
     *
     * Emits an {Approval} event indicating the updated allowance. This is not
     * required by the EIP. See the note at the beginning of {ERC20}.
     *
     * NOTE: Does not update the allowance if the current allowance
     * is the maximum `uint256`.
     *
     * Requirements:
     *
     * - `from` and `to` cannot be the zero address.
     * - `from` must have a balance of at least `amount`.
     * - the caller must have allowance for ``from``'s tokens of at least
     * `amount`.
     */
    function transferFrom(address from, address to, uint256 amount) public virtual override returns (bool) {
        address spender = _msgSender();
        _spendAllowance(from, spender, amount);
        _transfer(from, to, amount);
        return true;
    }

    /**
     * @dev Atomically increases the allowance granted to `spender` by the caller.
     *
     * This is an alternative to {approve} that can be used as a mitigation for
     * problems described in {IERC20-approve}.
     *
     * Emits an {Approval} event indicating the updated allowance.
     *
     * Requirements:
     *
     * - `spender` cannot be the zero address.
     */
    function increaseAllowance(address spender, uint256 addedValue) public virtual returns (bool) {
        address owner = _msgSender();
        _approve(owner, spender, allowance(owner, spender) + addedValue);
        return true;
    }

    /**
     * @dev Atomically decreases the allowance granted to `spender` by the caller.
     *
     * This is an alternative to {approve} that can be used as a mitigation for
     * problems described in {IERC20-approve}.
     *
     * Emits an {Approval} event indicating the updated allowance.
     *
     * Requirements:
     *
     * - `spender` cannot be the zero address.
     * - `spender` must have allowance for the caller of at least
     * `subtractedValue`.
     */
    function decreaseAllowance(address spender, uint256 subtractedValue) public virtual returns (bool) {
        address owner = _msgSender();
        uint256 currentAllowance = allowance(owner, spender);
        require(currentAllowance >= subtractedValue, "ERC20: decreased allowance below zero");
        unchecked {
            _approve(owner, spender, currentAllowance - subtractedValue);
        }

        return true;
    }

    /**
     * @dev Moves `amount` of tokens from `from` to `to`.
     *
     * This internal function is equivalent to {transfer}, and can be used to
     * e.g. implement automatic token fees, slashing mechanisms, etc.
     *
     * Emits a {Transfer} event.
     *
     * Requirements:
     *
     * - `from` cannot be the zero address.
     * - `to` cannot be the zero address.
     * - `from` must have a balance of at least `amount`.
     */
    function _transfer(address from, address to, uint256 amount) internal virtual {
        require(from != address(0), "ERC20: transfer from the zero address");
        require(to != address(0), "ERC20: transfer to the zero address");

        _beforeTokenTransfer(from, to, amount);

        uint256 fromBalance = _balances[from];
        require(fromBalance >= amount, "ERC20: transfer amount exceeds balance");
        unchecked {
            _balances[from] = fromBalance - amount;
            // Overflow not possible: the sum of all balances is capped by totalSupply, and the sum is preserved by
            // decrementing then incrementing.
            _balances[to] += amount;
        }

        emit Transfer(from, to, amount);

        _afterTokenTransfer(from, to, amount);
    }

    /** @dev Creates `amount` tokens and assigns them to `account`, increasing
     * the total supply.
     *
     * Emits a {Transfer} event with `from` set to the zero address.
     *
     * Requirements:
     *
     * - `account` cannot be the zero address.
     */
    function _mint(address account, uint256 amount) internal virtual {
        require(account != address(0), "ERC20: mint to the zero address");

        _beforeTokenTransfer(address(0), account, amount);

        _totalSupply += amount;
        unchecked {
            // Overflow not possible: balance + amount is at most totalSupply + amount, which is checked above.
            _balances[account] += amount;
        }
        emit Transfer(address(0), account, amount);

        _afterTokenTransfer(address(0), account, amount);
    }

    /**
     * @dev Destroys `amount` tokens from `account`, reducing the
     * total supply.
     *
     * Emits a {Transfer} event with `to` set to the zero address.
     *
     * Requirements:
     *
     * - `account` cannot be the zero address.
     * - `account` must have at least `amount` tokens.
     */
    function _burn(address account, uint256 amount) internal virtual {
        require(account != address(0), "ERC20: burn from the zero address");

        _beforeTokenTransfer(account, address(0), amount);

        uint256 accountBalance = _balances[account];
        require(accountBalance >= amount, "ERC20: burn amount exceeds balance");
        unchecked {
            _balances[account] = accountBalance - amount;
            // Overflow not possible: amount <= accountBalance <= totalSupply.
            _totalSupply -= amount;
        }

        emit Transfer(account, address(0), amount);

        _afterTokenTransfer(account, address(0), amount);
    }

    /**
     * @dev Sets `amount` as the allowance of `spender` over the `owner` s tokens.
     *
     * This internal function is equivalent to `approve`, and can be used to
     * e.g. set automatic allowances for certain subsystems, etc.
     *
     * Emits an {Approval} event.
     *
     * Requirements:
     *
     * - `owner` cannot be the zero address.
     * - `spender` cannot be the zero address.
     */
    function _approve(address owner, address spender, uint256 amount) internal virtual {
        require(owner != address(0), "ERC20: approve from the zero address");
        require(spender != address(0), "ERC20: approve to the zero address");

        _allowances[owner][spender] = amount;
        emit Approval(owner, spender, amount);
    }

    /**
     * @dev Updates `owner` s allowance for `spender` based on spent `amount`.
     *
     * Does not update the allowance amount in case of infinite allowance.
     * Revert if not enough allowance is available.
     *
     * Might emit an {Approval} event.
     */
    function _spendAllowance(address owner, address spender, uint256 amount) internal virtual {
        uint256 currentAllowance = allowance(owner, spender);
        if (currentAllowance != type(uint256).max) {
            require(currentAllowance >= amount, "ERC20: insufficient allowance");
            unchecked {
                _approve(owner, spender, currentAllowance - amount);
            }
        }
    }

    /**
     * @dev Hook that is called before any transfer of tokens. This includes
     * minting and burning.
     *
     * Calling conditions:
     *
     * - when `from` and `to` are both non-zero, `amount` of ``from``'s tokens
     * will be transferred to `to`.
     * - when `from` is zero, `amount` tokens will be minted for `to`.
     * - when `to` is zero, `amount` of ``from``'s tokens will be burned.
     * - `from` and `to` are never both zero.
     *
     * To learn more about hooks, head to xref:ROOT:extending-contracts.adoc#using-hooks[Using Hooks].
     */
    function _beforeTokenTransfer(address from, address to, uint256 amount) internal virtual {}

    /**
     * @dev Hook that is called after any transfer of tokens. This includes
     * minting and burning.
     *
     * Calling conditions:
     *
     * - when `from` and `to` are both non-zero, `amount` of ``from``'s tokens
     * has been transferred to `to`.
     * - when `from` is zero, `amount` tokens have been minted for `to`.
     * - when `to` is zero, `amount` of ``from``'s tokens have been burned.
     * - `from` and `to` are never both zero.
     *
     * To learn more about hooks, head to xref:ROOT:extending-contracts.adoc#using-hooks[Using Hooks].
     */
    function _afterTokenTransfer(address from, address to, uint256 amount) internal virtual {}

    /**
     * @dev This empty reserved space is put in place to allow future versions to add new
     * variables without shifting down storage in the inheritance chain.
     * See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps
     */
    uint256[45] private __gap;
}